blob: 75f5efde9aa350a60b52081522dcb1ca9953d7de [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +01001# SPDX-License-Identifier: GPL-2.0
Linus Torvalds1da177e2005-04-16 15:20:36 -07002#
Dan Williams685784a2007-07-09 11:56:42 -07003# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
8#
Dan Williams9bc89cd2007-01-02 11:10:44 -07009# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
Linus Torvalds1da177e2005-04-16 15:20:36 -070014# Cryptographic API Configuration
15#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100016menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080017 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 help
19 This option provides the core Cryptographic API.
20
Herbert Xucce9e062006-08-21 21:08:13 +100021if CRYPTO
22
Sebastian Siewior584fffc2008-04-05 21:04:48 +080023comment "Crypto core or helper"
24
Neil Hormanccb778e2008-08-05 14:13:08 +080025config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
Herbert Xuf2c89a12014-07-04 22:15:08 +080027 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
Alec Ari1f696092016-10-04 19:34:30 -030028 depends on (MODULE_SIG || !MODULES)
Neil Hormanccb778e2008-08-05 14:13:08 +080029 help
30 This options enables the fips boot option which is
31 required if you want to system to operate in a FIPS 200
32 certification. You should say no unless you know what
Chuck Ebberte84c5482010-09-03 19:17:49 +080033 this is.
Neil Hormanccb778e2008-08-05 14:13:08 +080034
Herbert Xucce9e062006-08-21 21:08:13 +100035config CRYPTO_ALGAPI
36 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110037 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100038 help
39 This option provides the API for cryptographic algorithms.
40
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110041config CRYPTO_ALGAPI2
42 tristate
43
Herbert Xu1ae97822007-08-30 15:36:14 +080044config CRYPTO_AEAD
45 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110046 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080047 select CRYPTO_ALGAPI
48
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110049config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
Herbert Xu149a3972015-08-13 17:28:58 +080052 select CRYPTO_NULL2
53 select CRYPTO_RNG2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110054
Herbert Xu5cde0af2006-08-22 00:07:53 +100055config CRYPTO_BLKCIPHER
56 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110057 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100058 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110059
60config CRYPTO_BLKCIPHER2
61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080064 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100065
Herbert Xu055bcee2006-08-19 22:24:23 +100066config CRYPTO_HASH
67 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110068 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100069 select CRYPTO_ALGAPI
70
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110071config CRYPTO_HASH2
72 tristate
73 select CRYPTO_ALGAPI2
74
Neil Horman17f0f4a2008-08-14 22:15:52 +100075config CRYPTO_RNG
76 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110077 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100078 select CRYPTO_ALGAPI
79
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110080config CRYPTO_RNG2
81 tristate
82 select CRYPTO_ALGAPI2
83
Herbert Xu401e4232015-06-03 14:49:31 +080084config CRYPTO_RNG_DEFAULT
85 tristate
86 select CRYPTO_DRBG_MENU
87
Tadeusz Struk3c339ab2015-06-16 10:30:55 -070088config CRYPTO_AKCIPHER2
89 tristate
90 select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93 tristate
94 select CRYPTO_AKCIPHER2
95 select CRYPTO_ALGAPI
96
Salvatore Benedetto4e5f2c42016-06-22 17:49:13 +010097config CRYPTO_KPP2
98 tristate
99 select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102 tristate
103 select CRYPTO_ALGAPI
104 select CRYPTO_KPP2
105
Giovanni Cabiddu2ebda742016-10-21 13:19:47 +0100106config CRYPTO_ACOMP2
107 tristate
108 select CRYPTO_ALGAPI2
Bart Van Assche8cd579d2018-01-05 08:26:47 -0800109 select SGL_ALLOC
Giovanni Cabiddu2ebda742016-10-21 13:19:47 +0100110
111config CRYPTO_ACOMP
112 tristate
113 select CRYPTO_ALGAPI
114 select CRYPTO_ACOMP2
115
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700116config CRYPTO_RSA
117 tristate "RSA algorithm"
Tadeusz Struk425e0172015-06-19 10:27:39 -0700118 select CRYPTO_AKCIPHER
Tadeusz Struk58446fe2016-05-04 06:38:46 -0700119 select CRYPTO_MANAGER
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700120 select MPILIB
121 select ASN1
122 help
123 Generic implementation of the RSA public key algorithm.
124
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100125config CRYPTO_DH
126 tristate "Diffie-Hellman algorithm"
127 select CRYPTO_KPP
128 select MPILIB
129 help
130 Generic implementation of the Diffie-Hellman algorithm.
131
Salvatore Benedetto3c4b2392016-06-22 17:49:15 +0100132config CRYPTO_ECDH
133 tristate "ECDH algorithm"
Hauke Mehrtensb5b90072017-11-26 00:16:46 +0100134 select CRYPTO_KPP
Tudor-Dan Ambarus6755fd22017-05-30 17:52:48 +0300135 select CRYPTO_RNG_DEFAULT
Salvatore Benedetto3c4b2392016-06-22 17:49:15 +0100136 help
137 Generic implementation of the ECDH algorithm
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100138
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000139config CRYPTO_MANAGER
140 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100141 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000142 help
143 Create default cryptographic template instantiations such as
144 cbc(aes).
145
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100146config CRYPTO_MANAGER2
147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148 select CRYPTO_AEAD2
149 select CRYPTO_HASH2
150 select CRYPTO_BLKCIPHER2
Tadeusz Struk946cc462015-06-16 10:31:06 -0700151 select CRYPTO_AKCIPHER2
Salvatore Benedetto4e5f2c42016-06-22 17:49:13 +0100152 select CRYPTO_KPP2
Giovanni Cabiddu2ebda742016-10-21 13:19:47 +0100153 select CRYPTO_ACOMP2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100154
Steffen Klasserta38f7902011-09-27 07:23:50 +0200155config CRYPTO_USER
156 tristate "Userspace cryptographic algorithm configuration"
Herbert Xu5db017a2011-11-01 12:12:43 +1100157 depends on NET
Steffen Klasserta38f7902011-09-27 07:23:50 +0200158 select CRYPTO_MANAGER
159 help
Valdis.Kletnieks@vt.edud19978f2011-11-09 01:29:20 -0500160 Userspace configuration for cryptographic instantiations such as
Steffen Klasserta38f7902011-09-27 07:23:50 +0200161 cbc(aes).
162
Herbert Xu326a6342010-08-06 09:40:28 +0800163config CRYPTO_MANAGER_DISABLE_TESTS
164 bool "Disable run-time self tests"
Herbert Xu00ca28a2010-08-06 10:34:00 +0800165 default y
166 depends on CRYPTO_MANAGER2
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000167 help
Herbert Xu326a6342010-08-06 09:40:28 +0800168 Disable run-time self tests that normally take place at
169 algorithm registration.
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000170
Rik Snelc494e072006-11-29 18:59:44 +1100171config CRYPTO_GF128MUL
Jussi Kivilinna08c70fc2011-12-13 12:53:22 +0200172 tristate "GF(2^128) multiplication functions"
Rik Snelc494e072006-11-29 18:59:44 +1100173 help
174 Efficient table driven implementation of multiplications in the
175 field GF(2^128). This is needed by some cypher modes. This
176 option will be selected automatically if you select such a
177 cipher mode. Only select this option by hand if you expect to load
178 an external module that requires these functions.
179
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800180config CRYPTO_NULL
181 tristate "Null algorithms"
Herbert Xu149a3972015-08-13 17:28:58 +0800182 select CRYPTO_NULL2
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800183 help
184 These are 'Null' algorithms, used by IPsec, which do nothing.
185
Herbert Xu149a3972015-08-13 17:28:58 +0800186config CRYPTO_NULL2
Herbert Xudd43c4e2015-08-17 20:39:40 +0800187 tristate
Herbert Xu149a3972015-08-13 17:28:58 +0800188 select CRYPTO_ALGAPI2
189 select CRYPTO_BLKCIPHER2
190 select CRYPTO_HASH2
191
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100192config CRYPTO_PCRYPT
Kees Cook3b4afaf2012-10-02 11:16:49 -0700193 tristate "Parallel crypto engine"
194 depends on SMP
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100195 select PADATA
196 select CRYPTO_MANAGER
197 select CRYPTO_AEAD
198 help
199 This converts an arbitrary crypto algorithm into a parallel
200 algorithm that executes in kernel threads.
201
Huang Ying25c38d32009-02-19 14:33:40 +0800202config CRYPTO_WORKQUEUE
203 tristate
204
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800205config CRYPTO_CRYPTD
206 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000207 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800208 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000209 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800210 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000211 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800212 This is a generic software asynchronous crypto daemon that
213 converts an arbitrary synchronous software crypto algorithm
214 into an asynchronous algorithm that executes in a kernel thread.
215
Tim Chen1e65b812014-07-31 10:29:51 -0700216config CRYPTO_MCRYPTD
217 tristate "Software async multi-buffer crypto daemon"
218 select CRYPTO_BLKCIPHER
219 select CRYPTO_HASH
220 select CRYPTO_MANAGER
221 select CRYPTO_WORKQUEUE
222 help
223 This is a generic software asynchronous crypto daemon that
224 provides the kernel thread to assist multi-buffer crypto
225 algorithms for submitting jobs and flushing jobs in multi-buffer
226 crypto algorithms. Multi-buffer crypto algorithms are executed
227 in the context of this kernel thread and drivers can post
Ted Percival0e566732014-09-04 15:18:21 +0800228 their crypto request asynchronously to be processed by this daemon.
Tim Chen1e65b812014-07-31 10:29:51 -0700229
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800230config CRYPTO_AUTHENC
231 tristate "Authenc support"
232 select CRYPTO_AEAD
233 select CRYPTO_BLKCIPHER
234 select CRYPTO_MANAGER
235 select CRYPTO_HASH
Herbert Xue94c6a72015-08-04 21:23:14 +0800236 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800237 help
238 Authenc: Combined mode wrapper for IPsec.
239 This is required for IPSec.
240
241config CRYPTO_TEST
242 tristate "Testing module"
243 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800244 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800245 help
246 Quick & dirty crypto test module.
247
Herbert Xu266d0512016-11-22 20:08:25 +0800248config CRYPTO_SIMD
249 tristate
250 select CRYPTO_CRYPTD
251
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300252config CRYPTO_GLUE_HELPER_X86
253 tristate
254 depends on X86
Herbert Xu065ce322016-11-22 20:08:29 +0800255 select CRYPTO_BLKCIPHER
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300256
Baolin Wang735d37b2016-01-26 20:25:39 +0800257config CRYPTO_ENGINE
258 tristate
259
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800260comment "Authenticated Encryption with Associated Data"
261
262config CRYPTO_CCM
263 tristate "CCM support"
264 select CRYPTO_CTR
Ard Biesheuvelf15f05b2017-02-03 14:49:36 +0000265 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800266 select CRYPTO_AEAD
267 help
268 Support for Counter with CBC MAC. Required for IPsec.
269
270config CRYPTO_GCM
271 tristate "GCM/GMAC support"
272 select CRYPTO_CTR
273 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000274 select CRYPTO_GHASH
Jussi Kivilinna9489667d2013-04-07 16:43:41 +0300275 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800276 help
277 Support for Galois/Counter Mode (GCM) and Galois Message
278 Authentication Code (GMAC). Required for IPSec.
279
Martin Willi71ebc4d2015-06-01 13:44:00 +0200280config CRYPTO_CHACHA20POLY1305
281 tristate "ChaCha20-Poly1305 AEAD support"
282 select CRYPTO_CHACHA20
283 select CRYPTO_POLY1305
284 select CRYPTO_AEAD
285 help
286 ChaCha20-Poly1305 AEAD support, RFC7539.
287
288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
289 with the Poly1305 authenticator. It is defined in RFC7539 for use in
290 IETF protocols.
291
Ondrej Mosnacekf606a882018-05-11 14:12:49 +0200292config CRYPTO_AEGIS128
293 tristate "AEGIS-128 AEAD algorithm"
294 select CRYPTO_AEAD
295 select CRYPTO_AES # for AES S-box tables
296 help
297 Support for the AEGIS-128 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128L
300 tristate "AEGIS-128L AEAD algorithm"
301 select CRYPTO_AEAD
302 select CRYPTO_AES # for AES S-box tables
303 help
304 Support for the AEGIS-128L dedicated AEAD algorithm.
305
306config CRYPTO_AEGIS256
307 tristate "AEGIS-256 AEAD algorithm"
308 select CRYPTO_AEAD
309 select CRYPTO_AES # for AES S-box tables
310 help
311 Support for the AEGIS-256 dedicated AEAD algorithm.
312
Ondrej Mosnacek1d373d42018-05-11 14:12:51 +0200313config CRYPTO_AEGIS128_AESNI_SSE2
314 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
315 depends on X86 && 64BIT
316 select CRYPTO_AEAD
317 select CRYPTO_CRYPTD
318 help
319 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
320
321config CRYPTO_AEGIS128L_AESNI_SSE2
322 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
323 depends on X86 && 64BIT
324 select CRYPTO_AEAD
325 select CRYPTO_CRYPTD
326 help
327 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
328
329config CRYPTO_AEGIS256_AESNI_SSE2
330 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
331 depends on X86 && 64BIT
332 select CRYPTO_AEAD
333 select CRYPTO_CRYPTD
334 help
335 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
336
Ondrej Mosnacek396be412018-05-11 14:19:09 +0200337config CRYPTO_MORUS640
338 tristate "MORUS-640 AEAD algorithm"
339 select CRYPTO_AEAD
340 help
341 Support for the MORUS-640 dedicated AEAD algorithm.
342
Ondrej Mosnacek56e8e572018-05-11 14:19:11 +0200343config CRYPTO_MORUS640_GLUE
344 tristate "MORUS-640 AEAD algorithm (glue for SIMD optimizations)"
345 select CRYPTO_AEAD
346 select CRYPTO_CRYPTD
347 help
348 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
349 algorithm.
350
Ondrej Mosnacek6ecc9d92018-05-11 14:19:12 +0200351config CRYPTO_MORUS640_SSE2
352 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
353 depends on X86 && 64BIT
354 select CRYPTO_AEAD
355 select CRYPTO_MORUS640_GLUE
356 help
357 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
358
Ondrej Mosnacek396be412018-05-11 14:19:09 +0200359config CRYPTO_MORUS1280
360 tristate "MORUS-1280 AEAD algorithm"
361 select CRYPTO_AEAD
362 help
363 Support for the MORUS-1280 dedicated AEAD algorithm.
364
Ondrej Mosnacek56e8e572018-05-11 14:19:11 +0200365config CRYPTO_MORUS1280_GLUE
366 tristate "MORUS-1280 AEAD algorithm (glue for SIMD optimizations)"
367 select CRYPTO_AEAD
368 select CRYPTO_CRYPTD
369 help
370 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
371 algorithm.
372
Ondrej Mosnacek6ecc9d92018-05-11 14:19:12 +0200373config CRYPTO_MORUS1280_SSE2
374 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
375 depends on X86 && 64BIT
376 select CRYPTO_AEAD
377 select CRYPTO_MORUS1280_GLUE
378 help
379 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
380 algorithm.
381
382config CRYPTO_MORUS1280_AVX2
383 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
384 depends on X86 && 64BIT
385 select CRYPTO_AEAD
386 select CRYPTO_MORUS1280_GLUE
387 help
388 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
389 algorithm.
390
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800391config CRYPTO_SEQIV
392 tristate "Sequence Number IV Generator"
393 select CRYPTO_AEAD
394 select CRYPTO_BLKCIPHER
Herbert Xu856e3f402015-05-21 15:11:13 +0800395 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800396 select CRYPTO_RNG_DEFAULT
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800397 help
398 This IV generator generates an IV based on a sequence number by
399 xoring it with a salt. This algorithm is mainly useful for CTR
400
Herbert Xua10f5542015-05-21 15:11:15 +0800401config CRYPTO_ECHAINIV
402 tristate "Encrypted Chain IV Generator"
403 select CRYPTO_AEAD
404 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800405 select CRYPTO_RNG_DEFAULT
Herbert Xu34912442015-06-03 14:49:29 +0800406 default m
Herbert Xua10f5542015-05-21 15:11:15 +0800407 help
408 This IV generator generates an IV based on the encryption of
409 a sequence number xored with a salt. This is the default
410 algorithm for CBC.
411
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800412comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000413
414config CRYPTO_CBC
415 tristate "CBC support"
416 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000417 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000418 help
419 CBC: Cipher Block Chaining mode
420 This block cipher algorithm is required for IPSec.
421
James Bottomleya7d85e02018-03-01 14:36:17 -0800422config CRYPTO_CFB
423 tristate "CFB support"
424 select CRYPTO_BLKCIPHER
425 select CRYPTO_MANAGER
426 help
427 CFB: Cipher FeedBack mode
428 This block cipher algorithm is required for TPM2 Cryptography.
429
Joy Latten23e353c2007-10-23 08:50:32 +0800430config CRYPTO_CTR
431 tristate "CTR support"
432 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100433 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800434 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800435 help
436 CTR: Counter mode
437 This block cipher algorithm is required for IPSec.
438
Kevin Coffman76cb9522008-03-24 21:26:16 +0800439config CRYPTO_CTS
440 tristate "CTS support"
441 select CRYPTO_BLKCIPHER
442 help
443 CTS: Cipher Text Stealing
444 This is the Cipher Text Stealing mode as described by
445 Section 8 of rfc2040 and referenced by rfc3962.
446 (rfc3962 includes errata information in its Appendix A)
447 This mode is required for Kerberos gss mechanism support
448 for AES encryption.
449
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800450config CRYPTO_ECB
451 tristate "ECB support"
Herbert Xu653ebd9c2007-11-27 19:48:27 +0800452 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000453 select CRYPTO_MANAGER
454 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800455 ECB: Electronic CodeBook mode
456 This is the simplest block cipher algorithm. It simply encrypts
457 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000458
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800459config CRYPTO_LRW
Jussi Kivilinna2470a2b2011-12-13 12:52:51 +0200460 tristate "LRW support"
David Howells90831632006-12-16 12:13:14 +1100461 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800462 select CRYPTO_MANAGER
463 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100464 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800465 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
466 narrow block cipher mode for dm-crypt. Use it with cipher
467 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
468 The first 128, 192 or 256 bits in the key are used for AES and the
469 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100470
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800471config CRYPTO_PCBC
472 tristate "PCBC support"
473 select CRYPTO_BLKCIPHER
474 select CRYPTO_MANAGER
475 help
476 PCBC: Propagating Cipher Block Chaining mode
477 This block cipher algorithm is required for RxRPC.
478
479config CRYPTO_XTS
Jussi Kivilinna5bcf8e62011-12-13 12:52:56 +0200480 tristate "XTS support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800481 select CRYPTO_BLKCIPHER
482 select CRYPTO_MANAGER
Milan Broz12cb3a12017-02-23 08:38:26 +0100483 select CRYPTO_ECB
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800484 help
485 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
486 key size 256, 384 or 512 bits. This implementation currently
487 can't handle a sectorsize which is not a multiple of 16 bytes.
488
Stephan Mueller1c49678e2015-09-21 20:58:56 +0200489config CRYPTO_KEYWRAP
490 tristate "Key wrapping support"
491 select CRYPTO_BLKCIPHER
492 help
493 Support for key wrapping (NIST SP800-38F / RFC3394) without
494 padding.
495
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800496comment "Hash modes"
497
Jussi Kivilinna93b5e862013-04-08 10:48:44 +0300498config CRYPTO_CMAC
499 tristate "CMAC support"
500 select CRYPTO_HASH
501 select CRYPTO_MANAGER
502 help
503 Cipher-based Message Authentication Code (CMAC) specified by
504 The National Institute of Standards and Technology (NIST).
505
506 https://tools.ietf.org/html/rfc4493
507 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
508
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800509config CRYPTO_HMAC
510 tristate "HMAC support"
511 select CRYPTO_HASH
512 select CRYPTO_MANAGER
513 help
514 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
515 This is required for IPSec.
516
517config CRYPTO_XCBC
518 tristate "XCBC support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800519 select CRYPTO_HASH
520 select CRYPTO_MANAGER
521 help
522 XCBC: Keyed-Hashing with encryption algorithm
523 http://www.ietf.org/rfc/rfc3566.txt
524 http://csrc.nist.gov/encryption/modes/proposedmodes/
525 xcbc-mac/xcbc-mac-spec.pdf
526
Shane Wangf1939f72009-09-02 20:05:22 +1000527config CRYPTO_VMAC
528 tristate "VMAC support"
Shane Wangf1939f72009-09-02 20:05:22 +1000529 select CRYPTO_HASH
530 select CRYPTO_MANAGER
531 help
532 VMAC is a message authentication algorithm designed for
533 very high speed on 64-bit architectures.
534
535 See also:
536 <http://fastcrypto.org/vmac>
537
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800538comment "Digest"
539
540config CRYPTO_CRC32C
541 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800542 select CRYPTO_HASH
Darrick J. Wong6a0962b2012-03-23 15:02:25 -0700543 select CRC32
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800544 help
545 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
546 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800547 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800548
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800549config CRYPTO_CRC32C_INTEL
550 tristate "CRC32c INTEL hardware acceleration"
551 depends on X86
552 select CRYPTO_HASH
553 help
554 In Intel processor with SSE4.2 supported, the processor will
555 support CRC32C implementation using hardware accelerated CRC32
556 instruction. This option will create 'crc32c-intel' module,
557 which will enable any routine to use the CRC32 instruction to
558 gain performance compared with software implementation.
559 Module will be crc32c-intel.
560
Jean Delvare7cf31862016-11-22 10:32:44 +0100561config CRYPTO_CRC32C_VPMSUM
Anton Blanchard6dd7a822016-07-01 08:19:45 +1000562 tristate "CRC32c CRC algorithm (powerpc64)"
Michael Ellermanc12abf32016-08-09 08:46:15 +1000563 depends on PPC64 && ALTIVEC
Anton Blanchard6dd7a822016-07-01 08:19:45 +1000564 select CRYPTO_HASH
565 select CRC32
566 help
567 CRC32c algorithm implemented using vector polynomial multiply-sum
568 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
569 and newer processors for improved performance.
570
571
David S. Miller442a7c42012-08-22 20:47:36 -0700572config CRYPTO_CRC32C_SPARC64
573 tristate "CRC32c CRC algorithm (SPARC64)"
574 depends on SPARC64
575 select CRYPTO_HASH
576 select CRC32
577 help
578 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
579 when available.
580
Alexander Boyko78c37d12013-01-10 18:54:59 +0400581config CRYPTO_CRC32
582 tristate "CRC32 CRC algorithm"
583 select CRYPTO_HASH
584 select CRC32
585 help
586 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
587 Shash crypto api wrappers to crc32_le function.
588
589config CRYPTO_CRC32_PCLMUL
590 tristate "CRC32 PCLMULQDQ hardware acceleration"
591 depends on X86
592 select CRYPTO_HASH
593 select CRC32
594 help
595 From Intel Westmere and AMD Bulldozer processor with SSE4.2
596 and PCLMULQDQ supported, the processor will support
597 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
598 instruction. This option will create 'crc32-plcmul' module,
599 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
600 and gain better performance as compared with the table implementation.
601
Marcin Nowakowski4a5dc512018-02-09 22:11:06 +0000602config CRYPTO_CRC32_MIPS
603 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
604 depends on MIPS_CRC_SUPPORT
605 select CRYPTO_HASH
606 help
607 CRC32c and CRC32 CRC algorithms implemented using mips crypto
608 instructions, when available.
609
610
Herbert Xu684115212013-09-07 12:56:26 +1000611config CRYPTO_CRCT10DIF
612 tristate "CRCT10DIF algorithm"
613 select CRYPTO_HASH
614 help
615 CRC T10 Data Integrity Field computation is being cast as
616 a crypto transform. This allows for faster crc t10 diff
617 transforms to be used if they are available.
618
619config CRYPTO_CRCT10DIF_PCLMUL
620 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
621 depends on X86 && 64BIT && CRC_T10DIF
622 select CRYPTO_HASH
623 help
624 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
625 CRC T10 DIF PCLMULQDQ computation can be hardware
626 accelerated PCLMULQDQ instruction. This option will create
627 'crct10dif-plcmul' module, which is faster when computing the
628 crct10dif checksum as compared with the generic table implementation.
629
Daniel Axtensb01df1c2017-03-15 23:37:36 +1100630config CRYPTO_CRCT10DIF_VPMSUM
631 tristate "CRC32T10DIF powerpc64 hardware acceleration"
632 depends on PPC64 && ALTIVEC && CRC_T10DIF
633 select CRYPTO_HASH
634 help
635 CRC10T10DIF algorithm implemented using vector polynomial
636 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
637 POWER8 and newer processors for improved performance.
638
Daniel Axtens146c8682017-03-15 23:37:37 +1100639config CRYPTO_VPMSUM_TESTER
640 tristate "Powerpc64 vpmsum hardware acceleration tester"
641 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
642 help
643 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
644 POWER8 vpmsum instructions.
645 Unless you are testing these algorithms, you don't need this.
646
Huang Ying2cdc6892009-08-06 15:32:38 +1000647config CRYPTO_GHASH
648 tristate "GHASH digest algorithm"
Huang Ying2cdc6892009-08-06 15:32:38 +1000649 select CRYPTO_GF128MUL
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100650 select CRYPTO_HASH
Huang Ying2cdc6892009-08-06 15:32:38 +1000651 help
652 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
653
Martin Willif979e012015-06-01 13:43:58 +0200654config CRYPTO_POLY1305
655 tristate "Poly1305 authenticator algorithm"
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100656 select CRYPTO_HASH
Martin Willif979e012015-06-01 13:43:58 +0200657 help
658 Poly1305 authenticator algorithm, RFC7539.
659
660 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
661 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
662 in IETF protocols. This is the portable C implementation of Poly1305.
663
Martin Willic70f4ab2015-07-16 19:14:06 +0200664config CRYPTO_POLY1305_X86_64
Martin Willib1ccc8f2015-07-16 19:14:08 +0200665 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
Martin Willic70f4ab2015-07-16 19:14:06 +0200666 depends on X86 && 64BIT
667 select CRYPTO_POLY1305
668 help
669 Poly1305 authenticator algorithm, RFC7539.
670
671 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
672 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
673 in IETF protocols. This is the x86_64 assembler implementation using SIMD
674 instructions.
675
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800676config CRYPTO_MD4
677 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800678 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700679 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800680 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700681
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800682config CRYPTO_MD5
683 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800684 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700685 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800686 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700687
Aaro Koskinend69e75d2014-12-21 22:54:02 +0200688config CRYPTO_MD5_OCTEON
689 tristate "MD5 digest algorithm (OCTEON)"
690 depends on CPU_CAVIUM_OCTEON
691 select CRYPTO_MD5
692 select CRYPTO_HASH
693 help
694 MD5 message digest algorithm (RFC1321) implemented
695 using OCTEON crypto instructions, when available.
696
Markus Stockhausene8e59952015-03-01 19:30:46 +0100697config CRYPTO_MD5_PPC
698 tristate "MD5 digest algorithm (PPC)"
699 depends on PPC
700 select CRYPTO_HASH
701 help
702 MD5 message digest algorithm (RFC1321) implemented
703 in PPC assembler.
704
David S. Millerfa4dfed2012-08-19 21:51:26 -0700705config CRYPTO_MD5_SPARC64
706 tristate "MD5 digest algorithm (SPARC64)"
707 depends on SPARC64
708 select CRYPTO_MD5
709 select CRYPTO_HASH
710 help
711 MD5 message digest algorithm (RFC1321) implemented
712 using sparc64 crypto instructions, when available.
713
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800714config CRYPTO_MICHAEL_MIC
715 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800716 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800717 help
718 Michael MIC is used for message integrity protection in TKIP
719 (IEEE 802.11i). This algorithm is required for TKIP, but it
720 should not be used for other purposes because of the weakness
721 of the algorithm.
722
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800723config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800724 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800725 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800726 help
727 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800728
Adrian Bunkb6d44342008-07-16 19:28:00 +0800729 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
Michael Witten35ed4b32011-07-09 04:02:31 +0000730 be used as a secure replacement for RIPEMD. For other use cases,
Adrian Bunkb6d44342008-07-16 19:28:00 +0800731 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800732
Adrian Bunkb6d44342008-07-16 19:28:00 +0800733 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800734 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800735
736config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800737 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800738 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800739 help
740 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800741
Adrian Bunkb6d44342008-07-16 19:28:00 +0800742 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
743 to be used as a secure replacement for the 128-bit hash functions
744 MD4, MD5 and it's predecessor RIPEMD
745 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800746
Adrian Bunkb6d44342008-07-16 19:28:00 +0800747 It's speed is comparable to SHA1 and there are no known attacks
748 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800749
Adrian Bunkb6d44342008-07-16 19:28:00 +0800750 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800751 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800752
753config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800754 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800755 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800756 help
757 RIPEMD-256 is an optional extension of RIPEMD-128 with a
758 256 bit hash. It is intended for applications that require
759 longer hash-results, without needing a larger security level
760 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800761
Adrian Bunkb6d44342008-07-16 19:28:00 +0800762 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800763 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800764
765config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800766 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800767 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800768 help
769 RIPEMD-320 is an optional extension of RIPEMD-160 with a
770 320 bit hash. It is intended for applications that require
771 longer hash-results, without needing a larger security level
772 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800773
Adrian Bunkb6d44342008-07-16 19:28:00 +0800774 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800775 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800776
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800777config CRYPTO_SHA1
778 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800779 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800780 help
781 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
782
Mathias Krause66be8952011-08-04 20:19:25 +0200783config CRYPTO_SHA1_SSSE3
time38b6b72015-09-10 15:27:26 -0700784 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Mathias Krause66be8952011-08-04 20:19:25 +0200785 depends on X86 && 64BIT
786 select CRYPTO_SHA1
787 select CRYPTO_HASH
788 help
789 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
790 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
time38b6b72015-09-10 15:27:26 -0700791 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
792 when available.
Mathias Krause66be8952011-08-04 20:19:25 +0200793
Tim Chen8275d1a2013-03-26 13:59:17 -0700794config CRYPTO_SHA256_SSSE3
time38b6b72015-09-10 15:27:26 -0700795 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Tim Chen8275d1a2013-03-26 13:59:17 -0700796 depends on X86 && 64BIT
797 select CRYPTO_SHA256
798 select CRYPTO_HASH
799 help
800 SHA-256 secure hash standard (DFIPS 180-2) implemented
801 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
802 Extensions version 1 (AVX1), or Advanced Vector Extensions
time38b6b72015-09-10 15:27:26 -0700803 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
804 Instructions) when available.
Tim Chen8275d1a2013-03-26 13:59:17 -0700805
Tim Chen87de4572013-03-26 14:00:02 -0700806config CRYPTO_SHA512_SSSE3
807 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
808 depends on X86 && 64BIT
809 select CRYPTO_SHA512
810 select CRYPTO_HASH
811 help
812 SHA-512 secure hash standard (DFIPS 180-2) implemented
813 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
814 Extensions version 1 (AVX1), or Advanced Vector Extensions
815 version 2 (AVX2) instructions, when available.
816
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200817config CRYPTO_SHA1_OCTEON
818 tristate "SHA1 digest algorithm (OCTEON)"
819 depends on CPU_CAVIUM_OCTEON
820 select CRYPTO_SHA1
821 select CRYPTO_HASH
822 help
823 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
824 using OCTEON crypto instructions, when available.
825
David S. Miller4ff28d42012-08-19 15:41:53 -0700826config CRYPTO_SHA1_SPARC64
827 tristate "SHA1 digest algorithm (SPARC64)"
828 depends on SPARC64
829 select CRYPTO_SHA1
830 select CRYPTO_HASH
831 help
832 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
833 using sparc64 crypto instructions, when available.
834
Michael Ellerman323a6bf2012-09-13 23:00:49 +0000835config CRYPTO_SHA1_PPC
836 tristate "SHA1 digest algorithm (powerpc)"
837 depends on PPC
838 help
839 This is the powerpc hardware accelerated implementation of the
840 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
841
Markus Stockhausend9850fc2015-02-24 20:36:50 +0100842config CRYPTO_SHA1_PPC_SPE
843 tristate "SHA1 digest algorithm (PPC SPE)"
844 depends on PPC && SPE
845 help
846 SHA-1 secure hash standard (DFIPS 180-4) implemented
847 using powerpc SPE SIMD instruction set.
848
Tim Chen1e65b812014-07-31 10:29:51 -0700849config CRYPTO_SHA1_MB
850 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
851 depends on X86 && 64BIT
852 select CRYPTO_SHA1
853 select CRYPTO_HASH
854 select CRYPTO_MCRYPTD
855 help
856 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
857 using multi-buffer technique. This algorithm computes on
858 multiple data lanes concurrently with SIMD instructions for
859 better throughput. It should not be enabled by default but
860 used when there is significant amount of work to keep the keep
861 the data lanes filled to get performance benefit. If the data
862 lanes remain unfilled, a flush operation will be initiated to
863 process the crypto jobs, adding a slight latency.
864
Megha Dey9be7e242016-06-23 18:40:43 -0700865config CRYPTO_SHA256_MB
866 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
867 depends on X86 && 64BIT
868 select CRYPTO_SHA256
869 select CRYPTO_HASH
870 select CRYPTO_MCRYPTD
871 help
872 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
873 using multi-buffer technique. This algorithm computes on
874 multiple data lanes concurrently with SIMD instructions for
875 better throughput. It should not be enabled by default but
876 used when there is significant amount of work to keep the keep
877 the data lanes filled to get performance benefit. If the data
878 lanes remain unfilled, a flush operation will be initiated to
879 process the crypto jobs, adding a slight latency.
880
Megha Dey026bb8a2016-06-27 10:20:05 -0700881config CRYPTO_SHA512_MB
882 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
883 depends on X86 && 64BIT
884 select CRYPTO_SHA512
885 select CRYPTO_HASH
886 select CRYPTO_MCRYPTD
887 help
888 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
889 using multi-buffer technique. This algorithm computes on
890 multiple data lanes concurrently with SIMD instructions for
891 better throughput. It should not be enabled by default but
892 used when there is significant amount of work to keep the keep
893 the data lanes filled to get performance benefit. If the data
894 lanes remain unfilled, a flush operation will be initiated to
895 process the crypto jobs, adding a slight latency.
896
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800897config CRYPTO_SHA256
898 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800899 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800900 help
901 SHA256 secure hash standard (DFIPS 180-2).
902
903 This version of SHA implements a 256 bit hash with 128 bits of
904 security against collision attacks.
905
Adrian Bunkb6d44342008-07-16 19:28:00 +0800906 This code also includes SHA-224, a 224 bit hash with 112 bits
907 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800908
Markus Stockhausen2ecc1e92015-01-30 15:39:34 +0100909config CRYPTO_SHA256_PPC_SPE
910 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
911 depends on PPC && SPE
912 select CRYPTO_SHA256
913 select CRYPTO_HASH
914 help
915 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
916 implemented using powerpc SPE SIMD instruction set.
917
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200918config CRYPTO_SHA256_OCTEON
919 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
920 depends on CPU_CAVIUM_OCTEON
921 select CRYPTO_SHA256
922 select CRYPTO_HASH
923 help
924 SHA-256 secure hash standard (DFIPS 180-2) implemented
925 using OCTEON crypto instructions, when available.
926
David S. Miller86c93b22012-08-19 17:11:37 -0700927config CRYPTO_SHA256_SPARC64
928 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
929 depends on SPARC64
930 select CRYPTO_SHA256
931 select CRYPTO_HASH
932 help
933 SHA-256 secure hash standard (DFIPS 180-2) implemented
934 using sparc64 crypto instructions, when available.
935
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800936config CRYPTO_SHA512
937 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100938 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800939 help
940 SHA512 secure hash standard (DFIPS 180-2).
941
942 This version of SHA implements a 512 bit hash with 256 bits of
943 security against collision attacks.
944
945 This code also includes SHA-384, a 384 bit hash with 192 bits
946 of security against collision attacks.
947
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200948config CRYPTO_SHA512_OCTEON
949 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
950 depends on CPU_CAVIUM_OCTEON
951 select CRYPTO_SHA512
952 select CRYPTO_HASH
953 help
954 SHA-512 secure hash standard (DFIPS 180-2) implemented
955 using OCTEON crypto instructions, when available.
956
David S. Miller775e0c62012-08-19 17:37:56 -0700957config CRYPTO_SHA512_SPARC64
958 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
959 depends on SPARC64
960 select CRYPTO_SHA512
961 select CRYPTO_HASH
962 help
963 SHA-512 secure hash standard (DFIPS 180-2) implemented
964 using sparc64 crypto instructions, when available.
965
Jeff Garzik53964b92016-06-17 10:30:35 +0530966config CRYPTO_SHA3
967 tristate "SHA3 digest algorithm"
968 select CRYPTO_HASH
969 help
970 SHA-3 secure hash standard (DFIPS 202). It's based on
971 cryptographic sponge function family called Keccak.
972
973 References:
974 http://keccak.noekeon.org/
975
Gilad Ben-Yossef4f0fc162017-08-21 13:51:28 +0300976config CRYPTO_SM3
977 tristate "SM3 digest algorithm"
978 select CRYPTO_HASH
979 help
980 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
981 It is part of the Chinese Commercial Cryptography suite.
982
983 References:
984 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
985 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
986
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800987config CRYPTO_TGR192
988 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800989 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800990 help
991 Tiger hash algorithm 192, 160 and 128-bit hashes
992
993 Tiger is a hash function optimized for 64-bit processors while
994 still having decent performance on 32-bit processors.
995 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700996
997 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800998 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
999
1000config CRYPTO_WP512
1001 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +08001002 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001003 help
1004 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1005
1006 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1007 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1008
1009 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001010 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001011
Huang Ying0e1227d2009-10-19 11:53:06 +09001012config CRYPTO_GHASH_CLMUL_NI_INTEL
1013 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Richard Weinberger8af00862011-06-08 20:56:29 +08001014 depends on X86 && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +09001015 select CRYPTO_CRYPTD
1016 help
1017 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1018 The implementation is accelerated by CLMUL-NI of Intel.
1019
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001020comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -07001021
1022config CRYPTO_AES
1023 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001024 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001025 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001026 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -07001027 algorithm.
1028
1029 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001030 both hardware and software across a wide range of computing
1031 environments regardless of its use in feedback or non-feedback
1032 modes. Its key setup time is excellent, and its key agility is
1033 good. Rijndael's very low memory requirements make it very well
1034 suited for restricted-space environments, in which it also
1035 demonstrates excellent performance. Rijndael's operations are
1036 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001037
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001038 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -07001039
1040 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1041
Ard Biesheuvelb5e0b032017-02-02 16:37:40 +00001042config CRYPTO_AES_TI
1043 tristate "Fixed time AES cipher"
1044 select CRYPTO_ALGAPI
1045 help
1046 This is a generic implementation of AES that attempts to eliminate
1047 data dependent latencies as much as possible without affecting
1048 performance too much. It is intended for use by the generic CCM
1049 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1050 solely on encryption (although decryption is supported as well, but
1051 with a more dramatic performance hit)
1052
1053 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1054 8 for decryption), this implementation only uses just two S-boxes of
1055 256 bytes each, and attempts to eliminate data dependent latencies by
1056 prefetching the entire table into the cache at the start of each
1057 block.
1058
Linus Torvalds1da177e2005-04-16 15:20:36 -07001059config CRYPTO_AES_586
1060 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +10001061 depends on (X86 || UML_X86) && !64BIT
1062 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +08001063 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -07001064 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001065 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -07001066 algorithm.
1067
1068 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001069 both hardware and software across a wide range of computing
1070 environments regardless of its use in feedback or non-feedback
1071 modes. Its key setup time is excellent, and its key agility is
1072 good. Rijndael's very low memory requirements make it very well
1073 suited for restricted-space environments, in which it also
1074 demonstrates excellent performance. Rijndael's operations are
1075 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001076
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001077 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -07001078
1079 See <http://csrc.nist.gov/encryption/aes/> for more information.
1080
Andreas Steinmetza2a892a2005-07-06 13:55:00 -07001081config CRYPTO_AES_X86_64
1082 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +10001083 depends on (X86 || UML_X86) && 64BIT
1084 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +08001085 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -07001086 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001087 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -07001088 algorithm.
1089
1090 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001091 both hardware and software across a wide range of computing
1092 environments regardless of its use in feedback or non-feedback
1093 modes. Its key setup time is excellent, and its key agility is
1094 good. Rijndael's very low memory requirements make it very well
1095 suited for restricted-space environments, in which it also
1096 demonstrates excellent performance. Rijndael's operations are
1097 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -07001098
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001099 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -07001100
1101 See <http://csrc.nist.gov/encryption/aes/> for more information.
1102
Huang Ying54b6a1b2009-01-18 16:28:34 +11001103config CRYPTO_AES_NI_INTEL
1104 tristate "AES cipher algorithms (AES-NI)"
Richard Weinberger8af00862011-06-08 20:56:29 +08001105 depends on X86
Herbert Xu85671862016-11-22 20:08:33 +08001106 select CRYPTO_AEAD
Mathias Krause0d258ef2010-11-27 16:34:46 +08001107 select CRYPTO_AES_X86_64 if 64BIT
1108 select CRYPTO_AES_586 if !64BIT
Huang Ying54b6a1b2009-01-18 16:28:34 +11001109 select CRYPTO_ALGAPI
Herbert Xu85671862016-11-22 20:08:33 +08001110 select CRYPTO_BLKCIPHER
Jussi Kivilinna7643a112013-04-10 18:39:20 +03001111 select CRYPTO_GLUE_HELPER_X86 if 64BIT
Herbert Xu85671862016-11-22 20:08:33 +08001112 select CRYPTO_SIMD
Huang Ying54b6a1b2009-01-18 16:28:34 +11001113 help
1114 Use Intel AES-NI instructions for AES algorithm.
1115
1116 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1117 algorithm.
1118
1119 Rijndael appears to be consistently a very good performer in
1120 both hardware and software across a wide range of computing
1121 environments regardless of its use in feedback or non-feedback
1122 modes. Its key setup time is excellent, and its key agility is
1123 good. Rijndael's very low memory requirements make it very well
1124 suited for restricted-space environments, in which it also
1125 demonstrates excellent performance. Rijndael's operations are
1126 among the easiest to defend against power and timing attacks.
1127
1128 The AES specifies three key sizes: 128, 192 and 256 bits
1129
1130 See <http://csrc.nist.gov/encryption/aes/> for more information.
1131
Mathias Krause0d258ef2010-11-27 16:34:46 +08001132 In addition to AES cipher algorithm support, the acceleration
1133 for some popular block cipher mode is supported too, including
1134 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1135 acceleration for CTR.
Huang Ying2cf4ac82009-03-29 15:41:20 +08001136
David S. Miller9bf48522012-08-21 03:58:13 -07001137config CRYPTO_AES_SPARC64
1138 tristate "AES cipher algorithms (SPARC64)"
1139 depends on SPARC64
1140 select CRYPTO_CRYPTD
1141 select CRYPTO_ALGAPI
1142 help
1143 Use SPARC64 crypto opcodes for AES algorithm.
1144
1145 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1146 algorithm.
1147
1148 Rijndael appears to be consistently a very good performer in
1149 both hardware and software across a wide range of computing
1150 environments regardless of its use in feedback or non-feedback
1151 modes. Its key setup time is excellent, and its key agility is
1152 good. Rijndael's very low memory requirements make it very well
1153 suited for restricted-space environments, in which it also
1154 demonstrates excellent performance. Rijndael's operations are
1155 among the easiest to defend against power and timing attacks.
1156
1157 The AES specifies three key sizes: 128, 192 and 256 bits
1158
1159 See <http://csrc.nist.gov/encryption/aes/> for more information.
1160
1161 In addition to AES cipher algorithm support, the acceleration
1162 for some popular block cipher mode is supported too, including
1163 ECB and CBC.
1164
Markus Stockhausen504c6142015-02-22 10:00:10 +01001165config CRYPTO_AES_PPC_SPE
1166 tristate "AES cipher algorithms (PPC SPE)"
1167 depends on PPC && SPE
1168 help
1169 AES cipher algorithms (FIPS-197). Additionally the acceleration
1170 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1171 This module should only be used for low power (router) devices
1172 without hardware AES acceleration (e.g. caam crypto). It reduces the
1173 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1174 timining attacks. Nevertheless it might be not as secure as other
1175 architecture specific assembler implementations that work on 1KB
1176 tables or 256 bytes S-boxes.
1177
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001178config CRYPTO_ANUBIS
1179 tristate "Anubis cipher algorithm"
1180 select CRYPTO_ALGAPI
1181 help
1182 Anubis cipher algorithm.
1183
1184 Anubis is a variable key length cipher which can use keys from
1185 128 bits to 320 bits in length. It was evaluated as a entrant
1186 in the NESSIE competition.
1187
1188 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001189 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1190 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001191
1192config CRYPTO_ARC4
1193 tristate "ARC4 cipher algorithm"
Sebastian Andrzej Siewiorb9b0f082012-06-26 18:13:46 +02001194 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001195 help
1196 ARC4 cipher algorithm.
1197
1198 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1199 bits in length. This algorithm is required for driver-based
1200 WEP, but it should not be for other purposes because of the
1201 weakness of the algorithm.
1202
1203config CRYPTO_BLOWFISH
1204 tristate "Blowfish cipher algorithm"
1205 select CRYPTO_ALGAPI
Jussi Kivilinna52ba8672011-09-02 01:45:07 +03001206 select CRYPTO_BLOWFISH_COMMON
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001207 help
1208 Blowfish cipher algorithm, by Bruce Schneier.
1209
1210 This is a variable key length cipher which can use keys from 32
1211 bits to 448 bits in length. It's fast, simple and specifically
1212 designed for use on "large microprocessors".
1213
1214 See also:
1215 <http://www.schneier.com/blowfish.html>
1216
Jussi Kivilinna52ba8672011-09-02 01:45:07 +03001217config CRYPTO_BLOWFISH_COMMON
1218 tristate
1219 help
1220 Common parts of the Blowfish cipher algorithm shared by the
1221 generic c and the assembler implementations.
1222
1223 See also:
1224 <http://www.schneier.com/blowfish.html>
1225
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +03001226config CRYPTO_BLOWFISH_X86_64
1227 tristate "Blowfish cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001228 depends on X86 && 64BIT
Eric Biggersc1679172018-02-19 23:48:16 -08001229 select CRYPTO_BLKCIPHER
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +03001230 select CRYPTO_BLOWFISH_COMMON
1231 help
1232 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1233
1234 This is a variable key length cipher which can use keys from 32
1235 bits to 448 bits in length. It's fast, simple and specifically
1236 designed for use on "large microprocessors".
1237
1238 See also:
1239 <http://www.schneier.com/blowfish.html>
1240
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001241config CRYPTO_CAMELLIA
1242 tristate "Camellia cipher algorithms"
1243 depends on CRYPTO
1244 select CRYPTO_ALGAPI
1245 help
1246 Camellia cipher algorithms module.
1247
1248 Camellia is a symmetric key block cipher developed jointly
1249 at NTT and Mitsubishi Electric Corporation.
1250
1251 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1252
1253 See also:
1254 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1255
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001256config CRYPTO_CAMELLIA_X86_64
1257 tristate "Camellia cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001258 depends on X86 && 64BIT
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001259 depends on CRYPTO
Eric Biggers1af6d032018-02-19 23:48:22 -08001260 select CRYPTO_BLKCIPHER
Jussi Kivilinna964263a2012-06-18 14:07:29 +03001261 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001262 help
1263 Camellia cipher algorithm module (x86_64).
1264
1265 Camellia is a symmetric key block cipher developed jointly
1266 at NTT and Mitsubishi Electric Corporation.
1267
1268 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1269
1270 See also:
1271 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1272
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001273config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1274 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1275 depends on X86 && 64BIT
1276 depends on CRYPTO
Eric Biggers44893bc2018-02-19 23:48:23 -08001277 select CRYPTO_BLKCIPHER
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001278 select CRYPTO_CAMELLIA_X86_64
Eric Biggers44893bc2018-02-19 23:48:23 -08001279 select CRYPTO_GLUE_HELPER_X86
1280 select CRYPTO_SIMD
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001281 select CRYPTO_XTS
1282 help
1283 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1284
1285 Camellia is a symmetric key block cipher developed jointly
1286 at NTT and Mitsubishi Electric Corporation.
1287
1288 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1289
1290 See also:
1291 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1292
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001293config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1294 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1295 depends on X86 && 64BIT
1296 depends on CRYPTO
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001297 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001298 help
1299 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1300
1301 Camellia is a symmetric key block cipher developed jointly
1302 at NTT and Mitsubishi Electric Corporation.
1303
1304 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1305
1306 See also:
1307 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1308
David S. Miller81658ad2012-08-28 12:05:54 -07001309config CRYPTO_CAMELLIA_SPARC64
1310 tristate "Camellia cipher algorithm (SPARC64)"
1311 depends on SPARC64
1312 depends on CRYPTO
1313 select CRYPTO_ALGAPI
1314 help
1315 Camellia cipher algorithm module (SPARC64).
1316
1317 Camellia is a symmetric key block cipher developed jointly
1318 at NTT and Mitsubishi Electric Corporation.
1319
1320 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1321
1322 See also:
1323 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1324
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001325config CRYPTO_CAST_COMMON
1326 tristate
1327 help
1328 Common parts of the CAST cipher algorithms shared by the
1329 generic c and the assembler implementations.
1330
Linus Torvalds1da177e2005-04-16 15:20:36 -07001331config CRYPTO_CAST5
1332 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001333 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001334 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001335 help
1336 The CAST5 encryption algorithm (synonymous with CAST-128) is
1337 described in RFC2144.
1338
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001339config CRYPTO_CAST5_AVX_X86_64
1340 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1341 depends on X86 && 64BIT
Eric Biggers1e631832018-02-19 23:48:13 -08001342 select CRYPTO_BLKCIPHER
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001343 select CRYPTO_CAST5
Eric Biggers1e631832018-02-19 23:48:13 -08001344 select CRYPTO_CAST_COMMON
1345 select CRYPTO_SIMD
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001346 help
1347 The CAST5 encryption algorithm (synonymous with CAST-128) is
1348 described in RFC2144.
1349
1350 This module provides the Cast5 cipher algorithm that processes
1351 sixteen blocks parallel using the AVX instruction set.
1352
Linus Torvalds1da177e2005-04-16 15:20:36 -07001353config CRYPTO_CAST6
1354 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001355 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001356 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001357 help
1358 The CAST6 encryption algorithm (synonymous with CAST-256) is
1359 described in RFC2612.
1360
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001361config CRYPTO_CAST6_AVX_X86_64
1362 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1363 depends on X86 && 64BIT
Eric Biggers4bd96922018-02-19 23:48:15 -08001364 select CRYPTO_BLKCIPHER
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001365 select CRYPTO_CAST6
Eric Biggers4bd96922018-02-19 23:48:15 -08001366 select CRYPTO_CAST_COMMON
1367 select CRYPTO_GLUE_HELPER_X86
1368 select CRYPTO_SIMD
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001369 select CRYPTO_XTS
1370 help
1371 The CAST6 encryption algorithm (synonymous with CAST-256) is
1372 described in RFC2612.
1373
1374 This module provides the Cast6 cipher algorithm that processes
1375 eight blocks parallel using the AVX instruction set.
1376
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001377config CRYPTO_DES
1378 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001379 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001380 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001381 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -07001382
David S. Millerc5aac2d2012-08-25 22:37:23 -07001383config CRYPTO_DES_SPARC64
1384 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
Dave Jones97da37b2012-10-02 17:13:20 -04001385 depends on SPARC64
David S. Millerc5aac2d2012-08-25 22:37:23 -07001386 select CRYPTO_ALGAPI
1387 select CRYPTO_DES
1388 help
1389 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1390 optimized using SPARC64 crypto opcodes.
1391
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001392config CRYPTO_DES3_EDE_X86_64
1393 tristate "Triple DES EDE cipher algorithm (x86-64)"
1394 depends on X86 && 64BIT
Eric Biggers09c0f032018-02-19 23:48:17 -08001395 select CRYPTO_BLKCIPHER
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001396 select CRYPTO_DES
1397 help
1398 Triple DES EDE (FIPS 46-3) algorithm.
1399
1400 This module provides implementation of the Triple DES EDE cipher
1401 algorithm that is optimized for x86-64 processors. Two versions of
1402 algorithm are provided; regular processing one input block and
1403 one that processes three blocks parallel.
1404
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001405config CRYPTO_FCRYPT
1406 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001407 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001408 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -07001409 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001410 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001411
1412config CRYPTO_KHAZAD
1413 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001414 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001415 help
1416 Khazad cipher algorithm.
1417
1418 Khazad was a finalist in the initial NESSIE competition. It is
1419 an algorithm optimized for 64-bit processors with good performance
1420 on 32-bit processors. Khazad uses an 128 bit key size.
1421
1422 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001423 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001424
Tan Swee Heng2407d602007-11-23 19:45:00 +08001425config CRYPTO_SALSA20
Kees Cook3b4afaf2012-10-02 11:16:49 -07001426 tristate "Salsa20 stream cipher algorithm"
Tan Swee Heng2407d602007-11-23 19:45:00 +08001427 select CRYPTO_BLKCIPHER
1428 help
1429 Salsa20 stream cipher algorithm.
1430
1431 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1432 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1433
1434 The Salsa20 stream cipher algorithm is designed by Daniel J.
1435 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001436
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001437config CRYPTO_SALSA20_586
Kees Cook3b4afaf2012-10-02 11:16:49 -07001438 tristate "Salsa20 stream cipher algorithm (i586)"
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001439 depends on (X86 || UML_X86) && !64BIT
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001440 select CRYPTO_BLKCIPHER
Eric Biggersc9a3ff82018-01-05 11:09:59 -08001441 select CRYPTO_SALSA20
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001442 help
1443 Salsa20 stream cipher algorithm.
1444
1445 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1446 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1447
1448 The Salsa20 stream cipher algorithm is designed by Daniel J.
1449 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1450
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001451config CRYPTO_SALSA20_X86_64
Kees Cook3b4afaf2012-10-02 11:16:49 -07001452 tristate "Salsa20 stream cipher algorithm (x86_64)"
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001453 depends on (X86 || UML_X86) && 64BIT
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001454 select CRYPTO_BLKCIPHER
Eric Biggersc9a3ff82018-01-05 11:09:59 -08001455 select CRYPTO_SALSA20
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001456 help
1457 Salsa20 stream cipher algorithm.
1458
1459 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1460 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1461
1462 The Salsa20 stream cipher algorithm is designed by Daniel J.
1463 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1464
Martin Willic08d0e62015-06-01 13:43:56 +02001465config CRYPTO_CHACHA20
1466 tristate "ChaCha20 cipher algorithm"
1467 select CRYPTO_BLKCIPHER
1468 help
1469 ChaCha20 cipher algorithm, RFC7539.
1470
1471 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1472 Bernstein and further specified in RFC7539 for use in IETF protocols.
1473 This is the portable C implementation of ChaCha20.
1474
1475 See also:
1476 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1477
Martin Willic9320b62015-07-16 19:14:01 +02001478config CRYPTO_CHACHA20_X86_64
Martin Willi3d1e93c2015-07-16 19:14:03 +02001479 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
Martin Willic9320b62015-07-16 19:14:01 +02001480 depends on X86 && 64BIT
1481 select CRYPTO_BLKCIPHER
1482 select CRYPTO_CHACHA20
1483 help
1484 ChaCha20 cipher algorithm, RFC7539.
1485
1486 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1487 Bernstein and further specified in RFC7539 for use in IETF protocols.
1488 This is the x86_64 assembler implementation using SIMD instructions.
1489
1490 See also:
1491 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1492
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001493config CRYPTO_SEED
1494 tristate "SEED cipher algorithm"
1495 select CRYPTO_ALGAPI
1496 help
1497 SEED cipher algorithm (RFC4269).
1498
1499 SEED is a 128-bit symmetric key block cipher that has been
1500 developed by KISA (Korea Information Security Agency) as a
1501 national standard encryption algorithm of the Republic of Korea.
1502 It is a 16 round block cipher with the key size of 128 bit.
1503
1504 See also:
1505 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1506
1507config CRYPTO_SERPENT
1508 tristate "Serpent cipher algorithm"
1509 select CRYPTO_ALGAPI
1510 help
1511 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1512
1513 Keys are allowed to be from 0 to 256 bits in length, in steps
1514 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1515 variant of Serpent for compatibility with old kerneli.org code.
1516
1517 See also:
1518 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1519
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001520config CRYPTO_SERPENT_SSE2_X86_64
1521 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1522 depends on X86 && 64BIT
Eric Biggerse0f409d2018-02-19 23:48:03 -08001523 select CRYPTO_BLKCIPHER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001524 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001525 select CRYPTO_SERPENT
Eric Biggerse0f409d2018-02-19 23:48:03 -08001526 select CRYPTO_SIMD
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001527 help
1528 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1529
1530 Keys are allowed to be from 0 to 256 bits in length, in steps
1531 of 8 bits.
1532
Masanari Iida1e6232f2015-04-04 00:20:30 +09001533 This module provides Serpent cipher algorithm that processes eight
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001534 blocks parallel using SSE2 instruction set.
1535
1536 See also:
1537 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1538
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001539config CRYPTO_SERPENT_SSE2_586
1540 tristate "Serpent cipher algorithm (i586/SSE2)"
1541 depends on X86 && !64BIT
Eric Biggerse0f409d2018-02-19 23:48:03 -08001542 select CRYPTO_BLKCIPHER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001543 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001544 select CRYPTO_SERPENT
Eric Biggerse0f409d2018-02-19 23:48:03 -08001545 select CRYPTO_SIMD
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001546 help
1547 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1548
1549 Keys are allowed to be from 0 to 256 bits in length, in steps
1550 of 8 bits.
1551
1552 This module provides Serpent cipher algorithm that processes four
1553 blocks parallel using SSE2 instruction set.
1554
1555 See also:
1556 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1557
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001558config CRYPTO_SERPENT_AVX_X86_64
1559 tristate "Serpent cipher algorithm (x86_64/AVX)"
1560 depends on X86 && 64BIT
Eric Biggerse16bf972018-02-19 23:48:06 -08001561 select CRYPTO_BLKCIPHER
Jussi Kivilinna1d0debb2012-06-18 14:07:24 +03001562 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001563 select CRYPTO_SERPENT
Eric Biggerse16bf972018-02-19 23:48:06 -08001564 select CRYPTO_SIMD
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001565 select CRYPTO_XTS
1566 help
1567 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1568
1569 Keys are allowed to be from 0 to 256 bits in length, in steps
1570 of 8 bits.
1571
1572 This module provides the Serpent cipher algorithm that processes
1573 eight blocks parallel using the AVX instruction set.
1574
1575 See also:
1576 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1577
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001578config CRYPTO_SERPENT_AVX2_X86_64
1579 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1580 depends on X86 && 64BIT
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001581 select CRYPTO_SERPENT_AVX_X86_64
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001582 help
1583 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1584
1585 Keys are allowed to be from 0 to 256 bits in length, in steps
1586 of 8 bits.
1587
1588 This module provides Serpent cipher algorithm that processes 16
1589 blocks parallel using AVX2 instruction set.
1590
1591 See also:
1592 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1593
Gilad Ben-Yossef747c8ce2018-03-06 09:44:42 +00001594config CRYPTO_SM4
1595 tristate "SM4 cipher algorithm"
1596 select CRYPTO_ALGAPI
1597 help
1598 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1599
1600 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1601 Organization of State Commercial Administration of China (OSCCA)
1602 as an authorized cryptographic algorithms for the use within China.
1603
1604 SMS4 was originally created for use in protecting wireless
1605 networks, and is mandated in the Chinese National Standard for
1606 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1607 (GB.15629.11-2003).
1608
1609 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1610 standardized through TC 260 of the Standardization Administration
1611 of the People's Republic of China (SAC).
1612
1613 The input, output, and key of SMS4 are each 128 bits.
1614
1615 See also: <https://eprint.iacr.org/2008/329.pdf>
1616
1617 If unsure, say N.
1618
Eric Biggersda7a0ab2018-02-14 10:42:19 -08001619config CRYPTO_SPECK
1620 tristate "Speck cipher algorithm"
1621 select CRYPTO_ALGAPI
1622 help
1623 Speck is a lightweight block cipher that is tuned for optimal
1624 performance in software (rather than hardware).
1625
1626 Speck may not be as secure as AES, and should only be used on systems
1627 where AES is not fast enough.
1628
1629 See also: <https://eprint.iacr.org/2013/404.pdf>
1630
1631 If unsure, say N.
1632
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001633config CRYPTO_TEA
1634 tristate "TEA, XTEA and XETA cipher algorithms"
1635 select CRYPTO_ALGAPI
1636 help
1637 TEA cipher algorithm.
1638
1639 Tiny Encryption Algorithm is a simple cipher that uses
1640 many rounds for security. It is very fast and uses
1641 little memory.
1642
1643 Xtendend Tiny Encryption Algorithm is a modification to
1644 the TEA algorithm to address a potential key weakness
1645 in the TEA algorithm.
1646
1647 Xtendend Encryption Tiny Algorithm is a mis-implementation
1648 of the XTEA algorithm for compatibility purposes.
1649
1650config CRYPTO_TWOFISH
1651 tristate "Twofish cipher algorithm"
1652 select CRYPTO_ALGAPI
1653 select CRYPTO_TWOFISH_COMMON
1654 help
1655 Twofish cipher algorithm.
1656
1657 Twofish was submitted as an AES (Advanced Encryption Standard)
1658 candidate cipher by researchers at CounterPane Systems. It is a
1659 16 round block cipher supporting key sizes of 128, 192, and 256
1660 bits.
1661
1662 See also:
1663 <http://www.schneier.com/twofish.html>
1664
1665config CRYPTO_TWOFISH_COMMON
1666 tristate
1667 help
1668 Common parts of the Twofish cipher algorithm shared by the
1669 generic c and the assembler implementations.
1670
1671config CRYPTO_TWOFISH_586
1672 tristate "Twofish cipher algorithms (i586)"
1673 depends on (X86 || UML_X86) && !64BIT
1674 select CRYPTO_ALGAPI
1675 select CRYPTO_TWOFISH_COMMON
1676 help
1677 Twofish cipher algorithm.
1678
1679 Twofish was submitted as an AES (Advanced Encryption Standard)
1680 candidate cipher by researchers at CounterPane Systems. It is a
1681 16 round block cipher supporting key sizes of 128, 192, and 256
1682 bits.
1683
1684 See also:
1685 <http://www.schneier.com/twofish.html>
1686
1687config CRYPTO_TWOFISH_X86_64
1688 tristate "Twofish cipher algorithm (x86_64)"
1689 depends on (X86 || UML_X86) && 64BIT
1690 select CRYPTO_ALGAPI
1691 select CRYPTO_TWOFISH_COMMON
1692 help
1693 Twofish cipher algorithm (x86_64).
1694
1695 Twofish was submitted as an AES (Advanced Encryption Standard)
1696 candidate cipher by researchers at CounterPane Systems. It is a
1697 16 round block cipher supporting key sizes of 128, 192, and 256
1698 bits.
1699
1700 See also:
1701 <http://www.schneier.com/twofish.html>
1702
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001703config CRYPTO_TWOFISH_X86_64_3WAY
1704 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
Al Virof21a7c12012-04-08 20:31:22 -04001705 depends on X86 && 64BIT
Eric Biggers37992fa2018-02-19 23:48:09 -08001706 select CRYPTO_BLKCIPHER
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001707 select CRYPTO_TWOFISH_COMMON
1708 select CRYPTO_TWOFISH_X86_64
Jussi Kivilinna414cb5e2012-06-18 14:07:34 +03001709 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001710 help
1711 Twofish cipher algorithm (x86_64, 3-way parallel).
1712
1713 Twofish was submitted as an AES (Advanced Encryption Standard)
1714 candidate cipher by researchers at CounterPane Systems. It is a
1715 16 round block cipher supporting key sizes of 128, 192, and 256
1716 bits.
1717
1718 This module provides Twofish cipher algorithm that processes three
1719 blocks parallel, utilizing resources of out-of-order CPUs better.
1720
1721 See also:
1722 <http://www.schneier.com/twofish.html>
1723
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001724config CRYPTO_TWOFISH_AVX_X86_64
1725 tristate "Twofish cipher algorithm (x86_64/AVX)"
1726 depends on X86 && 64BIT
Eric Biggers0e6ab462018-02-19 23:48:11 -08001727 select CRYPTO_BLKCIPHER
Jussi Kivilinnaa7378d42012-06-18 14:07:39 +03001728 select CRYPTO_GLUE_HELPER_X86
Eric Biggers0e6ab462018-02-19 23:48:11 -08001729 select CRYPTO_SIMD
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001730 select CRYPTO_TWOFISH_COMMON
1731 select CRYPTO_TWOFISH_X86_64
1732 select CRYPTO_TWOFISH_X86_64_3WAY
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001733 help
1734 Twofish cipher algorithm (x86_64/AVX).
1735
1736 Twofish was submitted as an AES (Advanced Encryption Standard)
1737 candidate cipher by researchers at CounterPane Systems. It is a
1738 16 round block cipher supporting key sizes of 128, 192, and 256
1739 bits.
1740
1741 This module provides the Twofish cipher algorithm that processes
1742 eight blocks parallel using the AVX Instruction Set.
1743
1744 See also:
1745 <http://www.schneier.com/twofish.html>
1746
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001747comment "Compression"
1748
Linus Torvalds1da177e2005-04-16 15:20:36 -07001749config CRYPTO_DEFLATE
1750 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001751 select CRYPTO_ALGAPI
Giovanni Cabidduf6ded092016-10-21 13:19:53 +01001752 select CRYPTO_ACOMP2
Linus Torvalds1da177e2005-04-16 15:20:36 -07001753 select ZLIB_INFLATE
1754 select ZLIB_DEFLATE
1755 help
1756 This is the Deflate algorithm (RFC1951), specified for use in
1757 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001758
Linus Torvalds1da177e2005-04-16 15:20:36 -07001759 You will most probably want this if using IPSec.
1760
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001761config CRYPTO_LZO
1762 tristate "LZO compression algorithm"
1763 select CRYPTO_ALGAPI
Giovanni Cabidduac9d2c42016-10-21 13:19:49 +01001764 select CRYPTO_ACOMP2
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001765 select LZO_COMPRESS
1766 select LZO_DECOMPRESS
1767 help
1768 This is the LZO algorithm.
1769
Seth Jennings35a1fc12012-07-19 09:42:41 -05001770config CRYPTO_842
1771 tristate "842 compression algorithm"
Dan Streetman2062c5b2015-05-07 13:49:15 -04001772 select CRYPTO_ALGAPI
Giovanni Cabiddu6a8de3a2016-10-21 13:19:52 +01001773 select CRYPTO_ACOMP2
Dan Streetman2062c5b2015-05-07 13:49:15 -04001774 select 842_COMPRESS
1775 select 842_DECOMPRESS
Seth Jennings35a1fc12012-07-19 09:42:41 -05001776 help
1777 This is the 842 algorithm.
1778
Chanho Min0ea85302013-07-08 16:01:51 -07001779config CRYPTO_LZ4
1780 tristate "LZ4 compression algorithm"
1781 select CRYPTO_ALGAPI
Giovanni Cabiddu8cd93302016-10-21 13:19:50 +01001782 select CRYPTO_ACOMP2
Chanho Min0ea85302013-07-08 16:01:51 -07001783 select LZ4_COMPRESS
1784 select LZ4_DECOMPRESS
1785 help
1786 This is the LZ4 algorithm.
1787
1788config CRYPTO_LZ4HC
1789 tristate "LZ4HC compression algorithm"
1790 select CRYPTO_ALGAPI
Giovanni Cabiddu91d53d92016-10-21 13:19:51 +01001791 select CRYPTO_ACOMP2
Chanho Min0ea85302013-07-08 16:01:51 -07001792 select LZ4HC_COMPRESS
1793 select LZ4_DECOMPRESS
1794 help
1795 This is the LZ4 high compression mode algorithm.
1796
Nick Terrelld28fc3d2018-03-30 12:14:53 -07001797config CRYPTO_ZSTD
1798 tristate "Zstd compression algorithm"
1799 select CRYPTO_ALGAPI
1800 select CRYPTO_ACOMP2
1801 select ZSTD_COMPRESS
1802 select ZSTD_DECOMPRESS
1803 help
1804 This is the zstd algorithm.
1805
Neil Horman17f0f4a2008-08-14 22:15:52 +10001806comment "Random Number Generation"
1807
1808config CRYPTO_ANSI_CPRNG
1809 tristate "Pseudo Random Number Generation for Cryptographic modules"
1810 select CRYPTO_AES
1811 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +10001812 help
1813 This option enables the generic pseudo random number generator
1814 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +01001815 ANSI X9.31 A.2.4. Note that this option must be enabled if
1816 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +10001817
Herbert Xuf2c89a12014-07-04 22:15:08 +08001818menuconfig CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001819 tristate "NIST SP800-90A DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001820 help
1821 NIST SP800-90A compliant DRBG. In the following submenu, one or
1822 more of the DRBG types must be selected.
1823
Herbert Xuf2c89a12014-07-04 22:15:08 +08001824if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001825
1826config CRYPTO_DRBG_HMAC
Herbert Xu401e4232015-06-03 14:49:31 +08001827 bool
Stephan Mueller419090c2014-05-31 17:22:31 +02001828 default y
Stephan Mueller419090c2014-05-31 17:22:31 +02001829 select CRYPTO_HMAC
Herbert Xu826775b2015-06-11 08:55:10 +08001830 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001831
1832config CRYPTO_DRBG_HASH
1833 bool "Enable Hash DRBG"
Herbert Xu826775b2015-06-11 08:55:10 +08001834 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001835 help
1836 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1837
1838config CRYPTO_DRBG_CTR
1839 bool "Enable CTR DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001840 select CRYPTO_AES
Stephan Mueller35591282016-06-14 07:34:13 +02001841 depends on CRYPTO_CTR
Stephan Mueller419090c2014-05-31 17:22:31 +02001842 help
1843 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1844
Herbert Xuf2c89a12014-07-04 22:15:08 +08001845config CRYPTO_DRBG
1846 tristate
Herbert Xu401e4232015-06-03 14:49:31 +08001847 default CRYPTO_DRBG_MENU
Herbert Xuf2c89a12014-07-04 22:15:08 +08001848 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001849 select CRYPTO_JITTERENTROPY
Herbert Xuf2c89a12014-07-04 22:15:08 +08001850
1851endif # if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001852
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001853config CRYPTO_JITTERENTROPY
1854 tristate "Jitterentropy Non-Deterministic Random Number Generator"
Arnd Bergmann2f313e02016-01-26 14:47:10 +01001855 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001856 help
1857 The Jitterentropy RNG is a noise that is intended
1858 to provide seed to another RNG. The RNG does not
1859 perform any cryptographic whitening of the generated
1860 random numbers. This Jitterentropy RNG registers with
1861 the kernel crypto API and can be used by any caller.
1862
Herbert Xu03c8efc2010-10-19 21:12:39 +08001863config CRYPTO_USER_API
1864 tristate
1865
Herbert Xufe869cd2010-10-19 21:23:00 +08001866config CRYPTO_USER_API_HASH
1867 tristate "User-space interface for hash algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001868 depends on NET
Herbert Xufe869cd2010-10-19 21:23:00 +08001869 select CRYPTO_HASH
1870 select CRYPTO_USER_API
1871 help
1872 This option enables the user-spaces interface for hash
1873 algorithms.
1874
Herbert Xu8ff59092010-10-19 21:31:55 +08001875config CRYPTO_USER_API_SKCIPHER
1876 tristate "User-space interface for symmetric key cipher algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001877 depends on NET
Herbert Xu8ff59092010-10-19 21:31:55 +08001878 select CRYPTO_BLKCIPHER
1879 select CRYPTO_USER_API
1880 help
1881 This option enables the user-spaces interface for symmetric
1882 key cipher algorithms.
1883
Stephan Mueller2f3755382014-12-25 23:00:39 +01001884config CRYPTO_USER_API_RNG
1885 tristate "User-space interface for random number generator algorithms"
1886 depends on NET
1887 select CRYPTO_RNG
1888 select CRYPTO_USER_API
1889 help
1890 This option enables the user-spaces interface for random
1891 number generator algorithms.
1892
Herbert Xub64a2d92015-05-28 11:30:35 +08001893config CRYPTO_USER_API_AEAD
1894 tristate "User-space interface for AEAD cipher algorithms"
1895 depends on NET
1896 select CRYPTO_AEAD
Stephan Mueller72548b02017-07-30 14:32:58 +02001897 select CRYPTO_BLKCIPHER
1898 select CRYPTO_NULL
Herbert Xub64a2d92015-05-28 11:30:35 +08001899 select CRYPTO_USER_API
1900 help
1901 This option enables the user-spaces interface for AEAD
1902 cipher algorithms.
1903
Dmitry Kasatkinee089972013-05-06 15:40:01 +03001904config CRYPTO_HASH_INFO
1905 bool
1906
Linus Torvalds1da177e2005-04-16 15:20:36 -07001907source "drivers/crypto/Kconfig"
David Howells964f3b32012-09-13 15:17:21 +01001908source crypto/asymmetric_keys/Kconfig
David Howellscfc411e2015-08-14 15:20:41 +01001909source certs/Kconfig
Linus Torvalds1da177e2005-04-16 15:20:36 -07001910
Herbert Xucce9e062006-08-21 21:08:13 +10001911endif # if CRYPTO