]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - crypto/Kconfig
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: drbg - Add stdrng alias and increase priority
[mirror_ubuntu-bionic-kernel.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
51
5cde0af2
HX		 52config CRYPTO_BLKCIPHER
53 tristate
6a0fcbb4 54 select CRYPTO_BLKCIPHER2
5cde0af2 55 select CRYPTO_ALGAPI
6a0fcbb4
HX		 56
57config CRYPTO_BLKCIPHER2
58 tristate
59 select CRYPTO_ALGAPI2
60 select CRYPTO_RNG2
0a2e821d 61 select CRYPTO_WORKQUEUE
5cde0af2 62
055bcee3
HX		 63config CRYPTO_HASH
64 tristate
6a0fcbb4 65 select CRYPTO_HASH2
055bcee3
HX		 66 select CRYPTO_ALGAPI
67
6a0fcbb4
HX		 68config CRYPTO_HASH2
69 tristate
70 select CRYPTO_ALGAPI2
71
17f0f4a4
NH		 72config CRYPTO_RNG
73 tristate
6a0fcbb4 74 select CRYPTO_RNG2
17f0f4a4
NH		 75 select CRYPTO_ALGAPI
76
6a0fcbb4
HX		 77config CRYPTO_RNG2
78 tristate
79 select CRYPTO_ALGAPI2
80
a1d2f095 81config CRYPTO_PCOMP
bc94e596
HX		 82 tristate
83 select CRYPTO_PCOMP2
84 select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
a1d2f095
GU		 87 tristate
88 select CRYPTO_ALGAPI2
89
2b8c19db
HX		 90config CRYPTO_MANAGER
91 tristate "Cryptographic algorithm manager"
6a0fcbb4 92 select CRYPTO_MANAGER2
2b8c19db
HX		 93 help
94 Create default cryptographic template instantiations such as
95 cbc(aes).
96
6a0fcbb4
HX		 97config CRYPTO_MANAGER2
98 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99 select CRYPTO_AEAD2
100 select CRYPTO_HASH2
101 select CRYPTO_BLKCIPHER2
bc94e596 102 select CRYPTO_PCOMP2
6a0fcbb4 103
a38f7907
SK		 104config CRYPTO_USER
105 tristate "Userspace cryptographic algorithm configuration"
5db017aa 106 depends on NET
a38f7907
SK		 107 select CRYPTO_MANAGER
108 help
d19978f5 109 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 110 cbc(aes).
111
326a6346
HX		 112config CRYPTO_MANAGER_DISABLE_TESTS
113 bool "Disable run-time self tests"
00ca28a5
HX		 114 default y
115 depends on CRYPTO_MANAGER2
0b767f96 116 help
326a6346
HX		 117 Disable run-time self tests that normally take place at
118 algorithm registration.
0b767f96 119
584fffc8 120config CRYPTO_GF128MUL
08c70fc3 121 tristate "GF(2^128) multiplication functions"
333b0d7e 122 help
584fffc8
SS		 123 Efficient table driven implementation of multiplications in the
124 field GF(2^128). This is needed by some cypher modes. This
125 option will be selected automatically if you select such a
126 cipher mode. Only select this option by hand if you expect to load
127 an external module that requires these functions.
333b0d7e 128
1da177e4
LT		 129config CRYPTO_NULL
130 tristate "Null algorithms"
cce9e06d 131 select CRYPTO_ALGAPI
c8620c25 132 select CRYPTO_BLKCIPHER
d35d2454 133 select CRYPTO_HASH
1da177e4
LT		 134 help
135 These are 'Null' algorithms, used by IPsec, which do nothing.
136
5068c7a8 137config CRYPTO_PCRYPT
3b4afaf2
KC		 138 tristate "Parallel crypto engine"
139 depends on SMP
5068c7a8
SK		 140 select PADATA
141 select CRYPTO_MANAGER
142 select CRYPTO_AEAD
143 help
144 This converts an arbitrary crypto algorithm into a parallel
145 algorithm that executes in kernel threads.
146
25c38d3f
HY		 147config CRYPTO_WORKQUEUE
148 tristate
149
584fffc8
SS		 150config CRYPTO_CRYPTD
151 tristate "Software async crypto daemon"
152 select CRYPTO_BLKCIPHER
b8a28251 153 select CRYPTO_HASH
584fffc8 154 select CRYPTO_MANAGER
254eff77 155 select CRYPTO_WORKQUEUE
1da177e4 156 help
584fffc8
SS		 157 This is a generic software asynchronous crypto daemon that
158 converts an arbitrary synchronous software crypto algorithm
159 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 160
1e65b81a
TC		 161config CRYPTO_MCRYPTD
162 tristate "Software async multi-buffer crypto daemon"
163 select CRYPTO_BLKCIPHER
164 select CRYPTO_HASH
165 select CRYPTO_MANAGER
166 select CRYPTO_WORKQUEUE
167 help
168 This is a generic software asynchronous crypto daemon that
169 provides the kernel thread to assist multi-buffer crypto
170 algorithms for submitting jobs and flushing jobs in multi-buffer
171 crypto algorithms. Multi-buffer crypto algorithms are executed
172 in the context of this kernel thread and drivers can post
0e56673b 173 their crypto request asynchronously to be processed by this daemon.
1e65b81a 174
584fffc8
SS		 175config CRYPTO_AUTHENC
176 tristate "Authenc support"
177 select CRYPTO_AEAD
178 select CRYPTO_BLKCIPHER
179 select CRYPTO_MANAGER
180 select CRYPTO_HASH
1da177e4 181 help
584fffc8
SS		 182 Authenc: Combined mode wrapper for IPsec.
183 This is required for IPSec.
1da177e4 184
584fffc8
SS		 185config CRYPTO_TEST
186 tristate "Testing module"
187 depends on m
da7f033d 188 select CRYPTO_MANAGER
1da177e4 189 help
584fffc8 190 Quick & dirty crypto test module.
1da177e4 191
a62b01cd 192config CRYPTO_ABLK_HELPER
ffaf9156 193 tristate
ffaf9156
JK		 194 select CRYPTO_CRYPTD
195
596d8750
JK		 196config CRYPTO_GLUE_HELPER_X86
197 tristate
198 depends on X86
199 select CRYPTO_ALGAPI
200
584fffc8 201comment "Authenticated Encryption with Associated Data"
cd12fb90 202
584fffc8
SS		 203config CRYPTO_CCM
204 tristate "CCM support"
205 select CRYPTO_CTR
206 select CRYPTO_AEAD
1da177e4 207 help
584fffc8 208 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 209
584fffc8
SS		 210config CRYPTO_GCM
211 tristate "GCM/GMAC support"
212 select CRYPTO_CTR
213 select CRYPTO_AEAD
9382d97a 214 select CRYPTO_GHASH
9489667d 215 select CRYPTO_NULL
1da177e4 216 help
584fffc8
SS		 217 Support for Galois/Counter Mode (GCM) and Galois Message
218 Authentication Code (GMAC). Required for IPSec.
1da177e4 219
71ebc4d1
MW		 220config CRYPTO_CHACHA20POLY1305
221 tristate "ChaCha20-Poly1305 AEAD support"
222 select CRYPTO_CHACHA20
223 select CRYPTO_POLY1305
224 select CRYPTO_AEAD
225 help
226 ChaCha20-Poly1305 AEAD support, RFC7539.
227
228 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
229 with the Poly1305 authenticator. It is defined in RFC7539 for use in
230 IETF protocols.
231
584fffc8
SS		 232config CRYPTO_SEQIV
233 tristate "Sequence Number IV Generator"
234 select CRYPTO_AEAD
235 select CRYPTO_BLKCIPHER
856e3f40 236 select CRYPTO_NULL
a0f000ec 237 select CRYPTO_RNG
1da177e4 238 help
584fffc8
SS		 239 This IV generator generates an IV based on a sequence number by
240 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 241
a10f554f
HX		 242config CRYPTO_ECHAINIV
243 tristate "Encrypted Chain IV Generator"
244 select CRYPTO_AEAD
245 select CRYPTO_NULL
246 select CRYPTO_RNG
247 help
248 This IV generator generates an IV based on the encryption of
249 a sequence number xored with a salt. This is the default
250 algorithm for CBC.
251
584fffc8 252comment "Block modes"
c494e070 253
584fffc8
SS		 254config CRYPTO_CBC
255 tristate "CBC support"
db131ef9 256 select CRYPTO_BLKCIPHER
43518407 257 select CRYPTO_MANAGER
db131ef9 258 help
584fffc8
SS		 259 CBC: Cipher Block Chaining mode
260 This block cipher algorithm is required for IPSec.
db131ef9 261
584fffc8
SS		 262config CRYPTO_CTR
263 tristate "CTR support"
db131ef9 264 select CRYPTO_BLKCIPHER
584fffc8 265 select CRYPTO_SEQIV
43518407 266 select CRYPTO_MANAGER
db131ef9 267 help
584fffc8 268 CTR: Counter mode
db131ef9
HX		 269 This block cipher algorithm is required for IPSec.
270
584fffc8
SS		 271config CRYPTO_CTS
272 tristate "CTS support"
273 select CRYPTO_BLKCIPHER
274 help
275 CTS: Cipher Text Stealing
276 This is the Cipher Text Stealing mode as described by
277 Section 8 of rfc2040 and referenced by rfc3962.
278 (rfc3962 includes errata information in its Appendix A)
279 This mode is required for Kerberos gss mechanism support
280 for AES encryption.
281
282config CRYPTO_ECB
283 tristate "ECB support"
91652be5
DH		 284 select CRYPTO_BLKCIPHER
285 select CRYPTO_MANAGER
91652be5 286 help
584fffc8
SS		 287 ECB: Electronic CodeBook mode
288 This is the simplest block cipher algorithm. It simply encrypts
289 the input block by block.
91652be5 290
64470f1b 291config CRYPTO_LRW
2470a2b2 292 tristate "LRW support"
64470f1b
RS		 293 select CRYPTO_BLKCIPHER
294 select CRYPTO_MANAGER
295 select CRYPTO_GF128MUL
296 help
297 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
298 narrow block cipher mode for dm-crypt. Use it with cipher
299 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
300 The first 128, 192 or 256 bits in the key are used for AES and the
301 rest is used to tie each cipher block to its logical position.
302
584fffc8
SS		 303config CRYPTO_PCBC
304 tristate "PCBC support"
305 select CRYPTO_BLKCIPHER
306 select CRYPTO_MANAGER
307 help
308 PCBC: Propagating Cipher Block Chaining mode
309 This block cipher algorithm is required for RxRPC.
310
f19f5111 311config CRYPTO_XTS
5bcf8e6d 312 tristate "XTS support"
f19f5111
RS		 313 select CRYPTO_BLKCIPHER
314 select CRYPTO_MANAGER
315 select CRYPTO_GF128MUL
316 help
317 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
318 key size 256, 384 or 512 bits. This implementation currently
319 can't handle a sectorsize which is not a multiple of 16 bytes.
320
584fffc8
SS		 321comment "Hash modes"
322
93b5e86a
JK		 323config CRYPTO_CMAC
324 tristate "CMAC support"
325 select CRYPTO_HASH
326 select CRYPTO_MANAGER
327 help
328 Cipher-based Message Authentication Code (CMAC) specified by
329 The National Institute of Standards and Technology (NIST).
330
331 https://tools.ietf.org/html/rfc4493
332 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
333
584fffc8
SS		 334config CRYPTO_HMAC
335 tristate "HMAC support"
336 select CRYPTO_HASH
23e353c8 337 select CRYPTO_MANAGER
23e353c8 338 help
584fffc8
SS		 339 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
340 This is required for IPSec.
23e353c8 341
584fffc8
SS		 342config CRYPTO_XCBC
343 tristate "XCBC support"
584fffc8
SS		 344 select CRYPTO_HASH
345 select CRYPTO_MANAGER
76cb9521 346 help
584fffc8
SS		 347 XCBC: Keyed-Hashing with encryption algorithm
348 http://www.ietf.org/rfc/rfc3566.txt
349 http://csrc.nist.gov/encryption/modes/proposedmodes/
350 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 351
f1939f7c
SW		 352config CRYPTO_VMAC
353 tristate "VMAC support"
f1939f7c
SW		 354 select CRYPTO_HASH
355 select CRYPTO_MANAGER
356 help
357 VMAC is a message authentication algorithm designed for
358 very high speed on 64-bit architectures.
359
360 See also:
361 <http://fastcrypto.org/vmac>
362
584fffc8 363comment "Digest"
28db8e3e 364
584fffc8
SS		 365config CRYPTO_CRC32C
366 tristate "CRC32c CRC algorithm"
5773a3e6 367 select CRYPTO_HASH
6a0962b2 368 select CRC32
4a49b499 369 help
584fffc8
SS		 370 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
371 by iSCSI for header and data digests and by others.
69c35efc 372 See Castagnoli93. Module will be crc32c.
4a49b499 373
8cb51ba8
AZ		 374config CRYPTO_CRC32C_INTEL
375 tristate "CRC32c INTEL hardware acceleration"
376 depends on X86
377 select CRYPTO_HASH
378 help
379 In Intel processor with SSE4.2 supported, the processor will
380 support CRC32C implementation using hardware accelerated CRC32
381 instruction. This option will create 'crc32c-intel' module,
382 which will enable any routine to use the CRC32 instruction to
383 gain performance compared with software implementation.
384 Module will be crc32c-intel.
385
442a7c40
DM		 386config CRYPTO_CRC32C_SPARC64
387 tristate "CRC32c CRC algorithm (SPARC64)"
388 depends on SPARC64
389 select CRYPTO_HASH
390 select CRC32
391 help
392 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
393 when available.
394
78c37d19
AB		 395config CRYPTO_CRC32
396 tristate "CRC32 CRC algorithm"
397 select CRYPTO_HASH
398 select CRC32
399 help
400 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
401 Shash crypto api wrappers to crc32_le function.
402
403config CRYPTO_CRC32_PCLMUL
404 tristate "CRC32 PCLMULQDQ hardware acceleration"
405 depends on X86
406 select CRYPTO_HASH
407 select CRC32
408 help
409 From Intel Westmere and AMD Bulldozer processor with SSE4.2
410 and PCLMULQDQ supported, the processor will support
411 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
412 instruction. This option will create 'crc32-plcmul' module,
413 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
414 and gain better performance as compared with the table implementation.
415
68411521
HX		 416config CRYPTO_CRCT10DIF
417 tristate "CRCT10DIF algorithm"
418 select CRYPTO_HASH
419 help
420 CRC T10 Data Integrity Field computation is being cast as
421 a crypto transform. This allows for faster crc t10 diff
422 transforms to be used if they are available.
423
424config CRYPTO_CRCT10DIF_PCLMUL
425 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
426 depends on X86 && 64BIT && CRC_T10DIF
427 select CRYPTO_HASH
428 help
429 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
430 CRC T10 DIF PCLMULQDQ computation can be hardware
431 accelerated PCLMULQDQ instruction. This option will create
432 'crct10dif-plcmul' module, which is faster when computing the
433 crct10dif checksum as compared with the generic table implementation.
434
2cdc6899
HY		 435config CRYPTO_GHASH
436 tristate "GHASH digest algorithm"
2cdc6899
HY		 437 select CRYPTO_GF128MUL
438 help
439 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
440
f979e014
MW		 441config CRYPTO_POLY1305
442 tristate "Poly1305 authenticator algorithm"
443 help
444 Poly1305 authenticator algorithm, RFC7539.
445
446 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
447 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
448 in IETF protocols. This is the portable C implementation of Poly1305.
449
584fffc8
SS		 450config CRYPTO_MD4
451 tristate "MD4 digest algorithm"
808a1763 452 select CRYPTO_HASH
124b53d0 453 help
584fffc8 454 MD4 message digest algorithm (RFC1320).
124b53d0 455
584fffc8
SS		 456config CRYPTO_MD5
457 tristate "MD5 digest algorithm"
14b75ba7 458 select CRYPTO_HASH
1da177e4 459 help
584fffc8 460 MD5 message digest algorithm (RFC1321).
1da177e4 461
d69e75de
AK		 462config CRYPTO_MD5_OCTEON
463 tristate "MD5 digest algorithm (OCTEON)"
464 depends on CPU_CAVIUM_OCTEON
465 select CRYPTO_MD5
466 select CRYPTO_HASH
467 help
468 MD5 message digest algorithm (RFC1321) implemented
469 using OCTEON crypto instructions, when available.
470
e8e59953
MS		 471config CRYPTO_MD5_PPC
472 tristate "MD5 digest algorithm (PPC)"
473 depends on PPC
474 select CRYPTO_HASH
475 help
476 MD5 message digest algorithm (RFC1321) implemented
477 in PPC assembler.
478
fa4dfedc
DM		 479config CRYPTO_MD5_SPARC64
480 tristate "MD5 digest algorithm (SPARC64)"
481 depends on SPARC64
482 select CRYPTO_MD5
483 select CRYPTO_HASH
484 help
485 MD5 message digest algorithm (RFC1321) implemented
486 using sparc64 crypto instructions, when available.
487
584fffc8
SS		 488config CRYPTO_MICHAEL_MIC
489 tristate "Michael MIC keyed digest algorithm"
19e2bf14 490 select CRYPTO_HASH
90831639 491 help
584fffc8
SS		 492 Michael MIC is used for message integrity protection in TKIP
493 (IEEE 802.11i). This algorithm is required for TKIP, but it
494 should not be used for other purposes because of the weakness
495 of the algorithm.
90831639 496
82798f90 497config CRYPTO_RMD128
b6d44341 498 tristate "RIPEMD-128 digest algorithm"
7c4468bc 499 select CRYPTO_HASH
b6d44341
AB		 500 help
501 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 502
b6d44341 503 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 504 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 505 RIPEMD-160 should be used.
82798f90 506
b6d44341 507 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 508 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 509
510config CRYPTO_RMD160
b6d44341 511 tristate "RIPEMD-160 digest algorithm"
e5835fba 512 select CRYPTO_HASH
b6d44341
AB		 513 help
514 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 515
b6d44341
AB		 516 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
517 to be used as a secure replacement for the 128-bit hash functions
518 MD4, MD5 and it's predecessor RIPEMD
519 (not to be confused with RIPEMD-128).
82798f90 520
b6d44341
AB		 521 It's speed is comparable to SHA1 and there are no known attacks
522 against RIPEMD-160.
534fe2c1 523
b6d44341 524 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 525 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 526
527config CRYPTO_RMD256
b6d44341 528 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 529 select CRYPTO_HASH
b6d44341
AB		 530 help
531 RIPEMD-256 is an optional extension of RIPEMD-128 with a
532 256 bit hash. It is intended for applications that require
533 longer hash-results, without needing a larger security level
534 (than RIPEMD-128).
534fe2c1 535
b6d44341 536 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 537 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 538
539config CRYPTO_RMD320
b6d44341 540 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 541 select CRYPTO_HASH
b6d44341
AB		 542 help
543 RIPEMD-320 is an optional extension of RIPEMD-160 with a
544 320 bit hash. It is intended for applications that require
545 longer hash-results, without needing a larger security level
546 (than RIPEMD-160).
534fe2c1 547
b6d44341 548 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 549 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 550
584fffc8
SS		 551config CRYPTO_SHA1
552 tristate "SHA1 digest algorithm"
54ccb367 553 select CRYPTO_HASH
1da177e4 554 help
584fffc8 555 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 556
66be8951 557config CRYPTO_SHA1_SSSE3
7c1da8d0 558 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
66be8951
MK		 559 depends on X86 && 64BIT
560 select CRYPTO_SHA1
561 select CRYPTO_HASH
562 help
563 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
564 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
7c1da8d0 565 Extensions (AVX/AVX2), when available.
66be8951 566
8275d1aa
TC		 567config CRYPTO_SHA256_SSSE3
568 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
569 depends on X86 && 64BIT
570 select CRYPTO_SHA256
571 select CRYPTO_HASH
572 help
573 SHA-256 secure hash standard (DFIPS 180-2) implemented
574 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
575 Extensions version 1 (AVX1), or Advanced Vector Extensions
87de4579
TC		 576 version 2 (AVX2) instructions, when available.
577
578config CRYPTO_SHA512_SSSE3
579 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
580 depends on X86 && 64BIT
581 select CRYPTO_SHA512
582 select CRYPTO_HASH
583 help
584 SHA-512 secure hash standard (DFIPS 180-2) implemented
585 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
586 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 587 version 2 (AVX2) instructions, when available.
588
efdb6f6e
AK		 589config CRYPTO_SHA1_OCTEON
590 tristate "SHA1 digest algorithm (OCTEON)"
591 depends on CPU_CAVIUM_OCTEON
592 select CRYPTO_SHA1
593 select CRYPTO_HASH
594 help
595 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
596 using OCTEON crypto instructions, when available.
597
4ff28d4c
DM		 598config CRYPTO_SHA1_SPARC64
599 tristate "SHA1 digest algorithm (SPARC64)"
600 depends on SPARC64
601 select CRYPTO_SHA1
602 select CRYPTO_HASH
603 help
604 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
605 using sparc64 crypto instructions, when available.
606
323a6bf1
ME		 607config CRYPTO_SHA1_PPC
608 tristate "SHA1 digest algorithm (powerpc)"
609 depends on PPC
610 help
611 This is the powerpc hardware accelerated implementation of the
612 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
613
d9850fc5
MS		 614config CRYPTO_SHA1_PPC_SPE
615 tristate "SHA1 digest algorithm (PPC SPE)"
616 depends on PPC && SPE
617 help
618 SHA-1 secure hash standard (DFIPS 180-4) implemented
619 using powerpc SPE SIMD instruction set.
620
1e65b81a
TC		 621config CRYPTO_SHA1_MB
622 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
623 depends on X86 && 64BIT
624 select CRYPTO_SHA1
625 select CRYPTO_HASH
626 select CRYPTO_MCRYPTD
627 help
628 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
629 using multi-buffer technique. This algorithm computes on
630 multiple data lanes concurrently with SIMD instructions for
631 better throughput. It should not be enabled by default but
632 used when there is significant amount of work to keep the keep
633 the data lanes filled to get performance benefit. If the data
634 lanes remain unfilled, a flush operation will be initiated to
635 process the crypto jobs, adding a slight latency.
636
584fffc8
SS		 637config CRYPTO_SHA256
638 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 639 select CRYPTO_HASH
1da177e4 640 help
584fffc8 641 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 642
584fffc8
SS		 643 This version of SHA implements a 256 bit hash with 128 bits of
644 security against collision attacks.
2729bb42 645
b6d44341
AB		 646 This code also includes SHA-224, a 224 bit hash with 112 bits
647 of security against collision attacks.
584fffc8 648
2ecc1e95
MS		 649config CRYPTO_SHA256_PPC_SPE
650 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
651 depends on PPC && SPE
652 select CRYPTO_SHA256
653 select CRYPTO_HASH
654 help
655 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
656 implemented using powerpc SPE SIMD instruction set.
657
efdb6f6e
AK		 658config CRYPTO_SHA256_OCTEON
659 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
660 depends on CPU_CAVIUM_OCTEON
661 select CRYPTO_SHA256
662 select CRYPTO_HASH
663 help
664 SHA-256 secure hash standard (DFIPS 180-2) implemented
665 using OCTEON crypto instructions, when available.
666
86c93b24
DM		 667config CRYPTO_SHA256_SPARC64
668 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
669 depends on SPARC64
670 select CRYPTO_SHA256
671 select CRYPTO_HASH
672 help
673 SHA-256 secure hash standard (DFIPS 180-2) implemented
674 using sparc64 crypto instructions, when available.
675
584fffc8
SS		 676config CRYPTO_SHA512
677 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 678 select CRYPTO_HASH
b9f535ff 679 help
584fffc8 680 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 681
584fffc8
SS		 682 This version of SHA implements a 512 bit hash with 256 bits of
683 security against collision attacks.
b9f535ff 684
584fffc8
SS		 685 This code also includes SHA-384, a 384 bit hash with 192 bits
686 of security against collision attacks.
b9f535ff 687
efdb6f6e
AK		 688config CRYPTO_SHA512_OCTEON
689 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
690 depends on CPU_CAVIUM_OCTEON
691 select CRYPTO_SHA512
692 select CRYPTO_HASH
693 help
694 SHA-512 secure hash standard (DFIPS 180-2) implemented
695 using OCTEON crypto instructions, when available.
696
775e0c69
DM		 697config CRYPTO_SHA512_SPARC64
698 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
699 depends on SPARC64
700 select CRYPTO_SHA512
701 select CRYPTO_HASH
702 help
703 SHA-512 secure hash standard (DFIPS 180-2) implemented
704 using sparc64 crypto instructions, when available.
705
584fffc8
SS		 706config CRYPTO_TGR192
707 tristate "Tiger digest algorithms"
f63fbd3d 708 select CRYPTO_HASH
eaf44088 709 help
584fffc8 710 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 711
584fffc8
SS		 712 Tiger is a hash function optimized for 64-bit processors while
713 still having decent performance on 32-bit processors.
714 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 715
716 See also:
584fffc8 717 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 718
584fffc8
SS		 719config CRYPTO_WP512
720 tristate "Whirlpool digest algorithms"
4946510b 721 select CRYPTO_HASH
1da177e4 722 help
584fffc8 723 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 724
584fffc8
SS		 725 Whirlpool-512 is part of the NESSIE cryptographic primitives.
726 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 727
728 See also:
6d8de74c 729 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 730
0e1227d3
HY		 731config CRYPTO_GHASH_CLMUL_NI_INTEL
732 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 733 depends on X86 && 64BIT
0e1227d3
HY		 734 select CRYPTO_CRYPTD
735 help
736 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
737 The implementation is accelerated by CLMUL-NI of Intel.
738
584fffc8 739comment "Ciphers"
1da177e4
LT		 740
741config CRYPTO_AES
742 tristate "AES cipher algorithms"
cce9e06d 743 select CRYPTO_ALGAPI
1da177e4 744 help
584fffc8 745 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 746 algorithm.
747
748 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 749 both hardware and software across a wide range of computing
750 environments regardless of its use in feedback or non-feedback
751 modes. Its key setup time is excellent, and its key agility is
752 good. Rijndael's very low memory requirements make it very well
753 suited for restricted-space environments, in which it also
754 demonstrates excellent performance. Rijndael's operations are
755 among the easiest to defend against power and timing attacks.
1da177e4 756
584fffc8 757 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 758
759 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
760
761config CRYPTO_AES_586
762 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 763 depends on (X86 || UML_X86) && !64BIT
764 select CRYPTO_ALGAPI
5157dea8 765 select CRYPTO_AES
1da177e4 766 help
584fffc8 767 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 768 algorithm.
769
770 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 771 both hardware and software across a wide range of computing
772 environments regardless of its use in feedback or non-feedback
773 modes. Its key setup time is excellent, and its key agility is
774 good. Rijndael's very low memory requirements make it very well
775 suited for restricted-space environments, in which it also
776 demonstrates excellent performance. Rijndael's operations are
777 among the easiest to defend against power and timing attacks.
1da177e4 778
584fffc8 779 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 780
781 See <http://csrc.nist.gov/encryption/aes/> for more information.
782
783config CRYPTO_AES_X86_64
784 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 785 depends on (X86 || UML_X86) && 64BIT
786 select CRYPTO_ALGAPI
81190b32 787 select CRYPTO_AES
a2a892a2 788 help
584fffc8 789 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 790 algorithm.
791
792 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 793 both hardware and software across a wide range of computing
794 environments regardless of its use in feedback or non-feedback
795 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 796 good. Rijndael's very low memory requirements make it very well
797 suited for restricted-space environments, in which it also
798 demonstrates excellent performance. Rijndael's operations are
799 among the easiest to defend against power and timing attacks.
800
801 The AES specifies three key sizes: 128, 192 and 256 bits
802
803 See <http://csrc.nist.gov/encryption/aes/> for more information.
804
805config CRYPTO_AES_NI_INTEL
806 tristate "AES cipher algorithms (AES-NI)"
8af00860 807 depends on X86
0d258efb
MK		 808 select CRYPTO_AES_X86_64 if 64BIT
809 select CRYPTO_AES_586 if !64BIT
54b6a1bd 810 select CRYPTO_CRYPTD
801201aa 811 select CRYPTO_ABLK_HELPER
54b6a1bd 812 select CRYPTO_ALGAPI
7643a11a 813 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 814 select CRYPTO_LRW
815 select CRYPTO_XTS
54b6a1bd
HY		 816 help
817 Use Intel AES-NI instructions for AES algorithm.
818
819 AES cipher algorithms (FIPS-197). AES uses the Rijndael
820 algorithm.
821
822 Rijndael appears to be consistently a very good performer in
823 both hardware and software across a wide range of computing
824 environments regardless of its use in feedback or non-feedback
825 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 826 good. Rijndael's very low memory requirements make it very well
827 suited for restricted-space environments, in which it also
828 demonstrates excellent performance. Rijndael's operations are
829 among the easiest to defend against power and timing attacks.
a2a892a2 830
584fffc8 831 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 832
833 See <http://csrc.nist.gov/encryption/aes/> for more information.
834
0d258efb
MK		 835 In addition to AES cipher algorithm support, the acceleration
836 for some popular block cipher mode is supported too, including
837 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
838 acceleration for CTR.
2cf4ac8b 839
9bf4852d
DM		 840config CRYPTO_AES_SPARC64
841 tristate "AES cipher algorithms (SPARC64)"
842 depends on SPARC64
843 select CRYPTO_CRYPTD
844 select CRYPTO_ALGAPI
845 help
846 Use SPARC64 crypto opcodes for AES algorithm.
847
848 AES cipher algorithms (FIPS-197). AES uses the Rijndael
849 algorithm.
850
851 Rijndael appears to be consistently a very good performer in
852 both hardware and software across a wide range of computing
853 environments regardless of its use in feedback or non-feedback
854 modes. Its key setup time is excellent, and its key agility is
855 good. Rijndael's very low memory requirements make it very well
856 suited for restricted-space environments, in which it also
857 demonstrates excellent performance. Rijndael's operations are
858 among the easiest to defend against power and timing attacks.
859
860 The AES specifies three key sizes: 128, 192 and 256 bits
861
862 See <http://csrc.nist.gov/encryption/aes/> for more information.
863
864 In addition to AES cipher algorithm support, the acceleration
865 for some popular block cipher mode is supported too, including
866 ECB and CBC.
867
504c6143
MS		 868config CRYPTO_AES_PPC_SPE
869 tristate "AES cipher algorithms (PPC SPE)"
870 depends on PPC && SPE
871 help
872 AES cipher algorithms (FIPS-197). Additionally the acceleration
873 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
874 This module should only be used for low power (router) devices
875 without hardware AES acceleration (e.g. caam crypto). It reduces the
876 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
877 timining attacks. Nevertheless it might be not as secure as other
878 architecture specific assembler implementations that work on 1KB
879 tables or 256 bytes S-boxes.
880
584fffc8
SS		 881config CRYPTO_ANUBIS
882 tristate "Anubis cipher algorithm"
883 select CRYPTO_ALGAPI
884 help
885 Anubis cipher algorithm.
886
887 Anubis is a variable key length cipher which can use keys from
888 128 bits to 320 bits in length. It was evaluated as a entrant
889 in the NESSIE competition.
890
891 See also:
6d8de74c
JM		 892 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
893 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 894
895config CRYPTO_ARC4
896 tristate "ARC4 cipher algorithm"
b9b0f080 897 select CRYPTO_BLKCIPHER
584fffc8
SS		 898 help
899 ARC4 cipher algorithm.
900
901 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
902 bits in length. This algorithm is required for driver-based
903 WEP, but it should not be for other purposes because of the
904 weakness of the algorithm.
905
906config CRYPTO_BLOWFISH
907 tristate "Blowfish cipher algorithm"
908 select CRYPTO_ALGAPI
52ba867c 909 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 910 help
911 Blowfish cipher algorithm, by Bruce Schneier.
912
913 This is a variable key length cipher which can use keys from 32
914 bits to 448 bits in length. It's fast, simple and specifically
915 designed for use on "large microprocessors".
916
917 See also:
918 <http://www.schneier.com/blowfish.html>
919
52ba867c
JK		 920config CRYPTO_BLOWFISH_COMMON
921 tristate
922 help
923 Common parts of the Blowfish cipher algorithm shared by the
924 generic c and the assembler implementations.
925
926 See also:
927 <http://www.schneier.com/blowfish.html>
928
64b94cea
JK		 929config CRYPTO_BLOWFISH_X86_64
930 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 931 depends on X86 && 64BIT
64b94cea
JK		 932 select CRYPTO_ALGAPI
933 select CRYPTO_BLOWFISH_COMMON
934 help
935 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
936
937 This is a variable key length cipher which can use keys from 32
938 bits to 448 bits in length. It's fast, simple and specifically
939 designed for use on "large microprocessors".
940
941 See also:
942 <http://www.schneier.com/blowfish.html>
943
584fffc8
SS		 944config CRYPTO_CAMELLIA
945 tristate "Camellia cipher algorithms"
946 depends on CRYPTO
947 select CRYPTO_ALGAPI
948 help
949 Camellia cipher algorithms module.
950
951 Camellia is a symmetric key block cipher developed jointly
952 at NTT and Mitsubishi Electric Corporation.
953
954 The Camellia specifies three key sizes: 128, 192 and 256 bits.
955
956 See also:
957 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
958
0b95ec56
JK		 959config CRYPTO_CAMELLIA_X86_64
960 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 961 depends on X86 && 64BIT
0b95ec56
JK		 962 depends on CRYPTO
963 select CRYPTO_ALGAPI
964263af 964 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 965 select CRYPTO_LRW
966 select CRYPTO_XTS
967 help
968 Camellia cipher algorithm module (x86_64).
969
970 Camellia is a symmetric key block cipher developed jointly
971 at NTT and Mitsubishi Electric Corporation.
972
973 The Camellia specifies three key sizes: 128, 192 and 256 bits.
974
975 See also:
d9b1d2e7
JK		 976 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
977
978config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
979 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
980 depends on X86 && 64BIT
981 depends on CRYPTO
982 select CRYPTO_ALGAPI
983 select CRYPTO_CRYPTD
801201aa 984 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 985 select CRYPTO_GLUE_HELPER_X86
986 select CRYPTO_CAMELLIA_X86_64
987 select CRYPTO_LRW
988 select CRYPTO_XTS
989 help
990 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
991
992 Camellia is a symmetric key block cipher developed jointly
993 at NTT and Mitsubishi Electric Corporation.
994
995 The Camellia specifies three key sizes: 128, 192 and 256 bits.
996
997 See also:
0b95ec56
JK		 998 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
999
f3f935a7
JK		 1000config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1001 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1002 depends on X86 && 64BIT
1003 depends on CRYPTO
1004 select CRYPTO_ALGAPI
1005 select CRYPTO_CRYPTD
801201aa 1006 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 1007 select CRYPTO_GLUE_HELPER_X86
1008 select CRYPTO_CAMELLIA_X86_64
1009 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1010 select CRYPTO_LRW
1011 select CRYPTO_XTS
1012 help
1013 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1014
1015 Camellia is a symmetric key block cipher developed jointly
1016 at NTT and Mitsubishi Electric Corporation.
1017
1018 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1019
1020 See also:
1021 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1022
81658ad0
DM		 1023config CRYPTO_CAMELLIA_SPARC64
1024 tristate "Camellia cipher algorithm (SPARC64)"
1025 depends on SPARC64
1026 depends on CRYPTO
1027 select CRYPTO_ALGAPI
1028 help
1029 Camellia cipher algorithm module (SPARC64).
1030
1031 Camellia is a symmetric key block cipher developed jointly
1032 at NTT and Mitsubishi Electric Corporation.
1033
1034 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1035
1036 See also:
1037 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1038
044ab525
JK		 1039config CRYPTO_CAST_COMMON
1040 tristate
1041 help
1042 Common parts of the CAST cipher algorithms shared by the
1043 generic c and the assembler implementations.
1044
1da177e4
LT		 1045config CRYPTO_CAST5
1046 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1047 select CRYPTO_ALGAPI
044ab525 1048 select CRYPTO_CAST_COMMON
1da177e4
LT		 1049 help
1050 The CAST5 encryption algorithm (synonymous with CAST-128) is
1051 described in RFC2144.
1052
4d6d6a2c
JG		 1053config CRYPTO_CAST5_AVX_X86_64
1054 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1055 depends on X86 && 64BIT
1056 select CRYPTO_ALGAPI
1057 select CRYPTO_CRYPTD
801201aa 1058 select CRYPTO_ABLK_HELPER
044ab525 1059 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1060 select CRYPTO_CAST5
1061 help
1062 The CAST5 encryption algorithm (synonymous with CAST-128) is
1063 described in RFC2144.
1064
1065 This module provides the Cast5 cipher algorithm that processes
1066 sixteen blocks parallel using the AVX instruction set.
1067
1da177e4
LT		 1068config CRYPTO_CAST6
1069 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1070 select CRYPTO_ALGAPI
044ab525 1071 select CRYPTO_CAST_COMMON
1da177e4
LT		 1072 help
1073 The CAST6 encryption algorithm (synonymous with CAST-256) is
1074 described in RFC2612.
1075
4ea1277d
JG		 1076config CRYPTO_CAST6_AVX_X86_64
1077 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1078 depends on X86 && 64BIT
1079 select CRYPTO_ALGAPI
1080 select CRYPTO_CRYPTD
801201aa 1081 select CRYPTO_ABLK_HELPER
4ea1277d 1082 select CRYPTO_GLUE_HELPER_X86
044ab525 1083 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1084 select CRYPTO_CAST6
1085 select CRYPTO_LRW
1086 select CRYPTO_XTS
1087 help
1088 The CAST6 encryption algorithm (synonymous with CAST-256) is
1089 described in RFC2612.
1090
1091 This module provides the Cast6 cipher algorithm that processes
1092 eight blocks parallel using the AVX instruction set.
1093
584fffc8
SS		 1094config CRYPTO_DES
1095 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1096 select CRYPTO_ALGAPI
1da177e4 1097 help
584fffc8 1098 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1099
c5aac2df
DM		 1100config CRYPTO_DES_SPARC64
1101 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1102 depends on SPARC64
c5aac2df
DM		 1103 select CRYPTO_ALGAPI
1104 select CRYPTO_DES
1105 help
1106 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1107 optimized using SPARC64 crypto opcodes.
1108
6574e6c6
JK		 1109config CRYPTO_DES3_EDE_X86_64
1110 tristate "Triple DES EDE cipher algorithm (x86-64)"
1111 depends on X86 && 64BIT
1112 select CRYPTO_ALGAPI
1113 select CRYPTO_DES
1114 help
1115 Triple DES EDE (FIPS 46-3) algorithm.
1116
1117 This module provides implementation of the Triple DES EDE cipher
1118 algorithm that is optimized for x86-64 processors. Two versions of
1119 algorithm are provided; regular processing one input block and
1120 one that processes three blocks parallel.
1121
584fffc8
SS		 1122config CRYPTO_FCRYPT
1123 tristate "FCrypt cipher algorithm"
cce9e06d 1124 select CRYPTO_ALGAPI
584fffc8 1125 select CRYPTO_BLKCIPHER
1da177e4 1126 help
584fffc8 1127 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1128
1129config CRYPTO_KHAZAD
1130 tristate "Khazad cipher algorithm"
cce9e06d 1131 select CRYPTO_ALGAPI
1da177e4
LT		 1132 help
1133 Khazad cipher algorithm.
1134
1135 Khazad was a finalist in the initial NESSIE competition. It is
1136 an algorithm optimized for 64-bit processors with good performance
1137 on 32-bit processors. Khazad uses an 128 bit key size.
1138
1139 See also:
6d8de74c 1140 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1141
2407d608 1142config CRYPTO_SALSA20
3b4afaf2 1143 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1144 select CRYPTO_BLKCIPHER
1145 help
1146 Salsa20 stream cipher algorithm.
1147
1148 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1149 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1150
1151 The Salsa20 stream cipher algorithm is designed by Daniel J.
1152 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1153
1154config CRYPTO_SALSA20_586
3b4afaf2 1155 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1156 depends on (X86 || UML_X86) && !64BIT
974e4b75 1157 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1158 help
1159 Salsa20 stream cipher algorithm.
1160
1161 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1162 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1163
1164 The Salsa20 stream cipher algorithm is designed by Daniel J.
1165 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1166
1167config CRYPTO_SALSA20_X86_64
3b4afaf2 1168 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1169 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1170 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1171 help
1172 Salsa20 stream cipher algorithm.
1173
1174 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1175 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1176
1177 The Salsa20 stream cipher algorithm is designed by Daniel J.
1178 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1179
c08d0e64
MW		 1180config CRYPTO_CHACHA20
1181 tristate "ChaCha20 cipher algorithm"
1182 select CRYPTO_BLKCIPHER
1183 help
1184 ChaCha20 cipher algorithm, RFC7539.
1185
1186 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1187 Bernstein and further specified in RFC7539 for use in IETF protocols.
1188 This is the portable C implementation of ChaCha20.
1189
1190 See also:
1191 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1192
584fffc8
SS		 1193config CRYPTO_SEED
1194 tristate "SEED cipher algorithm"
cce9e06d 1195 select CRYPTO_ALGAPI
1da177e4 1196 help
584fffc8 1197 SEED cipher algorithm (RFC4269).
1da177e4 1198
584fffc8
SS		 1199 SEED is a 128-bit symmetric key block cipher that has been
1200 developed by KISA (Korea Information Security Agency) as a
1201 national standard encryption algorithm of the Republic of Korea.
1202 It is a 16 round block cipher with the key size of 128 bit.
1203
1204 See also:
1205 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1206
1207config CRYPTO_SERPENT
1208 tristate "Serpent cipher algorithm"
cce9e06d 1209 select CRYPTO_ALGAPI
1da177e4 1210 help
584fffc8 1211 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1212
584fffc8
SS		 1213 Keys are allowed to be from 0 to 256 bits in length, in steps
1214 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1215 variant of Serpent for compatibility with old kerneli.org code.
1216
1217 See also:
1218 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1219
937c30d7
JK		 1220config CRYPTO_SERPENT_SSE2_X86_64
1221 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1222 depends on X86 && 64BIT
1223 select CRYPTO_ALGAPI
341975bf 1224 select CRYPTO_CRYPTD
801201aa 1225 select CRYPTO_ABLK_HELPER
596d8750 1226 select CRYPTO_GLUE_HELPER_X86
937c30d7 1227 select CRYPTO_SERPENT
feaf0cfc
JK		 1228 select CRYPTO_LRW
1229 select CRYPTO_XTS
937c30d7
JK		 1230 help
1231 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1232
1233 Keys are allowed to be from 0 to 256 bits in length, in steps
1234 of 8 bits.
1235
1e6232f8 1236 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1237 blocks parallel using SSE2 instruction set.
1238
1239 See also:
1240 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1241
251496db
JK		 1242config CRYPTO_SERPENT_SSE2_586
1243 tristate "Serpent cipher algorithm (i586/SSE2)"
1244 depends on X86 && !64BIT
1245 select CRYPTO_ALGAPI
341975bf 1246 select CRYPTO_CRYPTD
801201aa 1247 select CRYPTO_ABLK_HELPER
596d8750 1248 select CRYPTO_GLUE_HELPER_X86
251496db 1249 select CRYPTO_SERPENT
feaf0cfc
JK		 1250 select CRYPTO_LRW
1251 select CRYPTO_XTS
251496db
JK		 1252 help
1253 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1254
1255 Keys are allowed to be from 0 to 256 bits in length, in steps
1256 of 8 bits.
1257
1258 This module provides Serpent cipher algorithm that processes four
1259 blocks parallel using SSE2 instruction set.
1260
1261 See also:
1262 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1263
1264config CRYPTO_SERPENT_AVX_X86_64
1265 tristate "Serpent cipher algorithm (x86_64/AVX)"
1266 depends on X86 && 64BIT
1267 select CRYPTO_ALGAPI
1268 select CRYPTO_CRYPTD
801201aa 1269 select CRYPTO_ABLK_HELPER
1d0debbd 1270 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1271 select CRYPTO_SERPENT
1272 select CRYPTO_LRW
1273 select CRYPTO_XTS
1274 help
1275 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1276
1277 Keys are allowed to be from 0 to 256 bits in length, in steps
1278 of 8 bits.
1279
1280 This module provides the Serpent cipher algorithm that processes
1281 eight blocks parallel using the AVX instruction set.
1282
1283 See also:
1284 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1285
56d76c96
JK		 1286config CRYPTO_SERPENT_AVX2_X86_64
1287 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1288 depends on X86 && 64BIT
1289 select CRYPTO_ALGAPI
1290 select CRYPTO_CRYPTD
801201aa 1291 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1292 select CRYPTO_GLUE_HELPER_X86
1293 select CRYPTO_SERPENT
1294 select CRYPTO_SERPENT_AVX_X86_64
1295 select CRYPTO_LRW
1296 select CRYPTO_XTS
1297 help
1298 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1299
1300 Keys are allowed to be from 0 to 256 bits in length, in steps
1301 of 8 bits.
1302
1303 This module provides Serpent cipher algorithm that processes 16
1304 blocks parallel using AVX2 instruction set.
1305
1306 See also:
1307 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1308
584fffc8
SS		 1309config CRYPTO_TEA
1310 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1311 select CRYPTO_ALGAPI
1da177e4 1312 help
584fffc8 1313 TEA cipher algorithm.
1da177e4 1314
584fffc8
SS		 1315 Tiny Encryption Algorithm is a simple cipher that uses
1316 many rounds for security. It is very fast and uses
1317 little memory.
1318
1319 Xtendend Tiny Encryption Algorithm is a modification to
1320 the TEA algorithm to address a potential key weakness
1321 in the TEA algorithm.
1322
1323 Xtendend Encryption Tiny Algorithm is a mis-implementation
1324 of the XTEA algorithm for compatibility purposes.
1325
1326config CRYPTO_TWOFISH
1327 tristate "Twofish cipher algorithm"
04ac7db3 1328 select CRYPTO_ALGAPI
584fffc8 1329 select CRYPTO_TWOFISH_COMMON
04ac7db3 1330 help
584fffc8 1331 Twofish cipher algorithm.
04ac7db3 1332
584fffc8
SS		 1333 Twofish was submitted as an AES (Advanced Encryption Standard)
1334 candidate cipher by researchers at CounterPane Systems. It is a
1335 16 round block cipher supporting key sizes of 128, 192, and 256
1336 bits.
04ac7db3 1337
584fffc8
SS		 1338 See also:
1339 <http://www.schneier.com/twofish.html>
1340
1341config CRYPTO_TWOFISH_COMMON
1342 tristate
1343 help
1344 Common parts of the Twofish cipher algorithm shared by the
1345 generic c and the assembler implementations.
1346
1347config CRYPTO_TWOFISH_586
1348 tristate "Twofish cipher algorithms (i586)"
1349 depends on (X86 || UML_X86) && !64BIT
1350 select CRYPTO_ALGAPI
1351 select CRYPTO_TWOFISH_COMMON
1352 help
1353 Twofish cipher algorithm.
1354
1355 Twofish was submitted as an AES (Advanced Encryption Standard)
1356 candidate cipher by researchers at CounterPane Systems. It is a
1357 16 round block cipher supporting key sizes of 128, 192, and 256
1358 bits.
04ac7db3
NT		 1359
1360 See also:
584fffc8 1361 <http://www.schneier.com/twofish.html>
04ac7db3 1362
584fffc8
SS		 1363config CRYPTO_TWOFISH_X86_64
1364 tristate "Twofish cipher algorithm (x86_64)"
1365 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1366 select CRYPTO_ALGAPI
584fffc8 1367 select CRYPTO_TWOFISH_COMMON
1da177e4 1368 help
584fffc8 1369 Twofish cipher algorithm (x86_64).
1da177e4 1370
584fffc8
SS		 1371 Twofish was submitted as an AES (Advanced Encryption Standard)
1372 candidate cipher by researchers at CounterPane Systems. It is a
1373 16 round block cipher supporting key sizes of 128, 192, and 256
1374 bits.
1375
1376 See also:
1377 <http://www.schneier.com/twofish.html>
1378
8280daad
JK		 1379config CRYPTO_TWOFISH_X86_64_3WAY
1380 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1381 depends on X86 && 64BIT
8280daad
JK		 1382 select CRYPTO_ALGAPI
1383 select CRYPTO_TWOFISH_COMMON
1384 select CRYPTO_TWOFISH_X86_64
414cb5e7 1385 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1386 select CRYPTO_LRW
1387 select CRYPTO_XTS
8280daad
JK		 1388 help
1389 Twofish cipher algorithm (x86_64, 3-way parallel).
1390
1391 Twofish was submitted as an AES (Advanced Encryption Standard)
1392 candidate cipher by researchers at CounterPane Systems. It is a
1393 16 round block cipher supporting key sizes of 128, 192, and 256
1394 bits.
1395
1396 This module provides Twofish cipher algorithm that processes three
1397 blocks parallel, utilizing resources of out-of-order CPUs better.
1398
1399 See also:
1400 <http://www.schneier.com/twofish.html>
1401
107778b5
JG		 1402config CRYPTO_TWOFISH_AVX_X86_64
1403 tristate "Twofish cipher algorithm (x86_64/AVX)"
1404 depends on X86 && 64BIT
1405 select CRYPTO_ALGAPI
1406 select CRYPTO_CRYPTD
801201aa 1407 select CRYPTO_ABLK_HELPER
a7378d4e 1408 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1409 select CRYPTO_TWOFISH_COMMON
1410 select CRYPTO_TWOFISH_X86_64
1411 select CRYPTO_TWOFISH_X86_64_3WAY
1412 select CRYPTO_LRW
1413 select CRYPTO_XTS
1414 help
1415 Twofish cipher algorithm (x86_64/AVX).
1416
1417 Twofish was submitted as an AES (Advanced Encryption Standard)
1418 candidate cipher by researchers at CounterPane Systems. It is a
1419 16 round block cipher supporting key sizes of 128, 192, and 256
1420 bits.
1421
1422 This module provides the Twofish cipher algorithm that processes
1423 eight blocks parallel using the AVX Instruction Set.
1424
1425 See also:
1426 <http://www.schneier.com/twofish.html>
1427
584fffc8
SS		 1428comment "Compression"
1429
1430config CRYPTO_DEFLATE
1431 tristate "Deflate compression algorithm"
1432 select CRYPTO_ALGAPI
1433 select ZLIB_INFLATE
1434 select ZLIB_DEFLATE
3c09f17c 1435 help
584fffc8
SS		 1436 This is the Deflate algorithm (RFC1951), specified for use in
1437 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1438
1439 You will most probably want this if using IPSec.
3c09f17c 1440
bf68e65e
GU		 1441config CRYPTO_ZLIB
1442 tristate "Zlib compression algorithm"
1443 select CRYPTO_PCOMP
1444 select ZLIB_INFLATE
1445 select ZLIB_DEFLATE
1446 select NLATTR
1447 help
1448 This is the zlib algorithm.
1449
0b77abb3
ZS		 1450config CRYPTO_LZO
1451 tristate "LZO compression algorithm"
1452 select CRYPTO_ALGAPI
1453 select LZO_COMPRESS
1454 select LZO_DECOMPRESS
1455 help
1456 This is the LZO algorithm.
1457
35a1fc18
SJ		 1458config CRYPTO_842
1459 tristate "842 compression algorithm"
2062c5b6
DS		 1460 select CRYPTO_ALGAPI
1461 select 842_COMPRESS
1462 select 842_DECOMPRESS
35a1fc18
SJ		 1463 help
1464 This is the 842 algorithm.
0ea8530d
CM		 1465
1466config CRYPTO_LZ4
1467 tristate "LZ4 compression algorithm"
1468 select CRYPTO_ALGAPI
1469 select LZ4_COMPRESS
1470 select LZ4_DECOMPRESS
1471 help
1472 This is the LZ4 algorithm.
1473
1474config CRYPTO_LZ4HC
1475 tristate "LZ4HC compression algorithm"
1476 select CRYPTO_ALGAPI
1477 select LZ4HC_COMPRESS
1478 select LZ4_DECOMPRESS
1479 help
1480 This is the LZ4 high compression mode algorithm.
35a1fc18 1481
17f0f4a4
NH		 1482comment "Random Number Generation"
1483
1484config CRYPTO_ANSI_CPRNG
1485 tristate "Pseudo Random Number Generation for Cryptographic modules"
4e4ed83b 1486 default m
17f0f4a4
NH		 1487 select CRYPTO_AES
1488 select CRYPTO_RNG
17f0f4a4
NH		 1489 help
1490 This option enables the generic pseudo random number generator
1491 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1492 ANSI X9.31 A.2.4. Note that this option must be enabled if
1493 CRYPTO_FIPS is selected
17f0f4a4 1494
f2c89a10 1495menuconfig CRYPTO_DRBG_MENU
419090c6 1496 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1497 help
1498 NIST SP800-90A compliant DRBG. In the following submenu, one or
1499 more of the DRBG types must be selected.
1500
f2c89a10 1501if CRYPTO_DRBG_MENU
419090c6
SM		 1502
1503config CRYPTO_DRBG_HMAC
1504 bool "Enable HMAC DRBG"
1505 default y
419090c6
SM		 1506 select CRYPTO_HMAC
1507 help
1508 Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1509
1510config CRYPTO_DRBG_HASH
1511 bool "Enable Hash DRBG"
419090c6
SM		 1512 select CRYPTO_HASH
1513 help
1514 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1515
1516config CRYPTO_DRBG_CTR
1517 bool "Enable CTR DRBG"
419090c6
SM		 1518 select CRYPTO_AES
1519 help
1520 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1521
f2c89a10
HX		 1522config CRYPTO_DRBG
1523 tristate
1524 default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1525 select CRYPTO_RNG
bb5530e4 1526 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1527
1528endif # if CRYPTO_DRBG_MENU
419090c6 1529
bb5530e4
SM		 1530config CRYPTO_JITTERENTROPY
1531 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1532 help
1533 The Jitterentropy RNG is a noise that is intended
1534 to provide seed to another RNG. The RNG does not
1535 perform any cryptographic whitening of the generated
1536 random numbers. This Jitterentropy RNG registers with
1537 the kernel crypto API and can be used by any caller.
1538
03c8efc1
HX		 1539config CRYPTO_USER_API
1540 tristate
1541
fe869cdb
HX		 1542config CRYPTO_USER_API_HASH
1543 tristate "User-space interface for hash algorithms"
7451708f 1544 depends on NET
fe869cdb
HX		 1545 select CRYPTO_HASH
1546 select CRYPTO_USER_API
1547 help
1548 This option enables the user-spaces interface for hash
1549 algorithms.
1550
8ff59090
HX		 1551config CRYPTO_USER_API_SKCIPHER
1552 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1553 depends on NET
8ff59090
HX		 1554 select CRYPTO_BLKCIPHER
1555 select CRYPTO_USER_API
1556 help
1557 This option enables the user-spaces interface for symmetric
1558 key cipher algorithms.
1559
2f375538
SM		 1560config CRYPTO_USER_API_RNG
1561 tristate "User-space interface for random number generator algorithms"
1562 depends on NET
1563 select CRYPTO_RNG
1564 select CRYPTO_USER_API
1565 help
1566 This option enables the user-spaces interface for random
1567 number generator algorithms.
1568
b64a2d95
HX		 1569config CRYPTO_USER_API_AEAD
1570 tristate "User-space interface for AEAD cipher algorithms"
1571 depends on NET
1572 select CRYPTO_AEAD
1573 select CRYPTO_USER_API
1574 help
1575 This option enables the user-spaces interface for AEAD
1576 cipher algorithms.
1577
ee08997f
DK		 1578config CRYPTO_HASH_INFO
1579 bool
1580
1da177e4 1581source "drivers/crypto/Kconfig"
964f3b3b 1582source crypto/asymmetric_keys/Kconfig
1da177e4 1583
cce9e06d 1584endif # if CRYPTO
ubuntu-bionic-kernel mirror