]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - crypto/Kconfig
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
oid_registry: Add OIDs for ECDSA with SHA224/256/384/512
[mirror_ubuntu-jammy-kernel.git] / crypto / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
685784aa
DW		 2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
1da177e4 8#
9bc89cd8 9# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 10#
9bc89cd8 11source "crypto/async_tx/Kconfig"
1da177e4 12
9bc89cd8
DW		 13#
14# Cryptographic API Configuration
15#
2e290f43 16menuconfig CRYPTO
c3715cb9 17 tristate "Cryptographic API"
1da177e4
LT		 18 help
19 This option provides the core Cryptographic API.
20
cce9e06d
HX		 21if CRYPTO
22
584fffc8
SS		 23comment "Crypto core or helper"
24
ccb778e1
NH		 25config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
f2c89a10 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
1f696097 28 depends on (MODULE_SIG || !MODULES)
ccb778e1 29 help
d99324c2
GU		 30 This option enables the fips boot option which is
31 required if you want the system to operate in a FIPS 200
ccb778e1 32 certification. You should say no unless you know what
e84c5480 33 this is.
ccb778e1 34
cce9e06d
HX		 35config CRYPTO_ALGAPI
36 tristate
6a0fcbb4 37 select CRYPTO_ALGAPI2
cce9e06d
HX		 38 help
39 This option provides the API for cryptographic algorithms.
40
6a0fcbb4
HX		 41config CRYPTO_ALGAPI2
42 tristate
43
1ae97820
HX		 44config CRYPTO_AEAD
45 tristate
6a0fcbb4 46 select CRYPTO_AEAD2
1ae97820
HX		 47 select CRYPTO_ALGAPI
48
6a0fcbb4
HX		 49config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
149a3971
HX		 52 select CRYPTO_NULL2
53 select CRYPTO_RNG2
6a0fcbb4 54
b95bba5d 55config CRYPTO_SKCIPHER
5cde0af2 56 tristate
b95bba5d 57 select CRYPTO_SKCIPHER2
5cde0af2 58 select CRYPTO_ALGAPI
6a0fcbb4 59
b95bba5d 60config CRYPTO_SKCIPHER2
6a0fcbb4
HX		 61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
5cde0af2 64
055bcee3
HX		 65config CRYPTO_HASH
66 tristate
6a0fcbb4 67 select CRYPTO_HASH2
055bcee3
HX		 68 select CRYPTO_ALGAPI
69
6a0fcbb4
HX		 70config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
17f0f4a4
NH		 74config CRYPTO_RNG
75 tristate
6a0fcbb4 76 select CRYPTO_RNG2
17f0f4a4
NH		 77 select CRYPTO_ALGAPI
78
6a0fcbb4
HX		 79config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
401e4238
HX		 83config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
3c339ab8
TS		 87config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
4e5f2c40
SB		 96config CRYPTO_KPP2
97 tristate
98 select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101 tristate
102 select CRYPTO_ALGAPI
103 select CRYPTO_KPP2
104
2ebda74f
GC		 105config CRYPTO_ACOMP2
106 tristate
107 select CRYPTO_ALGAPI2
8cd579d2 108 select SGL_ALLOC
2ebda74f
GC		 109
110config CRYPTO_ACOMP
111 tristate
112 select CRYPTO_ALGAPI
113 select CRYPTO_ACOMP2
114
2b8c19db
HX		 115config CRYPTO_MANAGER
116 tristate "Cryptographic algorithm manager"
6a0fcbb4 117 select CRYPTO_MANAGER2
2b8c19db
HX		 118 help
119 Create default cryptographic template instantiations such as
120 cbc(aes).
121
6a0fcbb4
HX		 122config CRYPTO_MANAGER2
123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124 select CRYPTO_AEAD2
125 select CRYPTO_HASH2
b95bba5d 126 select CRYPTO_SKCIPHER2
946cc463 127 select CRYPTO_AKCIPHER2
4e5f2c40 128 select CRYPTO_KPP2
2ebda74f 129 select CRYPTO_ACOMP2
6a0fcbb4 130
a38f7907
SK		 131config CRYPTO_USER
132 tristate "Userspace cryptographic algorithm configuration"
5db017aa 133 depends on NET
a38f7907
SK		 134 select CRYPTO_MANAGER
135 help
d19978f5 136 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 137 cbc(aes).
138
326a6346
HX		 139config CRYPTO_MANAGER_DISABLE_TESTS
140 bool "Disable run-time self tests"
00ca28a5 141 default y
0b767f96 142 help
326a6346
HX		 143 Disable run-time self tests that normally take place at
144 algorithm registration.
0b767f96 145
5b2706a4
EB		 146config CRYPTO_MANAGER_EXTRA_TESTS
147 bool "Enable extra run-time crypto self tests"
6569e309 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
5b2706a4
EB		 149 help
150 Enable extra run-time self tests of registered crypto algorithms,
151 including randomized fuzz tests.
152
153 This is intended for developer use only, as these tests take much
154 longer to run than the normal self tests.
155
584fffc8 156config CRYPTO_GF128MUL
e590e132 157 tristate
333b0d7e 158
1da177e4
LT		 159config CRYPTO_NULL
160 tristate "Null algorithms"
149a3971 161 select CRYPTO_NULL2
1da177e4
LT		 162 help
163 These are 'Null' algorithms, used by IPsec, which do nothing.
164
149a3971 165config CRYPTO_NULL2
dd43c4e9 166 tristate
149a3971 167 select CRYPTO_ALGAPI2
b95bba5d 168 select CRYPTO_SKCIPHER2
149a3971
HX		 169 select CRYPTO_HASH2
170
5068c7a8 171config CRYPTO_PCRYPT
3b4afaf2
KC		 172 tristate "Parallel crypto engine"
173 depends on SMP
5068c7a8
SK		 174 select PADATA
175 select CRYPTO_MANAGER
176 select CRYPTO_AEAD
177 help
178 This converts an arbitrary crypto algorithm into a parallel
179 algorithm that executes in kernel threads.
180
584fffc8
SS		 181config CRYPTO_CRYPTD
182 tristate "Software async crypto daemon"
b95bba5d 183 select CRYPTO_SKCIPHER
b8a28251 184 select CRYPTO_HASH
584fffc8 185 select CRYPTO_MANAGER
1da177e4 186 help
584fffc8
SS		 187 This is a generic software asynchronous crypto daemon that
188 converts an arbitrary synchronous software crypto algorithm
189 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 190
584fffc8
SS		 191config CRYPTO_AUTHENC
192 tristate "Authenc support"
193 select CRYPTO_AEAD
b95bba5d 194 select CRYPTO_SKCIPHER
584fffc8
SS		 195 select CRYPTO_MANAGER
196 select CRYPTO_HASH
e94c6a7a 197 select CRYPTO_NULL
1da177e4 198 help
584fffc8
SS		 199 Authenc: Combined mode wrapper for IPsec.
200 This is required for IPSec.
1da177e4 201
584fffc8
SS		 202config CRYPTO_TEST
203 tristate "Testing module"
00ea27f1 204 depends on m || EXPERT
da7f033d 205 select CRYPTO_MANAGER
1da177e4 206 help
584fffc8 207 Quick & dirty crypto test module.
1da177e4 208
266d0516
HX		 209config CRYPTO_SIMD
210 tristate
ffaf9156
JK		 211 select CRYPTO_CRYPTD
212
735d37b5
BW		 213config CRYPTO_ENGINE
214 tristate
215
3d6228a5
VC		 216comment "Public-key cryptography"
217
218config CRYPTO_RSA
219 tristate "RSA algorithm"
220 select CRYPTO_AKCIPHER
221 select CRYPTO_MANAGER
222 select MPILIB
223 select ASN1
224 help
225 Generic implementation of the RSA public key algorithm.
226
227config CRYPTO_DH
228 tristate "Diffie-Hellman algorithm"
229 select CRYPTO_KPP
230 select MPILIB
231 help
232 Generic implementation of the Diffie-Hellman algorithm.
233
4a2289da
VC		 234config CRYPTO_ECC
235 tristate
236
3d6228a5
VC		 237config CRYPTO_ECDH
238 tristate "ECDH algorithm"
4a2289da 239 select CRYPTO_ECC
3d6228a5
VC		 240 select CRYPTO_KPP
241 select CRYPTO_RNG_DEFAULT
242 help
243 Generic implementation of the ECDH algorithm
244
0d7a7864
VC		 245config CRYPTO_ECRDSA
246 tristate "EC-RDSA (GOST 34.10) algorithm"
247 select CRYPTO_ECC
248 select CRYPTO_AKCIPHER
249 select CRYPTO_STREEBOG
1036633e
VC		 250 select OID_REGISTRY
251 select ASN1
0d7a7864
VC		 252 help
253 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
254 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
255 standard algorithms (called GOST algorithms). Only signature verification
256 is implemented.
257
ea7ecb66
TZ		 258config CRYPTO_SM2
259 tristate "SM2 algorithm"
260 select CRYPTO_SM3
261 select CRYPTO_AKCIPHER
262 select CRYPTO_MANAGER
263 select MPILIB
264 select ASN1
265 help
266 Generic implementation of the SM2 public key algorithm. It was
267 published by State Encryption Management Bureau, China.
268 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
269
270 References:
271 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
272 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
273 http://www.gmbz.org.cn/main/bzlb.html
274
ee772cb6
AB		 275config CRYPTO_CURVE25519
276 tristate "Curve25519 algorithm"
277 select CRYPTO_KPP
278 select CRYPTO_LIB_CURVE25519_GENERIC
279
bb611bdf
JD		 280config CRYPTO_CURVE25519_X86
281 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
282 depends on X86 && 64BIT
283 select CRYPTO_LIB_CURVE25519_GENERIC
284 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
285
584fffc8 286comment "Authenticated Encryption with Associated Data"
cd12fb90 287
584fffc8
SS		 288config CRYPTO_CCM
289 tristate "CCM support"
290 select CRYPTO_CTR
f15f05b0 291 select CRYPTO_HASH
584fffc8 292 select CRYPTO_AEAD
c8a3315a 293 select CRYPTO_MANAGER
1da177e4 294 help
584fffc8 295 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 296
584fffc8
SS		 297config CRYPTO_GCM
298 tristate "GCM/GMAC support"
299 select CRYPTO_CTR
300 select CRYPTO_AEAD
9382d97a 301 select CRYPTO_GHASH
9489667d 302 select CRYPTO_NULL
c8a3315a 303 select CRYPTO_MANAGER
1da177e4 304 help
584fffc8
SS		 305 Support for Galois/Counter Mode (GCM) and Galois Message
306 Authentication Code (GMAC). Required for IPSec.
1da177e4 307
71ebc4d1
MW		 308config CRYPTO_CHACHA20POLY1305
309 tristate "ChaCha20-Poly1305 AEAD support"
310 select CRYPTO_CHACHA20
311 select CRYPTO_POLY1305
312 select CRYPTO_AEAD
c8a3315a 313 select CRYPTO_MANAGER
71ebc4d1
MW		 314 help
315 ChaCha20-Poly1305 AEAD support, RFC7539.
316
317 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
318 with the Poly1305 authenticator. It is defined in RFC7539 for use in
319 IETF protocols.
320
f606a88e
OM		 321config CRYPTO_AEGIS128
322 tristate "AEGIS-128 AEAD algorithm"
323 select CRYPTO_AEAD
324 select CRYPTO_AES # for AES S-box tables
325 help
326 Support for the AEGIS-128 dedicated AEAD algorithm.
327
a4397635
AB		 328config CRYPTO_AEGIS128_SIMD
329 bool "Support SIMD acceleration for AEGIS-128"
330 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
331 default y
332
1d373d4e
OM		 333config CRYPTO_AEGIS128_AESNI_SSE2
334 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
335 depends on X86 && 64BIT
336 select CRYPTO_AEAD
de272ca7 337 select CRYPTO_SIMD
1d373d4e 338 help
4e5180eb 339 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
1d373d4e 340
584fffc8
SS		 341config CRYPTO_SEQIV
342 tristate "Sequence Number IV Generator"
343 select CRYPTO_AEAD
b95bba5d 344 select CRYPTO_SKCIPHER
856e3f40 345 select CRYPTO_NULL
401e4238 346 select CRYPTO_RNG_DEFAULT
c8a3315a 347 select CRYPTO_MANAGER
1da177e4 348 help
584fffc8
SS		 349 This IV generator generates an IV based on a sequence number by
350 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 351
a10f554f
HX		 352config CRYPTO_ECHAINIV
353 tristate "Encrypted Chain IV Generator"
354 select CRYPTO_AEAD
355 select CRYPTO_NULL
401e4238 356 select CRYPTO_RNG_DEFAULT
c8a3315a 357 select CRYPTO_MANAGER
a10f554f
HX		 358 help
359 This IV generator generates an IV based on the encryption of
360 a sequence number xored with a salt. This is the default
361 algorithm for CBC.
362
584fffc8 363comment "Block modes"
c494e070 364
584fffc8
SS		 365config CRYPTO_CBC
366 tristate "CBC support"
b95bba5d 367 select CRYPTO_SKCIPHER
43518407 368 select CRYPTO_MANAGER
db131ef9 369 help
584fffc8
SS		 370 CBC: Cipher Block Chaining mode
371 This block cipher algorithm is required for IPSec.
db131ef9 372
a7d85e06
JB		 373config CRYPTO_CFB
374 tristate "CFB support"
b95bba5d 375 select CRYPTO_SKCIPHER
a7d85e06
JB		 376 select CRYPTO_MANAGER
377 help
378 CFB: Cipher FeedBack mode
379 This block cipher algorithm is required for TPM2 Cryptography.
380
584fffc8
SS		 381config CRYPTO_CTR
382 tristate "CTR support"
b95bba5d 383 select CRYPTO_SKCIPHER
43518407 384 select CRYPTO_MANAGER
db131ef9 385 help
584fffc8 386 CTR: Counter mode
db131ef9
HX		 387 This block cipher algorithm is required for IPSec.
388
584fffc8
SS		 389config CRYPTO_CTS
390 tristate "CTS support"
b95bba5d 391 select CRYPTO_SKCIPHER
c8a3315a 392 select CRYPTO_MANAGER
584fffc8
SS		 393 help
394 CTS: Cipher Text Stealing
395 This is the Cipher Text Stealing mode as described by
ecd6d5c9
GBY		 396 Section 8 of rfc2040 and referenced by rfc3962
397 (rfc3962 includes errata information in its Appendix A) or
398 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
584fffc8
SS		 399 This mode is required for Kerberos gss mechanism support
400 for AES encryption.
401
ecd6d5c9
GBY		 402 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
403
584fffc8
SS		 404config CRYPTO_ECB
405 tristate "ECB support"
b95bba5d 406 select CRYPTO_SKCIPHER
91652be5 407 select CRYPTO_MANAGER
91652be5 408 help
584fffc8
SS		 409 ECB: Electronic CodeBook mode
410 This is the simplest block cipher algorithm. It simply encrypts
411 the input block by block.
91652be5 412
64470f1b 413config CRYPTO_LRW
2470a2b2 414 tristate "LRW support"
b95bba5d 415 select CRYPTO_SKCIPHER
64470f1b
RS		 416 select CRYPTO_MANAGER
417 select CRYPTO_GF128MUL
418 help
419 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
420 narrow block cipher mode for dm-crypt. Use it with cipher
421 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
422 The first 128, 192 or 256 bits in the key are used for AES and the
423 rest is used to tie each cipher block to its logical position.
424
e497c518
GBY		 425config CRYPTO_OFB
426 tristate "OFB support"
b95bba5d 427 select CRYPTO_SKCIPHER
e497c518
GBY		 428 select CRYPTO_MANAGER
429 help
430 OFB: the Output Feedback mode makes a block cipher into a synchronous
431 stream cipher. It generates keystream blocks, which are then XORed
432 with the plaintext blocks to get the ciphertext. Flipping a bit in the
433 ciphertext produces a flipped bit in the plaintext at the same
434 location. This property allows many error correcting codes to function
435 normally even when applied before encryption.
436
584fffc8
SS		 437config CRYPTO_PCBC
438 tristate "PCBC support"
b95bba5d 439 select CRYPTO_SKCIPHER
584fffc8
SS		 440 select CRYPTO_MANAGER
441 help
442 PCBC: Propagating Cipher Block Chaining mode
443 This block cipher algorithm is required for RxRPC.
444
f19f5111 445config CRYPTO_XTS
5bcf8e6d 446 tristate "XTS support"
b95bba5d 447 select CRYPTO_SKCIPHER
f19f5111 448 select CRYPTO_MANAGER
12cb3a1c 449 select CRYPTO_ECB
f19f5111
RS		 450 help
451 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
452 key size 256, 384 or 512 bits. This implementation currently
453 can't handle a sectorsize which is not a multiple of 16 bytes.
454
1c49678e
SM		 455config CRYPTO_KEYWRAP
456 tristate "Key wrapping support"
b95bba5d 457 select CRYPTO_SKCIPHER
c8a3315a 458 select CRYPTO_MANAGER
1c49678e
SM		 459 help
460 Support for key wrapping (NIST SP800-38F / RFC3394) without
461 padding.
462
26609a21
EB		 463config CRYPTO_NHPOLY1305
464 tristate
465 select CRYPTO_HASH
48ea8c6e 466 select CRYPTO_LIB_POLY1305_GENERIC
26609a21 467
012c8238
EB		 468config CRYPTO_NHPOLY1305_SSE2
469 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
470 depends on X86 && 64BIT
471 select CRYPTO_NHPOLY1305
472 help
473 SSE2 optimized implementation of the hash function used by the
474 Adiantum encryption mode.
475
0f961f9f
EB		 476config CRYPTO_NHPOLY1305_AVX2
477 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
478 depends on X86 && 64BIT
479 select CRYPTO_NHPOLY1305
480 help
481 AVX2 optimized implementation of the hash function used by the
482 Adiantum encryption mode.
483
059c2a4d
EB		 484config CRYPTO_ADIANTUM
485 tristate "Adiantum support"
486 select CRYPTO_CHACHA20
48ea8c6e 487 select CRYPTO_LIB_POLY1305_GENERIC
059c2a4d 488 select CRYPTO_NHPOLY1305
c8a3315a 489 select CRYPTO_MANAGER
059c2a4d
EB		 490 help
491 Adiantum is a tweakable, length-preserving encryption mode
492 designed for fast and secure disk encryption, especially on
493 CPUs without dedicated crypto instructions. It encrypts
494 each sector using the XChaCha12 stream cipher, two passes of
495 an ε-almost-∆-universal hash function, and an invocation of
496 the AES-256 block cipher on a single 16-byte block. On CPUs
497 without AES instructions, Adiantum is much faster than
498 AES-XTS.
499
500 Adiantum's security is provably reducible to that of its
501 underlying stream and block ciphers, subject to a security
502 bound. Unlike XTS, Adiantum is a true wide-block encryption
503 mode, so it actually provides an even stronger notion of
504 security than XTS, subject to the security bound.
505
506 If unsure, say N.
507
be1eb7f7
AB		 508config CRYPTO_ESSIV
509 tristate "ESSIV support for block encryption"
510 select CRYPTO_AUTHENC
511 help
512 Encrypted salt-sector initialization vector (ESSIV) is an IV
513 generation method that is used in some cases by fscrypt and/or
514 dm-crypt. It uses the hash of the block encryption key as the
515 symmetric key for a block encryption pass applied to the input
516 IV, making low entropy IV sources more suitable for block
517 encryption.
518
519 This driver implements a crypto API template that can be
ab3d436b 520 instantiated either as an skcipher or as an AEAD (depending on the
be1eb7f7
AB		 521 type of the first template argument), and which defers encryption
522 and decryption requests to the encapsulated cipher after applying
ab3d436b 523 ESSIV to the input IV. Note that in the AEAD case, it is assumed
be1eb7f7
AB		 524 that the keys are presented in the same format used by the authenc
525 template, and that the IV appears at the end of the authenticated
526 associated data (AAD) region (which is how dm-crypt uses it.)
527
528 Note that the use of ESSIV is not recommended for new deployments,
529 and so this only needs to be enabled when interoperability with
530 existing encrypted volumes of filesystems is required, or when
531 building for a particular system that requires it (e.g., when
532 the SoC in question has accelerated CBC but not XTS, making CBC
533 combined with ESSIV the only feasible mode for h/w accelerated
534 block encryption)
535
584fffc8
SS		 536comment "Hash modes"
537
93b5e86a
JK		 538config CRYPTO_CMAC
539 tristate "CMAC support"
540 select CRYPTO_HASH
541 select CRYPTO_MANAGER
542 help
543 Cipher-based Message Authentication Code (CMAC) specified by
544 The National Institute of Standards and Technology (NIST).
545
546 https://tools.ietf.org/html/rfc4493
547 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
548
584fffc8
SS		 549config CRYPTO_HMAC
550 tristate "HMAC support"
551 select CRYPTO_HASH
23e353c8 552 select CRYPTO_MANAGER
23e353c8 553 help
584fffc8
SS		 554 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
555 This is required for IPSec.
23e353c8 556
584fffc8
SS		 557config CRYPTO_XCBC
558 tristate "XCBC support"
584fffc8
SS		 559 select CRYPTO_HASH
560 select CRYPTO_MANAGER
76cb9521 561 help
584fffc8 562 XCBC: Keyed-Hashing with encryption algorithm
9332a9e7 563 https://www.ietf.org/rfc/rfc3566.txt
584fffc8
SS		 564 http://csrc.nist.gov/encryption/modes/proposedmodes/
565 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 566
f1939f7c
SW		 567config CRYPTO_VMAC
568 tristate "VMAC support"
f1939f7c
SW		 569 select CRYPTO_HASH
570 select CRYPTO_MANAGER
571 help
572 VMAC is a message authentication algorithm designed for
573 very high speed on 64-bit architectures.
574
575 See also:
9332a9e7 576 <https://fastcrypto.org/vmac>
f1939f7c 577
584fffc8 578comment "Digest"
28db8e3e 579
584fffc8
SS		 580config CRYPTO_CRC32C
581 tristate "CRC32c CRC algorithm"
5773a3e6 582 select CRYPTO_HASH
6a0962b2 583 select CRC32
4a49b499 584 help
584fffc8
SS		 585 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
586 by iSCSI for header and data digests and by others.
69c35efc 587 See Castagnoli93. Module will be crc32c.
4a49b499 588
8cb51ba8
AZ		 589config CRYPTO_CRC32C_INTEL
590 tristate "CRC32c INTEL hardware acceleration"
591 depends on X86
592 select CRYPTO_HASH
593 help
594 In Intel processor with SSE4.2 supported, the processor will
595 support CRC32C implementation using hardware accelerated CRC32
596 instruction. This option will create 'crc32c-intel' module,
597 which will enable any routine to use the CRC32 instruction to
598 gain performance compared with software implementation.
599 Module will be crc32c-intel.
600
7cf31864 601config CRYPTO_CRC32C_VPMSUM
6dd7a82c 602 tristate "CRC32c CRC algorithm (powerpc64)"
c12abf34 603 depends on PPC64 && ALTIVEC
6dd7a82c
AB		 604 select CRYPTO_HASH
605 select CRC32
606 help
607 CRC32c algorithm implemented using vector polynomial multiply-sum
608 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
609 and newer processors for improved performance.
610
611
442a7c40
DM		 612config CRYPTO_CRC32C_SPARC64
613 tristate "CRC32c CRC algorithm (SPARC64)"
614 depends on SPARC64
615 select CRYPTO_HASH
616 select CRC32
617 help
618 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
619 when available.
620
78c37d19
AB		 621config CRYPTO_CRC32
622 tristate "CRC32 CRC algorithm"
623 select CRYPTO_HASH
624 select CRC32
625 help
626 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
627 Shash crypto api wrappers to crc32_le function.
628
629config CRYPTO_CRC32_PCLMUL
630 tristate "CRC32 PCLMULQDQ hardware acceleration"
631 depends on X86
632 select CRYPTO_HASH
633 select CRC32
634 help
635 From Intel Westmere and AMD Bulldozer processor with SSE4.2
636 and PCLMULQDQ supported, the processor will support
637 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
af8cb01f 638 instruction. This option will create 'crc32-pclmul' module,
78c37d19
AB		 639 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
640 and gain better performance as compared with the table implementation.
641
4a5dc51e
MN		 642config CRYPTO_CRC32_MIPS
643 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
644 depends on MIPS_CRC_SUPPORT
645 select CRYPTO_HASH
646 help
647 CRC32c and CRC32 CRC algorithms implemented using mips crypto
648 instructions, when available.
649
650
67882e76
NB		 651config CRYPTO_XXHASH
652 tristate "xxHash hash algorithm"
653 select CRYPTO_HASH
654 select XXHASH
655 help
656 xxHash non-cryptographic hash algorithm. Extremely fast, working at
657 speeds close to RAM limits.
658
91d68933
DS		 659config CRYPTO_BLAKE2B
660 tristate "BLAKE2b digest algorithm"
661 select CRYPTO_HASH
662 help
663 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
664 optimized for 64bit platforms and can produce digests of any size
665 between 1 to 64. The keyed hash is also implemented.
666
667 This module provides the following algorithms:
668
669 - blake2b-160
670 - blake2b-256
671 - blake2b-384
672 - blake2b-512
673
674 See https://blake2.net for further information.
675
7f9b0880
AB		 676config CRYPTO_BLAKE2S
677 tristate "BLAKE2s digest algorithm"
678 select CRYPTO_LIB_BLAKE2S_GENERIC
679 select CRYPTO_HASH
680 help
681 Implementation of cryptographic hash function BLAKE2s
682 optimized for 8-32bit platforms and can produce digests of any size
683 between 1 to 32. The keyed hash is also implemented.
684
685 This module provides the following algorithms:
686
687 - blake2s-128
688 - blake2s-160
689 - blake2s-224
690 - blake2s-256
691
692 See https://blake2.net for further information.
693
ed0356ed
JD		 694config CRYPTO_BLAKE2S_X86
695 tristate "BLAKE2s digest algorithm (x86 accelerated version)"
696 depends on X86 && 64BIT
697 select CRYPTO_LIB_BLAKE2S_GENERIC
698 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
699
68411521
HX		 700config CRYPTO_CRCT10DIF
701 tristate "CRCT10DIF algorithm"
702 select CRYPTO_HASH
703 help
704 CRC T10 Data Integrity Field computation is being cast as
705 a crypto transform. This allows for faster crc t10 diff
706 transforms to be used if they are available.
707
708config CRYPTO_CRCT10DIF_PCLMUL
709 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
710 depends on X86 && 64BIT && CRC_T10DIF
711 select CRYPTO_HASH
712 help
713 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
714 CRC T10 DIF PCLMULQDQ computation can be hardware
715 accelerated PCLMULQDQ instruction. This option will create
af8cb01f 716 'crct10dif-pclmul' module, which is faster when computing the
68411521
HX		 717 crct10dif checksum as compared with the generic table implementation.
718
b01df1c1
DA		 719config CRYPTO_CRCT10DIF_VPMSUM
720 tristate "CRC32T10DIF powerpc64 hardware acceleration"
721 depends on PPC64 && ALTIVEC && CRC_T10DIF
722 select CRYPTO_HASH
723 help
724 CRC10T10DIF algorithm implemented using vector polynomial
725 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
726 POWER8 and newer processors for improved performance.
727
146c8688
DA		 728config CRYPTO_VPMSUM_TESTER
729 tristate "Powerpc64 vpmsum hardware acceleration tester"
730 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
731 help
732 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
733 POWER8 vpmsum instructions.
734 Unless you are testing these algorithms, you don't need this.
735
2cdc6899 736config CRYPTO_GHASH
8dfa20fc 737 tristate "GHASH hash function"
2cdc6899 738 select CRYPTO_GF128MUL
578c60fb 739 select CRYPTO_HASH
2cdc6899 740 help
8dfa20fc
EB		 741 GHASH is the hash function used in GCM (Galois/Counter Mode).
742 It is not a general-purpose cryptographic hash function.
2cdc6899 743
f979e014
MW		 744config CRYPTO_POLY1305
745 tristate "Poly1305 authenticator algorithm"
578c60fb 746 select CRYPTO_HASH
48ea8c6e 747 select CRYPTO_LIB_POLY1305_GENERIC
f979e014
MW		 748 help
749 Poly1305 authenticator algorithm, RFC7539.
750
751 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
752 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
753 in IETF protocols. This is the portable C implementation of Poly1305.
754
c70f4abe 755config CRYPTO_POLY1305_X86_64
b1ccc8f4 756 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe 757 depends on X86 && 64BIT
1b2c6a51 758 select CRYPTO_LIB_POLY1305_GENERIC
f0e89bcf 759 select CRYPTO_ARCH_HAVE_LIB_POLY1305
c70f4abe
MW		 760 help
761 Poly1305 authenticator algorithm, RFC7539.
762
763 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
764 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
765 in IETF protocols. This is the x86_64 assembler implementation using SIMD
766 instructions.
767
a11d055e
AB		 768config CRYPTO_POLY1305_MIPS
769 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
770 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
771 select CRYPTO_ARCH_HAVE_LIB_POLY1305
772
584fffc8
SS		 773config CRYPTO_MD4
774 tristate "MD4 digest algorithm"
808a1763 775 select CRYPTO_HASH
124b53d0 776 help
584fffc8 777 MD4 message digest algorithm (RFC1320).
124b53d0 778
584fffc8
SS		 779config CRYPTO_MD5
780 tristate "MD5 digest algorithm"
14b75ba7 781 select CRYPTO_HASH
1da177e4 782 help
584fffc8 783 MD5 message digest algorithm (RFC1321).
1da177e4 784
d69e75de
AK		 785config CRYPTO_MD5_OCTEON
786 tristate "MD5 digest algorithm (OCTEON)"
787 depends on CPU_CAVIUM_OCTEON
788 select CRYPTO_MD5
789 select CRYPTO_HASH
790 help
791 MD5 message digest algorithm (RFC1321) implemented
792 using OCTEON crypto instructions, when available.
793
e8e59953
MS		 794config CRYPTO_MD5_PPC
795 tristate "MD5 digest algorithm (PPC)"
796 depends on PPC
797 select CRYPTO_HASH
798 help
799 MD5 message digest algorithm (RFC1321) implemented
800 in PPC assembler.
801
fa4dfedc
DM		 802config CRYPTO_MD5_SPARC64
803 tristate "MD5 digest algorithm (SPARC64)"
804 depends on SPARC64
805 select CRYPTO_MD5
806 select CRYPTO_HASH
807 help
808 MD5 message digest algorithm (RFC1321) implemented
809 using sparc64 crypto instructions, when available.
810
584fffc8
SS		 811config CRYPTO_MICHAEL_MIC
812 tristate "Michael MIC keyed digest algorithm"
19e2bf14 813 select CRYPTO_HASH
90831639 814 help
584fffc8
SS		 815 Michael MIC is used for message integrity protection in TKIP
816 (IEEE 802.11i). This algorithm is required for TKIP, but it
817 should not be used for other purposes because of the weakness
818 of the algorithm.
90831639 819
82798f90 820config CRYPTO_RMD160
b6d44341 821 tristate "RIPEMD-160 digest algorithm"
e5835fba 822 select CRYPTO_HASH
b6d44341
AB		 823 help
824 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 825
b6d44341
AB		 826 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
827 to be used as a secure replacement for the 128-bit hash functions
828 MD4, MD5 and it's predecessor RIPEMD
829 (not to be confused with RIPEMD-128).
82798f90 830
b6d44341
AB		 831 It's speed is comparable to SHA1 and there are no known attacks
832 against RIPEMD-160.
534fe2c1 833
b6d44341 834 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
9332a9e7 835 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1 836
584fffc8
SS		 837config CRYPTO_SHA1
838 tristate "SHA1 digest algorithm"
54ccb367 839 select CRYPTO_HASH
1da177e4 840 help
584fffc8 841 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 842
66be8951 843config CRYPTO_SHA1_SSSE3
e38b6b7f 844 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 845 depends on X86 && 64BIT
846 select CRYPTO_SHA1
847 select CRYPTO_HASH
848 help
849 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
850 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 851 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
852 when available.
66be8951 853
8275d1aa 854config CRYPTO_SHA256_SSSE3
e38b6b7f 855 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 856 depends on X86 && 64BIT
857 select CRYPTO_SHA256
858 select CRYPTO_HASH
859 help
860 SHA-256 secure hash standard (DFIPS 180-2) implemented
861 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
862 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 863 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
864 Instructions) when available.
87de4579
TC		 865
866config CRYPTO_SHA512_SSSE3
867 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
868 depends on X86 && 64BIT
869 select CRYPTO_SHA512
870 select CRYPTO_HASH
871 help
872 SHA-512 secure hash standard (DFIPS 180-2) implemented
873 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
874 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 875 version 2 (AVX2) instructions, when available.
876
efdb6f6e
AK		 877config CRYPTO_SHA1_OCTEON
878 tristate "SHA1 digest algorithm (OCTEON)"
879 depends on CPU_CAVIUM_OCTEON
880 select CRYPTO_SHA1
881 select CRYPTO_HASH
882 help
883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
884 using OCTEON crypto instructions, when available.
885
4ff28d4c
DM		 886config CRYPTO_SHA1_SPARC64
887 tristate "SHA1 digest algorithm (SPARC64)"
888 depends on SPARC64
889 select CRYPTO_SHA1
890 select CRYPTO_HASH
891 help
892 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
893 using sparc64 crypto instructions, when available.
894
323a6bf1
ME		 895config CRYPTO_SHA1_PPC
896 tristate "SHA1 digest algorithm (powerpc)"
897 depends on PPC
898 help
899 This is the powerpc hardware accelerated implementation of the
900 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
901
d9850fc5
MS		 902config CRYPTO_SHA1_PPC_SPE
903 tristate "SHA1 digest algorithm (PPC SPE)"
904 depends on PPC && SPE
905 help
906 SHA-1 secure hash standard (DFIPS 180-4) implemented
907 using powerpc SPE SIMD instruction set.
908
584fffc8
SS		 909config CRYPTO_SHA256
910 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 911 select CRYPTO_HASH
08c327f6 912 select CRYPTO_LIB_SHA256
1da177e4 913 help
584fffc8 914 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 915
584fffc8
SS		 916 This version of SHA implements a 256 bit hash with 128 bits of
917 security against collision attacks.
2729bb42 918
b6d44341
AB		 919 This code also includes SHA-224, a 224 bit hash with 112 bits
920 of security against collision attacks.
584fffc8 921
2ecc1e95
MS		 922config CRYPTO_SHA256_PPC_SPE
923 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
924 depends on PPC && SPE
925 select CRYPTO_SHA256
926 select CRYPTO_HASH
927 help
928 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
929 implemented using powerpc SPE SIMD instruction set.
930
efdb6f6e
AK		 931config CRYPTO_SHA256_OCTEON
932 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
933 depends on CPU_CAVIUM_OCTEON
934 select CRYPTO_SHA256
935 select CRYPTO_HASH
936 help
937 SHA-256 secure hash standard (DFIPS 180-2) implemented
938 using OCTEON crypto instructions, when available.
939
86c93b24
DM		 940config CRYPTO_SHA256_SPARC64
941 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
942 depends on SPARC64
943 select CRYPTO_SHA256
944 select CRYPTO_HASH
945 help
946 SHA-256 secure hash standard (DFIPS 180-2) implemented
947 using sparc64 crypto instructions, when available.
948
584fffc8
SS		 949config CRYPTO_SHA512
950 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 951 select CRYPTO_HASH
b9f535ff 952 help
584fffc8 953 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 954
584fffc8
SS		 955 This version of SHA implements a 512 bit hash with 256 bits of
956 security against collision attacks.
b9f535ff 957
584fffc8
SS		 958 This code also includes SHA-384, a 384 bit hash with 192 bits
959 of security against collision attacks.
b9f535ff 960
efdb6f6e
AK		 961config CRYPTO_SHA512_OCTEON
962 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
963 depends on CPU_CAVIUM_OCTEON
964 select CRYPTO_SHA512
965 select CRYPTO_HASH
966 help
967 SHA-512 secure hash standard (DFIPS 180-2) implemented
968 using OCTEON crypto instructions, when available.
969
775e0c69
DM		 970config CRYPTO_SHA512_SPARC64
971 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
972 depends on SPARC64
973 select CRYPTO_SHA512
974 select CRYPTO_HASH
975 help
976 SHA-512 secure hash standard (DFIPS 180-2) implemented
977 using sparc64 crypto instructions, when available.
978
53964b9e
JG		 979config CRYPTO_SHA3
980 tristate "SHA3 digest algorithm"
981 select CRYPTO_HASH
982 help
983 SHA-3 secure hash standard (DFIPS 202). It's based on
984 cryptographic sponge function family called Keccak.
985
986 References:
987 http://keccak.noekeon.org/
988
4f0fc160
GBY		 989config CRYPTO_SM3
990 tristate "SM3 digest algorithm"
991 select CRYPTO_HASH
992 help
993 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
994 It is part of the Chinese Commercial Cryptography suite.
995
996 References:
997 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
998 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
999
fe18957e
VC		 1000config CRYPTO_STREEBOG
1001 tristate "Streebog Hash Function"
1002 select CRYPTO_HASH
1003 help
1004 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1005 cryptographic standard algorithms (called GOST algorithms).
1006 This setting enables two hash algorithms with 256 and 512 bits output.
1007
1008 References:
1009 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1010 https://tools.ietf.org/html/rfc6986
1011
584fffc8
SS		 1012config CRYPTO_WP512
1013 tristate "Whirlpool digest algorithms"
4946510b 1014 select CRYPTO_HASH
1da177e4 1015 help
584fffc8 1016 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 1017
584fffc8
SS		 1018 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1019 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 1020
1021 See also:
6d8de74c 1022 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 1023
0e1227d3 1024config CRYPTO_GHASH_CLMUL_NI_INTEL
8dfa20fc 1025 tristate "GHASH hash function (CLMUL-NI accelerated)"
8af00860 1026 depends on X86 && 64BIT
0e1227d3
HY		 1027 select CRYPTO_CRYPTD
1028 help
8dfa20fc
EB		 1029 This is the x86_64 CLMUL-NI accelerated implementation of
1030 GHASH, the hash function used in GCM (Galois/Counter mode).
0e1227d3 1031
584fffc8 1032comment "Ciphers"
1da177e4
LT		 1033
1034config CRYPTO_AES
1035 tristate "AES cipher algorithms"
cce9e06d 1036 select CRYPTO_ALGAPI
5bb12d78 1037 select CRYPTO_LIB_AES
1da177e4 1038 help
584fffc8 1039 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1040 algorithm.
1041
1042 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1043 both hardware and software across a wide range of computing
1044 environments regardless of its use in feedback or non-feedback
1045 modes. Its key setup time is excellent, and its key agility is
1046 good. Rijndael's very low memory requirements make it very well
1047 suited for restricted-space environments, in which it also
1048 demonstrates excellent performance. Rijndael's operations are
1049 among the easiest to defend against power and timing attacks.
1da177e4 1050
584fffc8 1051 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1052
1053 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1054
b5e0b032
AB		 1055config CRYPTO_AES_TI
1056 tristate "Fixed time AES cipher"
1057 select CRYPTO_ALGAPI
e59c1c98 1058 select CRYPTO_LIB_AES
b5e0b032
AB		 1059 help
1060 This is a generic implementation of AES that attempts to eliminate
1061 data dependent latencies as much as possible without affecting
1062 performance too much. It is intended for use by the generic CCM
1063 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1064 solely on encryption (although decryption is supported as well, but
1065 with a more dramatic performance hit)
1066
1067 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1068 8 for decryption), this implementation only uses just two S-boxes of
1069 256 bytes each, and attempts to eliminate data dependent latencies by
1070 prefetching the entire table into the cache at the start of each
0a6a40c2
EB		 1071 block. Interrupts are also disabled to avoid races where cachelines
1072 are evicted when the CPU is interrupted to do something else.
b5e0b032 1073
54b6a1bd
HY		 1074config CRYPTO_AES_NI_INTEL
1075 tristate "AES cipher algorithms (AES-NI)"
8af00860 1076 depends on X86
85671860 1077 select CRYPTO_AEAD
2c53fd11 1078 select CRYPTO_LIB_AES
54b6a1bd 1079 select CRYPTO_ALGAPI
b95bba5d 1080 select CRYPTO_SKCIPHER
85671860 1081 select CRYPTO_SIMD
54b6a1bd
HY		 1082 help
1083 Use Intel AES-NI instructions for AES algorithm.
1084
1085 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1086 algorithm.
1087
1088 Rijndael appears to be consistently a very good performer in
1089 both hardware and software across a wide range of computing
1090 environments regardless of its use in feedback or non-feedback
1091 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 1092 good. Rijndael's very low memory requirements make it very well
1093 suited for restricted-space environments, in which it also
1094 demonstrates excellent performance. Rijndael's operations are
1095 among the easiest to defend against power and timing attacks.
a2a892a2 1096
584fffc8 1097 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1098
1099 See <http://csrc.nist.gov/encryption/aes/> for more information.
1100
0d258efb
MK		 1101 In addition to AES cipher algorithm support, the acceleration
1102 for some popular block cipher mode is supported too, including
944585a6 1103 ECB, CBC, LRW, XTS. The 64 bit version has additional
0d258efb 1104 acceleration for CTR.
2cf4ac8b 1105
9bf4852d
DM		 1106config CRYPTO_AES_SPARC64
1107 tristate "AES cipher algorithms (SPARC64)"
1108 depends on SPARC64
b95bba5d 1109 select CRYPTO_SKCIPHER
9bf4852d
DM		 1110 help
1111 Use SPARC64 crypto opcodes for AES algorithm.
1112
1113 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1114 algorithm.
1115
1116 Rijndael appears to be consistently a very good performer in
1117 both hardware and software across a wide range of computing
1118 environments regardless of its use in feedback or non-feedback
1119 modes. Its key setup time is excellent, and its key agility is
1120 good. Rijndael's very low memory requirements make it very well
1121 suited for restricted-space environments, in which it also
1122 demonstrates excellent performance. Rijndael's operations are
1123 among the easiest to defend against power and timing attacks.
1124
1125 The AES specifies three key sizes: 128, 192 and 256 bits
1126
1127 See <http://csrc.nist.gov/encryption/aes/> for more information.
1128
1129 In addition to AES cipher algorithm support, the acceleration
1130 for some popular block cipher mode is supported too, including
1131 ECB and CBC.
1132
504c6143
MS		 1133config CRYPTO_AES_PPC_SPE
1134 tristate "AES cipher algorithms (PPC SPE)"
1135 depends on PPC && SPE
b95bba5d 1136 select CRYPTO_SKCIPHER
504c6143
MS		 1137 help
1138 AES cipher algorithms (FIPS-197). Additionally the acceleration
1139 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1140 This module should only be used for low power (router) devices
1141 without hardware AES acceleration (e.g. caam crypto). It reduces the
1142 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1143 timining attacks. Nevertheless it might be not as secure as other
1144 architecture specific assembler implementations that work on 1KB
1145 tables or 256 bytes S-boxes.
1146
584fffc8
SS		 1147config CRYPTO_ANUBIS
1148 tristate "Anubis cipher algorithm"
1674aea5 1149 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
584fffc8
SS		 1150 select CRYPTO_ALGAPI
1151 help
1152 Anubis cipher algorithm.
1153
1154 Anubis is a variable key length cipher which can use keys from
1155 128 bits to 320 bits in length. It was evaluated as a entrant
1156 in the NESSIE competition.
1157
1158 See also:
6d8de74c
JM		 1159 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1160 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 1161
1162config CRYPTO_ARC4
1163 tristate "ARC4 cipher algorithm"
9ace6771 1164 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
b95bba5d 1165 select CRYPTO_SKCIPHER
dc51f257 1166 select CRYPTO_LIB_ARC4
584fffc8
SS		 1167 help
1168 ARC4 cipher algorithm.
1169
1170 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1171 bits in length. This algorithm is required for driver-based
1172 WEP, but it should not be for other purposes because of the
1173 weakness of the algorithm.
1174
1175config CRYPTO_BLOWFISH
1176 tristate "Blowfish cipher algorithm"
1177 select CRYPTO_ALGAPI
52ba867c 1178 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 1179 help
1180 Blowfish cipher algorithm, by Bruce Schneier.
1181
1182 This is a variable key length cipher which can use keys from 32
1183 bits to 448 bits in length. It's fast, simple and specifically
1184 designed for use on "large microprocessors".
1185
1186 See also:
9332a9e7 1187 <https://www.schneier.com/blowfish.html>
584fffc8 1188
52ba867c
JK		 1189config CRYPTO_BLOWFISH_COMMON
1190 tristate
1191 help
1192 Common parts of the Blowfish cipher algorithm shared by the
1193 generic c and the assembler implementations.
1194
1195 See also:
9332a9e7 1196 <https://www.schneier.com/blowfish.html>
52ba867c 1197
64b94cea
JK		 1198config CRYPTO_BLOWFISH_X86_64
1199 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 1200 depends on X86 && 64BIT
b95bba5d 1201 select CRYPTO_SKCIPHER
64b94cea 1202 select CRYPTO_BLOWFISH_COMMON
c0a64926 1203 imply CRYPTO_CTR
64b94cea
JK		 1204 help
1205 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1206
1207 This is a variable key length cipher which can use keys from 32
1208 bits to 448 bits in length. It's fast, simple and specifically
1209 designed for use on "large microprocessors".
1210
1211 See also:
9332a9e7 1212 <https://www.schneier.com/blowfish.html>
64b94cea 1213
584fffc8
SS		 1214config CRYPTO_CAMELLIA
1215 tristate "Camellia cipher algorithms"
1216 depends on CRYPTO
1217 select CRYPTO_ALGAPI
1218 help
1219 Camellia cipher algorithms module.
1220
1221 Camellia is a symmetric key block cipher developed jointly
1222 at NTT and Mitsubishi Electric Corporation.
1223
1224 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1225
1226 See also:
1227 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1228
0b95ec56
JK		 1229config CRYPTO_CAMELLIA_X86_64
1230 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1231 depends on X86 && 64BIT
0b95ec56 1232 depends on CRYPTO
b95bba5d 1233 select CRYPTO_SKCIPHER
a1f91ecf 1234 imply CRYPTO_CTR
0b95ec56
JK		 1235 help
1236 Camellia cipher algorithm module (x86_64).
1237
1238 Camellia is a symmetric key block cipher developed jointly
1239 at NTT and Mitsubishi Electric Corporation.
1240
1241 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1242
1243 See also:
d9b1d2e7
JK		 1244 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1245
1246config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1247 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1248 depends on X86 && 64BIT
1249 depends on CRYPTO
b95bba5d 1250 select CRYPTO_SKCIPHER
d9b1d2e7 1251 select CRYPTO_CAMELLIA_X86_64
44893bc2 1252 select CRYPTO_SIMD
55a7e88f 1253 imply CRYPTO_XTS
d9b1d2e7
JK		 1254 help
1255 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1256
1257 Camellia is a symmetric key block cipher developed jointly
1258 at NTT and Mitsubishi Electric Corporation.
1259
1260 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1261
1262 See also:
0b95ec56
JK		 1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1264
f3f935a7
JK		 1265config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1266 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1267 depends on X86 && 64BIT
1268 depends on CRYPTO
f3f935a7 1269 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
f3f935a7
JK		 1270 help
1271 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1272
1273 Camellia is a symmetric key block cipher developed jointly
1274 at NTT and Mitsubishi Electric Corporation.
1275
1276 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1277
1278 See also:
1279 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1280
81658ad0
DM		 1281config CRYPTO_CAMELLIA_SPARC64
1282 tristate "Camellia cipher algorithm (SPARC64)"
1283 depends on SPARC64
1284 depends on CRYPTO
1285 select CRYPTO_ALGAPI
b95bba5d 1286 select CRYPTO_SKCIPHER
81658ad0
DM		 1287 help
1288 Camellia cipher algorithm module (SPARC64).
1289
1290 Camellia is a symmetric key block cipher developed jointly
1291 at NTT and Mitsubishi Electric Corporation.
1292
1293 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1294
1295 See also:
1296 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1297
044ab525
JK		 1298config CRYPTO_CAST_COMMON
1299 tristate
1300 help
1301 Common parts of the CAST cipher algorithms shared by the
1302 generic c and the assembler implementations.
1303
1da177e4
LT		 1304config CRYPTO_CAST5
1305 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1306 select CRYPTO_ALGAPI
044ab525 1307 select CRYPTO_CAST_COMMON
1da177e4
LT		 1308 help
1309 The CAST5 encryption algorithm (synonymous with CAST-128) is
1310 described in RFC2144.
1311
4d6d6a2c
JG		 1312config CRYPTO_CAST5_AVX_X86_64
1313 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1314 depends on X86 && 64BIT
b95bba5d 1315 select CRYPTO_SKCIPHER
4d6d6a2c 1316 select CRYPTO_CAST5
1e63183a
EB		 1317 select CRYPTO_CAST_COMMON
1318 select CRYPTO_SIMD
e2d60e2f 1319 imply CRYPTO_CTR
4d6d6a2c
JG		 1320 help
1321 The CAST5 encryption algorithm (synonymous with CAST-128) is
1322 described in RFC2144.
1323
1324 This module provides the Cast5 cipher algorithm that processes
1325 sixteen blocks parallel using the AVX instruction set.
1326
1da177e4
LT		 1327config CRYPTO_CAST6
1328 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1329 select CRYPTO_ALGAPI
044ab525 1330 select CRYPTO_CAST_COMMON
1da177e4
LT		 1331 help
1332 The CAST6 encryption algorithm (synonymous with CAST-256) is
1333 described in RFC2612.
1334
4ea1277d
JG		 1335config CRYPTO_CAST6_AVX_X86_64
1336 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1337 depends on X86 && 64BIT
b95bba5d 1338 select CRYPTO_SKCIPHER
4ea1277d 1339 select CRYPTO_CAST6
4bd96924 1340 select CRYPTO_CAST_COMMON
4bd96924 1341 select CRYPTO_SIMD
2cc0fedb 1342 imply CRYPTO_XTS
7a6623cc 1343 imply CRYPTO_CTR
4ea1277d
JG		 1344 help
1345 The CAST6 encryption algorithm (synonymous with CAST-256) is
1346 described in RFC2612.
1347
1348 This module provides the Cast6 cipher algorithm that processes
1349 eight blocks parallel using the AVX instruction set.
1350
584fffc8
SS		 1351config CRYPTO_DES
1352 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1353 select CRYPTO_ALGAPI
04007b0e 1354 select CRYPTO_LIB_DES
1da177e4 1355 help
584fffc8 1356 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1357
c5aac2df
DM		 1358config CRYPTO_DES_SPARC64
1359 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1360 depends on SPARC64
c5aac2df 1361 select CRYPTO_ALGAPI
04007b0e 1362 select CRYPTO_LIB_DES
b95bba5d 1363 select CRYPTO_SKCIPHER
c5aac2df
DM		 1364 help
1365 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1366 optimized using SPARC64 crypto opcodes.
1367
6574e6c6
JK		 1368config CRYPTO_DES3_EDE_X86_64
1369 tristate "Triple DES EDE cipher algorithm (x86-64)"
1370 depends on X86 && 64BIT
b95bba5d 1371 select CRYPTO_SKCIPHER
04007b0e 1372 select CRYPTO_LIB_DES
768db5fe 1373 imply CRYPTO_CTR
6574e6c6
JK		 1374 help
1375 Triple DES EDE (FIPS 46-3) algorithm.
1376
1377 This module provides implementation of the Triple DES EDE cipher
1378 algorithm that is optimized for x86-64 processors. Two versions of
1379 algorithm are provided; regular processing one input block and
1380 one that processes three blocks parallel.
1381
584fffc8
SS		 1382config CRYPTO_FCRYPT
1383 tristate "FCrypt cipher algorithm"
cce9e06d 1384 select CRYPTO_ALGAPI
b95bba5d 1385 select CRYPTO_SKCIPHER
1da177e4 1386 help
584fffc8 1387 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1388
1389config CRYPTO_KHAZAD
1390 tristate "Khazad cipher algorithm"
1674aea5 1391 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1392 select CRYPTO_ALGAPI
1da177e4
LT		 1393 help
1394 Khazad cipher algorithm.
1395
1396 Khazad was a finalist in the initial NESSIE competition. It is
1397 an algorithm optimized for 64-bit processors with good performance
1398 on 32-bit processors. Khazad uses an 128 bit key size.
1399
1400 See also:
6d8de74c 1401 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1402
c08d0e64 1403config CRYPTO_CHACHA20
aa762409 1404 tristate "ChaCha stream cipher algorithms"
5fb8ef25 1405 select CRYPTO_LIB_CHACHA_GENERIC
b95bba5d 1406 select CRYPTO_SKCIPHER
c08d0e64 1407 help
aa762409 1408 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
c08d0e64
MW		 1409
1410 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1411 Bernstein and further specified in RFC7539 for use in IETF protocols.
de61d7ae 1412 This is the portable C implementation of ChaCha20. See also:
9332a9e7 1413 <https://cr.yp.to/chacha/chacha-20080128.pdf>
c08d0e64 1414
de61d7ae
EB		 1415 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1416 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1417 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1418 while provably retaining ChaCha20's security. See also:
1419 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1420
aa762409
EB		 1421 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1422 reduced security margin but increased performance. It can be needed
1423 in some performance-sensitive scenarios.
1424
c9320b6d 1425config CRYPTO_CHACHA20_X86_64
4af78261 1426 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
c9320b6d 1427 depends on X86 && 64BIT
b95bba5d 1428 select CRYPTO_SKCIPHER
28e8d89b 1429 select CRYPTO_LIB_CHACHA_GENERIC
84e03fa3 1430 select CRYPTO_ARCH_HAVE_LIB_CHACHA
c9320b6d 1431 help
7a507d62
EB		 1432 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1433 XChaCha20, and XChaCha12 stream ciphers.
c9320b6d 1434
3a2f58f3
AB		 1435config CRYPTO_CHACHA_MIPS
1436 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1437 depends on CPU_MIPS32_R2
660eda8d 1438 select CRYPTO_SKCIPHER
3a2f58f3
AB		 1439 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1440
584fffc8
SS		 1441config CRYPTO_SEED
1442 tristate "SEED cipher algorithm"
1674aea5 1443 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1444 select CRYPTO_ALGAPI
1da177e4 1445 help
584fffc8 1446 SEED cipher algorithm (RFC4269).
1da177e4 1447
584fffc8
SS		 1448 SEED is a 128-bit symmetric key block cipher that has been
1449 developed by KISA (Korea Information Security Agency) as a
1450 national standard encryption algorithm of the Republic of Korea.
1451 It is a 16 round block cipher with the key size of 128 bit.
1452
1453 See also:
1454 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1455
1456config CRYPTO_SERPENT
1457 tristate "Serpent cipher algorithm"
cce9e06d 1458 select CRYPTO_ALGAPI
1da177e4 1459 help
584fffc8 1460 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1461
584fffc8 1462 Keys are allowed to be from 0 to 256 bits in length, in steps
784506a1 1463 of 8 bits.
584fffc8
SS		 1464
1465 See also:
9332a9e7 1466 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
584fffc8 1467
937c30d7
JK		 1468config CRYPTO_SERPENT_SSE2_X86_64
1469 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1470 depends on X86 && 64BIT
b95bba5d 1471 select CRYPTO_SKCIPHER
937c30d7 1472 select CRYPTO_SERPENT
e0f409dc 1473 select CRYPTO_SIMD
2e9440ae 1474 imply CRYPTO_CTR
937c30d7
JK		 1475 help
1476 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1477
1478 Keys are allowed to be from 0 to 256 bits in length, in steps
1479 of 8 bits.
1480
1e6232f8 1481 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1482 blocks parallel using SSE2 instruction set.
1483
1484 See also:
9332a9e7 1485 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
937c30d7 1486
251496db
JK		 1487config CRYPTO_SERPENT_SSE2_586
1488 tristate "Serpent cipher algorithm (i586/SSE2)"
1489 depends on X86 && !64BIT
b95bba5d 1490 select CRYPTO_SKCIPHER
251496db 1491 select CRYPTO_SERPENT
e0f409dc 1492 select CRYPTO_SIMD
2e9440ae 1493 imply CRYPTO_CTR
251496db
JK		 1494 help
1495 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1496
1497 Keys are allowed to be from 0 to 256 bits in length, in steps
1498 of 8 bits.
1499
1500 This module provides Serpent cipher algorithm that processes four
1501 blocks parallel using SSE2 instruction set.
1502
1503 See also:
9332a9e7 1504 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1505
1506config CRYPTO_SERPENT_AVX_X86_64
1507 tristate "Serpent cipher algorithm (x86_64/AVX)"
1508 depends on X86 && 64BIT
b95bba5d 1509 select CRYPTO_SKCIPHER
7efe4076 1510 select CRYPTO_SERPENT
e16bf974 1511 select CRYPTO_SIMD
9ec0af8a 1512 imply CRYPTO_XTS
2e9440ae 1513 imply CRYPTO_CTR
7efe4076
JG		 1514 help
1515 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1516
1517 Keys are allowed to be from 0 to 256 bits in length, in steps
1518 of 8 bits.
1519
1520 This module provides the Serpent cipher algorithm that processes
1521 eight blocks parallel using the AVX instruction set.
1522
1523 See also:
9332a9e7 1524 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1525
56d76c96
JK		 1526config CRYPTO_SERPENT_AVX2_X86_64
1527 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1528 depends on X86 && 64BIT
56d76c96 1529 select CRYPTO_SERPENT_AVX_X86_64
56d76c96
JK		 1530 help
1531 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1532
1533 Keys are allowed to be from 0 to 256 bits in length, in steps
1534 of 8 bits.
1535
1536 This module provides Serpent cipher algorithm that processes 16
1537 blocks parallel using AVX2 instruction set.
1538
1539 See also:
9332a9e7 1540 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
56d76c96 1541
747c8ce4
GBY		 1542config CRYPTO_SM4
1543 tristate "SM4 cipher algorithm"
1544 select CRYPTO_ALGAPI
1545 help
1546 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1547
1548 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1549 Organization of State Commercial Administration of China (OSCCA)
1550 as an authorized cryptographic algorithms for the use within China.
1551
1552 SMS4 was originally created for use in protecting wireless
1553 networks, and is mandated in the Chinese National Standard for
1554 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1555 (GB.15629.11-2003).
1556
1557 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1558 standardized through TC 260 of the Standardization Administration
1559 of the People's Republic of China (SAC).
1560
1561 The input, output, and key of SMS4 are each 128 bits.
1562
1563 See also: <https://eprint.iacr.org/2008/329.pdf>
1564
1565 If unsure, say N.
1566
584fffc8
SS		 1567config CRYPTO_TEA
1568 tristate "TEA, XTEA and XETA cipher algorithms"
1674aea5 1569 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1570 select CRYPTO_ALGAPI
1da177e4 1571 help
584fffc8 1572 TEA cipher algorithm.
1da177e4 1573
584fffc8
SS		 1574 Tiny Encryption Algorithm is a simple cipher that uses
1575 many rounds for security. It is very fast and uses
1576 little memory.
1577
1578 Xtendend Tiny Encryption Algorithm is a modification to
1579 the TEA algorithm to address a potential key weakness
1580 in the TEA algorithm.
1581
1582 Xtendend Encryption Tiny Algorithm is a mis-implementation
1583 of the XTEA algorithm for compatibility purposes.
1584
1585config CRYPTO_TWOFISH
1586 tristate "Twofish cipher algorithm"
04ac7db3 1587 select CRYPTO_ALGAPI
584fffc8 1588 select CRYPTO_TWOFISH_COMMON
04ac7db3 1589 help
584fffc8 1590 Twofish cipher algorithm.
04ac7db3 1591
584fffc8
SS		 1592 Twofish was submitted as an AES (Advanced Encryption Standard)
1593 candidate cipher by researchers at CounterPane Systems. It is a
1594 16 round block cipher supporting key sizes of 128, 192, and 256
1595 bits.
04ac7db3 1596
584fffc8 1597 See also:
9332a9e7 1598 <https://www.schneier.com/twofish.html>
584fffc8
SS		 1599
1600config CRYPTO_TWOFISH_COMMON
1601 tristate
1602 help
1603 Common parts of the Twofish cipher algorithm shared by the
1604 generic c and the assembler implementations.
1605
1606config CRYPTO_TWOFISH_586
1607 tristate "Twofish cipher algorithms (i586)"
1608 depends on (X86 || UML_X86) && !64BIT
1609 select CRYPTO_ALGAPI
1610 select CRYPTO_TWOFISH_COMMON
f43dcaf2 1611 imply CRYPTO_CTR
584fffc8
SS		 1612 help
1613 Twofish cipher algorithm.
1614
1615 Twofish was submitted as an AES (Advanced Encryption Standard)
1616 candidate cipher by researchers at CounterPane Systems. It is a
1617 16 round block cipher supporting key sizes of 128, 192, and 256
1618 bits.
04ac7db3
NT		 1619
1620 See also:
9332a9e7 1621 <https://www.schneier.com/twofish.html>
04ac7db3 1622
584fffc8
SS		 1623config CRYPTO_TWOFISH_X86_64
1624 tristate "Twofish cipher algorithm (x86_64)"
1625 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1626 select CRYPTO_ALGAPI
584fffc8 1627 select CRYPTO_TWOFISH_COMMON
f43dcaf2 1628 imply CRYPTO_CTR
1da177e4 1629 help
584fffc8 1630 Twofish cipher algorithm (x86_64).
1da177e4 1631
584fffc8
SS		 1632 Twofish was submitted as an AES (Advanced Encryption Standard)
1633 candidate cipher by researchers at CounterPane Systems. It is a
1634 16 round block cipher supporting key sizes of 128, 192, and 256
1635 bits.
1636
1637 See also:
9332a9e7 1638 <https://www.schneier.com/twofish.html>
584fffc8 1639
8280daad
JK		 1640config CRYPTO_TWOFISH_X86_64_3WAY
1641 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1642 depends on X86 && 64BIT
b95bba5d 1643 select CRYPTO_SKCIPHER
8280daad
JK		 1644 select CRYPTO_TWOFISH_COMMON
1645 select CRYPTO_TWOFISH_X86_64
1646 help
1647 Twofish cipher algorithm (x86_64, 3-way parallel).
1648
1649 Twofish was submitted as an AES (Advanced Encryption Standard)
1650 candidate cipher by researchers at CounterPane Systems. It is a
1651 16 round block cipher supporting key sizes of 128, 192, and 256
1652 bits.
1653
1654 This module provides Twofish cipher algorithm that processes three
1655 blocks parallel, utilizing resources of out-of-order CPUs better.
1656
1657 See also:
9332a9e7 1658 <https://www.schneier.com/twofish.html>
8280daad 1659
107778b5
JG		 1660config CRYPTO_TWOFISH_AVX_X86_64
1661 tristate "Twofish cipher algorithm (x86_64/AVX)"
1662 depends on X86 && 64BIT
b95bba5d 1663 select CRYPTO_SKCIPHER
0e6ab46d 1664 select CRYPTO_SIMD
107778b5
JG		 1665 select CRYPTO_TWOFISH_COMMON
1666 select CRYPTO_TWOFISH_X86_64
1667 select CRYPTO_TWOFISH_X86_64_3WAY
da4df93a 1668 imply CRYPTO_XTS
107778b5
JG		 1669 help
1670 Twofish cipher algorithm (x86_64/AVX).
1671
1672 Twofish was submitted as an AES (Advanced Encryption Standard)
1673 candidate cipher by researchers at CounterPane Systems. It is a
1674 16 round block cipher supporting key sizes of 128, 192, and 256
1675 bits.
1676
1677 This module provides the Twofish cipher algorithm that processes
1678 eight blocks parallel using the AVX Instruction Set.
1679
1680 See also:
9332a9e7 1681 <https://www.schneier.com/twofish.html>
107778b5 1682
584fffc8
SS		 1683comment "Compression"
1684
1685config CRYPTO_DEFLATE
1686 tristate "Deflate compression algorithm"
1687 select CRYPTO_ALGAPI
f6ded09d 1688 select CRYPTO_ACOMP2
584fffc8
SS		 1689 select ZLIB_INFLATE
1690 select ZLIB_DEFLATE
3c09f17c 1691 help
584fffc8
SS		 1692 This is the Deflate algorithm (RFC1951), specified for use in
1693 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1694
1695 You will most probably want this if using IPSec.
3c09f17c 1696
0b77abb3
ZS		 1697config CRYPTO_LZO
1698 tristate "LZO compression algorithm"
1699 select CRYPTO_ALGAPI
ac9d2c4b 1700 select CRYPTO_ACOMP2
0b77abb3
ZS		 1701 select LZO_COMPRESS
1702 select LZO_DECOMPRESS
1703 help
1704 This is the LZO algorithm.
1705
35a1fc18
SJ		 1706config CRYPTO_842
1707 tristate "842 compression algorithm"
2062c5b6 1708 select CRYPTO_ALGAPI
6a8de3ae 1709 select CRYPTO_ACOMP2
2062c5b6
DS		 1710 select 842_COMPRESS
1711 select 842_DECOMPRESS
35a1fc18
SJ		 1712 help
1713 This is the 842 algorithm.
0ea8530d
CM		 1714
1715config CRYPTO_LZ4
1716 tristate "LZ4 compression algorithm"
1717 select CRYPTO_ALGAPI
8cd9330e 1718 select CRYPTO_ACOMP2
0ea8530d
CM		 1719 select LZ4_COMPRESS
1720 select LZ4_DECOMPRESS
1721 help
1722 This is the LZ4 algorithm.
1723
1724config CRYPTO_LZ4HC
1725 tristate "LZ4HC compression algorithm"
1726 select CRYPTO_ALGAPI
91d53d96 1727 select CRYPTO_ACOMP2
0ea8530d
CM		 1728 select LZ4HC_COMPRESS
1729 select LZ4_DECOMPRESS
1730 help
1731 This is the LZ4 high compression mode algorithm.
35a1fc18 1732
d28fc3db
NT		 1733config CRYPTO_ZSTD
1734 tristate "Zstd compression algorithm"
1735 select CRYPTO_ALGAPI
1736 select CRYPTO_ACOMP2
1737 select ZSTD_COMPRESS
1738 select ZSTD_DECOMPRESS
1739 help
1740 This is the zstd algorithm.
1741
17f0f4a4
NH		 1742comment "Random Number Generation"
1743
1744config CRYPTO_ANSI_CPRNG
1745 tristate "Pseudo Random Number Generation for Cryptographic modules"
1746 select CRYPTO_AES
1747 select CRYPTO_RNG
17f0f4a4
NH		 1748 help
1749 This option enables the generic pseudo random number generator
1750 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1751 ANSI X9.31 A.2.4. Note that this option must be enabled if
1752 CRYPTO_FIPS is selected
17f0f4a4 1753
f2c89a10 1754menuconfig CRYPTO_DRBG_MENU
419090c6 1755 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1756 help
1757 NIST SP800-90A compliant DRBG. In the following submenu, one or
1758 more of the DRBG types must be selected.
1759
f2c89a10 1760if CRYPTO_DRBG_MENU
419090c6
SM		 1761
1762config CRYPTO_DRBG_HMAC
401e4238 1763 bool
419090c6 1764 default y
419090c6 1765 select CRYPTO_HMAC
826775bb 1766 select CRYPTO_SHA256
419090c6
SM		 1767
1768config CRYPTO_DRBG_HASH
1769 bool "Enable Hash DRBG"
826775bb 1770 select CRYPTO_SHA256
419090c6
SM		 1771 help
1772 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1773
1774config CRYPTO_DRBG_CTR
1775 bool "Enable CTR DRBG"
419090c6 1776 select CRYPTO_AES
d6fc1a45 1777 select CRYPTO_CTR
419090c6
SM		 1778 help
1779 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1780
f2c89a10
HX		 1781config CRYPTO_DRBG
1782 tristate
401e4238 1783 default CRYPTO_DRBG_MENU
f2c89a10 1784 select CRYPTO_RNG
bb5530e4 1785 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1786
1787endif # if CRYPTO_DRBG_MENU
419090c6 1788
bb5530e4
SM		 1789config CRYPTO_JITTERENTROPY
1790 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1791 select CRYPTO_RNG
bb5530e4
SM		 1792 help
1793 The Jitterentropy RNG is a noise that is intended
1794 to provide seed to another RNG. The RNG does not
1795 perform any cryptographic whitening of the generated
1796 random numbers. This Jitterentropy RNG registers with
1797 the kernel crypto API and can be used by any caller.
1798
03c8efc1
HX		 1799config CRYPTO_USER_API
1800 tristate
1801
fe869cdb
HX		 1802config CRYPTO_USER_API_HASH
1803 tristate "User-space interface for hash algorithms"
7451708f 1804 depends on NET
fe869cdb
HX		 1805 select CRYPTO_HASH
1806 select CRYPTO_USER_API
1807 help
1808 This option enables the user-spaces interface for hash
1809 algorithms.
1810
8ff59090
HX		 1811config CRYPTO_USER_API_SKCIPHER
1812 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1813 depends on NET
b95bba5d 1814 select CRYPTO_SKCIPHER
8ff59090
HX		 1815 select CRYPTO_USER_API
1816 help
1817 This option enables the user-spaces interface for symmetric
1818 key cipher algorithms.
1819
2f375538
SM		 1820config CRYPTO_USER_API_RNG
1821 tristate "User-space interface for random number generator algorithms"
1822 depends on NET
1823 select CRYPTO_RNG
1824 select CRYPTO_USER_API
1825 help
1826 This option enables the user-spaces interface for random
1827 number generator algorithms.
1828
77ebdabe
EP		 1829config CRYPTO_USER_API_RNG_CAVP
1830 bool "Enable CAVP testing of DRBG"
1831 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1832 help
1833 This option enables extra API for CAVP testing via the user-space
1834 interface: resetting of DRBG entropy, and providing Additional Data.
1835 This should only be enabled for CAVP testing. You should say
1836 no unless you know what this is.
1837
b64a2d95
HX		 1838config CRYPTO_USER_API_AEAD
1839 tristate "User-space interface for AEAD cipher algorithms"
1840 depends on NET
1841 select CRYPTO_AEAD
b95bba5d 1842 select CRYPTO_SKCIPHER
72548b09 1843 select CRYPTO_NULL
b64a2d95
HX		 1844 select CRYPTO_USER_API
1845 help
1846 This option enables the user-spaces interface for AEAD
1847 cipher algorithms.
1848
9ace6771
AB		 1849config CRYPTO_USER_API_ENABLE_OBSOLETE
1850 bool "Enable obsolete cryptographic algorithms for userspace"
1851 depends on CRYPTO_USER_API
1852 default y
1853 help
1854 Allow obsolete cryptographic algorithms to be selected that have
1855 already been phased out from internal use by the kernel, and are
1856 only useful for userspace clients that still rely on them.
1857
cac5818c
CL		 1858config CRYPTO_STATS
1859 bool "Crypto usage statistics for User-space"
a6a31385 1860 depends on CRYPTO_USER
cac5818c
CL		 1861 help
1862 This option enables the gathering of crypto stats.
1863 This will collect:
1864 - encrypt/decrypt size and numbers of symmeric operations
1865 - compress/decompress size and numbers of compress operations
1866 - size and numbers of hash operations
1867 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1868 - generate/seed numbers for rng operations
1869
ee08997f
DK		 1870config CRYPTO_HASH_INFO
1871 bool
1872
746b2e02 1873source "lib/crypto/Kconfig"
1da177e4 1874source "drivers/crypto/Kconfig"
8636a1f9
MY		 1875source "crypto/asymmetric_keys/Kconfig"
1876source "certs/Kconfig"
1da177e4 1877
cce9e06d 1878endif # if CRYPTO
Ubuntu Jammy Linux kernel mirror