]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blame - crypto/Kconfig
projects / mirror_ubuntu-eoan-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: testmgr - update sm4 test vectors
[mirror_ubuntu-eoan-kernel.git] / crypto / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
685784aa
DW		 2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
1da177e4 8#
9bc89cd8 9# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 10#
9bc89cd8 11source "crypto/async_tx/Kconfig"
1da177e4 12
9bc89cd8
DW		 13#
14# Cryptographic API Configuration
15#
2e290f43 16menuconfig CRYPTO
c3715cb9 17 tristate "Cryptographic API"
1da177e4
LT		 18 help
19 This option provides the core Cryptographic API.
20
cce9e06d
HX		 21if CRYPTO
22
584fffc8
SS		 23comment "Crypto core or helper"
24
ccb778e1
NH		 25config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
f2c89a10 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
1f696097 28 depends on (MODULE_SIG || !MODULES)
ccb778e1
NH		 29 help
30 This options enables the fips boot option which is
31 required if you want to system to operate in a FIPS 200
32 certification. You should say no unless you know what
e84c5480 33 this is.
ccb778e1 34
cce9e06d
HX		 35config CRYPTO_ALGAPI
36 tristate
6a0fcbb4 37 select CRYPTO_ALGAPI2
cce9e06d
HX		 38 help
39 This option provides the API for cryptographic algorithms.
40
6a0fcbb4
HX		 41config CRYPTO_ALGAPI2
42 tristate
43
1ae97820
HX		 44config CRYPTO_AEAD
45 tristate
6a0fcbb4 46 select CRYPTO_AEAD2
1ae97820
HX		 47 select CRYPTO_ALGAPI
48
6a0fcbb4
HX		 49config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
149a3971
HX		 52 select CRYPTO_NULL2
53 select CRYPTO_RNG2
6a0fcbb4 54
5cde0af2
HX		 55config CRYPTO_BLKCIPHER
56 tristate
6a0fcbb4 57 select CRYPTO_BLKCIPHER2
5cde0af2 58 select CRYPTO_ALGAPI
6a0fcbb4
HX		 59
60config CRYPTO_BLKCIPHER2
61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
0a2e821d 64 select CRYPTO_WORKQUEUE
5cde0af2 65
055bcee3
HX		 66config CRYPTO_HASH
67 tristate
6a0fcbb4 68 select CRYPTO_HASH2
055bcee3
HX		 69 select CRYPTO_ALGAPI
70
6a0fcbb4
HX		 71config CRYPTO_HASH2
72 tristate
73 select CRYPTO_ALGAPI2
74
17f0f4a4
NH		 75config CRYPTO_RNG
76 tristate
6a0fcbb4 77 select CRYPTO_RNG2
17f0f4a4
NH		 78 select CRYPTO_ALGAPI
79
6a0fcbb4
HX		 80config CRYPTO_RNG2
81 tristate
82 select CRYPTO_ALGAPI2
83
401e4238
HX		 84config CRYPTO_RNG_DEFAULT
85 tristate
86 select CRYPTO_DRBG_MENU
87
3c339ab8
TS		 88config CRYPTO_AKCIPHER2
89 tristate
90 select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93 tristate
94 select CRYPTO_AKCIPHER2
95 select CRYPTO_ALGAPI
96
4e5f2c40
SB		 97config CRYPTO_KPP2
98 tristate
99 select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102 tristate
103 select CRYPTO_ALGAPI
104 select CRYPTO_KPP2
105
2ebda74f
GC		 106config CRYPTO_ACOMP2
107 tristate
108 select CRYPTO_ALGAPI2
8cd579d2 109 select SGL_ALLOC
2ebda74f
GC		 110
111config CRYPTO_ACOMP
112 tristate
113 select CRYPTO_ALGAPI
114 select CRYPTO_ACOMP2
115
cfc2bb32
TS		 116config CRYPTO_RSA
117 tristate "RSA algorithm"
425e0172 118 select CRYPTO_AKCIPHER
58446fef 119 select CRYPTO_MANAGER
cfc2bb32
TS		 120 select MPILIB
121 select ASN1
122 help
123 Generic implementation of the RSA public key algorithm.
124
802c7f1c
SB		 125config CRYPTO_DH
126 tristate "Diffie-Hellman algorithm"
127 select CRYPTO_KPP
128 select MPILIB
129 help
130 Generic implementation of the Diffie-Hellman algorithm.
131
3c4b2390
SB		 132config CRYPTO_ECDH
133 tristate "ECDH algorithm"
b5b90077 134 select CRYPTO_KPP
6755fd26 135 select CRYPTO_RNG_DEFAULT
3c4b2390
SB		 136 help
137 Generic implementation of the ECDH algorithm
802c7f1c 138
2b8c19db
HX		 139config CRYPTO_MANAGER
140 tristate "Cryptographic algorithm manager"
6a0fcbb4 141 select CRYPTO_MANAGER2
2b8c19db
HX		 142 help
143 Create default cryptographic template instantiations such as
144 cbc(aes).
145
6a0fcbb4
HX		 146config CRYPTO_MANAGER2
147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148 select CRYPTO_AEAD2
149 select CRYPTO_HASH2
150 select CRYPTO_BLKCIPHER2
946cc463 151 select CRYPTO_AKCIPHER2
4e5f2c40 152 select CRYPTO_KPP2
2ebda74f 153 select CRYPTO_ACOMP2
6a0fcbb4 154
a38f7907
SK		 155config CRYPTO_USER
156 tristate "Userspace cryptographic algorithm configuration"
5db017aa 157 depends on NET
a38f7907
SK		 158 select CRYPTO_MANAGER
159 help
d19978f5 160 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 161 cbc(aes).
162
326a6346
HX		 163config CRYPTO_MANAGER_DISABLE_TESTS
164 bool "Disable run-time self tests"
00ca28a5
HX		 165 default y
166 depends on CRYPTO_MANAGER2
0b767f96 167 help
326a6346
HX		 168 Disable run-time self tests that normally take place at
169 algorithm registration.
0b767f96 170
584fffc8 171config CRYPTO_GF128MUL
08c70fc3 172 tristate "GF(2^128) multiplication functions"
333b0d7e 173 help
584fffc8
SS		 174 Efficient table driven implementation of multiplications in the
175 field GF(2^128). This is needed by some cypher modes. This
176 option will be selected automatically if you select such a
177 cipher mode. Only select this option by hand if you expect to load
178 an external module that requires these functions.
333b0d7e 179
1da177e4
LT		 180config CRYPTO_NULL
181 tristate "Null algorithms"
149a3971 182 select CRYPTO_NULL2
1da177e4
LT		 183 help
184 These are 'Null' algorithms, used by IPsec, which do nothing.
185
149a3971 186config CRYPTO_NULL2
dd43c4e9 187 tristate
149a3971
HX		 188 select CRYPTO_ALGAPI2
189 select CRYPTO_BLKCIPHER2
190 select CRYPTO_HASH2
191
5068c7a8 192config CRYPTO_PCRYPT
3b4afaf2
KC		 193 tristate "Parallel crypto engine"
194 depends on SMP
5068c7a8
SK		 195 select PADATA
196 select CRYPTO_MANAGER
197 select CRYPTO_AEAD
198 help
199 This converts an arbitrary crypto algorithm into a parallel
200 algorithm that executes in kernel threads.
201
25c38d3f
HY		 202config CRYPTO_WORKQUEUE
203 tristate
204
584fffc8
SS		 205config CRYPTO_CRYPTD
206 tristate "Software async crypto daemon"
207 select CRYPTO_BLKCIPHER
b8a28251 208 select CRYPTO_HASH
584fffc8 209 select CRYPTO_MANAGER
254eff77 210 select CRYPTO_WORKQUEUE
1da177e4 211 help
584fffc8
SS		 212 This is a generic software asynchronous crypto daemon that
213 converts an arbitrary synchronous software crypto algorithm
214 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 215
584fffc8
SS		 216config CRYPTO_AUTHENC
217 tristate "Authenc support"
218 select CRYPTO_AEAD
219 select CRYPTO_BLKCIPHER
220 select CRYPTO_MANAGER
221 select CRYPTO_HASH
e94c6a7a 222 select CRYPTO_NULL
1da177e4 223 help
584fffc8
SS		 224 Authenc: Combined mode wrapper for IPsec.
225 This is required for IPSec.
1da177e4 226
584fffc8
SS		 227config CRYPTO_TEST
228 tristate "Testing module"
229 depends on m
da7f033d 230 select CRYPTO_MANAGER
1da177e4 231 help
584fffc8 232 Quick & dirty crypto test module.
1da177e4 233
266d0516
HX		 234config CRYPTO_SIMD
235 tristate
ffaf9156
JK		 236 select CRYPTO_CRYPTD
237
596d8750
JK		 238config CRYPTO_GLUE_HELPER_X86
239 tristate
240 depends on X86
065ce327 241 select CRYPTO_BLKCIPHER
596d8750 242
735d37b5
BW		 243config CRYPTO_ENGINE
244 tristate
245
584fffc8 246comment "Authenticated Encryption with Associated Data"
cd12fb90 247
584fffc8
SS		 248config CRYPTO_CCM
249 tristate "CCM support"
250 select CRYPTO_CTR
f15f05b0 251 select CRYPTO_HASH
584fffc8 252 select CRYPTO_AEAD
1da177e4 253 help
584fffc8 254 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 255
584fffc8
SS		 256config CRYPTO_GCM
257 tristate "GCM/GMAC support"
258 select CRYPTO_CTR
259 select CRYPTO_AEAD
9382d97a 260 select CRYPTO_GHASH
9489667d 261 select CRYPTO_NULL
1da177e4 262 help
584fffc8
SS		 263 Support for Galois/Counter Mode (GCM) and Galois Message
264 Authentication Code (GMAC). Required for IPSec.
1da177e4 265
71ebc4d1
MW		 266config CRYPTO_CHACHA20POLY1305
267 tristate "ChaCha20-Poly1305 AEAD support"
268 select CRYPTO_CHACHA20
269 select CRYPTO_POLY1305
270 select CRYPTO_AEAD
271 help
272 ChaCha20-Poly1305 AEAD support, RFC7539.
273
274 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
275 with the Poly1305 authenticator. It is defined in RFC7539 for use in
276 IETF protocols.
277
f606a88e
OM		 278config CRYPTO_AEGIS128
279 tristate "AEGIS-128 AEAD algorithm"
280 select CRYPTO_AEAD
281 select CRYPTO_AES # for AES S-box tables
282 help
283 Support for the AEGIS-128 dedicated AEAD algorithm.
284
285config CRYPTO_AEGIS128L
286 tristate "AEGIS-128L AEAD algorithm"
287 select CRYPTO_AEAD
288 select CRYPTO_AES # for AES S-box tables
289 help
290 Support for the AEGIS-128L dedicated AEAD algorithm.
291
292config CRYPTO_AEGIS256
293 tristate "AEGIS-256 AEAD algorithm"
294 select CRYPTO_AEAD
295 select CRYPTO_AES # for AES S-box tables
296 help
297 Support for the AEGIS-256 dedicated AEAD algorithm.
298
1d373d4e
OM		 299config CRYPTO_AEGIS128_AESNI_SSE2
300 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
301 depends on X86 && 64BIT
302 select CRYPTO_AEAD
303 select CRYPTO_CRYPTD
304 help
305 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
306
307config CRYPTO_AEGIS128L_AESNI_SSE2
308 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
309 depends on X86 && 64BIT
310 select CRYPTO_AEAD
311 select CRYPTO_CRYPTD
312 help
313 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
314
315config CRYPTO_AEGIS256_AESNI_SSE2
316 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
317 depends on X86 && 64BIT
318 select CRYPTO_AEAD
319 select CRYPTO_CRYPTD
320 help
321 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
322
396be41f
OM		 323config CRYPTO_MORUS640
324 tristate "MORUS-640 AEAD algorithm"
325 select CRYPTO_AEAD
326 help
327 Support for the MORUS-640 dedicated AEAD algorithm.
328
56e8e57f 329config CRYPTO_MORUS640_GLUE
2808f173
OM		 330 tristate
331 depends on X86
56e8e57f
OM		 332 select CRYPTO_AEAD
333 select CRYPTO_CRYPTD
334 help
335 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
336 algorithm.
337
6ecc9d9f
OM		 338config CRYPTO_MORUS640_SSE2
339 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
340 depends on X86 && 64BIT
341 select CRYPTO_AEAD
342 select CRYPTO_MORUS640_GLUE
343 help
344 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
345
396be41f
OM		 346config CRYPTO_MORUS1280
347 tristate "MORUS-1280 AEAD algorithm"
348 select CRYPTO_AEAD
349 help
350 Support for the MORUS-1280 dedicated AEAD algorithm.
351
56e8e57f 352config CRYPTO_MORUS1280_GLUE
2808f173
OM		 353 tristate
354 depends on X86
56e8e57f
OM		 355 select CRYPTO_AEAD
356 select CRYPTO_CRYPTD
357 help
358 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
6ecc9d9f
OM		 359 algorithm.
360
361config CRYPTO_MORUS1280_SSE2
362 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
363 depends on X86 && 64BIT
364 select CRYPTO_AEAD
365 select CRYPTO_MORUS1280_GLUE
366 help
367 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
368 algorithm.
369
370config CRYPTO_MORUS1280_AVX2
371 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
372 depends on X86 && 64BIT
373 select CRYPTO_AEAD
374 select CRYPTO_MORUS1280_GLUE
375 help
376 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
56e8e57f
OM		 377 algorithm.
378
584fffc8
SS		 379config CRYPTO_SEQIV
380 tristate "Sequence Number IV Generator"
381 select CRYPTO_AEAD
382 select CRYPTO_BLKCIPHER
856e3f40 383 select CRYPTO_NULL
401e4238 384 select CRYPTO_RNG_DEFAULT
1da177e4 385 help
584fffc8
SS		 386 This IV generator generates an IV based on a sequence number by
387 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 388
a10f554f
HX		 389config CRYPTO_ECHAINIV
390 tristate "Encrypted Chain IV Generator"
391 select CRYPTO_AEAD
392 select CRYPTO_NULL
401e4238 393 select CRYPTO_RNG_DEFAULT
3491244c 394 default m
a10f554f
HX		 395 help
396 This IV generator generates an IV based on the encryption of
397 a sequence number xored with a salt. This is the default
398 algorithm for CBC.
399
584fffc8 400comment "Block modes"
c494e070 401
584fffc8
SS		 402config CRYPTO_CBC
403 tristate "CBC support"
db131ef9 404 select CRYPTO_BLKCIPHER
43518407 405 select CRYPTO_MANAGER
db131ef9 406 help
584fffc8
SS		 407 CBC: Cipher Block Chaining mode
408 This block cipher algorithm is required for IPSec.
db131ef9 409
a7d85e06
JB		 410config CRYPTO_CFB
411 tristate "CFB support"
412 select CRYPTO_BLKCIPHER
413 select CRYPTO_MANAGER
414 help
415 CFB: Cipher FeedBack mode
416 This block cipher algorithm is required for TPM2 Cryptography.
417
584fffc8
SS		 418config CRYPTO_CTR
419 tristate "CTR support"
db131ef9 420 select CRYPTO_BLKCIPHER
584fffc8 421 select CRYPTO_SEQIV
43518407 422 select CRYPTO_MANAGER
db131ef9 423 help
584fffc8 424 CTR: Counter mode
db131ef9
HX		 425 This block cipher algorithm is required for IPSec.
426
584fffc8
SS		 427config CRYPTO_CTS
428 tristate "CTS support"
429 select CRYPTO_BLKCIPHER
430 help
431 CTS: Cipher Text Stealing
432 This is the Cipher Text Stealing mode as described by
433 Section 8 of rfc2040 and referenced by rfc3962.
434 (rfc3962 includes errata information in its Appendix A)
435 This mode is required for Kerberos gss mechanism support
436 for AES encryption.
437
438config CRYPTO_ECB
439 tristate "ECB support"
91652be5
DH		 440 select CRYPTO_BLKCIPHER
441 select CRYPTO_MANAGER
91652be5 442 help
584fffc8
SS		 443 ECB: Electronic CodeBook mode
444 This is the simplest block cipher algorithm. It simply encrypts
445 the input block by block.
91652be5 446
64470f1b 447config CRYPTO_LRW
2470a2b2 448 tristate "LRW support"
64470f1b
RS		 449 select CRYPTO_BLKCIPHER
450 select CRYPTO_MANAGER
451 select CRYPTO_GF128MUL
452 help
453 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
454 narrow block cipher mode for dm-crypt. Use it with cipher
455 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
456 The first 128, 192 or 256 bits in the key are used for AES and the
457 rest is used to tie each cipher block to its logical position.
458
584fffc8
SS		 459config CRYPTO_PCBC
460 tristate "PCBC support"
461 select CRYPTO_BLKCIPHER
462 select CRYPTO_MANAGER
463 help
464 PCBC: Propagating Cipher Block Chaining mode
465 This block cipher algorithm is required for RxRPC.
466
f19f5111 467config CRYPTO_XTS
5bcf8e6d 468 tristate "XTS support"
f19f5111
RS		 469 select CRYPTO_BLKCIPHER
470 select CRYPTO_MANAGER
12cb3a1c 471 select CRYPTO_ECB
f19f5111
RS		 472 help
473 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
474 key size 256, 384 or 512 bits. This implementation currently
475 can't handle a sectorsize which is not a multiple of 16 bytes.
476
1c49678e
SM		 477config CRYPTO_KEYWRAP
478 tristate "Key wrapping support"
479 select CRYPTO_BLKCIPHER
480 help
481 Support for key wrapping (NIST SP800-38F / RFC3394) without
482 padding.
483
584fffc8
SS		 484comment "Hash modes"
485
93b5e86a
JK		 486config CRYPTO_CMAC
487 tristate "CMAC support"
488 select CRYPTO_HASH
489 select CRYPTO_MANAGER
490 help
491 Cipher-based Message Authentication Code (CMAC) specified by
492 The National Institute of Standards and Technology (NIST).
493
494 https://tools.ietf.org/html/rfc4493
495 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
496
584fffc8
SS		 497config CRYPTO_HMAC
498 tristate "HMAC support"
499 select CRYPTO_HASH
23e353c8 500 select CRYPTO_MANAGER
23e353c8 501 help
584fffc8
SS		 502 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
503 This is required for IPSec.
23e353c8 504
584fffc8
SS		 505config CRYPTO_XCBC
506 tristate "XCBC support"
584fffc8
SS		 507 select CRYPTO_HASH
508 select CRYPTO_MANAGER
76cb9521 509 help
584fffc8
SS		 510 XCBC: Keyed-Hashing with encryption algorithm
511 http://www.ietf.org/rfc/rfc3566.txt
512 http://csrc.nist.gov/encryption/modes/proposedmodes/
513 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 514
f1939f7c
SW		 515config CRYPTO_VMAC
516 tristate "VMAC support"
f1939f7c
SW		 517 select CRYPTO_HASH
518 select CRYPTO_MANAGER
519 help
520 VMAC is a message authentication algorithm designed for
521 very high speed on 64-bit architectures.
522
523 See also:
524 <http://fastcrypto.org/vmac>
525
584fffc8 526comment "Digest"
28db8e3e 527
584fffc8
SS		 528config CRYPTO_CRC32C
529 tristate "CRC32c CRC algorithm"
5773a3e6 530 select CRYPTO_HASH
6a0962b2 531 select CRC32
4a49b499 532 help
584fffc8
SS		 533 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
534 by iSCSI for header and data digests and by others.
69c35efc 535 See Castagnoli93. Module will be crc32c.
4a49b499 536
8cb51ba8
AZ		 537config CRYPTO_CRC32C_INTEL
538 tristate "CRC32c INTEL hardware acceleration"
539 depends on X86
540 select CRYPTO_HASH
541 help
542 In Intel processor with SSE4.2 supported, the processor will
543 support CRC32C implementation using hardware accelerated CRC32
544 instruction. This option will create 'crc32c-intel' module,
545 which will enable any routine to use the CRC32 instruction to
546 gain performance compared with software implementation.
547 Module will be crc32c-intel.
548
7cf31864 549config CRYPTO_CRC32C_VPMSUM
6dd7a82c 550 tristate "CRC32c CRC algorithm (powerpc64)"
c12abf34 551 depends on PPC64 && ALTIVEC
6dd7a82c
AB		 552 select CRYPTO_HASH
553 select CRC32
554 help
555 CRC32c algorithm implemented using vector polynomial multiply-sum
556 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
557 and newer processors for improved performance.
558
559
442a7c40
DM		 560config CRYPTO_CRC32C_SPARC64
561 tristate "CRC32c CRC algorithm (SPARC64)"
562 depends on SPARC64
563 select CRYPTO_HASH
564 select CRC32
565 help
566 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
567 when available.
568
78c37d19
AB		 569config CRYPTO_CRC32
570 tristate "CRC32 CRC algorithm"
571 select CRYPTO_HASH
572 select CRC32
573 help
574 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
575 Shash crypto api wrappers to crc32_le function.
576
577config CRYPTO_CRC32_PCLMUL
578 tristate "CRC32 PCLMULQDQ hardware acceleration"
579 depends on X86
580 select CRYPTO_HASH
581 select CRC32
582 help
583 From Intel Westmere and AMD Bulldozer processor with SSE4.2
584 and PCLMULQDQ supported, the processor will support
585 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
586 instruction. This option will create 'crc32-plcmul' module,
587 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
588 and gain better performance as compared with the table implementation.
589
4a5dc51e
MN		 590config CRYPTO_CRC32_MIPS
591 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
592 depends on MIPS_CRC_SUPPORT
593 select CRYPTO_HASH
594 help
595 CRC32c and CRC32 CRC algorithms implemented using mips crypto
596 instructions, when available.
597
598
68411521
HX		 599config CRYPTO_CRCT10DIF
600 tristate "CRCT10DIF algorithm"
601 select CRYPTO_HASH
602 help
603 CRC T10 Data Integrity Field computation is being cast as
604 a crypto transform. This allows for faster crc t10 diff
605 transforms to be used if they are available.
606
607config CRYPTO_CRCT10DIF_PCLMUL
608 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
609 depends on X86 && 64BIT && CRC_T10DIF
610 select CRYPTO_HASH
611 help
612 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
613 CRC T10 DIF PCLMULQDQ computation can be hardware
614 accelerated PCLMULQDQ instruction. This option will create
615 'crct10dif-plcmul' module, which is faster when computing the
616 crct10dif checksum as compared with the generic table implementation.
617
b01df1c1
DA		 618config CRYPTO_CRCT10DIF_VPMSUM
619 tristate "CRC32T10DIF powerpc64 hardware acceleration"
620 depends on PPC64 && ALTIVEC && CRC_T10DIF
621 select CRYPTO_HASH
622 help
623 CRC10T10DIF algorithm implemented using vector polynomial
624 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
625 POWER8 and newer processors for improved performance.
626
146c8688
DA		 627config CRYPTO_VPMSUM_TESTER
628 tristate "Powerpc64 vpmsum hardware acceleration tester"
629 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
630 help
631 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
632 POWER8 vpmsum instructions.
633 Unless you are testing these algorithms, you don't need this.
634
2cdc6899
HY		 635config CRYPTO_GHASH
636 tristate "GHASH digest algorithm"
2cdc6899 637 select CRYPTO_GF128MUL
578c60fb 638 select CRYPTO_HASH
2cdc6899
HY		 639 help
640 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
641
f979e014
MW		 642config CRYPTO_POLY1305
643 tristate "Poly1305 authenticator algorithm"
578c60fb 644 select CRYPTO_HASH
f979e014
MW		 645 help
646 Poly1305 authenticator algorithm, RFC7539.
647
648 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
649 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
650 in IETF protocols. This is the portable C implementation of Poly1305.
651
c70f4abe 652config CRYPTO_POLY1305_X86_64
b1ccc8f4 653 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 654 depends on X86 && 64BIT
655 select CRYPTO_POLY1305
656 help
657 Poly1305 authenticator algorithm, RFC7539.
658
659 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
660 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
661 in IETF protocols. This is the x86_64 assembler implementation using SIMD
662 instructions.
663
584fffc8
SS		 664config CRYPTO_MD4
665 tristate "MD4 digest algorithm"
808a1763 666 select CRYPTO_HASH
124b53d0 667 help
584fffc8 668 MD4 message digest algorithm (RFC1320).
124b53d0 669
584fffc8
SS		 670config CRYPTO_MD5
671 tristate "MD5 digest algorithm"
14b75ba7 672 select CRYPTO_HASH
1da177e4 673 help
584fffc8 674 MD5 message digest algorithm (RFC1321).
1da177e4 675
d69e75de
AK		 676config CRYPTO_MD5_OCTEON
677 tristate "MD5 digest algorithm (OCTEON)"
678 depends on CPU_CAVIUM_OCTEON
679 select CRYPTO_MD5
680 select CRYPTO_HASH
681 help
682 MD5 message digest algorithm (RFC1321) implemented
683 using OCTEON crypto instructions, when available.
684
e8e59953
MS		 685config CRYPTO_MD5_PPC
686 tristate "MD5 digest algorithm (PPC)"
687 depends on PPC
688 select CRYPTO_HASH
689 help
690 MD5 message digest algorithm (RFC1321) implemented
691 in PPC assembler.
692
fa4dfedc
DM		 693config CRYPTO_MD5_SPARC64
694 tristate "MD5 digest algorithm (SPARC64)"
695 depends on SPARC64
696 select CRYPTO_MD5
697 select CRYPTO_HASH
698 help
699 MD5 message digest algorithm (RFC1321) implemented
700 using sparc64 crypto instructions, when available.
701
584fffc8
SS		 702config CRYPTO_MICHAEL_MIC
703 tristate "Michael MIC keyed digest algorithm"
19e2bf14 704 select CRYPTO_HASH
90831639 705 help
584fffc8
SS		 706 Michael MIC is used for message integrity protection in TKIP
707 (IEEE 802.11i). This algorithm is required for TKIP, but it
708 should not be used for other purposes because of the weakness
709 of the algorithm.
90831639 710
82798f90 711config CRYPTO_RMD128
b6d44341 712 tristate "RIPEMD-128 digest algorithm"
7c4468bc 713 select CRYPTO_HASH
b6d44341
AB		 714 help
715 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 716
b6d44341 717 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 718 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 719 RIPEMD-160 should be used.
82798f90 720
b6d44341 721 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 722 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 723
724config CRYPTO_RMD160
b6d44341 725 tristate "RIPEMD-160 digest algorithm"
e5835fba 726 select CRYPTO_HASH
b6d44341
AB		 727 help
728 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 729
b6d44341
AB		 730 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
731 to be used as a secure replacement for the 128-bit hash functions
732 MD4, MD5 and it's predecessor RIPEMD
733 (not to be confused with RIPEMD-128).
82798f90 734
b6d44341
AB		 735 It's speed is comparable to SHA1 and there are no known attacks
736 against RIPEMD-160.
534fe2c1 737
b6d44341 738 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 739 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 740
741config CRYPTO_RMD256
b6d44341 742 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 743 select CRYPTO_HASH
b6d44341
AB		 744 help
745 RIPEMD-256 is an optional extension of RIPEMD-128 with a
746 256 bit hash. It is intended for applications that require
747 longer hash-results, without needing a larger security level
748 (than RIPEMD-128).
534fe2c1 749
b6d44341 750 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 751 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 752
753config CRYPTO_RMD320
b6d44341 754 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 755 select CRYPTO_HASH
b6d44341
AB		 756 help
757 RIPEMD-320 is an optional extension of RIPEMD-160 with a
758 320 bit hash. It is intended for applications that require
759 longer hash-results, without needing a larger security level
760 (than RIPEMD-160).
534fe2c1 761
b6d44341 762 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 763 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 764
584fffc8
SS		 765config CRYPTO_SHA1
766 tristate "SHA1 digest algorithm"
54ccb367 767 select CRYPTO_HASH
1da177e4 768 help
584fffc8 769 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 770
66be8951 771config CRYPTO_SHA1_SSSE3
e38b6b7f 772 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 773 depends on X86 && 64BIT
774 select CRYPTO_SHA1
775 select CRYPTO_HASH
776 help
777 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
778 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 779 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
780 when available.
66be8951 781
8275d1aa 782config CRYPTO_SHA256_SSSE3
e38b6b7f 783 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 784 depends on X86 && 64BIT
785 select CRYPTO_SHA256
786 select CRYPTO_HASH
787 help
788 SHA-256 secure hash standard (DFIPS 180-2) implemented
789 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
790 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 791 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
792 Instructions) when available.
87de4579
TC		 793
794config CRYPTO_SHA512_SSSE3
795 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
796 depends on X86 && 64BIT
797 select CRYPTO_SHA512
798 select CRYPTO_HASH
799 help
800 SHA-512 secure hash standard (DFIPS 180-2) implemented
801 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
802 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 803 version 2 (AVX2) instructions, when available.
804
efdb6f6e
AK		 805config CRYPTO_SHA1_OCTEON
806 tristate "SHA1 digest algorithm (OCTEON)"
807 depends on CPU_CAVIUM_OCTEON
808 select CRYPTO_SHA1
809 select CRYPTO_HASH
810 help
811 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
812 using OCTEON crypto instructions, when available.
813
4ff28d4c
DM		 814config CRYPTO_SHA1_SPARC64
815 tristate "SHA1 digest algorithm (SPARC64)"
816 depends on SPARC64
817 select CRYPTO_SHA1
818 select CRYPTO_HASH
819 help
820 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
821 using sparc64 crypto instructions, when available.
822
323a6bf1
ME		 823config CRYPTO_SHA1_PPC
824 tristate "SHA1 digest algorithm (powerpc)"
825 depends on PPC
826 help
827 This is the powerpc hardware accelerated implementation of the
828 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
829
d9850fc5
MS		 830config CRYPTO_SHA1_PPC_SPE
831 tristate "SHA1 digest algorithm (PPC SPE)"
832 depends on PPC && SPE
833 help
834 SHA-1 secure hash standard (DFIPS 180-4) implemented
835 using powerpc SPE SIMD instruction set.
836
584fffc8
SS		 837config CRYPTO_SHA256
838 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 839 select CRYPTO_HASH
1da177e4 840 help
584fffc8 841 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 842
584fffc8
SS		 843 This version of SHA implements a 256 bit hash with 128 bits of
844 security against collision attacks.
2729bb42 845
b6d44341
AB		 846 This code also includes SHA-224, a 224 bit hash with 112 bits
847 of security against collision attacks.
584fffc8 848
2ecc1e95
MS		 849config CRYPTO_SHA256_PPC_SPE
850 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
851 depends on PPC && SPE
852 select CRYPTO_SHA256
853 select CRYPTO_HASH
854 help
855 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
856 implemented using powerpc SPE SIMD instruction set.
857
efdb6f6e
AK		 858config CRYPTO_SHA256_OCTEON
859 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
860 depends on CPU_CAVIUM_OCTEON
861 select CRYPTO_SHA256
862 select CRYPTO_HASH
863 help
864 SHA-256 secure hash standard (DFIPS 180-2) implemented
865 using OCTEON crypto instructions, when available.
866
86c93b24
DM		 867config CRYPTO_SHA256_SPARC64
868 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
869 depends on SPARC64
870 select CRYPTO_SHA256
871 select CRYPTO_HASH
872 help
873 SHA-256 secure hash standard (DFIPS 180-2) implemented
874 using sparc64 crypto instructions, when available.
875
584fffc8
SS		 876config CRYPTO_SHA512
877 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 878 select CRYPTO_HASH
b9f535ff 879 help
584fffc8 880 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 881
584fffc8
SS		 882 This version of SHA implements a 512 bit hash with 256 bits of
883 security against collision attacks.
b9f535ff 884
584fffc8
SS		 885 This code also includes SHA-384, a 384 bit hash with 192 bits
886 of security against collision attacks.
b9f535ff 887
efdb6f6e
AK		 888config CRYPTO_SHA512_OCTEON
889 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
890 depends on CPU_CAVIUM_OCTEON
891 select CRYPTO_SHA512
892 select CRYPTO_HASH
893 help
894 SHA-512 secure hash standard (DFIPS 180-2) implemented
895 using OCTEON crypto instructions, when available.
896
775e0c69
DM		 897config CRYPTO_SHA512_SPARC64
898 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
899 depends on SPARC64
900 select CRYPTO_SHA512
901 select CRYPTO_HASH
902 help
903 SHA-512 secure hash standard (DFIPS 180-2) implemented
904 using sparc64 crypto instructions, when available.
905
53964b9e
JG		 906config CRYPTO_SHA3
907 tristate "SHA3 digest algorithm"
908 select CRYPTO_HASH
909 help
910 SHA-3 secure hash standard (DFIPS 202). It's based on
911 cryptographic sponge function family called Keccak.
912
913 References:
914 http://keccak.noekeon.org/
915
4f0fc160
GBY		 916config CRYPTO_SM3
917 tristate "SM3 digest algorithm"
918 select CRYPTO_HASH
919 help
920 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
921 It is part of the Chinese Commercial Cryptography suite.
922
923 References:
924 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
925 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
926
584fffc8
SS		 927config CRYPTO_TGR192
928 tristate "Tiger digest algorithms"
f63fbd3d 929 select CRYPTO_HASH
eaf44088 930 help
584fffc8 931 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 932
584fffc8
SS		 933 Tiger is a hash function optimized for 64-bit processors while
934 still having decent performance on 32-bit processors.
935 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 936
937 See also:
584fffc8 938 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 939
584fffc8
SS		 940config CRYPTO_WP512
941 tristate "Whirlpool digest algorithms"
4946510b 942 select CRYPTO_HASH
1da177e4 943 help
584fffc8 944 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 945
584fffc8
SS		 946 Whirlpool-512 is part of the NESSIE cryptographic primitives.
947 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 948
949 See also:
6d8de74c 950 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 951
0e1227d3
HY		 952config CRYPTO_GHASH_CLMUL_NI_INTEL
953 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 954 depends on X86 && 64BIT
0e1227d3
HY		 955 select CRYPTO_CRYPTD
956 help
957 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
958 The implementation is accelerated by CLMUL-NI of Intel.
959
584fffc8 960comment "Ciphers"
1da177e4
LT		 961
962config CRYPTO_AES
963 tristate "AES cipher algorithms"
cce9e06d 964 select CRYPTO_ALGAPI
1da177e4 965 help
584fffc8 966 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 967 algorithm.
968
969 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 970 both hardware and software across a wide range of computing
971 environments regardless of its use in feedback or non-feedback
972 modes. Its key setup time is excellent, and its key agility is
973 good. Rijndael's very low memory requirements make it very well
974 suited for restricted-space environments, in which it also
975 demonstrates excellent performance. Rijndael's operations are
976 among the easiest to defend against power and timing attacks.
1da177e4 977
584fffc8 978 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 979
980 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
981
b5e0b032
AB		 982config CRYPTO_AES_TI
983 tristate "Fixed time AES cipher"
984 select CRYPTO_ALGAPI
985 help
986 This is a generic implementation of AES that attempts to eliminate
987 data dependent latencies as much as possible without affecting
988 performance too much. It is intended for use by the generic CCM
989 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
990 solely on encryption (although decryption is supported as well, but
991 with a more dramatic performance hit)
992
993 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
994 8 for decryption), this implementation only uses just two S-boxes of
995 256 bytes each, and attempts to eliminate data dependent latencies by
996 prefetching the entire table into the cache at the start of each
997 block.
998
1da177e4
LT		 999config CRYPTO_AES_586
1000 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 1001 depends on (X86 || UML_X86) && !64BIT
1002 select CRYPTO_ALGAPI
5157dea8 1003 select CRYPTO_AES
1da177e4 1004 help
584fffc8 1005 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1006 algorithm.
1007
1008 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1009 both hardware and software across a wide range of computing
1010 environments regardless of its use in feedback or non-feedback
1011 modes. Its key setup time is excellent, and its key agility is
1012 good. Rijndael's very low memory requirements make it very well
1013 suited for restricted-space environments, in which it also
1014 demonstrates excellent performance. Rijndael's operations are
1015 among the easiest to defend against power and timing attacks.
1da177e4 1016
584fffc8 1017 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 1018
1019 See <http://csrc.nist.gov/encryption/aes/> for more information.
1020
1021config CRYPTO_AES_X86_64
1022 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 1023 depends on (X86 || UML_X86) && 64BIT
1024 select CRYPTO_ALGAPI
81190b32 1025 select CRYPTO_AES
a2a892a2 1026 help
584fffc8 1027 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 1028 algorithm.
1029
1030 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1031 both hardware and software across a wide range of computing
1032 environments regardless of its use in feedback or non-feedback
1033 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 1034 good. Rijndael's very low memory requirements make it very well
1035 suited for restricted-space environments, in which it also
1036 demonstrates excellent performance. Rijndael's operations are
1037 among the easiest to defend against power and timing attacks.
1038
1039 The AES specifies three key sizes: 128, 192 and 256 bits
1040
1041 See <http://csrc.nist.gov/encryption/aes/> for more information.
1042
1043config CRYPTO_AES_NI_INTEL
1044 tristate "AES cipher algorithms (AES-NI)"
8af00860 1045 depends on X86
85671860 1046 select CRYPTO_AEAD
0d258efb
MK		 1047 select CRYPTO_AES_X86_64 if 64BIT
1048 select CRYPTO_AES_586 if !64BIT
54b6a1bd 1049 select CRYPTO_ALGAPI
85671860 1050 select CRYPTO_BLKCIPHER
7643a11a 1051 select CRYPTO_GLUE_HELPER_X86 if 64BIT
85671860 1052 select CRYPTO_SIMD
54b6a1bd
HY		 1053 help
1054 Use Intel AES-NI instructions for AES algorithm.
1055
1056 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1057 algorithm.
1058
1059 Rijndael appears to be consistently a very good performer in
1060 both hardware and software across a wide range of computing
1061 environments regardless of its use in feedback or non-feedback
1062 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 1063 good. Rijndael's very low memory requirements make it very well
1064 suited for restricted-space environments, in which it also
1065 demonstrates excellent performance. Rijndael's operations are
1066 among the easiest to defend against power and timing attacks.
a2a892a2 1067
584fffc8 1068 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1069
1070 See <http://csrc.nist.gov/encryption/aes/> for more information.
1071
0d258efb
MK		 1072 In addition to AES cipher algorithm support, the acceleration
1073 for some popular block cipher mode is supported too, including
1074 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1075 acceleration for CTR.
2cf4ac8b 1076
9bf4852d
DM		 1077config CRYPTO_AES_SPARC64
1078 tristate "AES cipher algorithms (SPARC64)"
1079 depends on SPARC64
1080 select CRYPTO_CRYPTD
1081 select CRYPTO_ALGAPI
1082 help
1083 Use SPARC64 crypto opcodes for AES algorithm.
1084
1085 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1086 algorithm.
1087
1088 Rijndael appears to be consistently a very good performer in
1089 both hardware and software across a wide range of computing
1090 environments regardless of its use in feedback or non-feedback
1091 modes. Its key setup time is excellent, and its key agility is
1092 good. Rijndael's very low memory requirements make it very well
1093 suited for restricted-space environments, in which it also
1094 demonstrates excellent performance. Rijndael's operations are
1095 among the easiest to defend against power and timing attacks.
1096
1097 The AES specifies three key sizes: 128, 192 and 256 bits
1098
1099 See <http://csrc.nist.gov/encryption/aes/> for more information.
1100
1101 In addition to AES cipher algorithm support, the acceleration
1102 for some popular block cipher mode is supported too, including
1103 ECB and CBC.
1104
504c6143
MS		 1105config CRYPTO_AES_PPC_SPE
1106 tristate "AES cipher algorithms (PPC SPE)"
1107 depends on PPC && SPE
1108 help
1109 AES cipher algorithms (FIPS-197). Additionally the acceleration
1110 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1111 This module should only be used for low power (router) devices
1112 without hardware AES acceleration (e.g. caam crypto). It reduces the
1113 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1114 timining attacks. Nevertheless it might be not as secure as other
1115 architecture specific assembler implementations that work on 1KB
1116 tables or 256 bytes S-boxes.
1117
584fffc8
SS		 1118config CRYPTO_ANUBIS
1119 tristate "Anubis cipher algorithm"
1120 select CRYPTO_ALGAPI
1121 help
1122 Anubis cipher algorithm.
1123
1124 Anubis is a variable key length cipher which can use keys from
1125 128 bits to 320 bits in length. It was evaluated as a entrant
1126 in the NESSIE competition.
1127
1128 See also:
6d8de74c
JM		 1129 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1130 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 1131
1132config CRYPTO_ARC4
1133 tristate "ARC4 cipher algorithm"
b9b0f080 1134 select CRYPTO_BLKCIPHER
584fffc8
SS		 1135 help
1136 ARC4 cipher algorithm.
1137
1138 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1139 bits in length. This algorithm is required for driver-based
1140 WEP, but it should not be for other purposes because of the
1141 weakness of the algorithm.
1142
1143config CRYPTO_BLOWFISH
1144 tristate "Blowfish cipher algorithm"
1145 select CRYPTO_ALGAPI
52ba867c 1146 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 1147 help
1148 Blowfish cipher algorithm, by Bruce Schneier.
1149
1150 This is a variable key length cipher which can use keys from 32
1151 bits to 448 bits in length. It's fast, simple and specifically
1152 designed for use on "large microprocessors".
1153
1154 See also:
1155 <http://www.schneier.com/blowfish.html>
1156
52ba867c
JK		 1157config CRYPTO_BLOWFISH_COMMON
1158 tristate
1159 help
1160 Common parts of the Blowfish cipher algorithm shared by the
1161 generic c and the assembler implementations.
1162
1163 See also:
1164 <http://www.schneier.com/blowfish.html>
1165
64b94cea
JK		 1166config CRYPTO_BLOWFISH_X86_64
1167 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 1168 depends on X86 && 64BIT
c1679171 1169 select CRYPTO_BLKCIPHER
64b94cea
JK		 1170 select CRYPTO_BLOWFISH_COMMON
1171 help
1172 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1173
1174 This is a variable key length cipher which can use keys from 32
1175 bits to 448 bits in length. It's fast, simple and specifically
1176 designed for use on "large microprocessors".
1177
1178 See also:
1179 <http://www.schneier.com/blowfish.html>
1180
584fffc8
SS		 1181config CRYPTO_CAMELLIA
1182 tristate "Camellia cipher algorithms"
1183 depends on CRYPTO
1184 select CRYPTO_ALGAPI
1185 help
1186 Camellia cipher algorithms module.
1187
1188 Camellia is a symmetric key block cipher developed jointly
1189 at NTT and Mitsubishi Electric Corporation.
1190
1191 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1192
1193 See also:
1194 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1195
0b95ec56
JK		 1196config CRYPTO_CAMELLIA_X86_64
1197 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1198 depends on X86 && 64BIT
0b95ec56 1199 depends on CRYPTO
1af6d037 1200 select CRYPTO_BLKCIPHER
964263af 1201 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1202 help
1203 Camellia cipher algorithm module (x86_64).
1204
1205 Camellia is a symmetric key block cipher developed jointly
1206 at NTT and Mitsubishi Electric Corporation.
1207
1208 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1209
1210 See also:
d9b1d2e7
JK		 1211 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1212
1213config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1214 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1215 depends on X86 && 64BIT
1216 depends on CRYPTO
44893bc2 1217 select CRYPTO_BLKCIPHER
d9b1d2e7 1218 select CRYPTO_CAMELLIA_X86_64
44893bc2
EB		 1219 select CRYPTO_GLUE_HELPER_X86
1220 select CRYPTO_SIMD
d9b1d2e7
JK		 1221 select CRYPTO_XTS
1222 help
1223 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1224
1225 Camellia is a symmetric key block cipher developed jointly
1226 at NTT and Mitsubishi Electric Corporation.
1227
1228 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1229
1230 See also:
0b95ec56
JK		 1231 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1232
f3f935a7
JK		 1233config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1234 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1235 depends on X86 && 64BIT
1236 depends on CRYPTO
f3f935a7 1237 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
f3f935a7
JK		 1238 help
1239 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1240
1241 Camellia is a symmetric key block cipher developed jointly
1242 at NTT and Mitsubishi Electric Corporation.
1243
1244 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1245
1246 See also:
1247 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1248
81658ad0
DM		 1249config CRYPTO_CAMELLIA_SPARC64
1250 tristate "Camellia cipher algorithm (SPARC64)"
1251 depends on SPARC64
1252 depends on CRYPTO
1253 select CRYPTO_ALGAPI
1254 help
1255 Camellia cipher algorithm module (SPARC64).
1256
1257 Camellia is a symmetric key block cipher developed jointly
1258 at NTT and Mitsubishi Electric Corporation.
1259
1260 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1261
1262 See also:
1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1264
044ab525
JK		 1265config CRYPTO_CAST_COMMON
1266 tristate
1267 help
1268 Common parts of the CAST cipher algorithms shared by the
1269 generic c and the assembler implementations.
1270
1da177e4
LT		 1271config CRYPTO_CAST5
1272 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1273 select CRYPTO_ALGAPI
044ab525 1274 select CRYPTO_CAST_COMMON
1da177e4
LT		 1275 help
1276 The CAST5 encryption algorithm (synonymous with CAST-128) is
1277 described in RFC2144.
1278
4d6d6a2c
JG		 1279config CRYPTO_CAST5_AVX_X86_64
1280 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1281 depends on X86 && 64BIT
1e63183a 1282 select CRYPTO_BLKCIPHER
4d6d6a2c 1283 select CRYPTO_CAST5
1e63183a
EB		 1284 select CRYPTO_CAST_COMMON
1285 select CRYPTO_SIMD
4d6d6a2c
JG		 1286 help
1287 The CAST5 encryption algorithm (synonymous with CAST-128) is
1288 described in RFC2144.
1289
1290 This module provides the Cast5 cipher algorithm that processes
1291 sixteen blocks parallel using the AVX instruction set.
1292
1da177e4
LT		 1293config CRYPTO_CAST6
1294 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1295 select CRYPTO_ALGAPI
044ab525 1296 select CRYPTO_CAST_COMMON
1da177e4
LT		 1297 help
1298 The CAST6 encryption algorithm (synonymous with CAST-256) is
1299 described in RFC2612.
1300
4ea1277d
JG		 1301config CRYPTO_CAST6_AVX_X86_64
1302 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1303 depends on X86 && 64BIT
4bd96924 1304 select CRYPTO_BLKCIPHER
4ea1277d 1305 select CRYPTO_CAST6
4bd96924
EB		 1306 select CRYPTO_CAST_COMMON
1307 select CRYPTO_GLUE_HELPER_X86
1308 select CRYPTO_SIMD
4ea1277d
JG		 1309 select CRYPTO_XTS
1310 help
1311 The CAST6 encryption algorithm (synonymous with CAST-256) is
1312 described in RFC2612.
1313
1314 This module provides the Cast6 cipher algorithm that processes
1315 eight blocks parallel using the AVX instruction set.
1316
584fffc8
SS		 1317config CRYPTO_DES
1318 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1319 select CRYPTO_ALGAPI
1da177e4 1320 help
584fffc8 1321 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1322
c5aac2df
DM		 1323config CRYPTO_DES_SPARC64
1324 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1325 depends on SPARC64
c5aac2df
DM		 1326 select CRYPTO_ALGAPI
1327 select CRYPTO_DES
1328 help
1329 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1330 optimized using SPARC64 crypto opcodes.
1331
6574e6c6
JK		 1332config CRYPTO_DES3_EDE_X86_64
1333 tristate "Triple DES EDE cipher algorithm (x86-64)"
1334 depends on X86 && 64BIT
09c0f03b 1335 select CRYPTO_BLKCIPHER
6574e6c6
JK		 1336 select CRYPTO_DES
1337 help
1338 Triple DES EDE (FIPS 46-3) algorithm.
1339
1340 This module provides implementation of the Triple DES EDE cipher
1341 algorithm that is optimized for x86-64 processors. Two versions of
1342 algorithm are provided; regular processing one input block and
1343 one that processes three blocks parallel.
1344
584fffc8
SS		 1345config CRYPTO_FCRYPT
1346 tristate "FCrypt cipher algorithm"
cce9e06d 1347 select CRYPTO_ALGAPI
584fffc8 1348 select CRYPTO_BLKCIPHER
1da177e4 1349 help
584fffc8 1350 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1351
1352config CRYPTO_KHAZAD
1353 tristate "Khazad cipher algorithm"
cce9e06d 1354 select CRYPTO_ALGAPI
1da177e4
LT		 1355 help
1356 Khazad cipher algorithm.
1357
1358 Khazad was a finalist in the initial NESSIE competition. It is
1359 an algorithm optimized for 64-bit processors with good performance
1360 on 32-bit processors. Khazad uses an 128 bit key size.
1361
1362 See also:
6d8de74c 1363 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1364
2407d608 1365config CRYPTO_SALSA20
3b4afaf2 1366 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1367 select CRYPTO_BLKCIPHER
1368 help
1369 Salsa20 stream cipher algorithm.
1370
1371 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1372 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1373
1374 The Salsa20 stream cipher algorithm is designed by Daniel J.
1375 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1376
c08d0e64
MW		 1377config CRYPTO_CHACHA20
1378 tristate "ChaCha20 cipher algorithm"
1379 select CRYPTO_BLKCIPHER
1380 help
1381 ChaCha20 cipher algorithm, RFC7539.
1382
1383 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1384 Bernstein and further specified in RFC7539 for use in IETF protocols.
1385 This is the portable C implementation of ChaCha20.
1386
1387 See also:
1388 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1389
c9320b6d 1390config CRYPTO_CHACHA20_X86_64
3d1e93cd 1391 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
c9320b6d
MW		 1392 depends on X86 && 64BIT
1393 select CRYPTO_BLKCIPHER
1394 select CRYPTO_CHACHA20
1395 help
1396 ChaCha20 cipher algorithm, RFC7539.
1397
1398 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1399 Bernstein and further specified in RFC7539 for use in IETF protocols.
1400 This is the x86_64 assembler implementation using SIMD instructions.
1401
1402 See also:
1403 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1404
584fffc8
SS		 1405config CRYPTO_SEED
1406 tristate "SEED cipher algorithm"
cce9e06d 1407 select CRYPTO_ALGAPI
1da177e4 1408 help
584fffc8 1409 SEED cipher algorithm (RFC4269).
1da177e4 1410
584fffc8
SS		 1411 SEED is a 128-bit symmetric key block cipher that has been
1412 developed by KISA (Korea Information Security Agency) as a
1413 national standard encryption algorithm of the Republic of Korea.
1414 It is a 16 round block cipher with the key size of 128 bit.
1415
1416 See also:
1417 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1418
1419config CRYPTO_SERPENT
1420 tristate "Serpent cipher algorithm"
cce9e06d 1421 select CRYPTO_ALGAPI
1da177e4 1422 help
584fffc8 1423 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1424
584fffc8
SS		 1425 Keys are allowed to be from 0 to 256 bits in length, in steps
1426 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1427 variant of Serpent for compatibility with old kerneli.org code.
1428
1429 See also:
1430 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1431
937c30d7
JK		 1432config CRYPTO_SERPENT_SSE2_X86_64
1433 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1434 depends on X86 && 64BIT
e0f409dc 1435 select CRYPTO_BLKCIPHER
596d8750 1436 select CRYPTO_GLUE_HELPER_X86
937c30d7 1437 select CRYPTO_SERPENT
e0f409dc 1438 select CRYPTO_SIMD
937c30d7
JK		 1439 help
1440 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1441
1442 Keys are allowed to be from 0 to 256 bits in length, in steps
1443 of 8 bits.
1444
1e6232f8 1445 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1446 blocks parallel using SSE2 instruction set.
1447
1448 See also:
1449 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1450
251496db
JK		 1451config CRYPTO_SERPENT_SSE2_586
1452 tristate "Serpent cipher algorithm (i586/SSE2)"
1453 depends on X86 && !64BIT
e0f409dc 1454 select CRYPTO_BLKCIPHER
596d8750 1455 select CRYPTO_GLUE_HELPER_X86
251496db 1456 select CRYPTO_SERPENT
e0f409dc 1457 select CRYPTO_SIMD
251496db
JK		 1458 help
1459 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1460
1461 Keys are allowed to be from 0 to 256 bits in length, in steps
1462 of 8 bits.
1463
1464 This module provides Serpent cipher algorithm that processes four
1465 blocks parallel using SSE2 instruction set.
1466
1467 See also:
1468 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1469
1470config CRYPTO_SERPENT_AVX_X86_64
1471 tristate "Serpent cipher algorithm (x86_64/AVX)"
1472 depends on X86 && 64BIT
e16bf974 1473 select CRYPTO_BLKCIPHER
1d0debbd 1474 select CRYPTO_GLUE_HELPER_X86
7efe4076 1475 select CRYPTO_SERPENT
e16bf974 1476 select CRYPTO_SIMD
7efe4076
JG		 1477 select CRYPTO_XTS
1478 help
1479 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1480
1481 Keys are allowed to be from 0 to 256 bits in length, in steps
1482 of 8 bits.
1483
1484 This module provides the Serpent cipher algorithm that processes
1485 eight blocks parallel using the AVX instruction set.
1486
1487 See also:
1488 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1489
56d76c96
JK		 1490config CRYPTO_SERPENT_AVX2_X86_64
1491 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1492 depends on X86 && 64BIT
56d76c96 1493 select CRYPTO_SERPENT_AVX_X86_64
56d76c96
JK		 1494 help
1495 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1496
1497 Keys are allowed to be from 0 to 256 bits in length, in steps
1498 of 8 bits.
1499
1500 This module provides Serpent cipher algorithm that processes 16
1501 blocks parallel using AVX2 instruction set.
1502
1503 See also:
1504 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1505
747c8ce4
GBY		 1506config CRYPTO_SM4
1507 tristate "SM4 cipher algorithm"
1508 select CRYPTO_ALGAPI
1509 help
1510 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1511
1512 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1513 Organization of State Commercial Administration of China (OSCCA)
1514 as an authorized cryptographic algorithms for the use within China.
1515
1516 SMS4 was originally created for use in protecting wireless
1517 networks, and is mandated in the Chinese National Standard for
1518 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1519 (GB.15629.11-2003).
1520
1521 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1522 standardized through TC 260 of the Standardization Administration
1523 of the People's Republic of China (SAC).
1524
1525 The input, output, and key of SMS4 are each 128 bits.
1526
1527 See also: <https://eprint.iacr.org/2008/329.pdf>
1528
1529 If unsure, say N.
1530
584fffc8
SS		 1531config CRYPTO_TEA
1532 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1533 select CRYPTO_ALGAPI
1da177e4 1534 help
584fffc8 1535 TEA cipher algorithm.
1da177e4 1536
584fffc8
SS		 1537 Tiny Encryption Algorithm is a simple cipher that uses
1538 many rounds for security. It is very fast and uses
1539 little memory.
1540
1541 Xtendend Tiny Encryption Algorithm is a modification to
1542 the TEA algorithm to address a potential key weakness
1543 in the TEA algorithm.
1544
1545 Xtendend Encryption Tiny Algorithm is a mis-implementation
1546 of the XTEA algorithm for compatibility purposes.
1547
1548config CRYPTO_TWOFISH
1549 tristate "Twofish cipher algorithm"
04ac7db3 1550 select CRYPTO_ALGAPI
584fffc8 1551 select CRYPTO_TWOFISH_COMMON
04ac7db3 1552 help
584fffc8 1553 Twofish cipher algorithm.
04ac7db3 1554
584fffc8
SS		 1555 Twofish was submitted as an AES (Advanced Encryption Standard)
1556 candidate cipher by researchers at CounterPane Systems. It is a
1557 16 round block cipher supporting key sizes of 128, 192, and 256
1558 bits.
04ac7db3 1559
584fffc8
SS		 1560 See also:
1561 <http://www.schneier.com/twofish.html>
1562
1563config CRYPTO_TWOFISH_COMMON
1564 tristate
1565 help
1566 Common parts of the Twofish cipher algorithm shared by the
1567 generic c and the assembler implementations.
1568
1569config CRYPTO_TWOFISH_586
1570 tristate "Twofish cipher algorithms (i586)"
1571 depends on (X86 || UML_X86) && !64BIT
1572 select CRYPTO_ALGAPI
1573 select CRYPTO_TWOFISH_COMMON
1574 help
1575 Twofish cipher algorithm.
1576
1577 Twofish was submitted as an AES (Advanced Encryption Standard)
1578 candidate cipher by researchers at CounterPane Systems. It is a
1579 16 round block cipher supporting key sizes of 128, 192, and 256
1580 bits.
04ac7db3
NT		 1581
1582 See also:
584fffc8 1583 <http://www.schneier.com/twofish.html>
04ac7db3 1584
584fffc8
SS		 1585config CRYPTO_TWOFISH_X86_64
1586 tristate "Twofish cipher algorithm (x86_64)"
1587 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1588 select CRYPTO_ALGAPI
584fffc8 1589 select CRYPTO_TWOFISH_COMMON
1da177e4 1590 help
584fffc8 1591 Twofish cipher algorithm (x86_64).
1da177e4 1592
584fffc8
SS		 1593 Twofish was submitted as an AES (Advanced Encryption Standard)
1594 candidate cipher by researchers at CounterPane Systems. It is a
1595 16 round block cipher supporting key sizes of 128, 192, and 256
1596 bits.
1597
1598 See also:
1599 <http://www.schneier.com/twofish.html>
1600
8280daad
JK		 1601config CRYPTO_TWOFISH_X86_64_3WAY
1602 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1603 depends on X86 && 64BIT
37992fa4 1604 select CRYPTO_BLKCIPHER
8280daad
JK		 1605 select CRYPTO_TWOFISH_COMMON
1606 select CRYPTO_TWOFISH_X86_64
414cb5e7 1607 select CRYPTO_GLUE_HELPER_X86
8280daad
JK		 1608 help
1609 Twofish cipher algorithm (x86_64, 3-way parallel).
1610
1611 Twofish was submitted as an AES (Advanced Encryption Standard)
1612 candidate cipher by researchers at CounterPane Systems. It is a
1613 16 round block cipher supporting key sizes of 128, 192, and 256
1614 bits.
1615
1616 This module provides Twofish cipher algorithm that processes three
1617 blocks parallel, utilizing resources of out-of-order CPUs better.
1618
1619 See also:
1620 <http://www.schneier.com/twofish.html>
1621
107778b5
JG		 1622config CRYPTO_TWOFISH_AVX_X86_64
1623 tristate "Twofish cipher algorithm (x86_64/AVX)"
1624 depends on X86 && 64BIT
0e6ab46d 1625 select CRYPTO_BLKCIPHER
a7378d4e 1626 select CRYPTO_GLUE_HELPER_X86
0e6ab46d 1627 select CRYPTO_SIMD
107778b5
JG		 1628 select CRYPTO_TWOFISH_COMMON
1629 select CRYPTO_TWOFISH_X86_64
1630 select CRYPTO_TWOFISH_X86_64_3WAY
107778b5
JG		 1631 help
1632 Twofish cipher algorithm (x86_64/AVX).
1633
1634 Twofish was submitted as an AES (Advanced Encryption Standard)
1635 candidate cipher by researchers at CounterPane Systems. It is a
1636 16 round block cipher supporting key sizes of 128, 192, and 256
1637 bits.
1638
1639 This module provides the Twofish cipher algorithm that processes
1640 eight blocks parallel using the AVX Instruction Set.
1641
1642 See also:
1643 <http://www.schneier.com/twofish.html>
1644
584fffc8
SS		 1645comment "Compression"
1646
1647config CRYPTO_DEFLATE
1648 tristate "Deflate compression algorithm"
1649 select CRYPTO_ALGAPI
f6ded09d 1650 select CRYPTO_ACOMP2
584fffc8
SS		 1651 select ZLIB_INFLATE
1652 select ZLIB_DEFLATE
3c09f17c 1653 help
584fffc8
SS		 1654 This is the Deflate algorithm (RFC1951), specified for use in
1655 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1656
1657 You will most probably want this if using IPSec.
3c09f17c 1658
0b77abb3
ZS		 1659config CRYPTO_LZO
1660 tristate "LZO compression algorithm"
1661 select CRYPTO_ALGAPI
ac9d2c4b 1662 select CRYPTO_ACOMP2
0b77abb3
ZS		 1663 select LZO_COMPRESS
1664 select LZO_DECOMPRESS
1665 help
1666 This is the LZO algorithm.
1667
35a1fc18
SJ		 1668config CRYPTO_842
1669 tristate "842 compression algorithm"
2062c5b6 1670 select CRYPTO_ALGAPI
6a8de3ae 1671 select CRYPTO_ACOMP2
2062c5b6
DS		 1672 select 842_COMPRESS
1673 select 842_DECOMPRESS
35a1fc18
SJ		 1674 help
1675 This is the 842 algorithm.
0ea8530d
CM		 1676
1677config CRYPTO_LZ4
1678 tristate "LZ4 compression algorithm"
1679 select CRYPTO_ALGAPI
8cd9330e 1680 select CRYPTO_ACOMP2
0ea8530d
CM		 1681 select LZ4_COMPRESS
1682 select LZ4_DECOMPRESS
1683 help
1684 This is the LZ4 algorithm.
1685
1686config CRYPTO_LZ4HC
1687 tristate "LZ4HC compression algorithm"
1688 select CRYPTO_ALGAPI
91d53d96 1689 select CRYPTO_ACOMP2
0ea8530d
CM		 1690 select LZ4HC_COMPRESS
1691 select LZ4_DECOMPRESS
1692 help
1693 This is the LZ4 high compression mode algorithm.
35a1fc18 1694
d28fc3db
NT		 1695config CRYPTO_ZSTD
1696 tristate "Zstd compression algorithm"
1697 select CRYPTO_ALGAPI
1698 select CRYPTO_ACOMP2
1699 select ZSTD_COMPRESS
1700 select ZSTD_DECOMPRESS
1701 help
1702 This is the zstd algorithm.
1703
17f0f4a4
NH		 1704comment "Random Number Generation"
1705
1706config CRYPTO_ANSI_CPRNG
1707 tristate "Pseudo Random Number Generation for Cryptographic modules"
1708 select CRYPTO_AES
1709 select CRYPTO_RNG
17f0f4a4
NH		 1710 help
1711 This option enables the generic pseudo random number generator
1712 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1713 ANSI X9.31 A.2.4. Note that this option must be enabled if
1714 CRYPTO_FIPS is selected
17f0f4a4 1715
f2c89a10 1716menuconfig CRYPTO_DRBG_MENU
419090c6 1717 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1718 help
1719 NIST SP800-90A compliant DRBG. In the following submenu, one or
1720 more of the DRBG types must be selected.
1721
f2c89a10 1722if CRYPTO_DRBG_MENU
419090c6
SM		 1723
1724config CRYPTO_DRBG_HMAC
401e4238 1725 bool
419090c6 1726 default y
419090c6 1727 select CRYPTO_HMAC
826775bb 1728 select CRYPTO_SHA256
419090c6
SM		 1729
1730config CRYPTO_DRBG_HASH
1731 bool "Enable Hash DRBG"
826775bb 1732 select CRYPTO_SHA256
419090c6
SM		 1733 help
1734 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1735
1736config CRYPTO_DRBG_CTR
1737 bool "Enable CTR DRBG"
419090c6 1738 select CRYPTO_AES
35591285 1739 depends on CRYPTO_CTR
419090c6
SM		 1740 help
1741 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1742
f2c89a10
HX		 1743config CRYPTO_DRBG
1744 tristate
401e4238 1745 default CRYPTO_DRBG_MENU
f2c89a10 1746 select CRYPTO_RNG
bb5530e4 1747 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1748
1749endif # if CRYPTO_DRBG_MENU
419090c6 1750
bb5530e4
SM		 1751config CRYPTO_JITTERENTROPY
1752 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1753 select CRYPTO_RNG
bb5530e4
SM		 1754 help
1755 The Jitterentropy RNG is a noise that is intended
1756 to provide seed to another RNG. The RNG does not
1757 perform any cryptographic whitening of the generated
1758 random numbers. This Jitterentropy RNG registers with
1759 the kernel crypto API and can be used by any caller.
1760
03c8efc1
HX		 1761config CRYPTO_USER_API
1762 tristate
1763
fe869cdb
HX		 1764config CRYPTO_USER_API_HASH
1765 tristate "User-space interface for hash algorithms"
7451708f 1766 depends on NET
fe869cdb
HX		 1767 select CRYPTO_HASH
1768 select CRYPTO_USER_API
1769 help
1770 This option enables the user-spaces interface for hash
1771 algorithms.
1772
8ff59090
HX		 1773config CRYPTO_USER_API_SKCIPHER
1774 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1775 depends on NET
8ff59090
HX		 1776 select CRYPTO_BLKCIPHER
1777 select CRYPTO_USER_API
1778 help
1779 This option enables the user-spaces interface for symmetric
1780 key cipher algorithms.
1781
2f375538
SM		 1782config CRYPTO_USER_API_RNG
1783 tristate "User-space interface for random number generator algorithms"
1784 depends on NET
1785 select CRYPTO_RNG
1786 select CRYPTO_USER_API
1787 help
1788 This option enables the user-spaces interface for random
1789 number generator algorithms.
1790
b64a2d95
HX		 1791config CRYPTO_USER_API_AEAD
1792 tristate "User-space interface for AEAD cipher algorithms"
1793 depends on NET
1794 select CRYPTO_AEAD
72548b09
SM		 1795 select CRYPTO_BLKCIPHER
1796 select CRYPTO_NULL
b64a2d95
HX		 1797 select CRYPTO_USER_API
1798 help
1799 This option enables the user-spaces interface for AEAD
1800 cipher algorithms.
1801
cac5818c
CL		 1802config CRYPTO_STATS
1803 bool "Crypto usage statistics for User-space"
1804 help
1805 This option enables the gathering of crypto stats.
1806 This will collect:
1807 - encrypt/decrypt size and numbers of symmeric operations
1808 - compress/decompress size and numbers of compress operations
1809 - size and numbers of hash operations
1810 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1811 - generate/seed numbers for rng operations
1812
ee08997f
DK		 1813config CRYPTO_HASH_INFO
1814 bool
1815
1da177e4 1816source "drivers/crypto/Kconfig"
964f3b3b 1817source crypto/asymmetric_keys/Kconfig
cfc411e7 1818source certs/Kconfig
1da177e4 1819
cce9e06d 1820endif # if CRYPTO
Ubuntu Eoan Linux kernel mirror