]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - crypto/Kconfig
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: sunxi - don't print confusing data
[mirror_ubuntu-zesty-kernel.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
149a3971
HX		 51 select CRYPTO_NULL2
52 select CRYPTO_RNG2
6a0fcbb4 53
5cde0af2
HX		 54config CRYPTO_BLKCIPHER
55 tristate
6a0fcbb4 56 select CRYPTO_BLKCIPHER2
5cde0af2 57 select CRYPTO_ALGAPI
6a0fcbb4
HX		 58
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
0a2e821d 63 select CRYPTO_WORKQUEUE
5cde0af2 64
055bcee3
HX		 65config CRYPTO_HASH
66 tristate
6a0fcbb4 67 select CRYPTO_HASH2
055bcee3
HX		 68 select CRYPTO_ALGAPI
69
6a0fcbb4
HX		 70config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
17f0f4a4
NH		 74config CRYPTO_RNG
75 tristate
6a0fcbb4 76 select CRYPTO_RNG2
17f0f4a4
NH		 77 select CRYPTO_ALGAPI
78
6a0fcbb4
HX		 79config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
401e4238
HX		 83config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
3c339ab8
TS		 87config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
cfc2bb32
TS		 96config CRYPTO_RSA
97 tristate "RSA algorithm"
425e0172 98 select CRYPTO_AKCIPHER
cfc2bb32
TS		 99 select MPILIB
100 select ASN1
101 help
102 Generic implementation of the RSA public key algorithm.
103
2b8c19db
HX		 104config CRYPTO_MANAGER
105 tristate "Cryptographic algorithm manager"
6a0fcbb4 106 select CRYPTO_MANAGER2
2b8c19db
HX		 107 help
108 Create default cryptographic template instantiations such as
109 cbc(aes).
110
6a0fcbb4
HX		 111config CRYPTO_MANAGER2
112 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
113 select CRYPTO_AEAD2
114 select CRYPTO_HASH2
115 select CRYPTO_BLKCIPHER2
946cc463 116 select CRYPTO_AKCIPHER2
6a0fcbb4 117
a38f7907
SK		 118config CRYPTO_USER
119 tristate "Userspace cryptographic algorithm configuration"
5db017aa 120 depends on NET
a38f7907
SK		 121 select CRYPTO_MANAGER
122 help
d19978f5 123 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 124 cbc(aes).
125
326a6346
HX		 126config CRYPTO_MANAGER_DISABLE_TESTS
127 bool "Disable run-time self tests"
00ca28a5
HX		 128 default y
129 depends on CRYPTO_MANAGER2
0b767f96 130 help
326a6346
HX		 131 Disable run-time self tests that normally take place at
132 algorithm registration.
0b767f96 133
584fffc8 134config CRYPTO_GF128MUL
08c70fc3 135 tristate "GF(2^128) multiplication functions"
333b0d7e 136 help
584fffc8
SS		 137 Efficient table driven implementation of multiplications in the
138 field GF(2^128). This is needed by some cypher modes. This
139 option will be selected automatically if you select such a
140 cipher mode. Only select this option by hand if you expect to load
141 an external module that requires these functions.
333b0d7e 142
1da177e4
LT		 143config CRYPTO_NULL
144 tristate "Null algorithms"
149a3971 145 select CRYPTO_NULL2
1da177e4
LT		 146 help
147 These are 'Null' algorithms, used by IPsec, which do nothing.
148
149a3971 149config CRYPTO_NULL2
dd43c4e9 150 tristate
149a3971
HX		 151 select CRYPTO_ALGAPI2
152 select CRYPTO_BLKCIPHER2
153 select CRYPTO_HASH2
154
5068c7a8 155config CRYPTO_PCRYPT
3b4afaf2
KC		 156 tristate "Parallel crypto engine"
157 depends on SMP
5068c7a8
SK		 158 select PADATA
159 select CRYPTO_MANAGER
160 select CRYPTO_AEAD
161 help
162 This converts an arbitrary crypto algorithm into a parallel
163 algorithm that executes in kernel threads.
164
25c38d3f
HY		 165config CRYPTO_WORKQUEUE
166 tristate
167
584fffc8
SS		 168config CRYPTO_CRYPTD
169 tristate "Software async crypto daemon"
170 select CRYPTO_BLKCIPHER
b8a28251 171 select CRYPTO_HASH
584fffc8 172 select CRYPTO_MANAGER
254eff77 173 select CRYPTO_WORKQUEUE
1da177e4 174 help
584fffc8
SS		 175 This is a generic software asynchronous crypto daemon that
176 converts an arbitrary synchronous software crypto algorithm
177 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 178
1e65b81a
TC		 179config CRYPTO_MCRYPTD
180 tristate "Software async multi-buffer crypto daemon"
181 select CRYPTO_BLKCIPHER
182 select CRYPTO_HASH
183 select CRYPTO_MANAGER
184 select CRYPTO_WORKQUEUE
185 help
186 This is a generic software asynchronous crypto daemon that
187 provides the kernel thread to assist multi-buffer crypto
188 algorithms for submitting jobs and flushing jobs in multi-buffer
189 crypto algorithms. Multi-buffer crypto algorithms are executed
190 in the context of this kernel thread and drivers can post
0e56673b 191 their crypto request asynchronously to be processed by this daemon.
1e65b81a 192
584fffc8
SS		 193config CRYPTO_AUTHENC
194 tristate "Authenc support"
195 select CRYPTO_AEAD
196 select CRYPTO_BLKCIPHER
197 select CRYPTO_MANAGER
198 select CRYPTO_HASH
e94c6a7a 199 select CRYPTO_NULL
1da177e4 200 help
584fffc8
SS		 201 Authenc: Combined mode wrapper for IPsec.
202 This is required for IPSec.
1da177e4 203
584fffc8
SS		 204config CRYPTO_TEST
205 tristate "Testing module"
206 depends on m
da7f033d 207 select CRYPTO_MANAGER
1da177e4 208 help
584fffc8 209 Quick & dirty crypto test module.
1da177e4 210
a62b01cd 211config CRYPTO_ABLK_HELPER
ffaf9156 212 tristate
ffaf9156
JK		 213 select CRYPTO_CRYPTD
214
596d8750
JK		 215config CRYPTO_GLUE_HELPER_X86
216 tristate
217 depends on X86
218 select CRYPTO_ALGAPI
219
584fffc8 220comment "Authenticated Encryption with Associated Data"
cd12fb90 221
584fffc8
SS		 222config CRYPTO_CCM
223 tristate "CCM support"
224 select CRYPTO_CTR
225 select CRYPTO_AEAD
1da177e4 226 help
584fffc8 227 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 228
584fffc8
SS		 229config CRYPTO_GCM
230 tristate "GCM/GMAC support"
231 select CRYPTO_CTR
232 select CRYPTO_AEAD
9382d97a 233 select CRYPTO_GHASH
9489667d 234 select CRYPTO_NULL
1da177e4 235 help
584fffc8
SS		 236 Support for Galois/Counter Mode (GCM) and Galois Message
237 Authentication Code (GMAC). Required for IPSec.
1da177e4 238
71ebc4d1
MW		 239config CRYPTO_CHACHA20POLY1305
240 tristate "ChaCha20-Poly1305 AEAD support"
241 select CRYPTO_CHACHA20
242 select CRYPTO_POLY1305
243 select CRYPTO_AEAD
244 help
245 ChaCha20-Poly1305 AEAD support, RFC7539.
246
247 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
248 with the Poly1305 authenticator. It is defined in RFC7539 for use in
249 IETF protocols.
250
584fffc8
SS		 251config CRYPTO_SEQIV
252 tristate "Sequence Number IV Generator"
253 select CRYPTO_AEAD
254 select CRYPTO_BLKCIPHER
856e3f40 255 select CRYPTO_NULL
401e4238 256 select CRYPTO_RNG_DEFAULT
1da177e4 257 help
584fffc8
SS		 258 This IV generator generates an IV based on a sequence number by
259 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 260
a10f554f
HX		 261config CRYPTO_ECHAINIV
262 tristate "Encrypted Chain IV Generator"
263 select CRYPTO_AEAD
264 select CRYPTO_NULL
401e4238 265 select CRYPTO_RNG_DEFAULT
3491244c 266 default m
a10f554f
HX		 267 help
268 This IV generator generates an IV based on the encryption of
269 a sequence number xored with a salt. This is the default
270 algorithm for CBC.
271
584fffc8 272comment "Block modes"
c494e070 273
584fffc8
SS		 274config CRYPTO_CBC
275 tristate "CBC support"
db131ef9 276 select CRYPTO_BLKCIPHER
43518407 277 select CRYPTO_MANAGER
db131ef9 278 help
584fffc8
SS		 279 CBC: Cipher Block Chaining mode
280 This block cipher algorithm is required for IPSec.
db131ef9 281
584fffc8
SS		 282config CRYPTO_CTR
283 tristate "CTR support"
db131ef9 284 select CRYPTO_BLKCIPHER
584fffc8 285 select CRYPTO_SEQIV
43518407 286 select CRYPTO_MANAGER
db131ef9 287 help
584fffc8 288 CTR: Counter mode
db131ef9
HX		 289 This block cipher algorithm is required for IPSec.
290
584fffc8
SS		 291config CRYPTO_CTS
292 tristate "CTS support"
293 select CRYPTO_BLKCIPHER
294 help
295 CTS: Cipher Text Stealing
296 This is the Cipher Text Stealing mode as described by
297 Section 8 of rfc2040 and referenced by rfc3962.
298 (rfc3962 includes errata information in its Appendix A)
299 This mode is required for Kerberos gss mechanism support
300 for AES encryption.
301
302config CRYPTO_ECB
303 tristate "ECB support"
91652be5
DH		 304 select CRYPTO_BLKCIPHER
305 select CRYPTO_MANAGER
91652be5 306 help
584fffc8
SS		 307 ECB: Electronic CodeBook mode
308 This is the simplest block cipher algorithm. It simply encrypts
309 the input block by block.
91652be5 310
64470f1b 311config CRYPTO_LRW
2470a2b2 312 tristate "LRW support"
64470f1b
RS		 313 select CRYPTO_BLKCIPHER
314 select CRYPTO_MANAGER
315 select CRYPTO_GF128MUL
316 help
317 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
318 narrow block cipher mode for dm-crypt. Use it with cipher
319 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
320 The first 128, 192 or 256 bits in the key are used for AES and the
321 rest is used to tie each cipher block to its logical position.
322
584fffc8
SS		 323config CRYPTO_PCBC
324 tristate "PCBC support"
325 select CRYPTO_BLKCIPHER
326 select CRYPTO_MANAGER
327 help
328 PCBC: Propagating Cipher Block Chaining mode
329 This block cipher algorithm is required for RxRPC.
330
f19f5111 331config CRYPTO_XTS
5bcf8e6d 332 tristate "XTS support"
f19f5111
RS		 333 select CRYPTO_BLKCIPHER
334 select CRYPTO_MANAGER
335 select CRYPTO_GF128MUL
336 help
337 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
338 key size 256, 384 or 512 bits. This implementation currently
339 can't handle a sectorsize which is not a multiple of 16 bytes.
340
1c49678e
SM		 341config CRYPTO_KEYWRAP
342 tristate "Key wrapping support"
343 select CRYPTO_BLKCIPHER
344 help
345 Support for key wrapping (NIST SP800-38F / RFC3394) without
346 padding.
347
584fffc8
SS		 348comment "Hash modes"
349
93b5e86a
JK		 350config CRYPTO_CMAC
351 tristate "CMAC support"
352 select CRYPTO_HASH
353 select CRYPTO_MANAGER
354 help
355 Cipher-based Message Authentication Code (CMAC) specified by
356 The National Institute of Standards and Technology (NIST).
357
358 https://tools.ietf.org/html/rfc4493
359 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
360
584fffc8
SS		 361config CRYPTO_HMAC
362 tristate "HMAC support"
363 select CRYPTO_HASH
23e353c8 364 select CRYPTO_MANAGER
23e353c8 365 help
584fffc8
SS		 366 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
367 This is required for IPSec.
23e353c8 368
584fffc8
SS		 369config CRYPTO_XCBC
370 tristate "XCBC support"
584fffc8
SS		 371 select CRYPTO_HASH
372 select CRYPTO_MANAGER
76cb9521 373 help
584fffc8
SS		 374 XCBC: Keyed-Hashing with encryption algorithm
375 http://www.ietf.org/rfc/rfc3566.txt
376 http://csrc.nist.gov/encryption/modes/proposedmodes/
377 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 378
f1939f7c
SW		 379config CRYPTO_VMAC
380 tristate "VMAC support"
f1939f7c
SW		 381 select CRYPTO_HASH
382 select CRYPTO_MANAGER
383 help
384 VMAC is a message authentication algorithm designed for
385 very high speed on 64-bit architectures.
386
387 See also:
388 <http://fastcrypto.org/vmac>
389
584fffc8 390comment "Digest"
28db8e3e 391
584fffc8
SS		 392config CRYPTO_CRC32C
393 tristate "CRC32c CRC algorithm"
5773a3e6 394 select CRYPTO_HASH
6a0962b2 395 select CRC32
4a49b499 396 help
584fffc8
SS		 397 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
398 by iSCSI for header and data digests and by others.
69c35efc 399 See Castagnoli93. Module will be crc32c.
4a49b499 400
8cb51ba8
AZ		 401config CRYPTO_CRC32C_INTEL
402 tristate "CRC32c INTEL hardware acceleration"
403 depends on X86
404 select CRYPTO_HASH
405 help
406 In Intel processor with SSE4.2 supported, the processor will
407 support CRC32C implementation using hardware accelerated CRC32
408 instruction. This option will create 'crc32c-intel' module,
409 which will enable any routine to use the CRC32 instruction to
410 gain performance compared with software implementation.
411 Module will be crc32c-intel.
412
442a7c40
DM		 413config CRYPTO_CRC32C_SPARC64
414 tristate "CRC32c CRC algorithm (SPARC64)"
415 depends on SPARC64
416 select CRYPTO_HASH
417 select CRC32
418 help
419 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
420 when available.
421
78c37d19
AB		 422config CRYPTO_CRC32
423 tristate "CRC32 CRC algorithm"
424 select CRYPTO_HASH
425 select CRC32
426 help
427 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
428 Shash crypto api wrappers to crc32_le function.
429
430config CRYPTO_CRC32_PCLMUL
431 tristate "CRC32 PCLMULQDQ hardware acceleration"
432 depends on X86
433 select CRYPTO_HASH
434 select CRC32
435 help
436 From Intel Westmere and AMD Bulldozer processor with SSE4.2
437 and PCLMULQDQ supported, the processor will support
438 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
439 instruction. This option will create 'crc32-plcmul' module,
440 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
441 and gain better performance as compared with the table implementation.
442
68411521
HX		 443config CRYPTO_CRCT10DIF
444 tristate "CRCT10DIF algorithm"
445 select CRYPTO_HASH
446 help
447 CRC T10 Data Integrity Field computation is being cast as
448 a crypto transform. This allows for faster crc t10 diff
449 transforms to be used if they are available.
450
451config CRYPTO_CRCT10DIF_PCLMUL
452 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
453 depends on X86 && 64BIT && CRC_T10DIF
454 select CRYPTO_HASH
455 help
456 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
457 CRC T10 DIF PCLMULQDQ computation can be hardware
458 accelerated PCLMULQDQ instruction. This option will create
459 'crct10dif-plcmul' module, which is faster when computing the
460 crct10dif checksum as compared with the generic table implementation.
461
2cdc6899
HY		 462config CRYPTO_GHASH
463 tristate "GHASH digest algorithm"
2cdc6899
HY		 464 select CRYPTO_GF128MUL
465 help
466 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
467
f979e014
MW		 468config CRYPTO_POLY1305
469 tristate "Poly1305 authenticator algorithm"
470 help
471 Poly1305 authenticator algorithm, RFC7539.
472
473 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
474 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
475 in IETF protocols. This is the portable C implementation of Poly1305.
476
c70f4abe 477config CRYPTO_POLY1305_X86_64
b1ccc8f4 478 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 479 depends on X86 && 64BIT
480 select CRYPTO_POLY1305
481 help
482 Poly1305 authenticator algorithm, RFC7539.
483
484 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
485 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
486 in IETF protocols. This is the x86_64 assembler implementation using SIMD
487 instructions.
488
584fffc8
SS		 489config CRYPTO_MD4
490 tristate "MD4 digest algorithm"
808a1763 491 select CRYPTO_HASH
124b53d0 492 help
584fffc8 493 MD4 message digest algorithm (RFC1320).
124b53d0 494
584fffc8
SS		 495config CRYPTO_MD5
496 tristate "MD5 digest algorithm"
14b75ba7 497 select CRYPTO_HASH
1da177e4 498 help
584fffc8 499 MD5 message digest algorithm (RFC1321).
1da177e4 500
d69e75de
AK		 501config CRYPTO_MD5_OCTEON
502 tristate "MD5 digest algorithm (OCTEON)"
503 depends on CPU_CAVIUM_OCTEON
504 select CRYPTO_MD5
505 select CRYPTO_HASH
506 help
507 MD5 message digest algorithm (RFC1321) implemented
508 using OCTEON crypto instructions, when available.
509
e8e59953
MS		 510config CRYPTO_MD5_PPC
511 tristate "MD5 digest algorithm (PPC)"
512 depends on PPC
513 select CRYPTO_HASH
514 help
515 MD5 message digest algorithm (RFC1321) implemented
516 in PPC assembler.
517
fa4dfedc
DM		 518config CRYPTO_MD5_SPARC64
519 tristate "MD5 digest algorithm (SPARC64)"
520 depends on SPARC64
521 select CRYPTO_MD5
522 select CRYPTO_HASH
523 help
524 MD5 message digest algorithm (RFC1321) implemented
525 using sparc64 crypto instructions, when available.
526
584fffc8
SS		 527config CRYPTO_MICHAEL_MIC
528 tristate "Michael MIC keyed digest algorithm"
19e2bf14 529 select CRYPTO_HASH
90831639 530 help
584fffc8
SS		 531 Michael MIC is used for message integrity protection in TKIP
532 (IEEE 802.11i). This algorithm is required for TKIP, but it
533 should not be used for other purposes because of the weakness
534 of the algorithm.
90831639 535
82798f90 536config CRYPTO_RMD128
b6d44341 537 tristate "RIPEMD-128 digest algorithm"
7c4468bc 538 select CRYPTO_HASH
b6d44341
AB		 539 help
540 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 541
b6d44341 542 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 543 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 544 RIPEMD-160 should be used.
82798f90 545
b6d44341 546 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 547 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 548
549config CRYPTO_RMD160
b6d44341 550 tristate "RIPEMD-160 digest algorithm"
e5835fba 551 select CRYPTO_HASH
b6d44341
AB		 552 help
553 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 554
b6d44341
AB		 555 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
556 to be used as a secure replacement for the 128-bit hash functions
557 MD4, MD5 and it's predecessor RIPEMD
558 (not to be confused with RIPEMD-128).
82798f90 559
b6d44341
AB		 560 It's speed is comparable to SHA1 and there are no known attacks
561 against RIPEMD-160.
534fe2c1 562
b6d44341 563 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 564 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 565
566config CRYPTO_RMD256
b6d44341 567 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 568 select CRYPTO_HASH
b6d44341
AB		 569 help
570 RIPEMD-256 is an optional extension of RIPEMD-128 with a
571 256 bit hash. It is intended for applications that require
572 longer hash-results, without needing a larger security level
573 (than RIPEMD-128).
534fe2c1 574
b6d44341 575 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 576 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 577
578config CRYPTO_RMD320
b6d44341 579 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 580 select CRYPTO_HASH
b6d44341
AB		 581 help
582 RIPEMD-320 is an optional extension of RIPEMD-160 with a
583 320 bit hash. It is intended for applications that require
584 longer hash-results, without needing a larger security level
585 (than RIPEMD-160).
534fe2c1 586
b6d44341 587 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 588 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 589
584fffc8
SS		 590config CRYPTO_SHA1
591 tristate "SHA1 digest algorithm"
54ccb367 592 select CRYPTO_HASH
1da177e4 593 help
584fffc8 594 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 595
66be8951 596config CRYPTO_SHA1_SSSE3
e38b6b7f 597 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 598 depends on X86 && 64BIT
599 select CRYPTO_SHA1
600 select CRYPTO_HASH
601 help
602 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
603 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 604 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
605 when available.
66be8951 606
8275d1aa 607config CRYPTO_SHA256_SSSE3
e38b6b7f 608 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 609 depends on X86 && 64BIT
610 select CRYPTO_SHA256
611 select CRYPTO_HASH
612 help
613 SHA-256 secure hash standard (DFIPS 180-2) implemented
614 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
615 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 616 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
617 Instructions) when available.
87de4579
TC		 618
619config CRYPTO_SHA512_SSSE3
620 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
621 depends on X86 && 64BIT
622 select CRYPTO_SHA512
623 select CRYPTO_HASH
624 help
625 SHA-512 secure hash standard (DFIPS 180-2) implemented
626 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
627 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 628 version 2 (AVX2) instructions, when available.
629
efdb6f6e
AK		 630config CRYPTO_SHA1_OCTEON
631 tristate "SHA1 digest algorithm (OCTEON)"
632 depends on CPU_CAVIUM_OCTEON
633 select CRYPTO_SHA1
634 select CRYPTO_HASH
635 help
636 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
637 using OCTEON crypto instructions, when available.
638
4ff28d4c
DM		 639config CRYPTO_SHA1_SPARC64
640 tristate "SHA1 digest algorithm (SPARC64)"
641 depends on SPARC64
642 select CRYPTO_SHA1
643 select CRYPTO_HASH
644 help
645 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
646 using sparc64 crypto instructions, when available.
647
323a6bf1
ME		 648config CRYPTO_SHA1_PPC
649 tristate "SHA1 digest algorithm (powerpc)"
650 depends on PPC
651 help
652 This is the powerpc hardware accelerated implementation of the
653 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
654
d9850fc5
MS		 655config CRYPTO_SHA1_PPC_SPE
656 tristate "SHA1 digest algorithm (PPC SPE)"
657 depends on PPC && SPE
658 help
659 SHA-1 secure hash standard (DFIPS 180-4) implemented
660 using powerpc SPE SIMD instruction set.
661
1e65b81a
TC		 662config CRYPTO_SHA1_MB
663 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
664 depends on X86 && 64BIT
665 select CRYPTO_SHA1
666 select CRYPTO_HASH
667 select CRYPTO_MCRYPTD
668 help
669 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
670 using multi-buffer technique. This algorithm computes on
671 multiple data lanes concurrently with SIMD instructions for
672 better throughput. It should not be enabled by default but
673 used when there is significant amount of work to keep the keep
674 the data lanes filled to get performance benefit. If the data
675 lanes remain unfilled, a flush operation will be initiated to
676 process the crypto jobs, adding a slight latency.
677
584fffc8
SS		 678config CRYPTO_SHA256
679 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 680 select CRYPTO_HASH
1da177e4 681 help
584fffc8 682 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 683
584fffc8
SS		 684 This version of SHA implements a 256 bit hash with 128 bits of
685 security against collision attacks.
2729bb42 686
b6d44341
AB		 687 This code also includes SHA-224, a 224 bit hash with 112 bits
688 of security against collision attacks.
584fffc8 689
2ecc1e95
MS		 690config CRYPTO_SHA256_PPC_SPE
691 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
692 depends on PPC && SPE
693 select CRYPTO_SHA256
694 select CRYPTO_HASH
695 help
696 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
697 implemented using powerpc SPE SIMD instruction set.
698
efdb6f6e
AK		 699config CRYPTO_SHA256_OCTEON
700 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
701 depends on CPU_CAVIUM_OCTEON
702 select CRYPTO_SHA256
703 select CRYPTO_HASH
704 help
705 SHA-256 secure hash standard (DFIPS 180-2) implemented
706 using OCTEON crypto instructions, when available.
707
86c93b24
DM		 708config CRYPTO_SHA256_SPARC64
709 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
710 depends on SPARC64
711 select CRYPTO_SHA256
712 select CRYPTO_HASH
713 help
714 SHA-256 secure hash standard (DFIPS 180-2) implemented
715 using sparc64 crypto instructions, when available.
716
584fffc8
SS		 717config CRYPTO_SHA512
718 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 719 select CRYPTO_HASH
b9f535ff 720 help
584fffc8 721 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 722
584fffc8
SS		 723 This version of SHA implements a 512 bit hash with 256 bits of
724 security against collision attacks.
b9f535ff 725
584fffc8
SS		 726 This code also includes SHA-384, a 384 bit hash with 192 bits
727 of security against collision attacks.
b9f535ff 728
efdb6f6e
AK		 729config CRYPTO_SHA512_OCTEON
730 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
731 depends on CPU_CAVIUM_OCTEON
732 select CRYPTO_SHA512
733 select CRYPTO_HASH
734 help
735 SHA-512 secure hash standard (DFIPS 180-2) implemented
736 using OCTEON crypto instructions, when available.
737
775e0c69
DM		 738config CRYPTO_SHA512_SPARC64
739 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
740 depends on SPARC64
741 select CRYPTO_SHA512
742 select CRYPTO_HASH
743 help
744 SHA-512 secure hash standard (DFIPS 180-2) implemented
745 using sparc64 crypto instructions, when available.
746
584fffc8
SS		 747config CRYPTO_TGR192
748 tristate "Tiger digest algorithms"
f63fbd3d 749 select CRYPTO_HASH
eaf44088 750 help
584fffc8 751 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 752
584fffc8
SS		 753 Tiger is a hash function optimized for 64-bit processors while
754 still having decent performance on 32-bit processors.
755 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 756
757 See also:
584fffc8 758 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 759
584fffc8
SS		 760config CRYPTO_WP512
761 tristate "Whirlpool digest algorithms"
4946510b 762 select CRYPTO_HASH
1da177e4 763 help
584fffc8 764 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 765
584fffc8
SS		 766 Whirlpool-512 is part of the NESSIE cryptographic primitives.
767 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 768
769 See also:
6d8de74c 770 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 771
0e1227d3
HY		 772config CRYPTO_GHASH_CLMUL_NI_INTEL
773 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 774 depends on X86 && 64BIT
0e1227d3
HY		 775 select CRYPTO_CRYPTD
776 help
777 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
778 The implementation is accelerated by CLMUL-NI of Intel.
779
584fffc8 780comment "Ciphers"
1da177e4
LT		 781
782config CRYPTO_AES
783 tristate "AES cipher algorithms"
cce9e06d 784 select CRYPTO_ALGAPI
1da177e4 785 help
584fffc8 786 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 787 algorithm.
788
789 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 790 both hardware and software across a wide range of computing
791 environments regardless of its use in feedback or non-feedback
792 modes. Its key setup time is excellent, and its key agility is
793 good. Rijndael's very low memory requirements make it very well
794 suited for restricted-space environments, in which it also
795 demonstrates excellent performance. Rijndael's operations are
796 among the easiest to defend against power and timing attacks.
1da177e4 797
584fffc8 798 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 799
800 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
801
802config CRYPTO_AES_586
803 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 804 depends on (X86 || UML_X86) && !64BIT
805 select CRYPTO_ALGAPI
5157dea8 806 select CRYPTO_AES
1da177e4 807 help
584fffc8 808 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 809 algorithm.
810
811 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 812 both hardware and software across a wide range of computing
813 environments regardless of its use in feedback or non-feedback
814 modes. Its key setup time is excellent, and its key agility is
815 good. Rijndael's very low memory requirements make it very well
816 suited for restricted-space environments, in which it also
817 demonstrates excellent performance. Rijndael's operations are
818 among the easiest to defend against power and timing attacks.
1da177e4 819
584fffc8 820 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 821
822 See <http://csrc.nist.gov/encryption/aes/> for more information.
823
824config CRYPTO_AES_X86_64
825 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 826 depends on (X86 || UML_X86) && 64BIT
827 select CRYPTO_ALGAPI
81190b32 828 select CRYPTO_AES
a2a892a2 829 help
584fffc8 830 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 831 algorithm.
832
833 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 834 both hardware and software across a wide range of computing
835 environments regardless of its use in feedback or non-feedback
836 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 837 good. Rijndael's very low memory requirements make it very well
838 suited for restricted-space environments, in which it also
839 demonstrates excellent performance. Rijndael's operations are
840 among the easiest to defend against power and timing attacks.
841
842 The AES specifies three key sizes: 128, 192 and 256 bits
843
844 See <http://csrc.nist.gov/encryption/aes/> for more information.
845
846config CRYPTO_AES_NI_INTEL
847 tristate "AES cipher algorithms (AES-NI)"
8af00860 848 depends on X86
0d258efb
MK		 849 select CRYPTO_AES_X86_64 if 64BIT
850 select CRYPTO_AES_586 if !64BIT
54b6a1bd 851 select CRYPTO_CRYPTD
801201aa 852 select CRYPTO_ABLK_HELPER
54b6a1bd 853 select CRYPTO_ALGAPI
7643a11a 854 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 855 select CRYPTO_LRW
856 select CRYPTO_XTS
54b6a1bd
HY		 857 help
858 Use Intel AES-NI instructions for AES algorithm.
859
860 AES cipher algorithms (FIPS-197). AES uses the Rijndael
861 algorithm.
862
863 Rijndael appears to be consistently a very good performer in
864 both hardware and software across a wide range of computing
865 environments regardless of its use in feedback or non-feedback
866 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 867 good. Rijndael's very low memory requirements make it very well
868 suited for restricted-space environments, in which it also
869 demonstrates excellent performance. Rijndael's operations are
870 among the easiest to defend against power and timing attacks.
a2a892a2 871
584fffc8 872 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 873
874 See <http://csrc.nist.gov/encryption/aes/> for more information.
875
0d258efb
MK		 876 In addition to AES cipher algorithm support, the acceleration
877 for some popular block cipher mode is supported too, including
878 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
879 acceleration for CTR.
2cf4ac8b 880
9bf4852d
DM		 881config CRYPTO_AES_SPARC64
882 tristate "AES cipher algorithms (SPARC64)"
883 depends on SPARC64
884 select CRYPTO_CRYPTD
885 select CRYPTO_ALGAPI
886 help
887 Use SPARC64 crypto opcodes for AES algorithm.
888
889 AES cipher algorithms (FIPS-197). AES uses the Rijndael
890 algorithm.
891
892 Rijndael appears to be consistently a very good performer in
893 both hardware and software across a wide range of computing
894 environments regardless of its use in feedback or non-feedback
895 modes. Its key setup time is excellent, and its key agility is
896 good. Rijndael's very low memory requirements make it very well
897 suited for restricted-space environments, in which it also
898 demonstrates excellent performance. Rijndael's operations are
899 among the easiest to defend against power and timing attacks.
900
901 The AES specifies three key sizes: 128, 192 and 256 bits
902
903 See <http://csrc.nist.gov/encryption/aes/> for more information.
904
905 In addition to AES cipher algorithm support, the acceleration
906 for some popular block cipher mode is supported too, including
907 ECB and CBC.
908
504c6143
MS		 909config CRYPTO_AES_PPC_SPE
910 tristate "AES cipher algorithms (PPC SPE)"
911 depends on PPC && SPE
912 help
913 AES cipher algorithms (FIPS-197). Additionally the acceleration
914 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
915 This module should only be used for low power (router) devices
916 without hardware AES acceleration (e.g. caam crypto). It reduces the
917 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
918 timining attacks. Nevertheless it might be not as secure as other
919 architecture specific assembler implementations that work on 1KB
920 tables or 256 bytes S-boxes.
921
584fffc8
SS		 922config CRYPTO_ANUBIS
923 tristate "Anubis cipher algorithm"
924 select CRYPTO_ALGAPI
925 help
926 Anubis cipher algorithm.
927
928 Anubis is a variable key length cipher which can use keys from
929 128 bits to 320 bits in length. It was evaluated as a entrant
930 in the NESSIE competition.
931
932 See also:
6d8de74c
JM		 933 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
934 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 935
936config CRYPTO_ARC4
937 tristate "ARC4 cipher algorithm"
b9b0f080 938 select CRYPTO_BLKCIPHER
584fffc8
SS		 939 help
940 ARC4 cipher algorithm.
941
942 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
943 bits in length. This algorithm is required for driver-based
944 WEP, but it should not be for other purposes because of the
945 weakness of the algorithm.
946
947config CRYPTO_BLOWFISH
948 tristate "Blowfish cipher algorithm"
949 select CRYPTO_ALGAPI
52ba867c 950 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 951 help
952 Blowfish cipher algorithm, by Bruce Schneier.
953
954 This is a variable key length cipher which can use keys from 32
955 bits to 448 bits in length. It's fast, simple and specifically
956 designed for use on "large microprocessors".
957
958 See also:
959 <http://www.schneier.com/blowfish.html>
960
52ba867c
JK		 961config CRYPTO_BLOWFISH_COMMON
962 tristate
963 help
964 Common parts of the Blowfish cipher algorithm shared by the
965 generic c and the assembler implementations.
966
967 See also:
968 <http://www.schneier.com/blowfish.html>
969
64b94cea
JK		 970config CRYPTO_BLOWFISH_X86_64
971 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 972 depends on X86 && 64BIT
64b94cea
JK		 973 select CRYPTO_ALGAPI
974 select CRYPTO_BLOWFISH_COMMON
975 help
976 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
977
978 This is a variable key length cipher which can use keys from 32
979 bits to 448 bits in length. It's fast, simple and specifically
980 designed for use on "large microprocessors".
981
982 See also:
983 <http://www.schneier.com/blowfish.html>
984
584fffc8
SS		 985config CRYPTO_CAMELLIA
986 tristate "Camellia cipher algorithms"
987 depends on CRYPTO
988 select CRYPTO_ALGAPI
989 help
990 Camellia cipher algorithms module.
991
992 Camellia is a symmetric key block cipher developed jointly
993 at NTT and Mitsubishi Electric Corporation.
994
995 The Camellia specifies three key sizes: 128, 192 and 256 bits.
996
997 See also:
998 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
999
0b95ec56
JK		 1000config CRYPTO_CAMELLIA_X86_64
1001 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1002 depends on X86 && 64BIT
0b95ec56
JK		 1003 depends on CRYPTO
1004 select CRYPTO_ALGAPI
964263af 1005 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1006 select CRYPTO_LRW
1007 select CRYPTO_XTS
1008 help
1009 Camellia cipher algorithm module (x86_64).
1010
1011 Camellia is a symmetric key block cipher developed jointly
1012 at NTT and Mitsubishi Electric Corporation.
1013
1014 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1015
1016 See also:
d9b1d2e7
JK		 1017 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1018
1019config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1020 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1021 depends on X86 && 64BIT
1022 depends on CRYPTO
1023 select CRYPTO_ALGAPI
1024 select CRYPTO_CRYPTD
801201aa 1025 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 1026 select CRYPTO_GLUE_HELPER_X86
1027 select CRYPTO_CAMELLIA_X86_64
1028 select CRYPTO_LRW
1029 select CRYPTO_XTS
1030 help
1031 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1032
1033 Camellia is a symmetric key block cipher developed jointly
1034 at NTT and Mitsubishi Electric Corporation.
1035
1036 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1037
1038 See also:
0b95ec56
JK		 1039 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1040
f3f935a7
JK		 1041config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1042 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1043 depends on X86 && 64BIT
1044 depends on CRYPTO
1045 select CRYPTO_ALGAPI
1046 select CRYPTO_CRYPTD
801201aa 1047 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 1048 select CRYPTO_GLUE_HELPER_X86
1049 select CRYPTO_CAMELLIA_X86_64
1050 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1051 select CRYPTO_LRW
1052 select CRYPTO_XTS
1053 help
1054 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1055
1056 Camellia is a symmetric key block cipher developed jointly
1057 at NTT and Mitsubishi Electric Corporation.
1058
1059 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1060
1061 See also:
1062 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1063
81658ad0
DM		 1064config CRYPTO_CAMELLIA_SPARC64
1065 tristate "Camellia cipher algorithm (SPARC64)"
1066 depends on SPARC64
1067 depends on CRYPTO
1068 select CRYPTO_ALGAPI
1069 help
1070 Camellia cipher algorithm module (SPARC64).
1071
1072 Camellia is a symmetric key block cipher developed jointly
1073 at NTT and Mitsubishi Electric Corporation.
1074
1075 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1076
1077 See also:
1078 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1079
044ab525
JK		 1080config CRYPTO_CAST_COMMON
1081 tristate
1082 help
1083 Common parts of the CAST cipher algorithms shared by the
1084 generic c and the assembler implementations.
1085
1da177e4
LT		 1086config CRYPTO_CAST5
1087 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1088 select CRYPTO_ALGAPI
044ab525 1089 select CRYPTO_CAST_COMMON
1da177e4
LT		 1090 help
1091 The CAST5 encryption algorithm (synonymous with CAST-128) is
1092 described in RFC2144.
1093
4d6d6a2c
JG		 1094config CRYPTO_CAST5_AVX_X86_64
1095 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1096 depends on X86 && 64BIT
1097 select CRYPTO_ALGAPI
1098 select CRYPTO_CRYPTD
801201aa 1099 select CRYPTO_ABLK_HELPER
044ab525 1100 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1101 select CRYPTO_CAST5
1102 help
1103 The CAST5 encryption algorithm (synonymous with CAST-128) is
1104 described in RFC2144.
1105
1106 This module provides the Cast5 cipher algorithm that processes
1107 sixteen blocks parallel using the AVX instruction set.
1108
1da177e4
LT		 1109config CRYPTO_CAST6
1110 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1111 select CRYPTO_ALGAPI
044ab525 1112 select CRYPTO_CAST_COMMON
1da177e4
LT		 1113 help
1114 The CAST6 encryption algorithm (synonymous with CAST-256) is
1115 described in RFC2612.
1116
4ea1277d
JG		 1117config CRYPTO_CAST6_AVX_X86_64
1118 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1119 depends on X86 && 64BIT
1120 select CRYPTO_ALGAPI
1121 select CRYPTO_CRYPTD
801201aa 1122 select CRYPTO_ABLK_HELPER
4ea1277d 1123 select CRYPTO_GLUE_HELPER_X86
044ab525 1124 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1125 select CRYPTO_CAST6
1126 select CRYPTO_LRW
1127 select CRYPTO_XTS
1128 help
1129 The CAST6 encryption algorithm (synonymous with CAST-256) is
1130 described in RFC2612.
1131
1132 This module provides the Cast6 cipher algorithm that processes
1133 eight blocks parallel using the AVX instruction set.
1134
584fffc8
SS		 1135config CRYPTO_DES
1136 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1137 select CRYPTO_ALGAPI
1da177e4 1138 help
584fffc8 1139 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1140
c5aac2df
DM		 1141config CRYPTO_DES_SPARC64
1142 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1143 depends on SPARC64
c5aac2df
DM		 1144 select CRYPTO_ALGAPI
1145 select CRYPTO_DES
1146 help
1147 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1148 optimized using SPARC64 crypto opcodes.
1149
6574e6c6
JK		 1150config CRYPTO_DES3_EDE_X86_64
1151 tristate "Triple DES EDE cipher algorithm (x86-64)"
1152 depends on X86 && 64BIT
1153 select CRYPTO_ALGAPI
1154 select CRYPTO_DES
1155 help
1156 Triple DES EDE (FIPS 46-3) algorithm.
1157
1158 This module provides implementation of the Triple DES EDE cipher
1159 algorithm that is optimized for x86-64 processors. Two versions of
1160 algorithm are provided; regular processing one input block and
1161 one that processes three blocks parallel.
1162
584fffc8
SS		 1163config CRYPTO_FCRYPT
1164 tristate "FCrypt cipher algorithm"
cce9e06d 1165 select CRYPTO_ALGAPI
584fffc8 1166 select CRYPTO_BLKCIPHER
1da177e4 1167 help
584fffc8 1168 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1169
1170config CRYPTO_KHAZAD
1171 tristate "Khazad cipher algorithm"
cce9e06d 1172 select CRYPTO_ALGAPI
1da177e4
LT		 1173 help
1174 Khazad cipher algorithm.
1175
1176 Khazad was a finalist in the initial NESSIE competition. It is
1177 an algorithm optimized for 64-bit processors with good performance
1178 on 32-bit processors. Khazad uses an 128 bit key size.
1179
1180 See also:
6d8de74c 1181 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1182
2407d608 1183config CRYPTO_SALSA20
3b4afaf2 1184 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1185 select CRYPTO_BLKCIPHER
1186 help
1187 Salsa20 stream cipher algorithm.
1188
1189 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1190 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1191
1192 The Salsa20 stream cipher algorithm is designed by Daniel J.
1193 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1194
1195config CRYPTO_SALSA20_586
3b4afaf2 1196 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1197 depends on (X86 || UML_X86) && !64BIT
974e4b75 1198 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1199 help
1200 Salsa20 stream cipher algorithm.
1201
1202 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1203 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1204
1205 The Salsa20 stream cipher algorithm is designed by Daniel J.
1206 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1207
1208config CRYPTO_SALSA20_X86_64
3b4afaf2 1209 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1210 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1211 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1212 help
1213 Salsa20 stream cipher algorithm.
1214
1215 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1216 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1217
1218 The Salsa20 stream cipher algorithm is designed by Daniel J.
1219 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1220
c08d0e64
MW		 1221config CRYPTO_CHACHA20
1222 tristate "ChaCha20 cipher algorithm"
1223 select CRYPTO_BLKCIPHER
1224 help
1225 ChaCha20 cipher algorithm, RFC7539.
1226
1227 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1228 Bernstein and further specified in RFC7539 for use in IETF protocols.
1229 This is the portable C implementation of ChaCha20.
1230
1231 See also:
1232 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1233
c9320b6d 1234config CRYPTO_CHACHA20_X86_64
3d1e93cd 1235 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
c9320b6d
MW		 1236 depends on X86 && 64BIT
1237 select CRYPTO_BLKCIPHER
1238 select CRYPTO_CHACHA20
1239 help
1240 ChaCha20 cipher algorithm, RFC7539.
1241
1242 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1243 Bernstein and further specified in RFC7539 for use in IETF protocols.
1244 This is the x86_64 assembler implementation using SIMD instructions.
1245
1246 See also:
1247 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1248
584fffc8
SS		 1249config CRYPTO_SEED
1250 tristate "SEED cipher algorithm"
cce9e06d 1251 select CRYPTO_ALGAPI
1da177e4 1252 help
584fffc8 1253 SEED cipher algorithm (RFC4269).
1da177e4 1254
584fffc8
SS		 1255 SEED is a 128-bit symmetric key block cipher that has been
1256 developed by KISA (Korea Information Security Agency) as a
1257 national standard encryption algorithm of the Republic of Korea.
1258 It is a 16 round block cipher with the key size of 128 bit.
1259
1260 See also:
1261 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1262
1263config CRYPTO_SERPENT
1264 tristate "Serpent cipher algorithm"
cce9e06d 1265 select CRYPTO_ALGAPI
1da177e4 1266 help
584fffc8 1267 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1268
584fffc8
SS		 1269 Keys are allowed to be from 0 to 256 bits in length, in steps
1270 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1271 variant of Serpent for compatibility with old kerneli.org code.
1272
1273 See also:
1274 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1275
937c30d7
JK		 1276config CRYPTO_SERPENT_SSE2_X86_64
1277 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1278 depends on X86 && 64BIT
1279 select CRYPTO_ALGAPI
341975bf 1280 select CRYPTO_CRYPTD
801201aa 1281 select CRYPTO_ABLK_HELPER
596d8750 1282 select CRYPTO_GLUE_HELPER_X86
937c30d7 1283 select CRYPTO_SERPENT
feaf0cfc
JK		 1284 select CRYPTO_LRW
1285 select CRYPTO_XTS
937c30d7
JK		 1286 help
1287 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1288
1289 Keys are allowed to be from 0 to 256 bits in length, in steps
1290 of 8 bits.
1291
1e6232f8 1292 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1293 blocks parallel using SSE2 instruction set.
1294
1295 See also:
1296 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1297
251496db
JK		 1298config CRYPTO_SERPENT_SSE2_586
1299 tristate "Serpent cipher algorithm (i586/SSE2)"
1300 depends on X86 && !64BIT
1301 select CRYPTO_ALGAPI
341975bf 1302 select CRYPTO_CRYPTD
801201aa 1303 select CRYPTO_ABLK_HELPER
596d8750 1304 select CRYPTO_GLUE_HELPER_X86
251496db 1305 select CRYPTO_SERPENT
feaf0cfc
JK		 1306 select CRYPTO_LRW
1307 select CRYPTO_XTS
251496db
JK		 1308 help
1309 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1310
1311 Keys are allowed to be from 0 to 256 bits in length, in steps
1312 of 8 bits.
1313
1314 This module provides Serpent cipher algorithm that processes four
1315 blocks parallel using SSE2 instruction set.
1316
1317 See also:
1318 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1319
1320config CRYPTO_SERPENT_AVX_X86_64
1321 tristate "Serpent cipher algorithm (x86_64/AVX)"
1322 depends on X86 && 64BIT
1323 select CRYPTO_ALGAPI
1324 select CRYPTO_CRYPTD
801201aa 1325 select CRYPTO_ABLK_HELPER
1d0debbd 1326 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1327 select CRYPTO_SERPENT
1328 select CRYPTO_LRW
1329 select CRYPTO_XTS
1330 help
1331 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1332
1333 Keys are allowed to be from 0 to 256 bits in length, in steps
1334 of 8 bits.
1335
1336 This module provides the Serpent cipher algorithm that processes
1337 eight blocks parallel using the AVX instruction set.
1338
1339 See also:
1340 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1341
56d76c96
JK		 1342config CRYPTO_SERPENT_AVX2_X86_64
1343 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1344 depends on X86 && 64BIT
1345 select CRYPTO_ALGAPI
1346 select CRYPTO_CRYPTD
801201aa 1347 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1348 select CRYPTO_GLUE_HELPER_X86
1349 select CRYPTO_SERPENT
1350 select CRYPTO_SERPENT_AVX_X86_64
1351 select CRYPTO_LRW
1352 select CRYPTO_XTS
1353 help
1354 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1355
1356 Keys are allowed to be from 0 to 256 bits in length, in steps
1357 of 8 bits.
1358
1359 This module provides Serpent cipher algorithm that processes 16
1360 blocks parallel using AVX2 instruction set.
1361
1362 See also:
1363 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1364
584fffc8
SS		 1365config CRYPTO_TEA
1366 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1367 select CRYPTO_ALGAPI
1da177e4 1368 help
584fffc8 1369 TEA cipher algorithm.
1da177e4 1370
584fffc8
SS		 1371 Tiny Encryption Algorithm is a simple cipher that uses
1372 many rounds for security. It is very fast and uses
1373 little memory.
1374
1375 Xtendend Tiny Encryption Algorithm is a modification to
1376 the TEA algorithm to address a potential key weakness
1377 in the TEA algorithm.
1378
1379 Xtendend Encryption Tiny Algorithm is a mis-implementation
1380 of the XTEA algorithm for compatibility purposes.
1381
1382config CRYPTO_TWOFISH
1383 tristate "Twofish cipher algorithm"
04ac7db3 1384 select CRYPTO_ALGAPI
584fffc8 1385 select CRYPTO_TWOFISH_COMMON
04ac7db3 1386 help
584fffc8 1387 Twofish cipher algorithm.
04ac7db3 1388
584fffc8
SS		 1389 Twofish was submitted as an AES (Advanced Encryption Standard)
1390 candidate cipher by researchers at CounterPane Systems. It is a
1391 16 round block cipher supporting key sizes of 128, 192, and 256
1392 bits.
04ac7db3 1393
584fffc8
SS		 1394 See also:
1395 <http://www.schneier.com/twofish.html>
1396
1397config CRYPTO_TWOFISH_COMMON
1398 tristate
1399 help
1400 Common parts of the Twofish cipher algorithm shared by the
1401 generic c and the assembler implementations.
1402
1403config CRYPTO_TWOFISH_586
1404 tristate "Twofish cipher algorithms (i586)"
1405 depends on (X86 || UML_X86) && !64BIT
1406 select CRYPTO_ALGAPI
1407 select CRYPTO_TWOFISH_COMMON
1408 help
1409 Twofish cipher algorithm.
1410
1411 Twofish was submitted as an AES (Advanced Encryption Standard)
1412 candidate cipher by researchers at CounterPane Systems. It is a
1413 16 round block cipher supporting key sizes of 128, 192, and 256
1414 bits.
04ac7db3
NT		 1415
1416 See also:
584fffc8 1417 <http://www.schneier.com/twofish.html>
04ac7db3 1418
584fffc8
SS		 1419config CRYPTO_TWOFISH_X86_64
1420 tristate "Twofish cipher algorithm (x86_64)"
1421 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1422 select CRYPTO_ALGAPI
584fffc8 1423 select CRYPTO_TWOFISH_COMMON
1da177e4 1424 help
584fffc8 1425 Twofish cipher algorithm (x86_64).
1da177e4 1426
584fffc8
SS		 1427 Twofish was submitted as an AES (Advanced Encryption Standard)
1428 candidate cipher by researchers at CounterPane Systems. It is a
1429 16 round block cipher supporting key sizes of 128, 192, and 256
1430 bits.
1431
1432 See also:
1433 <http://www.schneier.com/twofish.html>
1434
8280daad
JK		 1435config CRYPTO_TWOFISH_X86_64_3WAY
1436 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1437 depends on X86 && 64BIT
8280daad
JK		 1438 select CRYPTO_ALGAPI
1439 select CRYPTO_TWOFISH_COMMON
1440 select CRYPTO_TWOFISH_X86_64
414cb5e7 1441 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1442 select CRYPTO_LRW
1443 select CRYPTO_XTS
8280daad
JK		 1444 help
1445 Twofish cipher algorithm (x86_64, 3-way parallel).
1446
1447 Twofish was submitted as an AES (Advanced Encryption Standard)
1448 candidate cipher by researchers at CounterPane Systems. It is a
1449 16 round block cipher supporting key sizes of 128, 192, and 256
1450 bits.
1451
1452 This module provides Twofish cipher algorithm that processes three
1453 blocks parallel, utilizing resources of out-of-order CPUs better.
1454
1455 See also:
1456 <http://www.schneier.com/twofish.html>
1457
107778b5
JG		 1458config CRYPTO_TWOFISH_AVX_X86_64
1459 tristate "Twofish cipher algorithm (x86_64/AVX)"
1460 depends on X86 && 64BIT
1461 select CRYPTO_ALGAPI
1462 select CRYPTO_CRYPTD
801201aa 1463 select CRYPTO_ABLK_HELPER
a7378d4e 1464 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1465 select CRYPTO_TWOFISH_COMMON
1466 select CRYPTO_TWOFISH_X86_64
1467 select CRYPTO_TWOFISH_X86_64_3WAY
1468 select CRYPTO_LRW
1469 select CRYPTO_XTS
1470 help
1471 Twofish cipher algorithm (x86_64/AVX).
1472
1473 Twofish was submitted as an AES (Advanced Encryption Standard)
1474 candidate cipher by researchers at CounterPane Systems. It is a
1475 16 round block cipher supporting key sizes of 128, 192, and 256
1476 bits.
1477
1478 This module provides the Twofish cipher algorithm that processes
1479 eight blocks parallel using the AVX Instruction Set.
1480
1481 See also:
1482 <http://www.schneier.com/twofish.html>
1483
584fffc8
SS		 1484comment "Compression"
1485
1486config CRYPTO_DEFLATE
1487 tristate "Deflate compression algorithm"
1488 select CRYPTO_ALGAPI
1489 select ZLIB_INFLATE
1490 select ZLIB_DEFLATE
3c09f17c 1491 help
584fffc8
SS		 1492 This is the Deflate algorithm (RFC1951), specified for use in
1493 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1494
1495 You will most probably want this if using IPSec.
3c09f17c 1496
0b77abb3
ZS		 1497config CRYPTO_LZO
1498 tristate "LZO compression algorithm"
1499 select CRYPTO_ALGAPI
1500 select LZO_COMPRESS
1501 select LZO_DECOMPRESS
1502 help
1503 This is the LZO algorithm.
1504
35a1fc18
SJ		 1505config CRYPTO_842
1506 tristate "842 compression algorithm"
2062c5b6
DS		 1507 select CRYPTO_ALGAPI
1508 select 842_COMPRESS
1509 select 842_DECOMPRESS
35a1fc18
SJ		 1510 help
1511 This is the 842 algorithm.
0ea8530d
CM		 1512
1513config CRYPTO_LZ4
1514 tristate "LZ4 compression algorithm"
1515 select CRYPTO_ALGAPI
1516 select LZ4_COMPRESS
1517 select LZ4_DECOMPRESS
1518 help
1519 This is the LZ4 algorithm.
1520
1521config CRYPTO_LZ4HC
1522 tristate "LZ4HC compression algorithm"
1523 select CRYPTO_ALGAPI
1524 select LZ4HC_COMPRESS
1525 select LZ4_DECOMPRESS
1526 help
1527 This is the LZ4 high compression mode algorithm.
35a1fc18 1528
17f0f4a4
NH		 1529comment "Random Number Generation"
1530
1531config CRYPTO_ANSI_CPRNG
1532 tristate "Pseudo Random Number Generation for Cryptographic modules"
1533 select CRYPTO_AES
1534 select CRYPTO_RNG
17f0f4a4
NH		 1535 help
1536 This option enables the generic pseudo random number generator
1537 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1538 ANSI X9.31 A.2.4. Note that this option must be enabled if
1539 CRYPTO_FIPS is selected
17f0f4a4 1540
f2c89a10 1541menuconfig CRYPTO_DRBG_MENU
419090c6 1542 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1543 help
1544 NIST SP800-90A compliant DRBG. In the following submenu, one or
1545 more of the DRBG types must be selected.
1546
f2c89a10 1547if CRYPTO_DRBG_MENU
419090c6
SM		 1548
1549config CRYPTO_DRBG_HMAC
401e4238 1550 bool
419090c6 1551 default y
419090c6 1552 select CRYPTO_HMAC
826775bb 1553 select CRYPTO_SHA256
419090c6
SM		 1554
1555config CRYPTO_DRBG_HASH
1556 bool "Enable Hash DRBG"
826775bb 1557 select CRYPTO_SHA256
419090c6
SM		 1558 help
1559 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1560
1561config CRYPTO_DRBG_CTR
1562 bool "Enable CTR DRBG"
419090c6
SM		 1563 select CRYPTO_AES
1564 help
1565 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1566
f2c89a10
HX		 1567config CRYPTO_DRBG
1568 tristate
401e4238 1569 default CRYPTO_DRBG_MENU
f2c89a10 1570 select CRYPTO_RNG
bb5530e4 1571 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1572
1573endif # if CRYPTO_DRBG_MENU
419090c6 1574
bb5530e4
SM		 1575config CRYPTO_JITTERENTROPY
1576 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1577 help
1578 The Jitterentropy RNG is a noise that is intended
1579 to provide seed to another RNG. The RNG does not
1580 perform any cryptographic whitening of the generated
1581 random numbers. This Jitterentropy RNG registers with
1582 the kernel crypto API and can be used by any caller.
1583
03c8efc1
HX		 1584config CRYPTO_USER_API
1585 tristate
1586
fe869cdb
HX		 1587config CRYPTO_USER_API_HASH
1588 tristate "User-space interface for hash algorithms"
7451708f 1589 depends on NET
fe869cdb
HX		 1590 select CRYPTO_HASH
1591 select CRYPTO_USER_API
1592 help
1593 This option enables the user-spaces interface for hash
1594 algorithms.
1595
8ff59090
HX		 1596config CRYPTO_USER_API_SKCIPHER
1597 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1598 depends on NET
8ff59090
HX		 1599 select CRYPTO_BLKCIPHER
1600 select CRYPTO_USER_API
1601 help
1602 This option enables the user-spaces interface for symmetric
1603 key cipher algorithms.
1604
2f375538
SM		 1605config CRYPTO_USER_API_RNG
1606 tristate "User-space interface for random number generator algorithms"
1607 depends on NET
1608 select CRYPTO_RNG
1609 select CRYPTO_USER_API
1610 help
1611 This option enables the user-spaces interface for random
1612 number generator algorithms.
1613
b64a2d95
HX		 1614config CRYPTO_USER_API_AEAD
1615 tristate "User-space interface for AEAD cipher algorithms"
1616 depends on NET
1617 select CRYPTO_AEAD
1618 select CRYPTO_USER_API
1619 help
1620 This option enables the user-spaces interface for AEAD
1621 cipher algorithms.
1622
ee08997f
DK		 1623config CRYPTO_HASH_INFO
1624 bool
1625
1da177e4 1626source "drivers/crypto/Kconfig"
964f3b3b 1627source crypto/asymmetric_keys/Kconfig
cfc411e7 1628source certs/Kconfig
1da177e4 1629
cce9e06d 1630endif # if CRYPTO
ubuntu-zesty-kernel mirror