]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - crypto/Kconfig
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: arm/sha256 - Add optimized SHA-256/224
[mirror_ubuntu-bionic-kernel.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
51
5cde0af2
HX		 52config CRYPTO_BLKCIPHER
53 tristate
6a0fcbb4 54 select CRYPTO_BLKCIPHER2
5cde0af2 55 select CRYPTO_ALGAPI
6a0fcbb4
HX		 56
57config CRYPTO_BLKCIPHER2
58 tristate
59 select CRYPTO_ALGAPI2
60 select CRYPTO_RNG2
0a2e821d 61 select CRYPTO_WORKQUEUE
5cde0af2 62
055bcee3
HX		 63config CRYPTO_HASH
64 tristate
6a0fcbb4 65 select CRYPTO_HASH2
055bcee3
HX		 66 select CRYPTO_ALGAPI
67
6a0fcbb4
HX		 68config CRYPTO_HASH2
69 tristate
70 select CRYPTO_ALGAPI2
71
17f0f4a4
NH		 72config CRYPTO_RNG
73 tristate
6a0fcbb4 74 select CRYPTO_RNG2
17f0f4a4
NH		 75 select CRYPTO_ALGAPI
76
6a0fcbb4
HX		 77config CRYPTO_RNG2
78 tristate
79 select CRYPTO_ALGAPI2
80
a1d2f095 81config CRYPTO_PCOMP
bc94e596
HX		 82 tristate
83 select CRYPTO_PCOMP2
84 select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
a1d2f095
GU		 87 tristate
88 select CRYPTO_ALGAPI2
89
2b8c19db
HX		 90config CRYPTO_MANAGER
91 tristate "Cryptographic algorithm manager"
6a0fcbb4 92 select CRYPTO_MANAGER2
2b8c19db
HX		 93 help
94 Create default cryptographic template instantiations such as
95 cbc(aes).
96
6a0fcbb4
HX		 97config CRYPTO_MANAGER2
98 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99 select CRYPTO_AEAD2
100 select CRYPTO_HASH2
101 select CRYPTO_BLKCIPHER2
bc94e596 102 select CRYPTO_PCOMP2
6a0fcbb4 103
a38f7907
SK		 104config CRYPTO_USER
105 tristate "Userspace cryptographic algorithm configuration"
5db017aa 106 depends on NET
a38f7907
SK		 107 select CRYPTO_MANAGER
108 help
d19978f5 109 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 110 cbc(aes).
111
326a6346
HX		 112config CRYPTO_MANAGER_DISABLE_TESTS
113 bool "Disable run-time self tests"
00ca28a5
HX		 114 default y
115 depends on CRYPTO_MANAGER2
0b767f96 116 help
326a6346
HX		 117 Disable run-time self tests that normally take place at
118 algorithm registration.
0b767f96 119
584fffc8 120config CRYPTO_GF128MUL
08c70fc3 121 tristate "GF(2^128) multiplication functions"
333b0d7e 122 help
584fffc8
SS		 123 Efficient table driven implementation of multiplications in the
124 field GF(2^128). This is needed by some cypher modes. This
125 option will be selected automatically if you select such a
126 cipher mode. Only select this option by hand if you expect to load
127 an external module that requires these functions.
333b0d7e 128
1da177e4
LT		 129config CRYPTO_NULL
130 tristate "Null algorithms"
cce9e06d 131 select CRYPTO_ALGAPI
c8620c25 132 select CRYPTO_BLKCIPHER
d35d2454 133 select CRYPTO_HASH
1da177e4
LT		 134 help
135 These are 'Null' algorithms, used by IPsec, which do nothing.
136
5068c7a8 137config CRYPTO_PCRYPT
3b4afaf2
KC		 138 tristate "Parallel crypto engine"
139 depends on SMP
5068c7a8
SK		 140 select PADATA
141 select CRYPTO_MANAGER
142 select CRYPTO_AEAD
143 help
144 This converts an arbitrary crypto algorithm into a parallel
145 algorithm that executes in kernel threads.
146
25c38d3f
HY		 147config CRYPTO_WORKQUEUE
148 tristate
149
584fffc8
SS		 150config CRYPTO_CRYPTD
151 tristate "Software async crypto daemon"
152 select CRYPTO_BLKCIPHER
b8a28251 153 select CRYPTO_HASH
584fffc8 154 select CRYPTO_MANAGER
254eff77 155 select CRYPTO_WORKQUEUE
1da177e4 156 help
584fffc8
SS		 157 This is a generic software asynchronous crypto daemon that
158 converts an arbitrary synchronous software crypto algorithm
159 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 160
1e65b81a
TC		 161config CRYPTO_MCRYPTD
162 tristate "Software async multi-buffer crypto daemon"
163 select CRYPTO_BLKCIPHER
164 select CRYPTO_HASH
165 select CRYPTO_MANAGER
166 select CRYPTO_WORKQUEUE
167 help
168 This is a generic software asynchronous crypto daemon that
169 provides the kernel thread to assist multi-buffer crypto
170 algorithms for submitting jobs and flushing jobs in multi-buffer
171 crypto algorithms. Multi-buffer crypto algorithms are executed
172 in the context of this kernel thread and drivers can post
0e56673b 173 their crypto request asynchronously to be processed by this daemon.
1e65b81a 174
584fffc8
SS		 175config CRYPTO_AUTHENC
176 tristate "Authenc support"
177 select CRYPTO_AEAD
178 select CRYPTO_BLKCIPHER
179 select CRYPTO_MANAGER
180 select CRYPTO_HASH
1da177e4 181 help
584fffc8
SS		 182 Authenc: Combined mode wrapper for IPsec.
183 This is required for IPSec.
1da177e4 184
584fffc8
SS		 185config CRYPTO_TEST
186 tristate "Testing module"
187 depends on m
da7f033d 188 select CRYPTO_MANAGER
1da177e4 189 help
584fffc8 190 Quick & dirty crypto test module.
1da177e4 191
a62b01cd 192config CRYPTO_ABLK_HELPER
ffaf9156 193 tristate
ffaf9156
JK		 194 select CRYPTO_CRYPTD
195
596d8750
JK		 196config CRYPTO_GLUE_HELPER_X86
197 tristate
198 depends on X86
199 select CRYPTO_ALGAPI
200
584fffc8 201comment "Authenticated Encryption with Associated Data"
cd12fb90 202
584fffc8
SS		 203config CRYPTO_CCM
204 tristate "CCM support"
205 select CRYPTO_CTR
206 select CRYPTO_AEAD
1da177e4 207 help
584fffc8 208 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 209
584fffc8
SS		 210config CRYPTO_GCM
211 tristate "GCM/GMAC support"
212 select CRYPTO_CTR
213 select CRYPTO_AEAD
9382d97a 214 select CRYPTO_GHASH
9489667d 215 select CRYPTO_NULL
1da177e4 216 help
584fffc8
SS		 217 Support for Galois/Counter Mode (GCM) and Galois Message
218 Authentication Code (GMAC). Required for IPSec.
1da177e4 219
584fffc8
SS		 220config CRYPTO_SEQIV
221 tristate "Sequence Number IV Generator"
222 select CRYPTO_AEAD
223 select CRYPTO_BLKCIPHER
a0f000ec 224 select CRYPTO_RNG
1da177e4 225 help
584fffc8
SS		 226 This IV generator generates an IV based on a sequence number by
227 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 228
584fffc8 229comment "Block modes"
c494e070 230
584fffc8
SS		 231config CRYPTO_CBC
232 tristate "CBC support"
db131ef9 233 select CRYPTO_BLKCIPHER
43518407 234 select CRYPTO_MANAGER
db131ef9 235 help
584fffc8
SS		 236 CBC: Cipher Block Chaining mode
237 This block cipher algorithm is required for IPSec.
db131ef9 238
584fffc8
SS		 239config CRYPTO_CTR
240 tristate "CTR support"
db131ef9 241 select CRYPTO_BLKCIPHER
584fffc8 242 select CRYPTO_SEQIV
43518407 243 select CRYPTO_MANAGER
db131ef9 244 help
584fffc8 245 CTR: Counter mode
db131ef9
HX		 246 This block cipher algorithm is required for IPSec.
247
584fffc8
SS		 248config CRYPTO_CTS
249 tristate "CTS support"
250 select CRYPTO_BLKCIPHER
251 help
252 CTS: Cipher Text Stealing
253 This is the Cipher Text Stealing mode as described by
254 Section 8 of rfc2040 and referenced by rfc3962.
255 (rfc3962 includes errata information in its Appendix A)
256 This mode is required for Kerberos gss mechanism support
257 for AES encryption.
258
259config CRYPTO_ECB
260 tristate "ECB support"
91652be5
DH		 261 select CRYPTO_BLKCIPHER
262 select CRYPTO_MANAGER
91652be5 263 help
584fffc8
SS		 264 ECB: Electronic CodeBook mode
265 This is the simplest block cipher algorithm. It simply encrypts
266 the input block by block.
91652be5 267
64470f1b 268config CRYPTO_LRW
2470a2b2 269 tristate "LRW support"
64470f1b
RS		 270 select CRYPTO_BLKCIPHER
271 select CRYPTO_MANAGER
272 select CRYPTO_GF128MUL
273 help
274 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
275 narrow block cipher mode for dm-crypt. Use it with cipher
276 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
277 The first 128, 192 or 256 bits in the key are used for AES and the
278 rest is used to tie each cipher block to its logical position.
279
584fffc8
SS		 280config CRYPTO_PCBC
281 tristate "PCBC support"
282 select CRYPTO_BLKCIPHER
283 select CRYPTO_MANAGER
284 help
285 PCBC: Propagating Cipher Block Chaining mode
286 This block cipher algorithm is required for RxRPC.
287
f19f5111 288config CRYPTO_XTS
5bcf8e6d 289 tristate "XTS support"
f19f5111
RS		 290 select CRYPTO_BLKCIPHER
291 select CRYPTO_MANAGER
292 select CRYPTO_GF128MUL
293 help
294 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
295 key size 256, 384 or 512 bits. This implementation currently
296 can't handle a sectorsize which is not a multiple of 16 bytes.
297
584fffc8
SS		 298comment "Hash modes"
299
93b5e86a
JK		 300config CRYPTO_CMAC
301 tristate "CMAC support"
302 select CRYPTO_HASH
303 select CRYPTO_MANAGER
304 help
305 Cipher-based Message Authentication Code (CMAC) specified by
306 The National Institute of Standards and Technology (NIST).
307
308 https://tools.ietf.org/html/rfc4493
309 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
310
584fffc8
SS		 311config CRYPTO_HMAC
312 tristate "HMAC support"
313 select CRYPTO_HASH
23e353c8 314 select CRYPTO_MANAGER
23e353c8 315 help
584fffc8
SS		 316 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
317 This is required for IPSec.
23e353c8 318
584fffc8
SS		 319config CRYPTO_XCBC
320 tristate "XCBC support"
584fffc8
SS		 321 select CRYPTO_HASH
322 select CRYPTO_MANAGER
76cb9521 323 help
584fffc8
SS		 324 XCBC: Keyed-Hashing with encryption algorithm
325 http://www.ietf.org/rfc/rfc3566.txt
326 http://csrc.nist.gov/encryption/modes/proposedmodes/
327 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 328
f1939f7c
SW		 329config CRYPTO_VMAC
330 tristate "VMAC support"
f1939f7c
SW		 331 select CRYPTO_HASH
332 select CRYPTO_MANAGER
333 help
334 VMAC is a message authentication algorithm designed for
335 very high speed on 64-bit architectures.
336
337 See also:
338 <http://fastcrypto.org/vmac>
339
584fffc8 340comment "Digest"
28db8e3e 341
584fffc8
SS		 342config CRYPTO_CRC32C
343 tristate "CRC32c CRC algorithm"
5773a3e6 344 select CRYPTO_HASH
6a0962b2 345 select CRC32
4a49b499 346 help
584fffc8
SS		 347 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
348 by iSCSI for header and data digests and by others.
69c35efc 349 See Castagnoli93. Module will be crc32c.
4a49b499 350
8cb51ba8
AZ		 351config CRYPTO_CRC32C_INTEL
352 tristate "CRC32c INTEL hardware acceleration"
353 depends on X86
354 select CRYPTO_HASH
355 help
356 In Intel processor with SSE4.2 supported, the processor will
357 support CRC32C implementation using hardware accelerated CRC32
358 instruction. This option will create 'crc32c-intel' module,
359 which will enable any routine to use the CRC32 instruction to
360 gain performance compared with software implementation.
361 Module will be crc32c-intel.
362
442a7c40
DM		 363config CRYPTO_CRC32C_SPARC64
364 tristate "CRC32c CRC algorithm (SPARC64)"
365 depends on SPARC64
366 select CRYPTO_HASH
367 select CRC32
368 help
369 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
370 when available.
371
78c37d19
AB		 372config CRYPTO_CRC32
373 tristate "CRC32 CRC algorithm"
374 select CRYPTO_HASH
375 select CRC32
376 help
377 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
378 Shash crypto api wrappers to crc32_le function.
379
380config CRYPTO_CRC32_PCLMUL
381 tristate "CRC32 PCLMULQDQ hardware acceleration"
382 depends on X86
383 select CRYPTO_HASH
384 select CRC32
385 help
386 From Intel Westmere and AMD Bulldozer processor with SSE4.2
387 and PCLMULQDQ supported, the processor will support
388 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
389 instruction. This option will create 'crc32-plcmul' module,
390 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
391 and gain better performance as compared with the table implementation.
392
68411521
HX		 393config CRYPTO_CRCT10DIF
394 tristate "CRCT10DIF algorithm"
395 select CRYPTO_HASH
396 help
397 CRC T10 Data Integrity Field computation is being cast as
398 a crypto transform. This allows for faster crc t10 diff
399 transforms to be used if they are available.
400
401config CRYPTO_CRCT10DIF_PCLMUL
402 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
403 depends on X86 && 64BIT && CRC_T10DIF
404 select CRYPTO_HASH
405 help
406 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
407 CRC T10 DIF PCLMULQDQ computation can be hardware
408 accelerated PCLMULQDQ instruction. This option will create
409 'crct10dif-plcmul' module, which is faster when computing the
410 crct10dif checksum as compared with the generic table implementation.
411
2cdc6899
HY		 412config CRYPTO_GHASH
413 tristate "GHASH digest algorithm"
2cdc6899
HY		 414 select CRYPTO_GF128MUL
415 help
416 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
417
584fffc8
SS		 418config CRYPTO_MD4
419 tristate "MD4 digest algorithm"
808a1763 420 select CRYPTO_HASH
124b53d0 421 help
584fffc8 422 MD4 message digest algorithm (RFC1320).
124b53d0 423
584fffc8
SS		 424config CRYPTO_MD5
425 tristate "MD5 digest algorithm"
14b75ba7 426 select CRYPTO_HASH
1da177e4 427 help
584fffc8 428 MD5 message digest algorithm (RFC1321).
1da177e4 429
d69e75de
AK		 430config CRYPTO_MD5_OCTEON
431 tristate "MD5 digest algorithm (OCTEON)"
432 depends on CPU_CAVIUM_OCTEON
433 select CRYPTO_MD5
434 select CRYPTO_HASH
435 help
436 MD5 message digest algorithm (RFC1321) implemented
437 using OCTEON crypto instructions, when available.
438
e8e59953
MS		 439config CRYPTO_MD5_PPC
440 tristate "MD5 digest algorithm (PPC)"
441 depends on PPC
442 select CRYPTO_HASH
443 help
444 MD5 message digest algorithm (RFC1321) implemented
445 in PPC assembler.
446
fa4dfedc
DM		 447config CRYPTO_MD5_SPARC64
448 tristate "MD5 digest algorithm (SPARC64)"
449 depends on SPARC64
450 select CRYPTO_MD5
451 select CRYPTO_HASH
452 help
453 MD5 message digest algorithm (RFC1321) implemented
454 using sparc64 crypto instructions, when available.
455
584fffc8
SS		 456config CRYPTO_MICHAEL_MIC
457 tristate "Michael MIC keyed digest algorithm"
19e2bf14 458 select CRYPTO_HASH
90831639 459 help
584fffc8
SS		 460 Michael MIC is used for message integrity protection in TKIP
461 (IEEE 802.11i). This algorithm is required for TKIP, but it
462 should not be used for other purposes because of the weakness
463 of the algorithm.
90831639 464
82798f90 465config CRYPTO_RMD128
b6d44341 466 tristate "RIPEMD-128 digest algorithm"
7c4468bc 467 select CRYPTO_HASH
b6d44341
AB		 468 help
469 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 470
b6d44341 471 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 472 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 473 RIPEMD-160 should be used.
82798f90 474
b6d44341 475 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 476 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 477
478config CRYPTO_RMD160
b6d44341 479 tristate "RIPEMD-160 digest algorithm"
e5835fba 480 select CRYPTO_HASH
b6d44341
AB		 481 help
482 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 483
b6d44341
AB		 484 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
485 to be used as a secure replacement for the 128-bit hash functions
486 MD4, MD5 and it's predecessor RIPEMD
487 (not to be confused with RIPEMD-128).
82798f90 488
b6d44341
AB		 489 It's speed is comparable to SHA1 and there are no known attacks
490 against RIPEMD-160.
534fe2c1 491
b6d44341 492 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 493 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 494
495config CRYPTO_RMD256
b6d44341 496 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 497 select CRYPTO_HASH
b6d44341
AB		 498 help
499 RIPEMD-256 is an optional extension of RIPEMD-128 with a
500 256 bit hash. It is intended for applications that require
501 longer hash-results, without needing a larger security level
502 (than RIPEMD-128).
534fe2c1 503
b6d44341 504 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 505 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 506
507config CRYPTO_RMD320
b6d44341 508 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 509 select CRYPTO_HASH
b6d44341
AB		 510 help
511 RIPEMD-320 is an optional extension of RIPEMD-160 with a
512 320 bit hash. It is intended for applications that require
513 longer hash-results, without needing a larger security level
514 (than RIPEMD-160).
534fe2c1 515
b6d44341 516 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 517 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 518
584fffc8
SS		 519config CRYPTO_SHA1
520 tristate "SHA1 digest algorithm"
54ccb367 521 select CRYPTO_HASH
1da177e4 522 help
584fffc8 523 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 524
66be8951 525config CRYPTO_SHA1_SSSE3
7c1da8d0 526 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
66be8951
MK		 527 depends on X86 && 64BIT
528 select CRYPTO_SHA1
529 select CRYPTO_HASH
530 help
531 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
532 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
7c1da8d0 533 Extensions (AVX/AVX2), when available.
66be8951 534
8275d1aa
TC		 535config CRYPTO_SHA256_SSSE3
536 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
537 depends on X86 && 64BIT
538 select CRYPTO_SHA256
539 select CRYPTO_HASH
540 help
541 SHA-256 secure hash standard (DFIPS 180-2) implemented
542 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
543 Extensions version 1 (AVX1), or Advanced Vector Extensions
87de4579
TC		 544 version 2 (AVX2) instructions, when available.
545
546config CRYPTO_SHA512_SSSE3
547 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
548 depends on X86 && 64BIT
549 select CRYPTO_SHA512
550 select CRYPTO_HASH
551 help
552 SHA-512 secure hash standard (DFIPS 180-2) implemented
553 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
554 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 555 version 2 (AVX2) instructions, when available.
556
efdb6f6e
AK		 557config CRYPTO_SHA1_OCTEON
558 tristate "SHA1 digest algorithm (OCTEON)"
559 depends on CPU_CAVIUM_OCTEON
560 select CRYPTO_SHA1
561 select CRYPTO_HASH
562 help
563 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
564 using OCTEON crypto instructions, when available.
565
4ff28d4c
DM		 566config CRYPTO_SHA1_SPARC64
567 tristate "SHA1 digest algorithm (SPARC64)"
568 depends on SPARC64
569 select CRYPTO_SHA1
570 select CRYPTO_HASH
571 help
572 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
573 using sparc64 crypto instructions, when available.
574
323a6bf1
ME		 575config CRYPTO_SHA1_PPC
576 tristate "SHA1 digest algorithm (powerpc)"
577 depends on PPC
578 help
579 This is the powerpc hardware accelerated implementation of the
580 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
581
d9850fc5
MS		 582config CRYPTO_SHA1_PPC_SPE
583 tristate "SHA1 digest algorithm (PPC SPE)"
584 depends on PPC && SPE
585 help
586 SHA-1 secure hash standard (DFIPS 180-4) implemented
587 using powerpc SPE SIMD instruction set.
588
1e65b81a
TC		 589config CRYPTO_SHA1_MB
590 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
591 depends on X86 && 64BIT
592 select CRYPTO_SHA1
593 select CRYPTO_HASH
594 select CRYPTO_MCRYPTD
595 help
596 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
597 using multi-buffer technique. This algorithm computes on
598 multiple data lanes concurrently with SIMD instructions for
599 better throughput. It should not be enabled by default but
600 used when there is significant amount of work to keep the keep
601 the data lanes filled to get performance benefit. If the data
602 lanes remain unfilled, a flush operation will be initiated to
603 process the crypto jobs, adding a slight latency.
604
584fffc8
SS		 605config CRYPTO_SHA256
606 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 607 select CRYPTO_HASH
1da177e4 608 help
584fffc8 609 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 610
584fffc8
SS		 611 This version of SHA implements a 256 bit hash with 128 bits of
612 security against collision attacks.
2729bb42 613
b6d44341
AB		 614 This code also includes SHA-224, a 224 bit hash with 112 bits
615 of security against collision attacks.
584fffc8 616
2ecc1e95
MS		 617config CRYPTO_SHA256_PPC_SPE
618 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
619 depends on PPC && SPE
620 select CRYPTO_SHA256
621 select CRYPTO_HASH
622 help
623 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
624 implemented using powerpc SPE SIMD instruction set.
625
efdb6f6e
AK		 626config CRYPTO_SHA256_OCTEON
627 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
628 depends on CPU_CAVIUM_OCTEON
629 select CRYPTO_SHA256
630 select CRYPTO_HASH
631 help
632 SHA-256 secure hash standard (DFIPS 180-2) implemented
633 using OCTEON crypto instructions, when available.
634
86c93b24
DM		 635config CRYPTO_SHA256_SPARC64
636 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
637 depends on SPARC64
638 select CRYPTO_SHA256
639 select CRYPTO_HASH
640 help
641 SHA-256 secure hash standard (DFIPS 180-2) implemented
642 using sparc64 crypto instructions, when available.
643
584fffc8
SS		 644config CRYPTO_SHA512
645 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 646 select CRYPTO_HASH
b9f535ff 647 help
584fffc8 648 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 649
584fffc8
SS		 650 This version of SHA implements a 512 bit hash with 256 bits of
651 security against collision attacks.
b9f535ff 652
584fffc8
SS		 653 This code also includes SHA-384, a 384 bit hash with 192 bits
654 of security against collision attacks.
b9f535ff 655
efdb6f6e
AK		 656config CRYPTO_SHA512_OCTEON
657 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
658 depends on CPU_CAVIUM_OCTEON
659 select CRYPTO_SHA512
660 select CRYPTO_HASH
661 help
662 SHA-512 secure hash standard (DFIPS 180-2) implemented
663 using OCTEON crypto instructions, when available.
664
775e0c69
DM		 665config CRYPTO_SHA512_SPARC64
666 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
667 depends on SPARC64
668 select CRYPTO_SHA512
669 select CRYPTO_HASH
670 help
671 SHA-512 secure hash standard (DFIPS 180-2) implemented
672 using sparc64 crypto instructions, when available.
673
584fffc8
SS		 674config CRYPTO_TGR192
675 tristate "Tiger digest algorithms"
f63fbd3d 676 select CRYPTO_HASH
eaf44088 677 help
584fffc8 678 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 679
584fffc8
SS		 680 Tiger is a hash function optimized for 64-bit processors while
681 still having decent performance on 32-bit processors.
682 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 683
684 See also:
584fffc8 685 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 686
584fffc8
SS		 687config CRYPTO_WP512
688 tristate "Whirlpool digest algorithms"
4946510b 689 select CRYPTO_HASH
1da177e4 690 help
584fffc8 691 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 692
584fffc8
SS		 693 Whirlpool-512 is part of the NESSIE cryptographic primitives.
694 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 695
696 See also:
6d8de74c 697 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 698
0e1227d3
HY		 699config CRYPTO_GHASH_CLMUL_NI_INTEL
700 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 701 depends on X86 && 64BIT
0e1227d3
HY		 702 select CRYPTO_CRYPTD
703 help
704 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
705 The implementation is accelerated by CLMUL-NI of Intel.
706
584fffc8 707comment "Ciphers"
1da177e4
LT		 708
709config CRYPTO_AES
710 tristate "AES cipher algorithms"
cce9e06d 711 select CRYPTO_ALGAPI
1da177e4 712 help
584fffc8 713 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 714 algorithm.
715
716 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 717 both hardware and software across a wide range of computing
718 environments regardless of its use in feedback or non-feedback
719 modes. Its key setup time is excellent, and its key agility is
720 good. Rijndael's very low memory requirements make it very well
721 suited for restricted-space environments, in which it also
722 demonstrates excellent performance. Rijndael's operations are
723 among the easiest to defend against power and timing attacks.
1da177e4 724
584fffc8 725 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 726
727 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
728
729config CRYPTO_AES_586
730 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 731 depends on (X86 || UML_X86) && !64BIT
732 select CRYPTO_ALGAPI
5157dea8 733 select CRYPTO_AES
1da177e4 734 help
584fffc8 735 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 736 algorithm.
737
738 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 739 both hardware and software across a wide range of computing
740 environments regardless of its use in feedback or non-feedback
741 modes. Its key setup time is excellent, and its key agility is
742 good. Rijndael's very low memory requirements make it very well
743 suited for restricted-space environments, in which it also
744 demonstrates excellent performance. Rijndael's operations are
745 among the easiest to defend against power and timing attacks.
1da177e4 746
584fffc8 747 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 748
749 See <http://csrc.nist.gov/encryption/aes/> for more information.
750
751config CRYPTO_AES_X86_64
752 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 753 depends on (X86 || UML_X86) && 64BIT
754 select CRYPTO_ALGAPI
81190b32 755 select CRYPTO_AES
a2a892a2 756 help
584fffc8 757 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 758 algorithm.
759
760 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 761 both hardware and software across a wide range of computing
762 environments regardless of its use in feedback or non-feedback
763 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 764 good. Rijndael's very low memory requirements make it very well
765 suited for restricted-space environments, in which it also
766 demonstrates excellent performance. Rijndael's operations are
767 among the easiest to defend against power and timing attacks.
768
769 The AES specifies three key sizes: 128, 192 and 256 bits
770
771 See <http://csrc.nist.gov/encryption/aes/> for more information.
772
773config CRYPTO_AES_NI_INTEL
774 tristate "AES cipher algorithms (AES-NI)"
8af00860 775 depends on X86
0d258efb
MK		 776 select CRYPTO_AES_X86_64 if 64BIT
777 select CRYPTO_AES_586 if !64BIT
54b6a1bd 778 select CRYPTO_CRYPTD
801201aa 779 select CRYPTO_ABLK_HELPER
54b6a1bd 780 select CRYPTO_ALGAPI
7643a11a 781 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 782 select CRYPTO_LRW
783 select CRYPTO_XTS
54b6a1bd
HY		 784 help
785 Use Intel AES-NI instructions for AES algorithm.
786
787 AES cipher algorithms (FIPS-197). AES uses the Rijndael
788 algorithm.
789
790 Rijndael appears to be consistently a very good performer in
791 both hardware and software across a wide range of computing
792 environments regardless of its use in feedback or non-feedback
793 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 794 good. Rijndael's very low memory requirements make it very well
795 suited for restricted-space environments, in which it also
796 demonstrates excellent performance. Rijndael's operations are
797 among the easiest to defend against power and timing attacks.
a2a892a2 798
584fffc8 799 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 800
801 See <http://csrc.nist.gov/encryption/aes/> for more information.
802
0d258efb
MK		 803 In addition to AES cipher algorithm support, the acceleration
804 for some popular block cipher mode is supported too, including
805 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
806 acceleration for CTR.
2cf4ac8b 807
9bf4852d
DM		 808config CRYPTO_AES_SPARC64
809 tristate "AES cipher algorithms (SPARC64)"
810 depends on SPARC64
811 select CRYPTO_CRYPTD
812 select CRYPTO_ALGAPI
813 help
814 Use SPARC64 crypto opcodes for AES algorithm.
815
816 AES cipher algorithms (FIPS-197). AES uses the Rijndael
817 algorithm.
818
819 Rijndael appears to be consistently a very good performer in
820 both hardware and software across a wide range of computing
821 environments regardless of its use in feedback or non-feedback
822 modes. Its key setup time is excellent, and its key agility is
823 good. Rijndael's very low memory requirements make it very well
824 suited for restricted-space environments, in which it also
825 demonstrates excellent performance. Rijndael's operations are
826 among the easiest to defend against power and timing attacks.
827
828 The AES specifies three key sizes: 128, 192 and 256 bits
829
830 See <http://csrc.nist.gov/encryption/aes/> for more information.
831
832 In addition to AES cipher algorithm support, the acceleration
833 for some popular block cipher mode is supported too, including
834 ECB and CBC.
835
504c6143
MS		 836config CRYPTO_AES_PPC_SPE
837 tristate "AES cipher algorithms (PPC SPE)"
838 depends on PPC && SPE
839 help
840 AES cipher algorithms (FIPS-197). Additionally the acceleration
841 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
842 This module should only be used for low power (router) devices
843 without hardware AES acceleration (e.g. caam crypto). It reduces the
844 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
845 timining attacks. Nevertheless it might be not as secure as other
846 architecture specific assembler implementations that work on 1KB
847 tables or 256 bytes S-boxes.
848
584fffc8
SS		 849config CRYPTO_ANUBIS
850 tristate "Anubis cipher algorithm"
851 select CRYPTO_ALGAPI
852 help
853 Anubis cipher algorithm.
854
855 Anubis is a variable key length cipher which can use keys from
856 128 bits to 320 bits in length. It was evaluated as a entrant
857 in the NESSIE competition.
858
859 See also:
6d8de74c
JM		 860 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
861 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 862
863config CRYPTO_ARC4
864 tristate "ARC4 cipher algorithm"
b9b0f080 865 select CRYPTO_BLKCIPHER
584fffc8
SS		 866 help
867 ARC4 cipher algorithm.
868
869 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
870 bits in length. This algorithm is required for driver-based
871 WEP, but it should not be for other purposes because of the
872 weakness of the algorithm.
873
874config CRYPTO_BLOWFISH
875 tristate "Blowfish cipher algorithm"
876 select CRYPTO_ALGAPI
52ba867c 877 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 878 help
879 Blowfish cipher algorithm, by Bruce Schneier.
880
881 This is a variable key length cipher which can use keys from 32
882 bits to 448 bits in length. It's fast, simple and specifically
883 designed for use on "large microprocessors".
884
885 See also:
886 <http://www.schneier.com/blowfish.html>
887
52ba867c
JK		 888config CRYPTO_BLOWFISH_COMMON
889 tristate
890 help
891 Common parts of the Blowfish cipher algorithm shared by the
892 generic c and the assembler implementations.
893
894 See also:
895 <http://www.schneier.com/blowfish.html>
896
64b94cea
JK		 897config CRYPTO_BLOWFISH_X86_64
898 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 899 depends on X86 && 64BIT
64b94cea
JK		 900 select CRYPTO_ALGAPI
901 select CRYPTO_BLOWFISH_COMMON
902 help
903 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
904
905 This is a variable key length cipher which can use keys from 32
906 bits to 448 bits in length. It's fast, simple and specifically
907 designed for use on "large microprocessors".
908
909 See also:
910 <http://www.schneier.com/blowfish.html>
911
584fffc8
SS		 912config CRYPTO_CAMELLIA
913 tristate "Camellia cipher algorithms"
914 depends on CRYPTO
915 select CRYPTO_ALGAPI
916 help
917 Camellia cipher algorithms module.
918
919 Camellia is a symmetric key block cipher developed jointly
920 at NTT and Mitsubishi Electric Corporation.
921
922 The Camellia specifies three key sizes: 128, 192 and 256 bits.
923
924 See also:
925 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
926
0b95ec56
JK		 927config CRYPTO_CAMELLIA_X86_64
928 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 929 depends on X86 && 64BIT
0b95ec56
JK		 930 depends on CRYPTO
931 select CRYPTO_ALGAPI
964263af 932 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 933 select CRYPTO_LRW
934 select CRYPTO_XTS
935 help
936 Camellia cipher algorithm module (x86_64).
937
938 Camellia is a symmetric key block cipher developed jointly
939 at NTT and Mitsubishi Electric Corporation.
940
941 The Camellia specifies three key sizes: 128, 192 and 256 bits.
942
943 See also:
d9b1d2e7
JK		 944 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
945
946config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
947 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
948 depends on X86 && 64BIT
949 depends on CRYPTO
950 select CRYPTO_ALGAPI
951 select CRYPTO_CRYPTD
801201aa 952 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 953 select CRYPTO_GLUE_HELPER_X86
954 select CRYPTO_CAMELLIA_X86_64
955 select CRYPTO_LRW
956 select CRYPTO_XTS
957 help
958 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
959
960 Camellia is a symmetric key block cipher developed jointly
961 at NTT and Mitsubishi Electric Corporation.
962
963 The Camellia specifies three key sizes: 128, 192 and 256 bits.
964
965 See also:
0b95ec56
JK		 966 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
967
f3f935a7
JK		 968config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
969 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
970 depends on X86 && 64BIT
971 depends on CRYPTO
972 select CRYPTO_ALGAPI
973 select CRYPTO_CRYPTD
801201aa 974 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 975 select CRYPTO_GLUE_HELPER_X86
976 select CRYPTO_CAMELLIA_X86_64
977 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
978 select CRYPTO_LRW
979 select CRYPTO_XTS
980 help
981 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
982
983 Camellia is a symmetric key block cipher developed jointly
984 at NTT and Mitsubishi Electric Corporation.
985
986 The Camellia specifies three key sizes: 128, 192 and 256 bits.
987
988 See also:
989 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
990
81658ad0
DM		 991config CRYPTO_CAMELLIA_SPARC64
992 tristate "Camellia cipher algorithm (SPARC64)"
993 depends on SPARC64
994 depends on CRYPTO
995 select CRYPTO_ALGAPI
996 help
997 Camellia cipher algorithm module (SPARC64).
998
999 Camellia is a symmetric key block cipher developed jointly
1000 at NTT and Mitsubishi Electric Corporation.
1001
1002 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1003
1004 See also:
1005 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1006
044ab525
JK		 1007config CRYPTO_CAST_COMMON
1008 tristate
1009 help
1010 Common parts of the CAST cipher algorithms shared by the
1011 generic c and the assembler implementations.
1012
1da177e4
LT		 1013config CRYPTO_CAST5
1014 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1015 select CRYPTO_ALGAPI
044ab525 1016 select CRYPTO_CAST_COMMON
1da177e4
LT		 1017 help
1018 The CAST5 encryption algorithm (synonymous with CAST-128) is
1019 described in RFC2144.
1020
4d6d6a2c
JG		 1021config CRYPTO_CAST5_AVX_X86_64
1022 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1023 depends on X86 && 64BIT
1024 select CRYPTO_ALGAPI
1025 select CRYPTO_CRYPTD
801201aa 1026 select CRYPTO_ABLK_HELPER
044ab525 1027 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1028 select CRYPTO_CAST5
1029 help
1030 The CAST5 encryption algorithm (synonymous with CAST-128) is
1031 described in RFC2144.
1032
1033 This module provides the Cast5 cipher algorithm that processes
1034 sixteen blocks parallel using the AVX instruction set.
1035
1da177e4
LT		 1036config CRYPTO_CAST6
1037 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1038 select CRYPTO_ALGAPI
044ab525 1039 select CRYPTO_CAST_COMMON
1da177e4
LT		 1040 help
1041 The CAST6 encryption algorithm (synonymous with CAST-256) is
1042 described in RFC2612.
1043
4ea1277d
JG		 1044config CRYPTO_CAST6_AVX_X86_64
1045 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1046 depends on X86 && 64BIT
1047 select CRYPTO_ALGAPI
1048 select CRYPTO_CRYPTD
801201aa 1049 select CRYPTO_ABLK_HELPER
4ea1277d 1050 select CRYPTO_GLUE_HELPER_X86
044ab525 1051 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1052 select CRYPTO_CAST6
1053 select CRYPTO_LRW
1054 select CRYPTO_XTS
1055 help
1056 The CAST6 encryption algorithm (synonymous with CAST-256) is
1057 described in RFC2612.
1058
1059 This module provides the Cast6 cipher algorithm that processes
1060 eight blocks parallel using the AVX instruction set.
1061
584fffc8
SS		 1062config CRYPTO_DES
1063 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1064 select CRYPTO_ALGAPI
1da177e4 1065 help
584fffc8 1066 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1067
c5aac2df
DM		 1068config CRYPTO_DES_SPARC64
1069 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1070 depends on SPARC64
c5aac2df
DM		 1071 select CRYPTO_ALGAPI
1072 select CRYPTO_DES
1073 help
1074 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1075 optimized using SPARC64 crypto opcodes.
1076
6574e6c6
JK		 1077config CRYPTO_DES3_EDE_X86_64
1078 tristate "Triple DES EDE cipher algorithm (x86-64)"
1079 depends on X86 && 64BIT
1080 select CRYPTO_ALGAPI
1081 select CRYPTO_DES
1082 help
1083 Triple DES EDE (FIPS 46-3) algorithm.
1084
1085 This module provides implementation of the Triple DES EDE cipher
1086 algorithm that is optimized for x86-64 processors. Two versions of
1087 algorithm are provided; regular processing one input block and
1088 one that processes three blocks parallel.
1089
584fffc8
SS		 1090config CRYPTO_FCRYPT
1091 tristate "FCrypt cipher algorithm"
cce9e06d 1092 select CRYPTO_ALGAPI
584fffc8 1093 select CRYPTO_BLKCIPHER
1da177e4 1094 help
584fffc8 1095 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1096
1097config CRYPTO_KHAZAD
1098 tristate "Khazad cipher algorithm"
cce9e06d 1099 select CRYPTO_ALGAPI
1da177e4
LT		 1100 help
1101 Khazad cipher algorithm.
1102
1103 Khazad was a finalist in the initial NESSIE competition. It is
1104 an algorithm optimized for 64-bit processors with good performance
1105 on 32-bit processors. Khazad uses an 128 bit key size.
1106
1107 See also:
6d8de74c 1108 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1109
2407d608 1110config CRYPTO_SALSA20
3b4afaf2 1111 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1112 select CRYPTO_BLKCIPHER
1113 help
1114 Salsa20 stream cipher algorithm.
1115
1116 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1117 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1118
1119 The Salsa20 stream cipher algorithm is designed by Daniel J.
1120 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1121
1122config CRYPTO_SALSA20_586
3b4afaf2 1123 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1124 depends on (X86 || UML_X86) && !64BIT
974e4b75 1125 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1126 help
1127 Salsa20 stream cipher algorithm.
1128
1129 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1130 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1131
1132 The Salsa20 stream cipher algorithm is designed by Daniel J.
1133 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1134
1135config CRYPTO_SALSA20_X86_64
3b4afaf2 1136 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1137 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1138 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1139 help
1140 Salsa20 stream cipher algorithm.
1141
1142 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1143 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1144
1145 The Salsa20 stream cipher algorithm is designed by Daniel J.
1146 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1147
584fffc8
SS		 1148config CRYPTO_SEED
1149 tristate "SEED cipher algorithm"
cce9e06d 1150 select CRYPTO_ALGAPI
1da177e4 1151 help
584fffc8 1152 SEED cipher algorithm (RFC4269).
1da177e4 1153
584fffc8
SS		 1154 SEED is a 128-bit symmetric key block cipher that has been
1155 developed by KISA (Korea Information Security Agency) as a
1156 national standard encryption algorithm of the Republic of Korea.
1157 It is a 16 round block cipher with the key size of 128 bit.
1158
1159 See also:
1160 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1161
1162config CRYPTO_SERPENT
1163 tristate "Serpent cipher algorithm"
cce9e06d 1164 select CRYPTO_ALGAPI
1da177e4 1165 help
584fffc8 1166 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1167
584fffc8
SS		 1168 Keys are allowed to be from 0 to 256 bits in length, in steps
1169 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1170 variant of Serpent for compatibility with old kerneli.org code.
1171
1172 See also:
1173 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1174
937c30d7
JK		 1175config CRYPTO_SERPENT_SSE2_X86_64
1176 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1177 depends on X86 && 64BIT
1178 select CRYPTO_ALGAPI
341975bf 1179 select CRYPTO_CRYPTD
801201aa 1180 select CRYPTO_ABLK_HELPER
596d8750 1181 select CRYPTO_GLUE_HELPER_X86
937c30d7 1182 select CRYPTO_SERPENT
feaf0cfc
JK		 1183 select CRYPTO_LRW
1184 select CRYPTO_XTS
937c30d7
JK		 1185 help
1186 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1187
1188 Keys are allowed to be from 0 to 256 bits in length, in steps
1189 of 8 bits.
1190
1191 This module provides Serpent cipher algorithm that processes eigth
1192 blocks parallel using SSE2 instruction set.
1193
1194 See also:
1195 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1196
251496db
JK		 1197config CRYPTO_SERPENT_SSE2_586
1198 tristate "Serpent cipher algorithm (i586/SSE2)"
1199 depends on X86 && !64BIT
1200 select CRYPTO_ALGAPI
341975bf 1201 select CRYPTO_CRYPTD
801201aa 1202 select CRYPTO_ABLK_HELPER
596d8750 1203 select CRYPTO_GLUE_HELPER_X86
251496db 1204 select CRYPTO_SERPENT
feaf0cfc
JK		 1205 select CRYPTO_LRW
1206 select CRYPTO_XTS
251496db
JK		 1207 help
1208 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1209
1210 Keys are allowed to be from 0 to 256 bits in length, in steps
1211 of 8 bits.
1212
1213 This module provides Serpent cipher algorithm that processes four
1214 blocks parallel using SSE2 instruction set.
1215
1216 See also:
1217 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1218
1219config CRYPTO_SERPENT_AVX_X86_64
1220 tristate "Serpent cipher algorithm (x86_64/AVX)"
1221 depends on X86 && 64BIT
1222 select CRYPTO_ALGAPI
1223 select CRYPTO_CRYPTD
801201aa 1224 select CRYPTO_ABLK_HELPER
1d0debbd 1225 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1226 select CRYPTO_SERPENT
1227 select CRYPTO_LRW
1228 select CRYPTO_XTS
1229 help
1230 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1231
1232 Keys are allowed to be from 0 to 256 bits in length, in steps
1233 of 8 bits.
1234
1235 This module provides the Serpent cipher algorithm that processes
1236 eight blocks parallel using the AVX instruction set.
1237
1238 See also:
1239 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1240
56d76c96
JK		 1241config CRYPTO_SERPENT_AVX2_X86_64
1242 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1243 depends on X86 && 64BIT
1244 select CRYPTO_ALGAPI
1245 select CRYPTO_CRYPTD
801201aa 1246 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1247 select CRYPTO_GLUE_HELPER_X86
1248 select CRYPTO_SERPENT
1249 select CRYPTO_SERPENT_AVX_X86_64
1250 select CRYPTO_LRW
1251 select CRYPTO_XTS
1252 help
1253 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1254
1255 Keys are allowed to be from 0 to 256 bits in length, in steps
1256 of 8 bits.
1257
1258 This module provides Serpent cipher algorithm that processes 16
1259 blocks parallel using AVX2 instruction set.
1260
1261 See also:
1262 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1263
584fffc8
SS		 1264config CRYPTO_TEA
1265 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1266 select CRYPTO_ALGAPI
1da177e4 1267 help
584fffc8 1268 TEA cipher algorithm.
1da177e4 1269
584fffc8
SS		 1270 Tiny Encryption Algorithm is a simple cipher that uses
1271 many rounds for security. It is very fast and uses
1272 little memory.
1273
1274 Xtendend Tiny Encryption Algorithm is a modification to
1275 the TEA algorithm to address a potential key weakness
1276 in the TEA algorithm.
1277
1278 Xtendend Encryption Tiny Algorithm is a mis-implementation
1279 of the XTEA algorithm for compatibility purposes.
1280
1281config CRYPTO_TWOFISH
1282 tristate "Twofish cipher algorithm"
04ac7db3 1283 select CRYPTO_ALGAPI
584fffc8 1284 select CRYPTO_TWOFISH_COMMON
04ac7db3 1285 help
584fffc8 1286 Twofish cipher algorithm.
04ac7db3 1287
584fffc8
SS		 1288 Twofish was submitted as an AES (Advanced Encryption Standard)
1289 candidate cipher by researchers at CounterPane Systems. It is a
1290 16 round block cipher supporting key sizes of 128, 192, and 256
1291 bits.
04ac7db3 1292
584fffc8
SS		 1293 See also:
1294 <http://www.schneier.com/twofish.html>
1295
1296config CRYPTO_TWOFISH_COMMON
1297 tristate
1298 help
1299 Common parts of the Twofish cipher algorithm shared by the
1300 generic c and the assembler implementations.
1301
1302config CRYPTO_TWOFISH_586
1303 tristate "Twofish cipher algorithms (i586)"
1304 depends on (X86 || UML_X86) && !64BIT
1305 select CRYPTO_ALGAPI
1306 select CRYPTO_TWOFISH_COMMON
1307 help
1308 Twofish cipher algorithm.
1309
1310 Twofish was submitted as an AES (Advanced Encryption Standard)
1311 candidate cipher by researchers at CounterPane Systems. It is a
1312 16 round block cipher supporting key sizes of 128, 192, and 256
1313 bits.
04ac7db3
NT		 1314
1315 See also:
584fffc8 1316 <http://www.schneier.com/twofish.html>
04ac7db3 1317
584fffc8
SS		 1318config CRYPTO_TWOFISH_X86_64
1319 tristate "Twofish cipher algorithm (x86_64)"
1320 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1321 select CRYPTO_ALGAPI
584fffc8 1322 select CRYPTO_TWOFISH_COMMON
1da177e4 1323 help
584fffc8 1324 Twofish cipher algorithm (x86_64).
1da177e4 1325
584fffc8
SS		 1326 Twofish was submitted as an AES (Advanced Encryption Standard)
1327 candidate cipher by researchers at CounterPane Systems. It is a
1328 16 round block cipher supporting key sizes of 128, 192, and 256
1329 bits.
1330
1331 See also:
1332 <http://www.schneier.com/twofish.html>
1333
8280daad
JK		 1334config CRYPTO_TWOFISH_X86_64_3WAY
1335 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1336 depends on X86 && 64BIT
8280daad
JK		 1337 select CRYPTO_ALGAPI
1338 select CRYPTO_TWOFISH_COMMON
1339 select CRYPTO_TWOFISH_X86_64
414cb5e7 1340 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1341 select CRYPTO_LRW
1342 select CRYPTO_XTS
8280daad
JK		 1343 help
1344 Twofish cipher algorithm (x86_64, 3-way parallel).
1345
1346 Twofish was submitted as an AES (Advanced Encryption Standard)
1347 candidate cipher by researchers at CounterPane Systems. It is a
1348 16 round block cipher supporting key sizes of 128, 192, and 256
1349 bits.
1350
1351 This module provides Twofish cipher algorithm that processes three
1352 blocks parallel, utilizing resources of out-of-order CPUs better.
1353
1354 See also:
1355 <http://www.schneier.com/twofish.html>
1356
107778b5
JG		 1357config CRYPTO_TWOFISH_AVX_X86_64
1358 tristate "Twofish cipher algorithm (x86_64/AVX)"
1359 depends on X86 && 64BIT
1360 select CRYPTO_ALGAPI
1361 select CRYPTO_CRYPTD
801201aa 1362 select CRYPTO_ABLK_HELPER
a7378d4e 1363 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1364 select CRYPTO_TWOFISH_COMMON
1365 select CRYPTO_TWOFISH_X86_64
1366 select CRYPTO_TWOFISH_X86_64_3WAY
1367 select CRYPTO_LRW
1368 select CRYPTO_XTS
1369 help
1370 Twofish cipher algorithm (x86_64/AVX).
1371
1372 Twofish was submitted as an AES (Advanced Encryption Standard)
1373 candidate cipher by researchers at CounterPane Systems. It is a
1374 16 round block cipher supporting key sizes of 128, 192, and 256
1375 bits.
1376
1377 This module provides the Twofish cipher algorithm that processes
1378 eight blocks parallel using the AVX Instruction Set.
1379
1380 See also:
1381 <http://www.schneier.com/twofish.html>
1382
584fffc8
SS		 1383comment "Compression"
1384
1385config CRYPTO_DEFLATE
1386 tristate "Deflate compression algorithm"
1387 select CRYPTO_ALGAPI
1388 select ZLIB_INFLATE
1389 select ZLIB_DEFLATE
3c09f17c 1390 help
584fffc8
SS		 1391 This is the Deflate algorithm (RFC1951), specified for use in
1392 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1393
1394 You will most probably want this if using IPSec.
3c09f17c 1395
bf68e65e
GU		 1396config CRYPTO_ZLIB
1397 tristate "Zlib compression algorithm"
1398 select CRYPTO_PCOMP
1399 select ZLIB_INFLATE
1400 select ZLIB_DEFLATE
1401 select NLATTR
1402 help
1403 This is the zlib algorithm.
1404
0b77abb3
ZS		 1405config CRYPTO_LZO
1406 tristate "LZO compression algorithm"
1407 select CRYPTO_ALGAPI
1408 select LZO_COMPRESS
1409 select LZO_DECOMPRESS
1410 help
1411 This is the LZO algorithm.
1412
35a1fc18
SJ		 1413config CRYPTO_842
1414 tristate "842 compression algorithm"
1415 depends on CRYPTO_DEV_NX_COMPRESS
1416 # 842 uses lzo if the hardware becomes unavailable
1417 select LZO_COMPRESS
1418 select LZO_DECOMPRESS
1419 help
1420 This is the 842 algorithm.
0ea8530d
CM		 1421
1422config CRYPTO_LZ4
1423 tristate "LZ4 compression algorithm"
1424 select CRYPTO_ALGAPI
1425 select LZ4_COMPRESS
1426 select LZ4_DECOMPRESS
1427 help
1428 This is the LZ4 algorithm.
1429
1430config CRYPTO_LZ4HC
1431 tristate "LZ4HC compression algorithm"
1432 select CRYPTO_ALGAPI
1433 select LZ4HC_COMPRESS
1434 select LZ4_DECOMPRESS
1435 help
1436 This is the LZ4 high compression mode algorithm.
35a1fc18 1437
17f0f4a4
NH		 1438comment "Random Number Generation"
1439
1440config CRYPTO_ANSI_CPRNG
1441 tristate "Pseudo Random Number Generation for Cryptographic modules"
4e4ed83b 1442 default m
17f0f4a4
NH		 1443 select CRYPTO_AES
1444 select CRYPTO_RNG
17f0f4a4
NH		 1445 help
1446 This option enables the generic pseudo random number generator
1447 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1448 ANSI X9.31 A.2.4. Note that this option must be enabled if
1449 CRYPTO_FIPS is selected
17f0f4a4 1450
f2c89a10 1451menuconfig CRYPTO_DRBG_MENU
419090c6 1452 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1453 help
1454 NIST SP800-90A compliant DRBG. In the following submenu, one or
1455 more of the DRBG types must be selected.
1456
f2c89a10 1457if CRYPTO_DRBG_MENU
419090c6
SM		 1458
1459config CRYPTO_DRBG_HMAC
1460 bool "Enable HMAC DRBG"
1461 default y
419090c6
SM		 1462 select CRYPTO_HMAC
1463 help
1464 Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1465
1466config CRYPTO_DRBG_HASH
1467 bool "Enable Hash DRBG"
419090c6
SM		 1468 select CRYPTO_HASH
1469 help
1470 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1471
1472config CRYPTO_DRBG_CTR
1473 bool "Enable CTR DRBG"
419090c6
SM		 1474 select CRYPTO_AES
1475 help
1476 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1477
f2c89a10
HX		 1478config CRYPTO_DRBG
1479 tristate
1480 default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1481 select CRYPTO_RNG
1482
1483endif # if CRYPTO_DRBG_MENU
419090c6 1484
03c8efc1
HX		 1485config CRYPTO_USER_API
1486 tristate
1487
fe869cdb
HX		 1488config CRYPTO_USER_API_HASH
1489 tristate "User-space interface for hash algorithms"
7451708f 1490 depends on NET
fe869cdb
HX		 1491 select CRYPTO_HASH
1492 select CRYPTO_USER_API
1493 help
1494 This option enables the user-spaces interface for hash
1495 algorithms.
1496
8ff59090
HX		 1497config CRYPTO_USER_API_SKCIPHER
1498 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1499 depends on NET
8ff59090
HX		 1500 select CRYPTO_BLKCIPHER
1501 select CRYPTO_USER_API
1502 help
1503 This option enables the user-spaces interface for symmetric
1504 key cipher algorithms.
1505
2f375538
SM		 1506config CRYPTO_USER_API_RNG
1507 tristate "User-space interface for random number generator algorithms"
1508 depends on NET
1509 select CRYPTO_RNG
1510 select CRYPTO_USER_API
1511 help
1512 This option enables the user-spaces interface for random
1513 number generator algorithms.
1514
44cac4fc
SM		 1515config CRYPTO_USER_API_AEAD
1516 tristate "User-space interface for AEAD cipher algorithms"
1517 depends on NET
1518 select CRYPTO_AEAD
1519 select CRYPTO_USER_API
1520 help
1521 This option enables the user-spaces interface for AEAD
1522 cipher algorithms.
1523
ee08997f
DK		 1524config CRYPTO_HASH_INFO
1525 bool
1526
1da177e4 1527source "drivers/crypto/Kconfig"
964f3b3b 1528source crypto/asymmetric_keys/Kconfig
1da177e4 1529
cce9e06d 1530endif # if CRYPTO
ubuntu-bionic-kernel mirror