1 # SPDX-License-Identifier: GPL-2.0
3 # Generic algorithms support
9 # async_tx api: hardware offloaded memory transfer/transform support
11 source "crypto/async_tx/Kconfig"
14 # Cryptographic API Configuration
17 tristate "Cryptographic API"
19 This option provides the core Cryptographic API.
23 comment "Crypto core or helper"
26 bool "FIPS 200 compliance"
27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28 depends on (MODULE_SIG || !MODULES)
30 This options enables the fips boot option which is
31 required if you want to system to operate in a FIPS 200
32 certification. You should say no unless you know what
39 This option provides the API for cryptographic algorithms.
55 config CRYPTO_BLKCIPHER
57 select CRYPTO_BLKCIPHER2
60 config CRYPTO_BLKCIPHER2
64 select CRYPTO_WORKQUEUE
84 config CRYPTO_RNG_DEFAULT
86 select CRYPTO_DRBG_MENU
88 config CRYPTO_AKCIPHER2
92 config CRYPTO_AKCIPHER
94 select CRYPTO_AKCIPHER2
108 select CRYPTO_ALGAPI2
117 tristate "RSA algorithm"
118 select CRYPTO_AKCIPHER
119 select CRYPTO_MANAGER
123 Generic implementation of the RSA public key algorithm.
126 tristate "Diffie-Hellman algorithm"
130 Generic implementation of the Diffie-Hellman algorithm.
133 tristate "ECDH algorithm"
135 select CRYPTO_RNG_DEFAULT
137 Generic implementation of the ECDH algorithm
139 config CRYPTO_MANAGER
140 tristate "Cryptographic algorithm manager"
141 select CRYPTO_MANAGER2
143 Create default cryptographic template instantiations such as
146 config CRYPTO_MANAGER2
147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
150 select CRYPTO_BLKCIPHER2
151 select CRYPTO_AKCIPHER2
156 tristate "Userspace cryptographic algorithm configuration"
158 select CRYPTO_MANAGER
160 Userspace configuration for cryptographic instantiations such as
163 config CRYPTO_MANAGER_DISABLE_TESTS
164 bool "Disable run-time self tests"
166 depends on CRYPTO_MANAGER2
168 Disable run-time self tests that normally take place at
169 algorithm registration.
171 config CRYPTO_GF128MUL
172 tristate "GF(2^128) multiplication functions"
174 Efficient table driven implementation of multiplications in the
175 field GF(2^128). This is needed by some cypher modes. This
176 option will be selected automatically if you select such a
177 cipher mode. Only select this option by hand if you expect to load
178 an external module that requires these functions.
181 tristate "Null algorithms"
184 These are 'Null' algorithms, used by IPsec, which do nothing.
188 select CRYPTO_ALGAPI2
189 select CRYPTO_BLKCIPHER2
193 tristate "Parallel crypto engine"
196 select CRYPTO_MANAGER
199 This converts an arbitrary crypto algorithm into a parallel
200 algorithm that executes in kernel threads.
202 config CRYPTO_WORKQUEUE
206 tristate "Software async crypto daemon"
207 select CRYPTO_BLKCIPHER
209 select CRYPTO_MANAGER
210 select CRYPTO_WORKQUEUE
212 This is a generic software asynchronous crypto daemon that
213 converts an arbitrary synchronous software crypto algorithm
214 into an asynchronous algorithm that executes in a kernel thread.
216 config CRYPTO_MCRYPTD
217 tristate "Software async multi-buffer crypto daemon"
218 select CRYPTO_BLKCIPHER
220 select CRYPTO_MANAGER
221 select CRYPTO_WORKQUEUE
223 This is a generic software asynchronous crypto daemon that
224 provides the kernel thread to assist multi-buffer crypto
225 algorithms for submitting jobs and flushing jobs in multi-buffer
226 crypto algorithms. Multi-buffer crypto algorithms are executed
227 in the context of this kernel thread and drivers can post
228 their crypto request asynchronously to be processed by this daemon.
230 config CRYPTO_AUTHENC
231 tristate "Authenc support"
233 select CRYPTO_BLKCIPHER
234 select CRYPTO_MANAGER
238 Authenc: Combined mode wrapper for IPsec.
239 This is required for IPSec.
242 tristate "Testing module"
244 select CRYPTO_MANAGER
246 Quick & dirty crypto test module.
252 config CRYPTO_GLUE_HELPER_X86
255 select CRYPTO_BLKCIPHER
260 comment "Authenticated Encryption with Associated Data"
263 tristate "CCM support"
268 Support for Counter with CBC MAC. Required for IPsec.
271 tristate "GCM/GMAC support"
277 Support for Galois/Counter Mode (GCM) and Galois Message
278 Authentication Code (GMAC). Required for IPSec.
280 config CRYPTO_CHACHA20POLY1305
281 tristate "ChaCha20-Poly1305 AEAD support"
282 select CRYPTO_CHACHA20
283 select CRYPTO_POLY1305
286 ChaCha20-Poly1305 AEAD support, RFC7539.
288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
289 with the Poly1305 authenticator. It is defined in RFC7539 for use in
292 config CRYPTO_AEGIS128
293 tristate "AEGIS-128 AEAD algorithm"
295 select CRYPTO_AES # for AES S-box tables
297 Support for the AEGIS-128 dedicated AEAD algorithm.
299 config CRYPTO_AEGIS128L
300 tristate "AEGIS-128L AEAD algorithm"
302 select CRYPTO_AES # for AES S-box tables
304 Support for the AEGIS-128L dedicated AEAD algorithm.
306 config CRYPTO_AEGIS256
307 tristate "AEGIS-256 AEAD algorithm"
309 select CRYPTO_AES # for AES S-box tables
311 Support for the AEGIS-256 dedicated AEAD algorithm.
313 config CRYPTO_AEGIS128_AESNI_SSE2
314 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
315 depends on X86 && 64BIT
319 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
321 config CRYPTO_AEGIS128L_AESNI_SSE2
322 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
323 depends on X86 && 64BIT
327 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
329 config CRYPTO_AEGIS256_AESNI_SSE2
330 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
331 depends on X86 && 64BIT
335 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
337 config CRYPTO_MORUS640
338 tristate "MORUS-640 AEAD algorithm"
341 Support for the MORUS-640 dedicated AEAD algorithm.
343 config CRYPTO_MORUS640_GLUE
349 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
352 config CRYPTO_MORUS640_SSE2
353 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
354 depends on X86 && 64BIT
356 select CRYPTO_MORUS640_GLUE
358 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
360 config CRYPTO_MORUS1280
361 tristate "MORUS-1280 AEAD algorithm"
364 Support for the MORUS-1280 dedicated AEAD algorithm.
366 config CRYPTO_MORUS1280_GLUE
372 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
375 config CRYPTO_MORUS1280_SSE2
376 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
377 depends on X86 && 64BIT
379 select CRYPTO_MORUS1280_GLUE
381 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
384 config CRYPTO_MORUS1280_AVX2
385 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
386 depends on X86 && 64BIT
388 select CRYPTO_MORUS1280_GLUE
390 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
394 tristate "Sequence Number IV Generator"
396 select CRYPTO_BLKCIPHER
398 select CRYPTO_RNG_DEFAULT
400 This IV generator generates an IV based on a sequence number by
401 xoring it with a salt. This algorithm is mainly useful for CTR
403 config CRYPTO_ECHAINIV
404 tristate "Encrypted Chain IV Generator"
407 select CRYPTO_RNG_DEFAULT
410 This IV generator generates an IV based on the encryption of
411 a sequence number xored with a salt. This is the default
414 comment "Block modes"
417 tristate "CBC support"
418 select CRYPTO_BLKCIPHER
419 select CRYPTO_MANAGER
421 CBC: Cipher Block Chaining mode
422 This block cipher algorithm is required for IPSec.
425 tristate "CFB support"
426 select CRYPTO_BLKCIPHER
427 select CRYPTO_MANAGER
429 CFB: Cipher FeedBack mode
430 This block cipher algorithm is required for TPM2 Cryptography.
433 tristate "CTR support"
434 select CRYPTO_BLKCIPHER
436 select CRYPTO_MANAGER
439 This block cipher algorithm is required for IPSec.
442 tristate "CTS support"
443 select CRYPTO_BLKCIPHER
445 CTS: Cipher Text Stealing
446 This is the Cipher Text Stealing mode as described by
447 Section 8 of rfc2040 and referenced by rfc3962.
448 (rfc3962 includes errata information in its Appendix A)
449 This mode is required for Kerberos gss mechanism support
453 tristate "ECB support"
454 select CRYPTO_BLKCIPHER
455 select CRYPTO_MANAGER
457 ECB: Electronic CodeBook mode
458 This is the simplest block cipher algorithm. It simply encrypts
459 the input block by block.
462 tristate "LRW support"
463 select CRYPTO_BLKCIPHER
464 select CRYPTO_MANAGER
465 select CRYPTO_GF128MUL
467 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
468 narrow block cipher mode for dm-crypt. Use it with cipher
469 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
470 The first 128, 192 or 256 bits in the key are used for AES and the
471 rest is used to tie each cipher block to its logical position.
474 tristate "PCBC support"
475 select CRYPTO_BLKCIPHER
476 select CRYPTO_MANAGER
478 PCBC: Propagating Cipher Block Chaining mode
479 This block cipher algorithm is required for RxRPC.
482 tristate "XTS support"
483 select CRYPTO_BLKCIPHER
484 select CRYPTO_MANAGER
487 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
488 key size 256, 384 or 512 bits. This implementation currently
489 can't handle a sectorsize which is not a multiple of 16 bytes.
491 config CRYPTO_KEYWRAP
492 tristate "Key wrapping support"
493 select CRYPTO_BLKCIPHER
495 Support for key wrapping (NIST SP800-38F / RFC3394) without
501 tristate "CMAC support"
503 select CRYPTO_MANAGER
505 Cipher-based Message Authentication Code (CMAC) specified by
506 The National Institute of Standards and Technology (NIST).
508 https://tools.ietf.org/html/rfc4493
509 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
512 tristate "HMAC support"
514 select CRYPTO_MANAGER
516 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
517 This is required for IPSec.
520 tristate "XCBC support"
522 select CRYPTO_MANAGER
524 XCBC: Keyed-Hashing with encryption algorithm
525 http://www.ietf.org/rfc/rfc3566.txt
526 http://csrc.nist.gov/encryption/modes/proposedmodes/
527 xcbc-mac/xcbc-mac-spec.pdf
530 tristate "VMAC support"
532 select CRYPTO_MANAGER
534 VMAC is a message authentication algorithm designed for
535 very high speed on 64-bit architectures.
538 <http://fastcrypto.org/vmac>
543 tristate "CRC32c CRC algorithm"
547 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
548 by iSCSI for header and data digests and by others.
549 See Castagnoli93. Module will be crc32c.
551 config CRYPTO_CRC32C_INTEL
552 tristate "CRC32c INTEL hardware acceleration"
556 In Intel processor with SSE4.2 supported, the processor will
557 support CRC32C implementation using hardware accelerated CRC32
558 instruction. This option will create 'crc32c-intel' module,
559 which will enable any routine to use the CRC32 instruction to
560 gain performance compared with software implementation.
561 Module will be crc32c-intel.
563 config CRYPTO_CRC32C_VPMSUM
564 tristate "CRC32c CRC algorithm (powerpc64)"
565 depends on PPC64 && ALTIVEC
569 CRC32c algorithm implemented using vector polynomial multiply-sum
570 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
571 and newer processors for improved performance.
574 config CRYPTO_CRC32C_SPARC64
575 tristate "CRC32c CRC algorithm (SPARC64)"
580 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
584 tristate "CRC32 CRC algorithm"
588 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
589 Shash crypto api wrappers to crc32_le function.
591 config CRYPTO_CRC32_PCLMUL
592 tristate "CRC32 PCLMULQDQ hardware acceleration"
597 From Intel Westmere and AMD Bulldozer processor with SSE4.2
598 and PCLMULQDQ supported, the processor will support
599 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
600 instruction. This option will create 'crc32-plcmul' module,
601 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
602 and gain better performance as compared with the table implementation.
604 config CRYPTO_CRC32_MIPS
605 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
606 depends on MIPS_CRC_SUPPORT
609 CRC32c and CRC32 CRC algorithms implemented using mips crypto
610 instructions, when available.
613 config CRYPTO_CRCT10DIF
614 tristate "CRCT10DIF algorithm"
617 CRC T10 Data Integrity Field computation is being cast as
618 a crypto transform. This allows for faster crc t10 diff
619 transforms to be used if they are available.
621 config CRYPTO_CRCT10DIF_PCLMUL
622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
623 depends on X86 && 64BIT && CRC_T10DIF
626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
627 CRC T10 DIF PCLMULQDQ computation can be hardware
628 accelerated PCLMULQDQ instruction. This option will create
629 'crct10dif-plcmul' module, which is faster when computing the
630 crct10dif checksum as compared with the generic table implementation.
632 config CRYPTO_CRCT10DIF_VPMSUM
633 tristate "CRC32T10DIF powerpc64 hardware acceleration"
634 depends on PPC64 && ALTIVEC && CRC_T10DIF
637 CRC10T10DIF algorithm implemented using vector polynomial
638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
639 POWER8 and newer processors for improved performance.
641 config CRYPTO_VPMSUM_TESTER
642 tristate "Powerpc64 vpmsum hardware acceleration tester"
643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
646 POWER8 vpmsum instructions.
647 Unless you are testing these algorithms, you don't need this.
650 tristate "GHASH digest algorithm"
651 select CRYPTO_GF128MUL
654 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
656 config CRYPTO_POLY1305
657 tristate "Poly1305 authenticator algorithm"
660 Poly1305 authenticator algorithm, RFC7539.
662 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
663 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
664 in IETF protocols. This is the portable C implementation of Poly1305.
666 config CRYPTO_POLY1305_X86_64
667 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
668 depends on X86 && 64BIT
669 select CRYPTO_POLY1305
671 Poly1305 authenticator algorithm, RFC7539.
673 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
674 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
675 in IETF protocols. This is the x86_64 assembler implementation using SIMD
679 tristate "MD4 digest algorithm"
682 MD4 message digest algorithm (RFC1320).
685 tristate "MD5 digest algorithm"
688 MD5 message digest algorithm (RFC1321).
690 config CRYPTO_MD5_OCTEON
691 tristate "MD5 digest algorithm (OCTEON)"
692 depends on CPU_CAVIUM_OCTEON
696 MD5 message digest algorithm (RFC1321) implemented
697 using OCTEON crypto instructions, when available.
699 config CRYPTO_MD5_PPC
700 tristate "MD5 digest algorithm (PPC)"
704 MD5 message digest algorithm (RFC1321) implemented
707 config CRYPTO_MD5_SPARC64
708 tristate "MD5 digest algorithm (SPARC64)"
713 MD5 message digest algorithm (RFC1321) implemented
714 using sparc64 crypto instructions, when available.
716 config CRYPTO_MICHAEL_MIC
717 tristate "Michael MIC keyed digest algorithm"
720 Michael MIC is used for message integrity protection in TKIP
721 (IEEE 802.11i). This algorithm is required for TKIP, but it
722 should not be used for other purposes because of the weakness
726 tristate "RIPEMD-128 digest algorithm"
729 RIPEMD-128 (ISO/IEC 10118-3:2004).
731 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
732 be used as a secure replacement for RIPEMD. For other use cases,
733 RIPEMD-160 should be used.
735 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
736 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
739 tristate "RIPEMD-160 digest algorithm"
742 RIPEMD-160 (ISO/IEC 10118-3:2004).
744 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
745 to be used as a secure replacement for the 128-bit hash functions
746 MD4, MD5 and it's predecessor RIPEMD
747 (not to be confused with RIPEMD-128).
749 It's speed is comparable to SHA1 and there are no known attacks
752 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
753 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
756 tristate "RIPEMD-256 digest algorithm"
759 RIPEMD-256 is an optional extension of RIPEMD-128 with a
760 256 bit hash. It is intended for applications that require
761 longer hash-results, without needing a larger security level
764 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
765 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
768 tristate "RIPEMD-320 digest algorithm"
771 RIPEMD-320 is an optional extension of RIPEMD-160 with a
772 320 bit hash. It is intended for applications that require
773 longer hash-results, without needing a larger security level
776 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
777 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
780 tristate "SHA1 digest algorithm"
783 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
785 config CRYPTO_SHA1_SSSE3
786 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
787 depends on X86 && 64BIT
791 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
792 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
793 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
796 config CRYPTO_SHA256_SSSE3
797 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
798 depends on X86 && 64BIT
802 SHA-256 secure hash standard (DFIPS 180-2) implemented
803 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
804 Extensions version 1 (AVX1), or Advanced Vector Extensions
805 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
806 Instructions) when available.
808 config CRYPTO_SHA512_SSSE3
809 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
810 depends on X86 && 64BIT
814 SHA-512 secure hash standard (DFIPS 180-2) implemented
815 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
816 Extensions version 1 (AVX1), or Advanced Vector Extensions
817 version 2 (AVX2) instructions, when available.
819 config CRYPTO_SHA1_OCTEON
820 tristate "SHA1 digest algorithm (OCTEON)"
821 depends on CPU_CAVIUM_OCTEON
825 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
826 using OCTEON crypto instructions, when available.
828 config CRYPTO_SHA1_SPARC64
829 tristate "SHA1 digest algorithm (SPARC64)"
834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
835 using sparc64 crypto instructions, when available.
837 config CRYPTO_SHA1_PPC
838 tristate "SHA1 digest algorithm (powerpc)"
841 This is the powerpc hardware accelerated implementation of the
842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
844 config CRYPTO_SHA1_PPC_SPE
845 tristate "SHA1 digest algorithm (PPC SPE)"
846 depends on PPC && SPE
848 SHA-1 secure hash standard (DFIPS 180-4) implemented
849 using powerpc SPE SIMD instruction set.
851 config CRYPTO_SHA1_MB
852 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
853 depends on X86 && 64BIT
856 select CRYPTO_MCRYPTD
858 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
859 using multi-buffer technique. This algorithm computes on
860 multiple data lanes concurrently with SIMD instructions for
861 better throughput. It should not be enabled by default but
862 used when there is significant amount of work to keep the keep
863 the data lanes filled to get performance benefit. If the data
864 lanes remain unfilled, a flush operation will be initiated to
865 process the crypto jobs, adding a slight latency.
867 config CRYPTO_SHA256_MB
868 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
869 depends on X86 && 64BIT
872 select CRYPTO_MCRYPTD
874 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
875 using multi-buffer technique. This algorithm computes on
876 multiple data lanes concurrently with SIMD instructions for
877 better throughput. It should not be enabled by default but
878 used when there is significant amount of work to keep the keep
879 the data lanes filled to get performance benefit. If the data
880 lanes remain unfilled, a flush operation will be initiated to
881 process the crypto jobs, adding a slight latency.
883 config CRYPTO_SHA512_MB
884 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
885 depends on X86 && 64BIT
888 select CRYPTO_MCRYPTD
890 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
891 using multi-buffer technique. This algorithm computes on
892 multiple data lanes concurrently with SIMD instructions for
893 better throughput. It should not be enabled by default but
894 used when there is significant amount of work to keep the keep
895 the data lanes filled to get performance benefit. If the data
896 lanes remain unfilled, a flush operation will be initiated to
897 process the crypto jobs, adding a slight latency.
900 tristate "SHA224 and SHA256 digest algorithm"
903 SHA256 secure hash standard (DFIPS 180-2).
905 This version of SHA implements a 256 bit hash with 128 bits of
906 security against collision attacks.
908 This code also includes SHA-224, a 224 bit hash with 112 bits
909 of security against collision attacks.
911 config CRYPTO_SHA256_PPC_SPE
912 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
913 depends on PPC && SPE
917 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
918 implemented using powerpc SPE SIMD instruction set.
920 config CRYPTO_SHA256_OCTEON
921 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
922 depends on CPU_CAVIUM_OCTEON
926 SHA-256 secure hash standard (DFIPS 180-2) implemented
927 using OCTEON crypto instructions, when available.
929 config CRYPTO_SHA256_SPARC64
930 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
935 SHA-256 secure hash standard (DFIPS 180-2) implemented
936 using sparc64 crypto instructions, when available.
939 tristate "SHA384 and SHA512 digest algorithms"
942 SHA512 secure hash standard (DFIPS 180-2).
944 This version of SHA implements a 512 bit hash with 256 bits of
945 security against collision attacks.
947 This code also includes SHA-384, a 384 bit hash with 192 bits
948 of security against collision attacks.
950 config CRYPTO_SHA512_OCTEON
951 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
952 depends on CPU_CAVIUM_OCTEON
956 SHA-512 secure hash standard (DFIPS 180-2) implemented
957 using OCTEON crypto instructions, when available.
959 config CRYPTO_SHA512_SPARC64
960 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
965 SHA-512 secure hash standard (DFIPS 180-2) implemented
966 using sparc64 crypto instructions, when available.
969 tristate "SHA3 digest algorithm"
972 SHA-3 secure hash standard (DFIPS 202). It's based on
973 cryptographic sponge function family called Keccak.
976 http://keccak.noekeon.org/
979 tristate "SM3 digest algorithm"
982 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
983 It is part of the Chinese Commercial Cryptography suite.
986 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
987 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
990 tristate "Tiger digest algorithms"
993 Tiger hash algorithm 192, 160 and 128-bit hashes
995 Tiger is a hash function optimized for 64-bit processors while
996 still having decent performance on 32-bit processors.
997 Tiger was developed by Ross Anderson and Eli Biham.
1000 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1003 tristate "Whirlpool digest algorithms"
1006 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1008 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1009 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1012 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1014 config CRYPTO_GHASH_CLMUL_NI_INTEL
1015 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1016 depends on X86 && 64BIT
1017 select CRYPTO_CRYPTD
1019 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1020 The implementation is accelerated by CLMUL-NI of Intel.
1025 tristate "AES cipher algorithms"
1026 select CRYPTO_ALGAPI
1028 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1031 Rijndael appears to be consistently a very good performer in
1032 both hardware and software across a wide range of computing
1033 environments regardless of its use in feedback or non-feedback
1034 modes. Its key setup time is excellent, and its key agility is
1035 good. Rijndael's very low memory requirements make it very well
1036 suited for restricted-space environments, in which it also
1037 demonstrates excellent performance. Rijndael's operations are
1038 among the easiest to defend against power and timing attacks.
1040 The AES specifies three key sizes: 128, 192 and 256 bits
1042 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1044 config CRYPTO_AES_TI
1045 tristate "Fixed time AES cipher"
1046 select CRYPTO_ALGAPI
1048 This is a generic implementation of AES that attempts to eliminate
1049 data dependent latencies as much as possible without affecting
1050 performance too much. It is intended for use by the generic CCM
1051 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1052 solely on encryption (although decryption is supported as well, but
1053 with a more dramatic performance hit)
1055 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1056 8 for decryption), this implementation only uses just two S-boxes of
1057 256 bytes each, and attempts to eliminate data dependent latencies by
1058 prefetching the entire table into the cache at the start of each
1061 config CRYPTO_AES_586
1062 tristate "AES cipher algorithms (i586)"
1063 depends on (X86 || UML_X86) && !64BIT
1064 select CRYPTO_ALGAPI
1067 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1070 Rijndael appears to be consistently a very good performer in
1071 both hardware and software across a wide range of computing
1072 environments regardless of its use in feedback or non-feedback
1073 modes. Its key setup time is excellent, and its key agility is
1074 good. Rijndael's very low memory requirements make it very well
1075 suited for restricted-space environments, in which it also
1076 demonstrates excellent performance. Rijndael's operations are
1077 among the easiest to defend against power and timing attacks.
1079 The AES specifies three key sizes: 128, 192 and 256 bits
1081 See <http://csrc.nist.gov/encryption/aes/> for more information.
1083 config CRYPTO_AES_X86_64
1084 tristate "AES cipher algorithms (x86_64)"
1085 depends on (X86 || UML_X86) && 64BIT
1086 select CRYPTO_ALGAPI
1089 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1092 Rijndael appears to be consistently a very good performer in
1093 both hardware and software across a wide range of computing
1094 environments regardless of its use in feedback or non-feedback
1095 modes. Its key setup time is excellent, and its key agility is
1096 good. Rijndael's very low memory requirements make it very well
1097 suited for restricted-space environments, in which it also
1098 demonstrates excellent performance. Rijndael's operations are
1099 among the easiest to defend against power and timing attacks.
1101 The AES specifies three key sizes: 128, 192 and 256 bits
1103 See <http://csrc.nist.gov/encryption/aes/> for more information.
1105 config CRYPTO_AES_NI_INTEL
1106 tristate "AES cipher algorithms (AES-NI)"
1109 select CRYPTO_AES_X86_64 if 64BIT
1110 select CRYPTO_AES_586 if !64BIT
1111 select CRYPTO_ALGAPI
1112 select CRYPTO_BLKCIPHER
1113 select CRYPTO_GLUE_HELPER_X86 if 64BIT
1116 Use Intel AES-NI instructions for AES algorithm.
1118 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1121 Rijndael appears to be consistently a very good performer in
1122 both hardware and software across a wide range of computing
1123 environments regardless of its use in feedback or non-feedback
1124 modes. Its key setup time is excellent, and its key agility is
1125 good. Rijndael's very low memory requirements make it very well
1126 suited for restricted-space environments, in which it also
1127 demonstrates excellent performance. Rijndael's operations are
1128 among the easiest to defend against power and timing attacks.
1130 The AES specifies three key sizes: 128, 192 and 256 bits
1132 See <http://csrc.nist.gov/encryption/aes/> for more information.
1134 In addition to AES cipher algorithm support, the acceleration
1135 for some popular block cipher mode is supported too, including
1136 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1137 acceleration for CTR.
1139 config CRYPTO_AES_SPARC64
1140 tristate "AES cipher algorithms (SPARC64)"
1142 select CRYPTO_CRYPTD
1143 select CRYPTO_ALGAPI
1145 Use SPARC64 crypto opcodes for AES algorithm.
1147 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1150 Rijndael appears to be consistently a very good performer in
1151 both hardware and software across a wide range of computing
1152 environments regardless of its use in feedback or non-feedback
1153 modes. Its key setup time is excellent, and its key agility is
1154 good. Rijndael's very low memory requirements make it very well
1155 suited for restricted-space environments, in which it also
1156 demonstrates excellent performance. Rijndael's operations are
1157 among the easiest to defend against power and timing attacks.
1159 The AES specifies three key sizes: 128, 192 and 256 bits
1161 See <http://csrc.nist.gov/encryption/aes/> for more information.
1163 In addition to AES cipher algorithm support, the acceleration
1164 for some popular block cipher mode is supported too, including
1167 config CRYPTO_AES_PPC_SPE
1168 tristate "AES cipher algorithms (PPC SPE)"
1169 depends on PPC && SPE
1171 AES cipher algorithms (FIPS-197). Additionally the acceleration
1172 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1173 This module should only be used for low power (router) devices
1174 without hardware AES acceleration (e.g. caam crypto). It reduces the
1175 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1176 timining attacks. Nevertheless it might be not as secure as other
1177 architecture specific assembler implementations that work on 1KB
1178 tables or 256 bytes S-boxes.
1180 config CRYPTO_ANUBIS
1181 tristate "Anubis cipher algorithm"
1182 select CRYPTO_ALGAPI
1184 Anubis cipher algorithm.
1186 Anubis is a variable key length cipher which can use keys from
1187 128 bits to 320 bits in length. It was evaluated as a entrant
1188 in the NESSIE competition.
1191 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1192 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1195 tristate "ARC4 cipher algorithm"
1196 select CRYPTO_BLKCIPHER
1198 ARC4 cipher algorithm.
1200 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1201 bits in length. This algorithm is required for driver-based
1202 WEP, but it should not be for other purposes because of the
1203 weakness of the algorithm.
1205 config CRYPTO_BLOWFISH
1206 tristate "Blowfish cipher algorithm"
1207 select CRYPTO_ALGAPI
1208 select CRYPTO_BLOWFISH_COMMON
1210 Blowfish cipher algorithm, by Bruce Schneier.
1212 This is a variable key length cipher which can use keys from 32
1213 bits to 448 bits in length. It's fast, simple and specifically
1214 designed for use on "large microprocessors".
1217 <http://www.schneier.com/blowfish.html>
1219 config CRYPTO_BLOWFISH_COMMON
1222 Common parts of the Blowfish cipher algorithm shared by the
1223 generic c and the assembler implementations.
1226 <http://www.schneier.com/blowfish.html>
1228 config CRYPTO_BLOWFISH_X86_64
1229 tristate "Blowfish cipher algorithm (x86_64)"
1230 depends on X86 && 64BIT
1231 select CRYPTO_BLKCIPHER
1232 select CRYPTO_BLOWFISH_COMMON
1234 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1236 This is a variable key length cipher which can use keys from 32
1237 bits to 448 bits in length. It's fast, simple and specifically
1238 designed for use on "large microprocessors".
1241 <http://www.schneier.com/blowfish.html>
1243 config CRYPTO_CAMELLIA
1244 tristate "Camellia cipher algorithms"
1246 select CRYPTO_ALGAPI
1248 Camellia cipher algorithms module.
1250 Camellia is a symmetric key block cipher developed jointly
1251 at NTT and Mitsubishi Electric Corporation.
1253 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1256 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1258 config CRYPTO_CAMELLIA_X86_64
1259 tristate "Camellia cipher algorithm (x86_64)"
1260 depends on X86 && 64BIT
1262 select CRYPTO_BLKCIPHER
1263 select CRYPTO_GLUE_HELPER_X86
1265 Camellia cipher algorithm module (x86_64).
1267 Camellia is a symmetric key block cipher developed jointly
1268 at NTT and Mitsubishi Electric Corporation.
1270 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1273 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1275 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1276 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1277 depends on X86 && 64BIT
1279 select CRYPTO_BLKCIPHER
1280 select CRYPTO_CAMELLIA_X86_64
1281 select CRYPTO_GLUE_HELPER_X86
1285 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1287 Camellia is a symmetric key block cipher developed jointly
1288 at NTT and Mitsubishi Electric Corporation.
1290 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1295 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1296 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1297 depends on X86 && 64BIT
1299 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1301 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1303 Camellia is a symmetric key block cipher developed jointly
1304 at NTT and Mitsubishi Electric Corporation.
1306 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1309 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1311 config CRYPTO_CAMELLIA_SPARC64
1312 tristate "Camellia cipher algorithm (SPARC64)"
1315 select CRYPTO_ALGAPI
1317 Camellia cipher algorithm module (SPARC64).
1319 Camellia is a symmetric key block cipher developed jointly
1320 at NTT and Mitsubishi Electric Corporation.
1322 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1325 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1327 config CRYPTO_CAST_COMMON
1330 Common parts of the CAST cipher algorithms shared by the
1331 generic c and the assembler implementations.
1334 tristate "CAST5 (CAST-128) cipher algorithm"
1335 select CRYPTO_ALGAPI
1336 select CRYPTO_CAST_COMMON
1338 The CAST5 encryption algorithm (synonymous with CAST-128) is
1339 described in RFC2144.
1341 config CRYPTO_CAST5_AVX_X86_64
1342 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1343 depends on X86 && 64BIT
1344 select CRYPTO_BLKCIPHER
1346 select CRYPTO_CAST_COMMON
1349 The CAST5 encryption algorithm (synonymous with CAST-128) is
1350 described in RFC2144.
1352 This module provides the Cast5 cipher algorithm that processes
1353 sixteen blocks parallel using the AVX instruction set.
1356 tristate "CAST6 (CAST-256) cipher algorithm"
1357 select CRYPTO_ALGAPI
1358 select CRYPTO_CAST_COMMON
1360 The CAST6 encryption algorithm (synonymous with CAST-256) is
1361 described in RFC2612.
1363 config CRYPTO_CAST6_AVX_X86_64
1364 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1365 depends on X86 && 64BIT
1366 select CRYPTO_BLKCIPHER
1368 select CRYPTO_CAST_COMMON
1369 select CRYPTO_GLUE_HELPER_X86
1373 The CAST6 encryption algorithm (synonymous with CAST-256) is
1374 described in RFC2612.
1376 This module provides the Cast6 cipher algorithm that processes
1377 eight blocks parallel using the AVX instruction set.
1380 tristate "DES and Triple DES EDE cipher algorithms"
1381 select CRYPTO_ALGAPI
1383 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1385 config CRYPTO_DES_SPARC64
1386 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1388 select CRYPTO_ALGAPI
1391 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1392 optimized using SPARC64 crypto opcodes.
1394 config CRYPTO_DES3_EDE_X86_64
1395 tristate "Triple DES EDE cipher algorithm (x86-64)"
1396 depends on X86 && 64BIT
1397 select CRYPTO_BLKCIPHER
1400 Triple DES EDE (FIPS 46-3) algorithm.
1402 This module provides implementation of the Triple DES EDE cipher
1403 algorithm that is optimized for x86-64 processors. Two versions of
1404 algorithm are provided; regular processing one input block and
1405 one that processes three blocks parallel.
1407 config CRYPTO_FCRYPT
1408 tristate "FCrypt cipher algorithm"
1409 select CRYPTO_ALGAPI
1410 select CRYPTO_BLKCIPHER
1412 FCrypt algorithm used by RxRPC.
1414 config CRYPTO_KHAZAD
1415 tristate "Khazad cipher algorithm"
1416 select CRYPTO_ALGAPI
1418 Khazad cipher algorithm.
1420 Khazad was a finalist in the initial NESSIE competition. It is
1421 an algorithm optimized for 64-bit processors with good performance
1422 on 32-bit processors. Khazad uses an 128 bit key size.
1425 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1427 config CRYPTO_SALSA20
1428 tristate "Salsa20 stream cipher algorithm"
1429 select CRYPTO_BLKCIPHER
1431 Salsa20 stream cipher algorithm.
1433 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1434 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1436 The Salsa20 stream cipher algorithm is designed by Daniel J.
1437 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1439 config CRYPTO_CHACHA20
1440 tristate "ChaCha20 cipher algorithm"
1441 select CRYPTO_BLKCIPHER
1443 ChaCha20 cipher algorithm, RFC7539.
1445 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1446 Bernstein and further specified in RFC7539 for use in IETF protocols.
1447 This is the portable C implementation of ChaCha20.
1450 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1452 config CRYPTO_CHACHA20_X86_64
1453 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1454 depends on X86 && 64BIT
1455 select CRYPTO_BLKCIPHER
1456 select CRYPTO_CHACHA20
1458 ChaCha20 cipher algorithm, RFC7539.
1460 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1461 Bernstein and further specified in RFC7539 for use in IETF protocols.
1462 This is the x86_64 assembler implementation using SIMD instructions.
1465 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1468 tristate "SEED cipher algorithm"
1469 select CRYPTO_ALGAPI
1471 SEED cipher algorithm (RFC4269).
1473 SEED is a 128-bit symmetric key block cipher that has been
1474 developed by KISA (Korea Information Security Agency) as a
1475 national standard encryption algorithm of the Republic of Korea.
1476 It is a 16 round block cipher with the key size of 128 bit.
1479 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1481 config CRYPTO_SERPENT
1482 tristate "Serpent cipher algorithm"
1483 select CRYPTO_ALGAPI
1485 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1487 Keys are allowed to be from 0 to 256 bits in length, in steps
1488 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1489 variant of Serpent for compatibility with old kerneli.org code.
1492 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1494 config CRYPTO_SERPENT_SSE2_X86_64
1495 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1496 depends on X86 && 64BIT
1497 select CRYPTO_BLKCIPHER
1498 select CRYPTO_GLUE_HELPER_X86
1499 select CRYPTO_SERPENT
1502 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1504 Keys are allowed to be from 0 to 256 bits in length, in steps
1507 This module provides Serpent cipher algorithm that processes eight
1508 blocks parallel using SSE2 instruction set.
1511 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1513 config CRYPTO_SERPENT_SSE2_586
1514 tristate "Serpent cipher algorithm (i586/SSE2)"
1515 depends on X86 && !64BIT
1516 select CRYPTO_BLKCIPHER
1517 select CRYPTO_GLUE_HELPER_X86
1518 select CRYPTO_SERPENT
1521 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1523 Keys are allowed to be from 0 to 256 bits in length, in steps
1526 This module provides Serpent cipher algorithm that processes four
1527 blocks parallel using SSE2 instruction set.
1530 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1532 config CRYPTO_SERPENT_AVX_X86_64
1533 tristate "Serpent cipher algorithm (x86_64/AVX)"
1534 depends on X86 && 64BIT
1535 select CRYPTO_BLKCIPHER
1536 select CRYPTO_GLUE_HELPER_X86
1537 select CRYPTO_SERPENT
1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1543 Keys are allowed to be from 0 to 256 bits in length, in steps
1546 This module provides the Serpent cipher algorithm that processes
1547 eight blocks parallel using the AVX instruction set.
1550 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1552 config CRYPTO_SERPENT_AVX2_X86_64
1553 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1554 depends on X86 && 64BIT
1555 select CRYPTO_SERPENT_AVX_X86_64
1557 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1559 Keys are allowed to be from 0 to 256 bits in length, in steps
1562 This module provides Serpent cipher algorithm that processes 16
1563 blocks parallel using AVX2 instruction set.
1566 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1569 tristate "SM4 cipher algorithm"
1570 select CRYPTO_ALGAPI
1572 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1574 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1575 Organization of State Commercial Administration of China (OSCCA)
1576 as an authorized cryptographic algorithms for the use within China.
1578 SMS4 was originally created for use in protecting wireless
1579 networks, and is mandated in the Chinese National Standard for
1580 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1583 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1584 standardized through TC 260 of the Standardization Administration
1585 of the People's Republic of China (SAC).
1587 The input, output, and key of SMS4 are each 128 bits.
1589 See also: <https://eprint.iacr.org/2008/329.pdf>
1594 tristate "Speck cipher algorithm"
1595 select CRYPTO_ALGAPI
1597 Speck is a lightweight block cipher that is tuned for optimal
1598 performance in software (rather than hardware).
1600 Speck may not be as secure as AES, and should only be used on systems
1601 where AES is not fast enough.
1603 See also: <https://eprint.iacr.org/2013/404.pdf>
1608 tristate "TEA, XTEA and XETA cipher algorithms"
1609 select CRYPTO_ALGAPI
1611 TEA cipher algorithm.
1613 Tiny Encryption Algorithm is a simple cipher that uses
1614 many rounds for security. It is very fast and uses
1617 Xtendend Tiny Encryption Algorithm is a modification to
1618 the TEA algorithm to address a potential key weakness
1619 in the TEA algorithm.
1621 Xtendend Encryption Tiny Algorithm is a mis-implementation
1622 of the XTEA algorithm for compatibility purposes.
1624 config CRYPTO_TWOFISH
1625 tristate "Twofish cipher algorithm"
1626 select CRYPTO_ALGAPI
1627 select CRYPTO_TWOFISH_COMMON
1629 Twofish cipher algorithm.
1631 Twofish was submitted as an AES (Advanced Encryption Standard)
1632 candidate cipher by researchers at CounterPane Systems. It is a
1633 16 round block cipher supporting key sizes of 128, 192, and 256
1637 <http://www.schneier.com/twofish.html>
1639 config CRYPTO_TWOFISH_COMMON
1642 Common parts of the Twofish cipher algorithm shared by the
1643 generic c and the assembler implementations.
1645 config CRYPTO_TWOFISH_586
1646 tristate "Twofish cipher algorithms (i586)"
1647 depends on (X86 || UML_X86) && !64BIT
1648 select CRYPTO_ALGAPI
1649 select CRYPTO_TWOFISH_COMMON
1651 Twofish cipher algorithm.
1653 Twofish was submitted as an AES (Advanced Encryption Standard)
1654 candidate cipher by researchers at CounterPane Systems. It is a
1655 16 round block cipher supporting key sizes of 128, 192, and 256
1659 <http://www.schneier.com/twofish.html>
1661 config CRYPTO_TWOFISH_X86_64
1662 tristate "Twofish cipher algorithm (x86_64)"
1663 depends on (X86 || UML_X86) && 64BIT
1664 select CRYPTO_ALGAPI
1665 select CRYPTO_TWOFISH_COMMON
1667 Twofish cipher algorithm (x86_64).
1669 Twofish was submitted as an AES (Advanced Encryption Standard)
1670 candidate cipher by researchers at CounterPane Systems. It is a
1671 16 round block cipher supporting key sizes of 128, 192, and 256
1675 <http://www.schneier.com/twofish.html>
1677 config CRYPTO_TWOFISH_X86_64_3WAY
1678 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1679 depends on X86 && 64BIT
1680 select CRYPTO_BLKCIPHER
1681 select CRYPTO_TWOFISH_COMMON
1682 select CRYPTO_TWOFISH_X86_64
1683 select CRYPTO_GLUE_HELPER_X86
1685 Twofish cipher algorithm (x86_64, 3-way parallel).
1687 Twofish was submitted as an AES (Advanced Encryption Standard)
1688 candidate cipher by researchers at CounterPane Systems. It is a
1689 16 round block cipher supporting key sizes of 128, 192, and 256
1692 This module provides Twofish cipher algorithm that processes three
1693 blocks parallel, utilizing resources of out-of-order CPUs better.
1696 <http://www.schneier.com/twofish.html>
1698 config CRYPTO_TWOFISH_AVX_X86_64
1699 tristate "Twofish cipher algorithm (x86_64/AVX)"
1700 depends on X86 && 64BIT
1701 select CRYPTO_BLKCIPHER
1702 select CRYPTO_GLUE_HELPER_X86
1704 select CRYPTO_TWOFISH_COMMON
1705 select CRYPTO_TWOFISH_X86_64
1706 select CRYPTO_TWOFISH_X86_64_3WAY
1708 Twofish cipher algorithm (x86_64/AVX).
1710 Twofish was submitted as an AES (Advanced Encryption Standard)
1711 candidate cipher by researchers at CounterPane Systems. It is a
1712 16 round block cipher supporting key sizes of 128, 192, and 256
1715 This module provides the Twofish cipher algorithm that processes
1716 eight blocks parallel using the AVX Instruction Set.
1719 <http://www.schneier.com/twofish.html>
1721 comment "Compression"
1723 config CRYPTO_DEFLATE
1724 tristate "Deflate compression algorithm"
1725 select CRYPTO_ALGAPI
1726 select CRYPTO_ACOMP2
1730 This is the Deflate algorithm (RFC1951), specified for use in
1731 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1733 You will most probably want this if using IPSec.
1736 tristate "LZO compression algorithm"
1737 select CRYPTO_ALGAPI
1738 select CRYPTO_ACOMP2
1740 select LZO_DECOMPRESS
1742 This is the LZO algorithm.
1745 tristate "842 compression algorithm"
1746 select CRYPTO_ALGAPI
1747 select CRYPTO_ACOMP2
1749 select 842_DECOMPRESS
1751 This is the 842 algorithm.
1754 tristate "LZ4 compression algorithm"
1755 select CRYPTO_ALGAPI
1756 select CRYPTO_ACOMP2
1758 select LZ4_DECOMPRESS
1760 This is the LZ4 algorithm.
1763 tristate "LZ4HC compression algorithm"
1764 select CRYPTO_ALGAPI
1765 select CRYPTO_ACOMP2
1766 select LZ4HC_COMPRESS
1767 select LZ4_DECOMPRESS
1769 This is the LZ4 high compression mode algorithm.
1772 tristate "Zstd compression algorithm"
1773 select CRYPTO_ALGAPI
1774 select CRYPTO_ACOMP2
1775 select ZSTD_COMPRESS
1776 select ZSTD_DECOMPRESS
1778 This is the zstd algorithm.
1780 comment "Random Number Generation"
1782 config CRYPTO_ANSI_CPRNG
1783 tristate "Pseudo Random Number Generation for Cryptographic modules"
1787 This option enables the generic pseudo random number generator
1788 for cryptographic modules. Uses the Algorithm specified in
1789 ANSI X9.31 A.2.4. Note that this option must be enabled if
1790 CRYPTO_FIPS is selected
1792 menuconfig CRYPTO_DRBG_MENU
1793 tristate "NIST SP800-90A DRBG"
1795 NIST SP800-90A compliant DRBG. In the following submenu, one or
1796 more of the DRBG types must be selected.
1800 config CRYPTO_DRBG_HMAC
1804 select CRYPTO_SHA256
1806 config CRYPTO_DRBG_HASH
1807 bool "Enable Hash DRBG"
1808 select CRYPTO_SHA256
1810 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1812 config CRYPTO_DRBG_CTR
1813 bool "Enable CTR DRBG"
1815 depends on CRYPTO_CTR
1817 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1821 default CRYPTO_DRBG_MENU
1823 select CRYPTO_JITTERENTROPY
1825 endif # if CRYPTO_DRBG_MENU
1827 config CRYPTO_JITTERENTROPY
1828 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1831 The Jitterentropy RNG is a noise that is intended
1832 to provide seed to another RNG. The RNG does not
1833 perform any cryptographic whitening of the generated
1834 random numbers. This Jitterentropy RNG registers with
1835 the kernel crypto API and can be used by any caller.
1837 config CRYPTO_USER_API
1840 config CRYPTO_USER_API_HASH
1841 tristate "User-space interface for hash algorithms"
1844 select CRYPTO_USER_API
1846 This option enables the user-spaces interface for hash
1849 config CRYPTO_USER_API_SKCIPHER
1850 tristate "User-space interface for symmetric key cipher algorithms"
1852 select CRYPTO_BLKCIPHER
1853 select CRYPTO_USER_API
1855 This option enables the user-spaces interface for symmetric
1856 key cipher algorithms.
1858 config CRYPTO_USER_API_RNG
1859 tristate "User-space interface for random number generator algorithms"
1862 select CRYPTO_USER_API
1864 This option enables the user-spaces interface for random
1865 number generator algorithms.
1867 config CRYPTO_USER_API_AEAD
1868 tristate "User-space interface for AEAD cipher algorithms"
1871 select CRYPTO_BLKCIPHER
1873 select CRYPTO_USER_API
1875 This option enables the user-spaces interface for AEAD
1878 config CRYPTO_HASH_INFO
1881 source "drivers/crypto/Kconfig"
1882 source crypto/asymmetric_keys/Kconfig
1883 source certs/Kconfig
projects / mirror_ubuntu-eoan-kernel.git / blob