]> git.ipfire.org Git - thirdparty/kernel/stable.git/blame - crypto/Kconfig
projects / thirdparty / kernel / stable.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: nx - Add forward declaration for struct crypto_aead
[thirdparty/kernel/stable.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
149a3971
HX		 51 select CRYPTO_NULL2
52 select CRYPTO_RNG2
6a0fcbb4 53
5cde0af2
HX		 54config CRYPTO_BLKCIPHER
55 tristate
6a0fcbb4 56 select CRYPTO_BLKCIPHER2
5cde0af2 57 select CRYPTO_ALGAPI
6a0fcbb4
HX		 58
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
0a2e821d 63 select CRYPTO_WORKQUEUE
5cde0af2 64
055bcee3
HX		 65config CRYPTO_HASH
66 tristate
6a0fcbb4 67 select CRYPTO_HASH2
055bcee3
HX		 68 select CRYPTO_ALGAPI
69
6a0fcbb4
HX		 70config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
17f0f4a4
NH		 74config CRYPTO_RNG
75 tristate
6a0fcbb4 76 select CRYPTO_RNG2
17f0f4a4
NH		 77 select CRYPTO_ALGAPI
78
6a0fcbb4
HX		 79config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
401e4238
HX		 83config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
a1d2f095 87config CRYPTO_PCOMP
bc94e596
HX		 88 tristate
89 select CRYPTO_PCOMP2
90 select CRYPTO_ALGAPI
91
92config CRYPTO_PCOMP2
a1d2f095
GU		 93 tristate
94 select CRYPTO_ALGAPI2
95
3c339ab8
TS		 96config CRYPTO_AKCIPHER2
97 tristate
98 select CRYPTO_ALGAPI2
99
100config CRYPTO_AKCIPHER
101 tristate
102 select CRYPTO_AKCIPHER2
103 select CRYPTO_ALGAPI
104
cfc2bb32
TS		 105config CRYPTO_RSA
106 tristate "RSA algorithm"
425e0172 107 select CRYPTO_AKCIPHER
cfc2bb32
TS		 108 select MPILIB
109 select ASN1
110 help
111 Generic implementation of the RSA public key algorithm.
112
2b8c19db
HX		 113config CRYPTO_MANAGER
114 tristate "Cryptographic algorithm manager"
6a0fcbb4 115 select CRYPTO_MANAGER2
2b8c19db
HX		 116 help
117 Create default cryptographic template instantiations such as
118 cbc(aes).
119
6a0fcbb4
HX		 120config CRYPTO_MANAGER2
121 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
122 select CRYPTO_AEAD2
123 select CRYPTO_HASH2
124 select CRYPTO_BLKCIPHER2
bc94e596 125 select CRYPTO_PCOMP2
946cc463 126 select CRYPTO_AKCIPHER2
6a0fcbb4 127
a38f7907
SK		 128config CRYPTO_USER
129 tristate "Userspace cryptographic algorithm configuration"
5db017aa 130 depends on NET
a38f7907
SK		 131 select CRYPTO_MANAGER
132 help
d19978f5 133 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 134 cbc(aes).
135
326a6346
HX		 136config CRYPTO_MANAGER_DISABLE_TESTS
137 bool "Disable run-time self tests"
00ca28a5
HX		 138 default y
139 depends on CRYPTO_MANAGER2
0b767f96 140 help
326a6346
HX		 141 Disable run-time self tests that normally take place at
142 algorithm registration.
0b767f96 143
584fffc8 144config CRYPTO_GF128MUL
08c70fc3 145 tristate "GF(2^128) multiplication functions"
333b0d7e 146 help
584fffc8
SS		 147 Efficient table driven implementation of multiplications in the
148 field GF(2^128). This is needed by some cypher modes. This
149 option will be selected automatically if you select such a
150 cipher mode. Only select this option by hand if you expect to load
151 an external module that requires these functions.
333b0d7e 152
1da177e4
LT		 153config CRYPTO_NULL
154 tristate "Null algorithms"
149a3971 155 select CRYPTO_NULL2
1da177e4
LT		 156 help
157 These are 'Null' algorithms, used by IPsec, which do nothing.
158
149a3971
HX		 159config CRYPTO_NULL2
160 select CRYPTO_ALGAPI2
161 select CRYPTO_BLKCIPHER2
162 select CRYPTO_HASH2
163
5068c7a8 164config CRYPTO_PCRYPT
3b4afaf2
KC		 165 tristate "Parallel crypto engine"
166 depends on SMP
5068c7a8
SK		 167 select PADATA
168 select CRYPTO_MANAGER
169 select CRYPTO_AEAD
170 help
171 This converts an arbitrary crypto algorithm into a parallel
172 algorithm that executes in kernel threads.
173
25c38d3f
HY		 174config CRYPTO_WORKQUEUE
175 tristate
176
584fffc8
SS		 177config CRYPTO_CRYPTD
178 tristate "Software async crypto daemon"
179 select CRYPTO_BLKCIPHER
b8a28251 180 select CRYPTO_HASH
584fffc8 181 select CRYPTO_MANAGER
254eff77 182 select CRYPTO_WORKQUEUE
1da177e4 183 help
584fffc8
SS		 184 This is a generic software asynchronous crypto daemon that
185 converts an arbitrary synchronous software crypto algorithm
186 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 187
1e65b81a
TC		 188config CRYPTO_MCRYPTD
189 tristate "Software async multi-buffer crypto daemon"
190 select CRYPTO_BLKCIPHER
191 select CRYPTO_HASH
192 select CRYPTO_MANAGER
193 select CRYPTO_WORKQUEUE
194 help
195 This is a generic software asynchronous crypto daemon that
196 provides the kernel thread to assist multi-buffer crypto
197 algorithms for submitting jobs and flushing jobs in multi-buffer
198 crypto algorithms. Multi-buffer crypto algorithms are executed
199 in the context of this kernel thread and drivers can post
0e56673b 200 their crypto request asynchronously to be processed by this daemon.
1e65b81a 201
584fffc8
SS		 202config CRYPTO_AUTHENC
203 tristate "Authenc support"
204 select CRYPTO_AEAD
205 select CRYPTO_BLKCIPHER
206 select CRYPTO_MANAGER
207 select CRYPTO_HASH
e94c6a7a 208 select CRYPTO_NULL
1da177e4 209 help
584fffc8
SS		 210 Authenc: Combined mode wrapper for IPsec.
211 This is required for IPSec.
1da177e4 212
584fffc8
SS		 213config CRYPTO_TEST
214 tristate "Testing module"
215 depends on m
da7f033d 216 select CRYPTO_MANAGER
1da177e4 217 help
584fffc8 218 Quick & dirty crypto test module.
1da177e4 219
a62b01cd 220config CRYPTO_ABLK_HELPER
ffaf9156 221 tristate
ffaf9156
JK		 222 select CRYPTO_CRYPTD
223
596d8750
JK		 224config CRYPTO_GLUE_HELPER_X86
225 tristate
226 depends on X86
227 select CRYPTO_ALGAPI
228
584fffc8 229comment "Authenticated Encryption with Associated Data"
cd12fb90 230
584fffc8
SS		 231config CRYPTO_CCM
232 tristate "CCM support"
233 select CRYPTO_CTR
234 select CRYPTO_AEAD
1da177e4 235 help
584fffc8 236 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 237
584fffc8
SS		 238config CRYPTO_GCM
239 tristate "GCM/GMAC support"
240 select CRYPTO_CTR
241 select CRYPTO_AEAD
9382d97a 242 select CRYPTO_GHASH
9489667d 243 select CRYPTO_NULL
1da177e4 244 help
584fffc8
SS		 245 Support for Galois/Counter Mode (GCM) and Galois Message
246 Authentication Code (GMAC). Required for IPSec.
1da177e4 247
71ebc4d1
MW		 248config CRYPTO_CHACHA20POLY1305
249 tristate "ChaCha20-Poly1305 AEAD support"
250 select CRYPTO_CHACHA20
251 select CRYPTO_POLY1305
252 select CRYPTO_AEAD
253 help
254 ChaCha20-Poly1305 AEAD support, RFC7539.
255
256 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
257 with the Poly1305 authenticator. It is defined in RFC7539 for use in
258 IETF protocols.
259
584fffc8
SS		 260config CRYPTO_SEQIV
261 tristate "Sequence Number IV Generator"
262 select CRYPTO_AEAD
263 select CRYPTO_BLKCIPHER
856e3f40 264 select CRYPTO_NULL
401e4238 265 select CRYPTO_RNG_DEFAULT
1da177e4 266 help
584fffc8
SS		 267 This IV generator generates an IV based on a sequence number by
268 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 269
a10f554f
HX		 270config CRYPTO_ECHAINIV
271 tristate "Encrypted Chain IV Generator"
272 select CRYPTO_AEAD
273 select CRYPTO_NULL
401e4238 274 select CRYPTO_RNG_DEFAULT
3491244c 275 default m
a10f554f
HX		 276 help
277 This IV generator generates an IV based on the encryption of
278 a sequence number xored with a salt. This is the default
279 algorithm for CBC.
280
584fffc8 281comment "Block modes"
c494e070 282
584fffc8
SS		 283config CRYPTO_CBC
284 tristate "CBC support"
db131ef9 285 select CRYPTO_BLKCIPHER
43518407 286 select CRYPTO_MANAGER
db131ef9 287 help
584fffc8
SS		 288 CBC: Cipher Block Chaining mode
289 This block cipher algorithm is required for IPSec.
db131ef9 290
584fffc8
SS		 291config CRYPTO_CTR
292 tristate "CTR support"
db131ef9 293 select CRYPTO_BLKCIPHER
584fffc8 294 select CRYPTO_SEQIV
43518407 295 select CRYPTO_MANAGER
db131ef9 296 help
584fffc8 297 CTR: Counter mode
db131ef9
HX		 298 This block cipher algorithm is required for IPSec.
299
584fffc8
SS		 300config CRYPTO_CTS
301 tristate "CTS support"
302 select CRYPTO_BLKCIPHER
303 help
304 CTS: Cipher Text Stealing
305 This is the Cipher Text Stealing mode as described by
306 Section 8 of rfc2040 and referenced by rfc3962.
307 (rfc3962 includes errata information in its Appendix A)
308 This mode is required for Kerberos gss mechanism support
309 for AES encryption.
310
311config CRYPTO_ECB
312 tristate "ECB support"
91652be5
DH		 313 select CRYPTO_BLKCIPHER
314 select CRYPTO_MANAGER
91652be5 315 help
584fffc8
SS		 316 ECB: Electronic CodeBook mode
317 This is the simplest block cipher algorithm. It simply encrypts
318 the input block by block.
91652be5 319
64470f1b 320config CRYPTO_LRW
2470a2b2 321 tristate "LRW support"
64470f1b
RS		 322 select CRYPTO_BLKCIPHER
323 select CRYPTO_MANAGER
324 select CRYPTO_GF128MUL
325 help
326 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
327 narrow block cipher mode for dm-crypt. Use it with cipher
328 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
329 The first 128, 192 or 256 bits in the key are used for AES and the
330 rest is used to tie each cipher block to its logical position.
331
584fffc8
SS		 332config CRYPTO_PCBC
333 tristate "PCBC support"
334 select CRYPTO_BLKCIPHER
335 select CRYPTO_MANAGER
336 help
337 PCBC: Propagating Cipher Block Chaining mode
338 This block cipher algorithm is required for RxRPC.
339
f19f5111 340config CRYPTO_XTS
5bcf8e6d 341 tristate "XTS support"
f19f5111
RS		 342 select CRYPTO_BLKCIPHER
343 select CRYPTO_MANAGER
344 select CRYPTO_GF128MUL
345 help
346 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
347 key size 256, 384 or 512 bits. This implementation currently
348 can't handle a sectorsize which is not a multiple of 16 bytes.
349
584fffc8
SS		 350comment "Hash modes"
351
93b5e86a
JK		 352config CRYPTO_CMAC
353 tristate "CMAC support"
354 select CRYPTO_HASH
355 select CRYPTO_MANAGER
356 help
357 Cipher-based Message Authentication Code (CMAC) specified by
358 The National Institute of Standards and Technology (NIST).
359
360 https://tools.ietf.org/html/rfc4493
361 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
362
584fffc8
SS		 363config CRYPTO_HMAC
364 tristate "HMAC support"
365 select CRYPTO_HASH
23e353c8 366 select CRYPTO_MANAGER
23e353c8 367 help
584fffc8
SS		 368 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
369 This is required for IPSec.
23e353c8 370
584fffc8
SS		 371config CRYPTO_XCBC
372 tristate "XCBC support"
584fffc8
SS		 373 select CRYPTO_HASH
374 select CRYPTO_MANAGER
76cb9521 375 help
584fffc8
SS		 376 XCBC: Keyed-Hashing with encryption algorithm
377 http://www.ietf.org/rfc/rfc3566.txt
378 http://csrc.nist.gov/encryption/modes/proposedmodes/
379 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 380
f1939f7c
SW		 381config CRYPTO_VMAC
382 tristate "VMAC support"
f1939f7c
SW		 383 select CRYPTO_HASH
384 select CRYPTO_MANAGER
385 help
386 VMAC is a message authentication algorithm designed for
387 very high speed on 64-bit architectures.
388
389 See also:
390 <http://fastcrypto.org/vmac>
391
584fffc8 392comment "Digest"
28db8e3e 393
584fffc8
SS		 394config CRYPTO_CRC32C
395 tristate "CRC32c CRC algorithm"
5773a3e6 396 select CRYPTO_HASH
6a0962b2 397 select CRC32
4a49b499 398 help
584fffc8
SS		 399 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
400 by iSCSI for header and data digests and by others.
69c35efc 401 See Castagnoli93. Module will be crc32c.
4a49b499 402
8cb51ba8
AZ		 403config CRYPTO_CRC32C_INTEL
404 tristate "CRC32c INTEL hardware acceleration"
405 depends on X86
406 select CRYPTO_HASH
407 help
408 In Intel processor with SSE4.2 supported, the processor will
409 support CRC32C implementation using hardware accelerated CRC32
410 instruction. This option will create 'crc32c-intel' module,
411 which will enable any routine to use the CRC32 instruction to
412 gain performance compared with software implementation.
413 Module will be crc32c-intel.
414
442a7c40
DM		 415config CRYPTO_CRC32C_SPARC64
416 tristate "CRC32c CRC algorithm (SPARC64)"
417 depends on SPARC64
418 select CRYPTO_HASH
419 select CRC32
420 help
421 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
422 when available.
423
78c37d19
AB		 424config CRYPTO_CRC32
425 tristate "CRC32 CRC algorithm"
426 select CRYPTO_HASH
427 select CRC32
428 help
429 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
430 Shash crypto api wrappers to crc32_le function.
431
432config CRYPTO_CRC32_PCLMUL
433 tristate "CRC32 PCLMULQDQ hardware acceleration"
434 depends on X86
435 select CRYPTO_HASH
436 select CRC32
437 help
438 From Intel Westmere and AMD Bulldozer processor with SSE4.2
439 and PCLMULQDQ supported, the processor will support
440 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
441 instruction. This option will create 'crc32-plcmul' module,
442 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
443 and gain better performance as compared with the table implementation.
444
68411521
HX		 445config CRYPTO_CRCT10DIF
446 tristate "CRCT10DIF algorithm"
447 select CRYPTO_HASH
448 help
449 CRC T10 Data Integrity Field computation is being cast as
450 a crypto transform. This allows for faster crc t10 diff
451 transforms to be used if they are available.
452
453config CRYPTO_CRCT10DIF_PCLMUL
454 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
455 depends on X86 && 64BIT && CRC_T10DIF
456 select CRYPTO_HASH
457 help
458 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
459 CRC T10 DIF PCLMULQDQ computation can be hardware
460 accelerated PCLMULQDQ instruction. This option will create
461 'crct10dif-plcmul' module, which is faster when computing the
462 crct10dif checksum as compared with the generic table implementation.
463
2cdc6899
HY		 464config CRYPTO_GHASH
465 tristate "GHASH digest algorithm"
2cdc6899
HY		 466 select CRYPTO_GF128MUL
467 help
468 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
469
f979e014
MW		 470config CRYPTO_POLY1305
471 tristate "Poly1305 authenticator algorithm"
472 help
473 Poly1305 authenticator algorithm, RFC7539.
474
475 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
476 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
477 in IETF protocols. This is the portable C implementation of Poly1305.
478
c70f4abe 479config CRYPTO_POLY1305_X86_64
b1ccc8f4 480 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 481 depends on X86 && 64BIT
482 select CRYPTO_POLY1305
483 help
484 Poly1305 authenticator algorithm, RFC7539.
485
486 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
487 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
488 in IETF protocols. This is the x86_64 assembler implementation using SIMD
489 instructions.
490
584fffc8
SS		 491config CRYPTO_MD4
492 tristate "MD4 digest algorithm"
808a1763 493 select CRYPTO_HASH
124b53d0 494 help
584fffc8 495 MD4 message digest algorithm (RFC1320).
124b53d0 496
584fffc8
SS		 497config CRYPTO_MD5
498 tristate "MD5 digest algorithm"
14b75ba7 499 select CRYPTO_HASH
1da177e4 500 help
584fffc8 501 MD5 message digest algorithm (RFC1321).
1da177e4 502
d69e75de
AK		 503config CRYPTO_MD5_OCTEON
504 tristate "MD5 digest algorithm (OCTEON)"
505 depends on CPU_CAVIUM_OCTEON
506 select CRYPTO_MD5
507 select CRYPTO_HASH
508 help
509 MD5 message digest algorithm (RFC1321) implemented
510 using OCTEON crypto instructions, when available.
511
e8e59953
MS		 512config CRYPTO_MD5_PPC
513 tristate "MD5 digest algorithm (PPC)"
514 depends on PPC
515 select CRYPTO_HASH
516 help
517 MD5 message digest algorithm (RFC1321) implemented
518 in PPC assembler.
519
fa4dfedc
DM		 520config CRYPTO_MD5_SPARC64
521 tristate "MD5 digest algorithm (SPARC64)"
522 depends on SPARC64
523 select CRYPTO_MD5
524 select CRYPTO_HASH
525 help
526 MD5 message digest algorithm (RFC1321) implemented
527 using sparc64 crypto instructions, when available.
528
584fffc8
SS		 529config CRYPTO_MICHAEL_MIC
530 tristate "Michael MIC keyed digest algorithm"
19e2bf14 531 select CRYPTO_HASH
90831639 532 help
584fffc8
SS		 533 Michael MIC is used for message integrity protection in TKIP
534 (IEEE 802.11i). This algorithm is required for TKIP, but it
535 should not be used for other purposes because of the weakness
536 of the algorithm.
90831639 537
82798f90 538config CRYPTO_RMD128
b6d44341 539 tristate "RIPEMD-128 digest algorithm"
7c4468bc 540 select CRYPTO_HASH
b6d44341
AB		 541 help
542 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 543
b6d44341 544 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 545 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 546 RIPEMD-160 should be used.
82798f90 547
b6d44341 548 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 549 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 550
551config CRYPTO_RMD160
b6d44341 552 tristate "RIPEMD-160 digest algorithm"
e5835fba 553 select CRYPTO_HASH
b6d44341
AB		 554 help
555 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 556
b6d44341
AB		 557 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
558 to be used as a secure replacement for the 128-bit hash functions
559 MD4, MD5 and it's predecessor RIPEMD
560 (not to be confused with RIPEMD-128).
82798f90 561
b6d44341
AB		 562 It's speed is comparable to SHA1 and there are no known attacks
563 against RIPEMD-160.
534fe2c1 564
b6d44341 565 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 566 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 567
568config CRYPTO_RMD256
b6d44341 569 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 570 select CRYPTO_HASH
b6d44341
AB		 571 help
572 RIPEMD-256 is an optional extension of RIPEMD-128 with a
573 256 bit hash. It is intended for applications that require
574 longer hash-results, without needing a larger security level
575 (than RIPEMD-128).
534fe2c1 576
b6d44341 577 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 578 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 579
580config CRYPTO_RMD320
b6d44341 581 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 582 select CRYPTO_HASH
b6d44341
AB		 583 help
584 RIPEMD-320 is an optional extension of RIPEMD-160 with a
585 320 bit hash. It is intended for applications that require
586 longer hash-results, without needing a larger security level
587 (than RIPEMD-160).
534fe2c1 588
b6d44341 589 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 590 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 591
584fffc8
SS		 592config CRYPTO_SHA1
593 tristate "SHA1 digest algorithm"
54ccb367 594 select CRYPTO_HASH
1da177e4 595 help
584fffc8 596 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 597
66be8951 598config CRYPTO_SHA1_SSSE3
7c1da8d0 599 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
66be8951
MK		 600 depends on X86 && 64BIT
601 select CRYPTO_SHA1
602 select CRYPTO_HASH
603 help
604 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
605 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
7c1da8d0 606 Extensions (AVX/AVX2), when available.
66be8951 607
8275d1aa
TC		 608config CRYPTO_SHA256_SSSE3
609 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
610 depends on X86 && 64BIT
611 select CRYPTO_SHA256
612 select CRYPTO_HASH
613 help
614 SHA-256 secure hash standard (DFIPS 180-2) implemented
615 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
616 Extensions version 1 (AVX1), or Advanced Vector Extensions
87de4579
TC		 617 version 2 (AVX2) instructions, when available.
618
619config CRYPTO_SHA512_SSSE3
620 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
621 depends on X86 && 64BIT
622 select CRYPTO_SHA512
623 select CRYPTO_HASH
624 help
625 SHA-512 secure hash standard (DFIPS 180-2) implemented
626 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
627 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 628 version 2 (AVX2) instructions, when available.
629
efdb6f6e
AK		 630config CRYPTO_SHA1_OCTEON
631 tristate "SHA1 digest algorithm (OCTEON)"
632 depends on CPU_CAVIUM_OCTEON
633 select CRYPTO_SHA1
634 select CRYPTO_HASH
635 help
636 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
637 using OCTEON crypto instructions, when available.
638
4ff28d4c
DM		 639config CRYPTO_SHA1_SPARC64
640 tristate "SHA1 digest algorithm (SPARC64)"
641 depends on SPARC64
642 select CRYPTO_SHA1
643 select CRYPTO_HASH
644 help
645 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
646 using sparc64 crypto instructions, when available.
647
323a6bf1
ME		 648config CRYPTO_SHA1_PPC
649 tristate "SHA1 digest algorithm (powerpc)"
650 depends on PPC
651 help
652 This is the powerpc hardware accelerated implementation of the
653 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
654
d9850fc5
MS		 655config CRYPTO_SHA1_PPC_SPE
656 tristate "SHA1 digest algorithm (PPC SPE)"
657 depends on PPC && SPE
658 help
659 SHA-1 secure hash standard (DFIPS 180-4) implemented
660 using powerpc SPE SIMD instruction set.
661
1e65b81a
TC		 662config CRYPTO_SHA1_MB
663 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
664 depends on X86 && 64BIT
665 select CRYPTO_SHA1
666 select CRYPTO_HASH
667 select CRYPTO_MCRYPTD
668 help
669 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
670 using multi-buffer technique. This algorithm computes on
671 multiple data lanes concurrently with SIMD instructions for
672 better throughput. It should not be enabled by default but
673 used when there is significant amount of work to keep the keep
674 the data lanes filled to get performance benefit. If the data
675 lanes remain unfilled, a flush operation will be initiated to
676 process the crypto jobs, adding a slight latency.
677
584fffc8
SS		 678config CRYPTO_SHA256
679 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 680 select CRYPTO_HASH
1da177e4 681 help
584fffc8 682 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 683
584fffc8
SS		 684 This version of SHA implements a 256 bit hash with 128 bits of
685 security against collision attacks.
2729bb42 686
b6d44341
AB		 687 This code also includes SHA-224, a 224 bit hash with 112 bits
688 of security against collision attacks.
584fffc8 689
2ecc1e95
MS		 690config CRYPTO_SHA256_PPC_SPE
691 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
692 depends on PPC && SPE
693 select CRYPTO_SHA256
694 select CRYPTO_HASH
695 help
696 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
697 implemented using powerpc SPE SIMD instruction set.
698
efdb6f6e
AK		 699config CRYPTO_SHA256_OCTEON
700 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
701 depends on CPU_CAVIUM_OCTEON
702 select CRYPTO_SHA256
703 select CRYPTO_HASH
704 help
705 SHA-256 secure hash standard (DFIPS 180-2) implemented
706 using OCTEON crypto instructions, when available.
707
86c93b24
DM		 708config CRYPTO_SHA256_SPARC64
709 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
710 depends on SPARC64
711 select CRYPTO_SHA256
712 select CRYPTO_HASH
713 help
714 SHA-256 secure hash standard (DFIPS 180-2) implemented
715 using sparc64 crypto instructions, when available.
716
584fffc8
SS		 717config CRYPTO_SHA512
718 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 719 select CRYPTO_HASH
b9f535ff 720 help
584fffc8 721 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 722
584fffc8
SS		 723 This version of SHA implements a 512 bit hash with 256 bits of
724 security against collision attacks.
b9f535ff 725
584fffc8
SS		 726 This code also includes SHA-384, a 384 bit hash with 192 bits
727 of security against collision attacks.
b9f535ff 728
efdb6f6e
AK		 729config CRYPTO_SHA512_OCTEON
730 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
731 depends on CPU_CAVIUM_OCTEON
732 select CRYPTO_SHA512
733 select CRYPTO_HASH
734 help
735 SHA-512 secure hash standard (DFIPS 180-2) implemented
736 using OCTEON crypto instructions, when available.
737
775e0c69
DM		 738config CRYPTO_SHA512_SPARC64
739 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
740 depends on SPARC64
741 select CRYPTO_SHA512
742 select CRYPTO_HASH
743 help
744 SHA-512 secure hash standard (DFIPS 180-2) implemented
745 using sparc64 crypto instructions, when available.
746
584fffc8
SS		 747config CRYPTO_TGR192
748 tristate "Tiger digest algorithms"
f63fbd3d 749 select CRYPTO_HASH
eaf44088 750 help
584fffc8 751 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 752
584fffc8
SS		 753 Tiger is a hash function optimized for 64-bit processors while
754 still having decent performance on 32-bit processors.
755 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 756
757 See also:
584fffc8 758 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 759
584fffc8
SS		 760config CRYPTO_WP512
761 tristate "Whirlpool digest algorithms"
4946510b 762 select CRYPTO_HASH
1da177e4 763 help
584fffc8 764 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 765
584fffc8
SS		 766 Whirlpool-512 is part of the NESSIE cryptographic primitives.
767 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 768
769 See also:
6d8de74c 770 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 771
0e1227d3
HY		 772config CRYPTO_GHASH_CLMUL_NI_INTEL
773 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 774 depends on X86 && 64BIT
0e1227d3
HY		 775 select CRYPTO_CRYPTD
776 help
777 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
778 The implementation is accelerated by CLMUL-NI of Intel.
779
584fffc8 780comment "Ciphers"
1da177e4
LT		 781
782config CRYPTO_AES
783 tristate "AES cipher algorithms"
cce9e06d 784 select CRYPTO_ALGAPI
1da177e4 785 help
584fffc8 786 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 787 algorithm.
788
789 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 790 both hardware and software across a wide range of computing
791 environments regardless of its use in feedback or non-feedback
792 modes. Its key setup time is excellent, and its key agility is
793 good. Rijndael's very low memory requirements make it very well
794 suited for restricted-space environments, in which it also
795 demonstrates excellent performance. Rijndael's operations are
796 among the easiest to defend against power and timing attacks.
1da177e4 797
584fffc8 798 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 799
800 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
801
802config CRYPTO_AES_586
803 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 804 depends on (X86 || UML_X86) && !64BIT
805 select CRYPTO_ALGAPI
5157dea8 806 select CRYPTO_AES
1da177e4 807 help
584fffc8 808 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 809 algorithm.
810
811 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 812 both hardware and software across a wide range of computing
813 environments regardless of its use in feedback or non-feedback
814 modes. Its key setup time is excellent, and its key agility is
815 good. Rijndael's very low memory requirements make it very well
816 suited for restricted-space environments, in which it also
817 demonstrates excellent performance. Rijndael's operations are
818 among the easiest to defend against power and timing attacks.
1da177e4 819
584fffc8 820 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 821
822 See <http://csrc.nist.gov/encryption/aes/> for more information.
823
824config CRYPTO_AES_X86_64
825 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 826 depends on (X86 || UML_X86) && 64BIT
827 select CRYPTO_ALGAPI
81190b32 828 select CRYPTO_AES
a2a892a2 829 help
584fffc8 830 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 831 algorithm.
832
833 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 834 both hardware and software across a wide range of computing
835 environments regardless of its use in feedback or non-feedback
836 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 837 good. Rijndael's very low memory requirements make it very well
838 suited for restricted-space environments, in which it also
839 demonstrates excellent performance. Rijndael's operations are
840 among the easiest to defend against power and timing attacks.
841
842 The AES specifies three key sizes: 128, 192 and 256 bits
843
844 See <http://csrc.nist.gov/encryption/aes/> for more information.
845
846config CRYPTO_AES_NI_INTEL
847 tristate "AES cipher algorithms (AES-NI)"
8af00860 848 depends on X86
0d258efb
MK		 849 select CRYPTO_AES_X86_64 if 64BIT
850 select CRYPTO_AES_586 if !64BIT
54b6a1bd 851 select CRYPTO_CRYPTD
801201aa 852 select CRYPTO_ABLK_HELPER
54b6a1bd 853 select CRYPTO_ALGAPI
7643a11a 854 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 855 select CRYPTO_LRW
856 select CRYPTO_XTS
54b6a1bd
HY		 857 help
858 Use Intel AES-NI instructions for AES algorithm.
859
860 AES cipher algorithms (FIPS-197). AES uses the Rijndael
861 algorithm.
862
863 Rijndael appears to be consistently a very good performer in
864 both hardware and software across a wide range of computing
865 environments regardless of its use in feedback or non-feedback
866 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 867 good. Rijndael's very low memory requirements make it very well
868 suited for restricted-space environments, in which it also
869 demonstrates excellent performance. Rijndael's operations are
870 among the easiest to defend against power and timing attacks.
a2a892a2 871
584fffc8 872 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 873
874 See <http://csrc.nist.gov/encryption/aes/> for more information.
875
0d258efb
MK		 876 In addition to AES cipher algorithm support, the acceleration
877 for some popular block cipher mode is supported too, including
878 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
879 acceleration for CTR.
2cf4ac8b 880
9bf4852d
DM		 881config CRYPTO_AES_SPARC64
882 tristate "AES cipher algorithms (SPARC64)"
883 depends on SPARC64
884 select CRYPTO_CRYPTD
885 select CRYPTO_ALGAPI
886 help
887 Use SPARC64 crypto opcodes for AES algorithm.
888
889 AES cipher algorithms (FIPS-197). AES uses the Rijndael
890 algorithm.
891
892 Rijndael appears to be consistently a very good performer in
893 both hardware and software across a wide range of computing
894 environments regardless of its use in feedback or non-feedback
895 modes. Its key setup time is excellent, and its key agility is
896 good. Rijndael's very low memory requirements make it very well
897 suited for restricted-space environments, in which it also
898 demonstrates excellent performance. Rijndael's operations are
899 among the easiest to defend against power and timing attacks.
900
901 The AES specifies three key sizes: 128, 192 and 256 bits
902
903 See <http://csrc.nist.gov/encryption/aes/> for more information.
904
905 In addition to AES cipher algorithm support, the acceleration
906 for some popular block cipher mode is supported too, including
907 ECB and CBC.
908
504c6143
MS		 909config CRYPTO_AES_PPC_SPE
910 tristate "AES cipher algorithms (PPC SPE)"
911 depends on PPC && SPE
912 help
913 AES cipher algorithms (FIPS-197). Additionally the acceleration
914 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
915 This module should only be used for low power (router) devices
916 without hardware AES acceleration (e.g. caam crypto). It reduces the
917 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
918 timining attacks. Nevertheless it might be not as secure as other
919 architecture specific assembler implementations that work on 1KB
920 tables or 256 bytes S-boxes.
921
584fffc8
SS		 922config CRYPTO_ANUBIS
923 tristate "Anubis cipher algorithm"
924 select CRYPTO_ALGAPI
925 help
926 Anubis cipher algorithm.
927
928 Anubis is a variable key length cipher which can use keys from
929 128 bits to 320 bits in length. It was evaluated as a entrant
930 in the NESSIE competition.
931
932 See also:
6d8de74c
JM		 933 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
934 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 935
936config CRYPTO_ARC4
937 tristate "ARC4 cipher algorithm"
b9b0f080 938 select CRYPTO_BLKCIPHER
584fffc8
SS		 939 help
940 ARC4 cipher algorithm.
941
942 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
943 bits in length. This algorithm is required for driver-based
944 WEP, but it should not be for other purposes because of the
945 weakness of the algorithm.
946
947config CRYPTO_BLOWFISH
948 tristate "Blowfish cipher algorithm"
949 select CRYPTO_ALGAPI
52ba867c 950 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 951 help
952 Blowfish cipher algorithm, by Bruce Schneier.
953
954 This is a variable key length cipher which can use keys from 32
955 bits to 448 bits in length. It's fast, simple and specifically
956 designed for use on "large microprocessors".
957
958 See also:
959 <http://www.schneier.com/blowfish.html>
960
52ba867c
JK		 961config CRYPTO_BLOWFISH_COMMON
962 tristate
963 help
964 Common parts of the Blowfish cipher algorithm shared by the
965 generic c and the assembler implementations.
966
967 See also:
968 <http://www.schneier.com/blowfish.html>
969
64b94cea
JK		 970config CRYPTO_BLOWFISH_X86_64
971 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 972 depends on X86 && 64BIT
64b94cea
JK		 973 select CRYPTO_ALGAPI
974 select CRYPTO_BLOWFISH_COMMON
975 help
976 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
977
978 This is a variable key length cipher which can use keys from 32
979 bits to 448 bits in length. It's fast, simple and specifically
980 designed for use on "large microprocessors".
981
982 See also:
983 <http://www.schneier.com/blowfish.html>
984
584fffc8
SS		 985config CRYPTO_CAMELLIA
986 tristate "Camellia cipher algorithms"
987 depends on CRYPTO
988 select CRYPTO_ALGAPI
989 help
990 Camellia cipher algorithms module.
991
992 Camellia is a symmetric key block cipher developed jointly
993 at NTT and Mitsubishi Electric Corporation.
994
995 The Camellia specifies three key sizes: 128, 192 and 256 bits.
996
997 See also:
998 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
999
0b95ec56
JK		 1000config CRYPTO_CAMELLIA_X86_64
1001 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1002 depends on X86 && 64BIT
0b95ec56
JK		 1003 depends on CRYPTO
1004 select CRYPTO_ALGAPI
964263af 1005 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1006 select CRYPTO_LRW
1007 select CRYPTO_XTS
1008 help
1009 Camellia cipher algorithm module (x86_64).
1010
1011 Camellia is a symmetric key block cipher developed jointly
1012 at NTT and Mitsubishi Electric Corporation.
1013
1014 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1015
1016 See also:
d9b1d2e7
JK		 1017 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1018
1019config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1020 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1021 depends on X86 && 64BIT
1022 depends on CRYPTO
1023 select CRYPTO_ALGAPI
1024 select CRYPTO_CRYPTD
801201aa 1025 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 1026 select CRYPTO_GLUE_HELPER_X86
1027 select CRYPTO_CAMELLIA_X86_64
1028 select CRYPTO_LRW
1029 select CRYPTO_XTS
1030 help
1031 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1032
1033 Camellia is a symmetric key block cipher developed jointly
1034 at NTT and Mitsubishi Electric Corporation.
1035
1036 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1037
1038 See also:
0b95ec56
JK		 1039 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1040
f3f935a7
JK		 1041config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1042 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1043 depends on X86 && 64BIT
1044 depends on CRYPTO
1045 select CRYPTO_ALGAPI
1046 select CRYPTO_CRYPTD
801201aa 1047 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 1048 select CRYPTO_GLUE_HELPER_X86
1049 select CRYPTO_CAMELLIA_X86_64
1050 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1051 select CRYPTO_LRW
1052 select CRYPTO_XTS
1053 help
1054 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1055
1056 Camellia is a symmetric key block cipher developed jointly
1057 at NTT and Mitsubishi Electric Corporation.
1058
1059 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1060
1061 See also:
1062 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1063
81658ad0
DM		 1064config CRYPTO_CAMELLIA_SPARC64
1065 tristate "Camellia cipher algorithm (SPARC64)"
1066 depends on SPARC64
1067 depends on CRYPTO
1068 select CRYPTO_ALGAPI
1069 help
1070 Camellia cipher algorithm module (SPARC64).
1071
1072 Camellia is a symmetric key block cipher developed jointly
1073 at NTT and Mitsubishi Electric Corporation.
1074
1075 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1076
1077 See also:
1078 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1079
044ab525
JK		 1080config CRYPTO_CAST_COMMON
1081 tristate
1082 help
1083 Common parts of the CAST cipher algorithms shared by the
1084 generic c and the assembler implementations.
1085
1da177e4
LT		 1086config CRYPTO_CAST5
1087 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1088 select CRYPTO_ALGAPI
044ab525 1089 select CRYPTO_CAST_COMMON
1da177e4
LT		 1090 help
1091 The CAST5 encryption algorithm (synonymous with CAST-128) is
1092 described in RFC2144.
1093
4d6d6a2c
JG		 1094config CRYPTO_CAST5_AVX_X86_64
1095 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1096 depends on X86 && 64BIT
1097 select CRYPTO_ALGAPI
1098 select CRYPTO_CRYPTD
801201aa 1099 select CRYPTO_ABLK_HELPER
044ab525 1100 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1101 select CRYPTO_CAST5
1102 help
1103 The CAST5 encryption algorithm (synonymous with CAST-128) is
1104 described in RFC2144.
1105
1106 This module provides the Cast5 cipher algorithm that processes
1107 sixteen blocks parallel using the AVX instruction set.
1108
1da177e4
LT		 1109config CRYPTO_CAST6
1110 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1111 select CRYPTO_ALGAPI
044ab525 1112 select CRYPTO_CAST_COMMON
1da177e4
LT		 1113 help
1114 The CAST6 encryption algorithm (synonymous with CAST-256) is
1115 described in RFC2612.
1116
4ea1277d
JG		 1117config CRYPTO_CAST6_AVX_X86_64
1118 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1119 depends on X86 && 64BIT
1120 select CRYPTO_ALGAPI
1121 select CRYPTO_CRYPTD
801201aa 1122 select CRYPTO_ABLK_HELPER
4ea1277d 1123 select CRYPTO_GLUE_HELPER_X86
044ab525 1124 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1125 select CRYPTO_CAST6
1126 select CRYPTO_LRW
1127 select CRYPTO_XTS
1128 help
1129 The CAST6 encryption algorithm (synonymous with CAST-256) is
1130 described in RFC2612.
1131
1132 This module provides the Cast6 cipher algorithm that processes
1133 eight blocks parallel using the AVX instruction set.
1134
584fffc8
SS		 1135config CRYPTO_DES
1136 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1137 select CRYPTO_ALGAPI
1da177e4 1138 help
584fffc8 1139 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1140
c5aac2df
DM		 1141config CRYPTO_DES_SPARC64
1142 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1143 depends on SPARC64
c5aac2df
DM		 1144 select CRYPTO_ALGAPI
1145 select CRYPTO_DES
1146 help
1147 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1148 optimized using SPARC64 crypto opcodes.
1149
6574e6c6
JK		 1150config CRYPTO_DES3_EDE_X86_64
1151 tristate "Triple DES EDE cipher algorithm (x86-64)"
1152 depends on X86 && 64BIT
1153 select CRYPTO_ALGAPI
1154 select CRYPTO_DES
1155 help
1156 Triple DES EDE (FIPS 46-3) algorithm.
1157
1158 This module provides implementation of the Triple DES EDE cipher
1159 algorithm that is optimized for x86-64 processors. Two versions of
1160 algorithm are provided; regular processing one input block and
1161 one that processes three blocks parallel.
1162
584fffc8
SS		 1163config CRYPTO_FCRYPT
1164 tristate "FCrypt cipher algorithm"
cce9e06d 1165 select CRYPTO_ALGAPI
584fffc8 1166 select CRYPTO_BLKCIPHER
1da177e4 1167 help
584fffc8 1168 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1169
1170config CRYPTO_KHAZAD
1171 tristate "Khazad cipher algorithm"
cce9e06d 1172 select CRYPTO_ALGAPI
1da177e4
LT		 1173 help
1174 Khazad cipher algorithm.
1175
1176 Khazad was a finalist in the initial NESSIE competition. It is
1177 an algorithm optimized for 64-bit processors with good performance
1178 on 32-bit processors. Khazad uses an 128 bit key size.
1179
1180 See also:
6d8de74c 1181 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1182
2407d608 1183config CRYPTO_SALSA20
3b4afaf2 1184 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1185 select CRYPTO_BLKCIPHER
1186 help
1187 Salsa20 stream cipher algorithm.
1188
1189 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1190 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1191
1192 The Salsa20 stream cipher algorithm is designed by Daniel J.
1193 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1194
1195config CRYPTO_SALSA20_586
3b4afaf2 1196 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1197 depends on (X86 || UML_X86) && !64BIT
974e4b75 1198 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1199 help
1200 Salsa20 stream cipher algorithm.
1201
1202 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1203 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1204
1205 The Salsa20 stream cipher algorithm is designed by Daniel J.
1206 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1207
1208config CRYPTO_SALSA20_X86_64
3b4afaf2 1209 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1210 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1211 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1212 help
1213 Salsa20 stream cipher algorithm.
1214
1215 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1216 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1217
1218 The Salsa20 stream cipher algorithm is designed by Daniel J.
1219 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1220
c08d0e64
MW		 1221config CRYPTO_CHACHA20
1222 tristate "ChaCha20 cipher algorithm"
1223 select CRYPTO_BLKCIPHER
1224 help
1225 ChaCha20 cipher algorithm, RFC7539.
1226
1227 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1228 Bernstein and further specified in RFC7539 for use in IETF protocols.
1229 This is the portable C implementation of ChaCha20.
1230
1231 See also:
1232 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1233
c9320b6d 1234config CRYPTO_CHACHA20_X86_64
3d1e93cd 1235 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
c9320b6d
MW		 1236 depends on X86 && 64BIT
1237 select CRYPTO_BLKCIPHER
1238 select CRYPTO_CHACHA20
1239 help
1240 ChaCha20 cipher algorithm, RFC7539.
1241
1242 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1243 Bernstein and further specified in RFC7539 for use in IETF protocols.
1244 This is the x86_64 assembler implementation using SIMD instructions.
1245
1246 See also:
1247 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1248
584fffc8
SS		 1249config CRYPTO_SEED
1250 tristate "SEED cipher algorithm"
cce9e06d 1251 select CRYPTO_ALGAPI
1da177e4 1252 help
584fffc8 1253 SEED cipher algorithm (RFC4269).
1da177e4 1254
584fffc8
SS		 1255 SEED is a 128-bit symmetric key block cipher that has been
1256 developed by KISA (Korea Information Security Agency) as a
1257 national standard encryption algorithm of the Republic of Korea.
1258 It is a 16 round block cipher with the key size of 128 bit.
1259
1260 See also:
1261 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1262
1263config CRYPTO_SERPENT
1264 tristate "Serpent cipher algorithm"
cce9e06d 1265 select CRYPTO_ALGAPI
1da177e4 1266 help
584fffc8 1267 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1268
584fffc8
SS		 1269 Keys are allowed to be from 0 to 256 bits in length, in steps
1270 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1271 variant of Serpent for compatibility with old kerneli.org code.
1272
1273 See also:
1274 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1275
937c30d7
JK		 1276config CRYPTO_SERPENT_SSE2_X86_64
1277 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1278 depends on X86 && 64BIT
1279 select CRYPTO_ALGAPI
341975bf 1280 select CRYPTO_CRYPTD
801201aa 1281 select CRYPTO_ABLK_HELPER
596d8750 1282 select CRYPTO_GLUE_HELPER_X86
937c30d7 1283 select CRYPTO_SERPENT
feaf0cfc
JK		 1284 select CRYPTO_LRW
1285 select CRYPTO_XTS
937c30d7
JK		 1286 help
1287 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1288
1289 Keys are allowed to be from 0 to 256 bits in length, in steps
1290 of 8 bits.
1291
1e6232f8 1292 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1293 blocks parallel using SSE2 instruction set.
1294
1295 See also:
1296 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1297
251496db
JK		 1298config CRYPTO_SERPENT_SSE2_586
1299 tristate "Serpent cipher algorithm (i586/SSE2)"
1300 depends on X86 && !64BIT
1301 select CRYPTO_ALGAPI
341975bf 1302 select CRYPTO_CRYPTD
801201aa 1303 select CRYPTO_ABLK_HELPER
596d8750 1304 select CRYPTO_GLUE_HELPER_X86
251496db 1305 select CRYPTO_SERPENT
feaf0cfc
JK		 1306 select CRYPTO_LRW
1307 select CRYPTO_XTS
251496db
JK		 1308 help
1309 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1310
1311 Keys are allowed to be from 0 to 256 bits in length, in steps
1312 of 8 bits.
1313
1314 This module provides Serpent cipher algorithm that processes four
1315 blocks parallel using SSE2 instruction set.
1316
1317 See also:
1318 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1319
1320config CRYPTO_SERPENT_AVX_X86_64
1321 tristate "Serpent cipher algorithm (x86_64/AVX)"
1322 depends on X86 && 64BIT
1323 select CRYPTO_ALGAPI
1324 select CRYPTO_CRYPTD
801201aa 1325 select CRYPTO_ABLK_HELPER
1d0debbd 1326 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1327 select CRYPTO_SERPENT
1328 select CRYPTO_LRW
1329 select CRYPTO_XTS
1330 help
1331 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1332
1333 Keys are allowed to be from 0 to 256 bits in length, in steps
1334 of 8 bits.
1335
1336 This module provides the Serpent cipher algorithm that processes
1337 eight blocks parallel using the AVX instruction set.
1338
1339 See also:
1340 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1341
56d76c96
JK		 1342config CRYPTO_SERPENT_AVX2_X86_64
1343 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1344 depends on X86 && 64BIT
1345 select CRYPTO_ALGAPI
1346 select CRYPTO_CRYPTD
801201aa 1347 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1348 select CRYPTO_GLUE_HELPER_X86
1349 select CRYPTO_SERPENT
1350 select CRYPTO_SERPENT_AVX_X86_64
1351 select CRYPTO_LRW
1352 select CRYPTO_XTS
1353 help
1354 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1355
1356 Keys are allowed to be from 0 to 256 bits in length, in steps
1357 of 8 bits.
1358
1359 This module provides Serpent cipher algorithm that processes 16
1360 blocks parallel using AVX2 instruction set.
1361
1362 See also:
1363 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1364
584fffc8
SS		 1365config CRYPTO_TEA
1366 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1367 select CRYPTO_ALGAPI
1da177e4 1368 help
584fffc8 1369 TEA cipher algorithm.
1da177e4 1370
584fffc8
SS		 1371 Tiny Encryption Algorithm is a simple cipher that uses
1372 many rounds for security. It is very fast and uses
1373 little memory.
1374
1375 Xtendend Tiny Encryption Algorithm is a modification to
1376 the TEA algorithm to address a potential key weakness
1377 in the TEA algorithm.
1378
1379 Xtendend Encryption Tiny Algorithm is a mis-implementation
1380 of the XTEA algorithm for compatibility purposes.
1381
1382config CRYPTO_TWOFISH
1383 tristate "Twofish cipher algorithm"
04ac7db3 1384 select CRYPTO_ALGAPI
584fffc8 1385 select CRYPTO_TWOFISH_COMMON
04ac7db3 1386 help
584fffc8 1387 Twofish cipher algorithm.
04ac7db3 1388
584fffc8
SS		 1389 Twofish was submitted as an AES (Advanced Encryption Standard)
1390 candidate cipher by researchers at CounterPane Systems. It is a
1391 16 round block cipher supporting key sizes of 128, 192, and 256
1392 bits.
04ac7db3 1393
584fffc8
SS		 1394 See also:
1395 <http://www.schneier.com/twofish.html>
1396
1397config CRYPTO_TWOFISH_COMMON
1398 tristate
1399 help
1400 Common parts of the Twofish cipher algorithm shared by the
1401 generic c and the assembler implementations.
1402
1403config CRYPTO_TWOFISH_586
1404 tristate "Twofish cipher algorithms (i586)"
1405 depends on (X86 || UML_X86) && !64BIT
1406 select CRYPTO_ALGAPI
1407 select CRYPTO_TWOFISH_COMMON
1408 help
1409 Twofish cipher algorithm.
1410
1411 Twofish was submitted as an AES (Advanced Encryption Standard)
1412 candidate cipher by researchers at CounterPane Systems. It is a
1413 16 round block cipher supporting key sizes of 128, 192, and 256
1414 bits.
04ac7db3
NT		 1415
1416 See also:
584fffc8 1417 <http://www.schneier.com/twofish.html>
04ac7db3 1418
584fffc8
SS		 1419config CRYPTO_TWOFISH_X86_64
1420 tristate "Twofish cipher algorithm (x86_64)"
1421 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1422 select CRYPTO_ALGAPI
584fffc8 1423 select CRYPTO_TWOFISH_COMMON
1da177e4 1424 help
584fffc8 1425 Twofish cipher algorithm (x86_64).
1da177e4 1426
584fffc8
SS		 1427 Twofish was submitted as an AES (Advanced Encryption Standard)
1428 candidate cipher by researchers at CounterPane Systems. It is a
1429 16 round block cipher supporting key sizes of 128, 192, and 256
1430 bits.
1431
1432 See also:
1433 <http://www.schneier.com/twofish.html>
1434
8280daad
JK		 1435config CRYPTO_TWOFISH_X86_64_3WAY
1436 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1437 depends on X86 && 64BIT
8280daad
JK		 1438 select CRYPTO_ALGAPI
1439 select CRYPTO_TWOFISH_COMMON
1440 select CRYPTO_TWOFISH_X86_64
414cb5e7 1441 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1442 select CRYPTO_LRW
1443 select CRYPTO_XTS
8280daad
JK		 1444 help
1445 Twofish cipher algorithm (x86_64, 3-way parallel).
1446
1447 Twofish was submitted as an AES (Advanced Encryption Standard)
1448 candidate cipher by researchers at CounterPane Systems. It is a
1449 16 round block cipher supporting key sizes of 128, 192, and 256
1450 bits.
1451
1452 This module provides Twofish cipher algorithm that processes three
1453 blocks parallel, utilizing resources of out-of-order CPUs better.
1454
1455 See also:
1456 <http://www.schneier.com/twofish.html>
1457
107778b5
JG		 1458config CRYPTO_TWOFISH_AVX_X86_64
1459 tristate "Twofish cipher algorithm (x86_64/AVX)"
1460 depends on X86 && 64BIT
1461 select CRYPTO_ALGAPI
1462 select CRYPTO_CRYPTD
801201aa 1463 select CRYPTO_ABLK_HELPER
a7378d4e 1464 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1465 select CRYPTO_TWOFISH_COMMON
1466 select CRYPTO_TWOFISH_X86_64
1467 select CRYPTO_TWOFISH_X86_64_3WAY
1468 select CRYPTO_LRW
1469 select CRYPTO_XTS
1470 help
1471 Twofish cipher algorithm (x86_64/AVX).
1472
1473 Twofish was submitted as an AES (Advanced Encryption Standard)
1474 candidate cipher by researchers at CounterPane Systems. It is a
1475 16 round block cipher supporting key sizes of 128, 192, and 256
1476 bits.
1477
1478 This module provides the Twofish cipher algorithm that processes
1479 eight blocks parallel using the AVX Instruction Set.
1480
1481 See also:
1482 <http://www.schneier.com/twofish.html>
1483
584fffc8
SS		 1484comment "Compression"
1485
1486config CRYPTO_DEFLATE
1487 tristate "Deflate compression algorithm"
1488 select CRYPTO_ALGAPI
1489 select ZLIB_INFLATE
1490 select ZLIB_DEFLATE
3c09f17c 1491 help
584fffc8
SS		 1492 This is the Deflate algorithm (RFC1951), specified for use in
1493 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1494
1495 You will most probably want this if using IPSec.
3c09f17c 1496
bf68e65e
GU		 1497config CRYPTO_ZLIB
1498 tristate "Zlib compression algorithm"
1499 select CRYPTO_PCOMP
1500 select ZLIB_INFLATE
1501 select ZLIB_DEFLATE
1502 select NLATTR
1503 help
1504 This is the zlib algorithm.
1505
0b77abb3
ZS		 1506config CRYPTO_LZO
1507 tristate "LZO compression algorithm"
1508 select CRYPTO_ALGAPI
1509 select LZO_COMPRESS
1510 select LZO_DECOMPRESS
1511 help
1512 This is the LZO algorithm.
1513
35a1fc18
SJ		 1514config CRYPTO_842
1515 tristate "842 compression algorithm"
2062c5b6
DS		 1516 select CRYPTO_ALGAPI
1517 select 842_COMPRESS
1518 select 842_DECOMPRESS
35a1fc18
SJ		 1519 help
1520 This is the 842 algorithm.
0ea8530d
CM		 1521
1522config CRYPTO_LZ4
1523 tristate "LZ4 compression algorithm"
1524 select CRYPTO_ALGAPI
1525 select LZ4_COMPRESS
1526 select LZ4_DECOMPRESS
1527 help
1528 This is the LZ4 algorithm.
1529
1530config CRYPTO_LZ4HC
1531 tristate "LZ4HC compression algorithm"
1532 select CRYPTO_ALGAPI
1533 select LZ4HC_COMPRESS
1534 select LZ4_DECOMPRESS
1535 help
1536 This is the LZ4 high compression mode algorithm.
35a1fc18 1537
17f0f4a4
NH		 1538comment "Random Number Generation"
1539
1540config CRYPTO_ANSI_CPRNG
1541 tristate "Pseudo Random Number Generation for Cryptographic modules"
1542 select CRYPTO_AES
1543 select CRYPTO_RNG
17f0f4a4
NH		 1544 help
1545 This option enables the generic pseudo random number generator
1546 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1547 ANSI X9.31 A.2.4. Note that this option must be enabled if
1548 CRYPTO_FIPS is selected
17f0f4a4 1549
f2c89a10 1550menuconfig CRYPTO_DRBG_MENU
419090c6 1551 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1552 help
1553 NIST SP800-90A compliant DRBG. In the following submenu, one or
1554 more of the DRBG types must be selected.
1555
f2c89a10 1556if CRYPTO_DRBG_MENU
419090c6
SM		 1557
1558config CRYPTO_DRBG_HMAC
401e4238 1559 bool
419090c6 1560 default y
419090c6 1561 select CRYPTO_HMAC
826775bb 1562 select CRYPTO_SHA256
419090c6
SM		 1563
1564config CRYPTO_DRBG_HASH
1565 bool "Enable Hash DRBG"
826775bb 1566 select CRYPTO_SHA256
419090c6
SM		 1567 help
1568 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1569
1570config CRYPTO_DRBG_CTR
1571 bool "Enable CTR DRBG"
419090c6
SM		 1572 select CRYPTO_AES
1573 help
1574 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1575
f2c89a10
HX		 1576config CRYPTO_DRBG
1577 tristate
401e4238 1578 default CRYPTO_DRBG_MENU
f2c89a10 1579 select CRYPTO_RNG
bb5530e4 1580 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1581
1582endif # if CRYPTO_DRBG_MENU
419090c6 1583
bb5530e4
SM		 1584config CRYPTO_JITTERENTROPY
1585 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1586 help
1587 The Jitterentropy RNG is a noise that is intended
1588 to provide seed to another RNG. The RNG does not
1589 perform any cryptographic whitening of the generated
1590 random numbers. This Jitterentropy RNG registers with
1591 the kernel crypto API and can be used by any caller.
1592
03c8efc1
HX		 1593config CRYPTO_USER_API
1594 tristate
1595
fe869cdb
HX		 1596config CRYPTO_USER_API_HASH
1597 tristate "User-space interface for hash algorithms"
7451708f 1598 depends on NET
fe869cdb
HX		 1599 select CRYPTO_HASH
1600 select CRYPTO_USER_API
1601 help
1602 This option enables the user-spaces interface for hash
1603 algorithms.
1604
8ff59090
HX		 1605config CRYPTO_USER_API_SKCIPHER
1606 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1607 depends on NET
8ff59090
HX		 1608 select CRYPTO_BLKCIPHER
1609 select CRYPTO_USER_API
1610 help
1611 This option enables the user-spaces interface for symmetric
1612 key cipher algorithms.
1613
2f375538
SM		 1614config CRYPTO_USER_API_RNG
1615 tristate "User-space interface for random number generator algorithms"
1616 depends on NET
1617 select CRYPTO_RNG
1618 select CRYPTO_USER_API
1619 help
1620 This option enables the user-spaces interface for random
1621 number generator algorithms.
1622
b64a2d95
HX		 1623config CRYPTO_USER_API_AEAD
1624 tristate "User-space interface for AEAD cipher algorithms"
1625 depends on NET
1626 select CRYPTO_AEAD
1627 select CRYPTO_USER_API
1628 help
1629 This option enables the user-spaces interface for AEAD
1630 cipher algorithms.
1631
ee08997f
DK		 1632config CRYPTO_HASH_INFO
1633 bool
1634
1da177e4 1635source "drivers/crypto/Kconfig"
964f3b3b 1636source crypto/asymmetric_keys/Kconfig
1da177e4 1637
cce9e06d 1638endif # if CRYPTO
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git