projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'omap-for-v4.6/fixes-rc5-signed' of git://git.kernel.org/pub/scm/linux...
[linux-2.6-block.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
149a3971
HX		 51 select CRYPTO_NULL2
52 select CRYPTO_RNG2
6a0fcbb4 53
5cde0af2
HX		 54config CRYPTO_BLKCIPHER
55 tristate
6a0fcbb4 56 select CRYPTO_BLKCIPHER2
5cde0af2 57 select CRYPTO_ALGAPI
6a0fcbb4
HX		 58
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
0a2e821d 63 select CRYPTO_WORKQUEUE
5cde0af2 64
055bcee3
HX		 65config CRYPTO_HASH
66 tristate
6a0fcbb4 67 select CRYPTO_HASH2
055bcee3
HX		 68 select CRYPTO_ALGAPI
69
6a0fcbb4
HX		 70config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
17f0f4a4
NH		 74config CRYPTO_RNG
75 tristate
6a0fcbb4 76 select CRYPTO_RNG2
17f0f4a4
NH		 77 select CRYPTO_ALGAPI
78
6a0fcbb4
HX		 79config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
401e4238
HX		 83config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
3c339ab8
TS		 87config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
cfc2bb32
TS		 96config CRYPTO_RSA
97 tristate "RSA algorithm"
425e0172 98 select CRYPTO_AKCIPHER
cfc2bb32
TS		 99 select MPILIB
100 select ASN1
101 help
102 Generic implementation of the RSA public key algorithm.
103
2b8c19db
HX		 104config CRYPTO_MANAGER
105 tristate "Cryptographic algorithm manager"
6a0fcbb4 106 select CRYPTO_MANAGER2
2b8c19db
HX		 107 help
108 Create default cryptographic template instantiations such as
109 cbc(aes).
110
6a0fcbb4
HX		 111config CRYPTO_MANAGER2
112 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
113 select CRYPTO_AEAD2
114 select CRYPTO_HASH2
115 select CRYPTO_BLKCIPHER2
946cc463 116 select CRYPTO_AKCIPHER2
6a0fcbb4 117
a38f7907
SK		 118config CRYPTO_USER
119 tristate "Userspace cryptographic algorithm configuration"
5db017aa 120 depends on NET
a38f7907
SK		 121 select CRYPTO_MANAGER
122 help
d19978f5 123 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 124 cbc(aes).
125
326a6346
HX		 126config CRYPTO_MANAGER_DISABLE_TESTS
127 bool "Disable run-time self tests"
00ca28a5
HX		 128 default y
129 depends on CRYPTO_MANAGER2
0b767f96 130 help
326a6346
HX		 131 Disable run-time self tests that normally take place at
132 algorithm registration.
0b767f96 133
584fffc8 134config CRYPTO_GF128MUL
08c70fc3 135 tristate "GF(2^128) multiplication functions"
333b0d7e 136 help
584fffc8
SS		 137 Efficient table driven implementation of multiplications in the
138 field GF(2^128). This is needed by some cypher modes. This
139 option will be selected automatically if you select such a
140 cipher mode. Only select this option by hand if you expect to load
141 an external module that requires these functions.
333b0d7e 142
1da177e4
LT		 143config CRYPTO_NULL
144 tristate "Null algorithms"
149a3971 145 select CRYPTO_NULL2
1da177e4
LT		 146 help
147 These are 'Null' algorithms, used by IPsec, which do nothing.
148
149a3971 149config CRYPTO_NULL2
dd43c4e9 150 tristate
149a3971
HX		 151 select CRYPTO_ALGAPI2
152 select CRYPTO_BLKCIPHER2
153 select CRYPTO_HASH2
154
5068c7a8 155config CRYPTO_PCRYPT
3b4afaf2
KC		 156 tristate "Parallel crypto engine"
157 depends on SMP
5068c7a8
SK		 158 select PADATA
159 select CRYPTO_MANAGER
160 select CRYPTO_AEAD
161 help
162 This converts an arbitrary crypto algorithm into a parallel
163 algorithm that executes in kernel threads.
164
25c38d3f
HY		 165config CRYPTO_WORKQUEUE
166 tristate
167
584fffc8
SS		 168config CRYPTO_CRYPTD
169 tristate "Software async crypto daemon"
170 select CRYPTO_BLKCIPHER
b8a28251 171 select CRYPTO_HASH
584fffc8 172 select CRYPTO_MANAGER
254eff77 173 select CRYPTO_WORKQUEUE
1da177e4 174 help
584fffc8
SS		 175 This is a generic software asynchronous crypto daemon that
176 converts an arbitrary synchronous software crypto algorithm
177 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 178
1e65b81a
TC		 179config CRYPTO_MCRYPTD
180 tristate "Software async multi-buffer crypto daemon"
181 select CRYPTO_BLKCIPHER
182 select CRYPTO_HASH
183 select CRYPTO_MANAGER
184 select CRYPTO_WORKQUEUE
185 help
186 This is a generic software asynchronous crypto daemon that
187 provides the kernel thread to assist multi-buffer crypto
188 algorithms for submitting jobs and flushing jobs in multi-buffer
189 crypto algorithms. Multi-buffer crypto algorithms are executed
190 in the context of this kernel thread and drivers can post
0e56673b 191 their crypto request asynchronously to be processed by this daemon.
1e65b81a 192
584fffc8
SS		 193config CRYPTO_AUTHENC
194 tristate "Authenc support"
195 select CRYPTO_AEAD
196 select CRYPTO_BLKCIPHER
197 select CRYPTO_MANAGER
198 select CRYPTO_HASH
e94c6a7a 199 select CRYPTO_NULL
1da177e4 200 help
584fffc8
SS		 201 Authenc: Combined mode wrapper for IPsec.
202 This is required for IPSec.
1da177e4 203
584fffc8
SS		 204config CRYPTO_TEST
205 tristate "Testing module"
206 depends on m
da7f033d 207 select CRYPTO_MANAGER
1da177e4 208 help
584fffc8 209 Quick & dirty crypto test module.
1da177e4 210
a62b01cd 211config CRYPTO_ABLK_HELPER
ffaf9156 212 tristate
ffaf9156
JK		 213 select CRYPTO_CRYPTD
214
596d8750
JK		 215config CRYPTO_GLUE_HELPER_X86
216 tristate
217 depends on X86
218 select CRYPTO_ALGAPI
219
735d37b5
BW		 220config CRYPTO_ENGINE
221 tristate
222
584fffc8 223comment "Authenticated Encryption with Associated Data"
cd12fb90 224
584fffc8
SS		 225config CRYPTO_CCM
226 tristate "CCM support"
227 select CRYPTO_CTR
228 select CRYPTO_AEAD
1da177e4 229 help
584fffc8 230 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 231
584fffc8
SS		 232config CRYPTO_GCM
233 tristate "GCM/GMAC support"
234 select CRYPTO_CTR
235 select CRYPTO_AEAD
9382d97a 236 select CRYPTO_GHASH
9489667d 237 select CRYPTO_NULL
1da177e4 238 help
584fffc8
SS		 239 Support for Galois/Counter Mode (GCM) and Galois Message
240 Authentication Code (GMAC). Required for IPSec.
1da177e4 241
71ebc4d1
MW		 242config CRYPTO_CHACHA20POLY1305
243 tristate "ChaCha20-Poly1305 AEAD support"
244 select CRYPTO_CHACHA20
245 select CRYPTO_POLY1305
246 select CRYPTO_AEAD
247 help
248 ChaCha20-Poly1305 AEAD support, RFC7539.
249
250 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
251 with the Poly1305 authenticator. It is defined in RFC7539 for use in
252 IETF protocols.
253
584fffc8
SS		 254config CRYPTO_SEQIV
255 tristate "Sequence Number IV Generator"
256 select CRYPTO_AEAD
257 select CRYPTO_BLKCIPHER
856e3f40 258 select CRYPTO_NULL
401e4238 259 select CRYPTO_RNG_DEFAULT
1da177e4 260 help
584fffc8
SS		 261 This IV generator generates an IV based on a sequence number by
262 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 263
a10f554f
HX		 264config CRYPTO_ECHAINIV
265 tristate "Encrypted Chain IV Generator"
266 select CRYPTO_AEAD
267 select CRYPTO_NULL
401e4238 268 select CRYPTO_RNG_DEFAULT
3491244c 269 default m
a10f554f
HX		 270 help
271 This IV generator generates an IV based on the encryption of
272 a sequence number xored with a salt. This is the default
273 algorithm for CBC.
274
584fffc8 275comment "Block modes"
c494e070 276
584fffc8
SS		 277config CRYPTO_CBC
278 tristate "CBC support"
db131ef9 279 select CRYPTO_BLKCIPHER
43518407 280 select CRYPTO_MANAGER
db131ef9 281 help
584fffc8
SS		 282 CBC: Cipher Block Chaining mode
283 This block cipher algorithm is required for IPSec.
db131ef9 284
584fffc8
SS		 285config CRYPTO_CTR
286 tristate "CTR support"
db131ef9 287 select CRYPTO_BLKCIPHER
584fffc8 288 select CRYPTO_SEQIV
43518407 289 select CRYPTO_MANAGER
db131ef9 290 help
584fffc8 291 CTR: Counter mode
db131ef9
HX		 292 This block cipher algorithm is required for IPSec.
293
584fffc8
SS		 294config CRYPTO_CTS
295 tristate "CTS support"
296 select CRYPTO_BLKCIPHER
297 help
298 CTS: Cipher Text Stealing
299 This is the Cipher Text Stealing mode as described by
300 Section 8 of rfc2040 and referenced by rfc3962.
301 (rfc3962 includes errata information in its Appendix A)
302 This mode is required for Kerberos gss mechanism support
303 for AES encryption.
304
305config CRYPTO_ECB
306 tristate "ECB support"
91652be5
DH		 307 select CRYPTO_BLKCIPHER
308 select CRYPTO_MANAGER
91652be5 309 help
584fffc8
SS		 310 ECB: Electronic CodeBook mode
311 This is the simplest block cipher algorithm. It simply encrypts
312 the input block by block.
91652be5 313
64470f1b 314config CRYPTO_LRW
2470a2b2 315 tristate "LRW support"
64470f1b
RS		 316 select CRYPTO_BLKCIPHER
317 select CRYPTO_MANAGER
318 select CRYPTO_GF128MUL
319 help
320 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
321 narrow block cipher mode for dm-crypt. Use it with cipher
322 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
323 The first 128, 192 or 256 bits in the key are used for AES and the
324 rest is used to tie each cipher block to its logical position.
325
584fffc8
SS		 326config CRYPTO_PCBC
327 tristate "PCBC support"
328 select CRYPTO_BLKCIPHER
329 select CRYPTO_MANAGER
330 help
331 PCBC: Propagating Cipher Block Chaining mode
332 This block cipher algorithm is required for RxRPC.
333
f19f5111 334config CRYPTO_XTS
5bcf8e6d 335 tristate "XTS support"
f19f5111
RS		 336 select CRYPTO_BLKCIPHER
337 select CRYPTO_MANAGER
338 select CRYPTO_GF128MUL
339 help
340 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
341 key size 256, 384 or 512 bits. This implementation currently
342 can't handle a sectorsize which is not a multiple of 16 bytes.
343
1c49678e
SM		 344config CRYPTO_KEYWRAP
345 tristate "Key wrapping support"
346 select CRYPTO_BLKCIPHER
347 help
348 Support for key wrapping (NIST SP800-38F / RFC3394) without
349 padding.
350
584fffc8
SS		 351comment "Hash modes"
352
93b5e86a
JK		 353config CRYPTO_CMAC
354 tristate "CMAC support"
355 select CRYPTO_HASH
356 select CRYPTO_MANAGER
357 help
358 Cipher-based Message Authentication Code (CMAC) specified by
359 The National Institute of Standards and Technology (NIST).
360
361 https://tools.ietf.org/html/rfc4493
362 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
363
584fffc8
SS		 364config CRYPTO_HMAC
365 tristate "HMAC support"
366 select CRYPTO_HASH
23e353c8 367 select CRYPTO_MANAGER
23e353c8 368 help
584fffc8
SS		 369 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
370 This is required for IPSec.
23e353c8 371
584fffc8
SS		 372config CRYPTO_XCBC
373 tristate "XCBC support"
584fffc8
SS		 374 select CRYPTO_HASH
375 select CRYPTO_MANAGER
76cb9521 376 help
584fffc8
SS		 377 XCBC: Keyed-Hashing with encryption algorithm
378 http://www.ietf.org/rfc/rfc3566.txt
379 http://csrc.nist.gov/encryption/modes/proposedmodes/
380 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 381
f1939f7c
SW		 382config CRYPTO_VMAC
383 tristate "VMAC support"
f1939f7c
SW		 384 select CRYPTO_HASH
385 select CRYPTO_MANAGER
386 help
387 VMAC is a message authentication algorithm designed for
388 very high speed on 64-bit architectures.
389
390 See also:
391 <http://fastcrypto.org/vmac>
392
584fffc8 393comment "Digest"
28db8e3e 394
584fffc8
SS		 395config CRYPTO_CRC32C
396 tristate "CRC32c CRC algorithm"
5773a3e6 397 select CRYPTO_HASH
6a0962b2 398 select CRC32
4a49b499 399 help
584fffc8
SS		 400 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
401 by iSCSI for header and data digests and by others.
69c35efc 402 See Castagnoli93. Module will be crc32c.
4a49b499 403
8cb51ba8
AZ		 404config CRYPTO_CRC32C_INTEL
405 tristate "CRC32c INTEL hardware acceleration"
406 depends on X86
407 select CRYPTO_HASH
408 help
409 In Intel processor with SSE4.2 supported, the processor will
410 support CRC32C implementation using hardware accelerated CRC32
411 instruction. This option will create 'crc32c-intel' module,
412 which will enable any routine to use the CRC32 instruction to
413 gain performance compared with software implementation.
414 Module will be crc32c-intel.
415
442a7c40
DM		 416config CRYPTO_CRC32C_SPARC64
417 tristate "CRC32c CRC algorithm (SPARC64)"
418 depends on SPARC64
419 select CRYPTO_HASH
420 select CRC32
421 help
422 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
423 when available.
424
78c37d19
AB		 425config CRYPTO_CRC32
426 tristate "CRC32 CRC algorithm"
427 select CRYPTO_HASH
428 select CRC32
429 help
430 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
431 Shash crypto api wrappers to crc32_le function.
432
433config CRYPTO_CRC32_PCLMUL
434 tristate "CRC32 PCLMULQDQ hardware acceleration"
435 depends on X86
436 select CRYPTO_HASH
437 select CRC32
438 help
439 From Intel Westmere and AMD Bulldozer processor with SSE4.2
440 and PCLMULQDQ supported, the processor will support
441 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
442 instruction. This option will create 'crc32-plcmul' module,
443 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
444 and gain better performance as compared with the table implementation.
445
68411521
HX		 446config CRYPTO_CRCT10DIF
447 tristate "CRCT10DIF algorithm"
448 select CRYPTO_HASH
449 help
450 CRC T10 Data Integrity Field computation is being cast as
451 a crypto transform. This allows for faster crc t10 diff
452 transforms to be used if they are available.
453
454config CRYPTO_CRCT10DIF_PCLMUL
455 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
456 depends on X86 && 64BIT && CRC_T10DIF
457 select CRYPTO_HASH
458 help
459 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
460 CRC T10 DIF PCLMULQDQ computation can be hardware
461 accelerated PCLMULQDQ instruction. This option will create
462 'crct10dif-plcmul' module, which is faster when computing the
463 crct10dif checksum as compared with the generic table implementation.
464
2cdc6899
HY		 465config CRYPTO_GHASH
466 tristate "GHASH digest algorithm"
2cdc6899 467 select CRYPTO_GF128MUL
578c60fb 468 select CRYPTO_HASH
2cdc6899
HY		 469 help
470 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
471
f979e014
MW		 472config CRYPTO_POLY1305
473 tristate "Poly1305 authenticator algorithm"
578c60fb 474 select CRYPTO_HASH
f979e014
MW		 475 help
476 Poly1305 authenticator algorithm, RFC7539.
477
478 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
479 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
480 in IETF protocols. This is the portable C implementation of Poly1305.
481
c70f4abe 482config CRYPTO_POLY1305_X86_64
b1ccc8f4 483 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 484 depends on X86 && 64BIT
485 select CRYPTO_POLY1305
486 help
487 Poly1305 authenticator algorithm, RFC7539.
488
489 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
490 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
491 in IETF protocols. This is the x86_64 assembler implementation using SIMD
492 instructions.
493
584fffc8
SS		 494config CRYPTO_MD4
495 tristate "MD4 digest algorithm"
808a1763 496 select CRYPTO_HASH
124b53d0 497 help
584fffc8 498 MD4 message digest algorithm (RFC1320).
124b53d0 499
584fffc8
SS		 500config CRYPTO_MD5
501 tristate "MD5 digest algorithm"
14b75ba7 502 select CRYPTO_HASH
1da177e4 503 help
584fffc8 504 MD5 message digest algorithm (RFC1321).
1da177e4 505
d69e75de
AK		 506config CRYPTO_MD5_OCTEON
507 tristate "MD5 digest algorithm (OCTEON)"
508 depends on CPU_CAVIUM_OCTEON
509 select CRYPTO_MD5
510 select CRYPTO_HASH
511 help
512 MD5 message digest algorithm (RFC1321) implemented
513 using OCTEON crypto instructions, when available.
514
e8e59953
MS		 515config CRYPTO_MD5_PPC
516 tristate "MD5 digest algorithm (PPC)"
517 depends on PPC
518 select CRYPTO_HASH
519 help
520 MD5 message digest algorithm (RFC1321) implemented
521 in PPC assembler.
522
fa4dfedc
DM		 523config CRYPTO_MD5_SPARC64
524 tristate "MD5 digest algorithm (SPARC64)"
525 depends on SPARC64
526 select CRYPTO_MD5
527 select CRYPTO_HASH
528 help
529 MD5 message digest algorithm (RFC1321) implemented
530 using sparc64 crypto instructions, when available.
531
584fffc8
SS		 532config CRYPTO_MICHAEL_MIC
533 tristate "Michael MIC keyed digest algorithm"
19e2bf14 534 select CRYPTO_HASH
90831639 535 help
584fffc8
SS		 536 Michael MIC is used for message integrity protection in TKIP
537 (IEEE 802.11i). This algorithm is required for TKIP, but it
538 should not be used for other purposes because of the weakness
539 of the algorithm.
90831639 540
82798f90 541config CRYPTO_RMD128
b6d44341 542 tristate "RIPEMD-128 digest algorithm"
7c4468bc 543 select CRYPTO_HASH
b6d44341
AB		 544 help
545 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 546
b6d44341 547 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 548 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 549 RIPEMD-160 should be used.
82798f90 550
b6d44341 551 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 552 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 553
554config CRYPTO_RMD160
b6d44341 555 tristate "RIPEMD-160 digest algorithm"
e5835fba 556 select CRYPTO_HASH
b6d44341
AB		 557 help
558 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 559
b6d44341
AB		 560 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
561 to be used as a secure replacement for the 128-bit hash functions
562 MD4, MD5 and it's predecessor RIPEMD
563 (not to be confused with RIPEMD-128).
82798f90 564
b6d44341
AB		 565 It's speed is comparable to SHA1 and there are no known attacks
566 against RIPEMD-160.
534fe2c1 567
b6d44341 568 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 569 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 570
571config CRYPTO_RMD256
b6d44341 572 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 573 select CRYPTO_HASH
b6d44341
AB		 574 help
575 RIPEMD-256 is an optional extension of RIPEMD-128 with a
576 256 bit hash. It is intended for applications that require
577 longer hash-results, without needing a larger security level
578 (than RIPEMD-128).
534fe2c1 579
b6d44341 580 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 581 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 582
583config CRYPTO_RMD320
b6d44341 584 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 585 select CRYPTO_HASH
b6d44341
AB		 586 help
587 RIPEMD-320 is an optional extension of RIPEMD-160 with a
588 320 bit hash. It is intended for applications that require
589 longer hash-results, without needing a larger security level
590 (than RIPEMD-160).
534fe2c1 591
b6d44341 592 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 593 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 594
584fffc8
SS		 595config CRYPTO_SHA1
596 tristate "SHA1 digest algorithm"
54ccb367 597 select CRYPTO_HASH
1da177e4 598 help
584fffc8 599 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 600
66be8951 601config CRYPTO_SHA1_SSSE3
e38b6b7f 602 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 603 depends on X86 && 64BIT
604 select CRYPTO_SHA1
605 select CRYPTO_HASH
606 help
607 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
608 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 609 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
610 when available.
66be8951 611
8275d1aa 612config CRYPTO_SHA256_SSSE3
e38b6b7f 613 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 614 depends on X86 && 64BIT
615 select CRYPTO_SHA256
616 select CRYPTO_HASH
617 help
618 SHA-256 secure hash standard (DFIPS 180-2) implemented
619 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
620 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 621 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
622 Instructions) when available.
87de4579
TC		 623
624config CRYPTO_SHA512_SSSE3
625 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
626 depends on X86 && 64BIT
627 select CRYPTO_SHA512
628 select CRYPTO_HASH
629 help
630 SHA-512 secure hash standard (DFIPS 180-2) implemented
631 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
632 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 633 version 2 (AVX2) instructions, when available.
634
efdb6f6e
AK		 635config CRYPTO_SHA1_OCTEON
636 tristate "SHA1 digest algorithm (OCTEON)"
637 depends on CPU_CAVIUM_OCTEON
638 select CRYPTO_SHA1
639 select CRYPTO_HASH
640 help
641 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
642 using OCTEON crypto instructions, when available.
643
4ff28d4c
DM		 644config CRYPTO_SHA1_SPARC64
645 tristate "SHA1 digest algorithm (SPARC64)"
646 depends on SPARC64
647 select CRYPTO_SHA1
648 select CRYPTO_HASH
649 help
650 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
651 using sparc64 crypto instructions, when available.
652
323a6bf1
ME		 653config CRYPTO_SHA1_PPC
654 tristate "SHA1 digest algorithm (powerpc)"
655 depends on PPC
656 help
657 This is the powerpc hardware accelerated implementation of the
658 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
659
d9850fc5
MS		 660config CRYPTO_SHA1_PPC_SPE
661 tristate "SHA1 digest algorithm (PPC SPE)"
662 depends on PPC && SPE
663 help
664 SHA-1 secure hash standard (DFIPS 180-4) implemented
665 using powerpc SPE SIMD instruction set.
666
1e65b81a
TC		 667config CRYPTO_SHA1_MB
668 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
669 depends on X86 && 64BIT
670 select CRYPTO_SHA1
671 select CRYPTO_HASH
672 select CRYPTO_MCRYPTD
673 help
674 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
675 using multi-buffer technique. This algorithm computes on
676 multiple data lanes concurrently with SIMD instructions for
677 better throughput. It should not be enabled by default but
678 used when there is significant amount of work to keep the keep
679 the data lanes filled to get performance benefit. If the data
680 lanes remain unfilled, a flush operation will be initiated to
681 process the crypto jobs, adding a slight latency.
682
584fffc8
SS		 683config CRYPTO_SHA256
684 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 685 select CRYPTO_HASH
1da177e4 686 help
584fffc8 687 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 688
584fffc8
SS		 689 This version of SHA implements a 256 bit hash with 128 bits of
690 security against collision attacks.
2729bb42 691
b6d44341
AB		 692 This code also includes SHA-224, a 224 bit hash with 112 bits
693 of security against collision attacks.
584fffc8 694
2ecc1e95
MS		 695config CRYPTO_SHA256_PPC_SPE
696 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
697 depends on PPC && SPE
698 select CRYPTO_SHA256
699 select CRYPTO_HASH
700 help
701 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
702 implemented using powerpc SPE SIMD instruction set.
703
efdb6f6e
AK		 704config CRYPTO_SHA256_OCTEON
705 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
706 depends on CPU_CAVIUM_OCTEON
707 select CRYPTO_SHA256
708 select CRYPTO_HASH
709 help
710 SHA-256 secure hash standard (DFIPS 180-2) implemented
711 using OCTEON crypto instructions, when available.
712
86c93b24
DM		 713config CRYPTO_SHA256_SPARC64
714 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
715 depends on SPARC64
716 select CRYPTO_SHA256
717 select CRYPTO_HASH
718 help
719 SHA-256 secure hash standard (DFIPS 180-2) implemented
720 using sparc64 crypto instructions, when available.
721
584fffc8
SS		 722config CRYPTO_SHA512
723 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 724 select CRYPTO_HASH
b9f535ff 725 help
584fffc8 726 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 727
584fffc8
SS		 728 This version of SHA implements a 512 bit hash with 256 bits of
729 security against collision attacks.
b9f535ff 730
584fffc8
SS		 731 This code also includes SHA-384, a 384 bit hash with 192 bits
732 of security against collision attacks.
b9f535ff 733
efdb6f6e
AK		 734config CRYPTO_SHA512_OCTEON
735 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
736 depends on CPU_CAVIUM_OCTEON
737 select CRYPTO_SHA512
738 select CRYPTO_HASH
739 help
740 SHA-512 secure hash standard (DFIPS 180-2) implemented
741 using OCTEON crypto instructions, when available.
742
775e0c69
DM		 743config CRYPTO_SHA512_SPARC64
744 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
745 depends on SPARC64
746 select CRYPTO_SHA512
747 select CRYPTO_HASH
748 help
749 SHA-512 secure hash standard (DFIPS 180-2) implemented
750 using sparc64 crypto instructions, when available.
751
584fffc8
SS		 752config CRYPTO_TGR192
753 tristate "Tiger digest algorithms"
f63fbd3d 754 select CRYPTO_HASH
eaf44088 755 help
584fffc8 756 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 757
584fffc8
SS		 758 Tiger is a hash function optimized for 64-bit processors while
759 still having decent performance on 32-bit processors.
760 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 761
762 See also:
584fffc8 763 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 764
584fffc8
SS		 765config CRYPTO_WP512
766 tristate "Whirlpool digest algorithms"
4946510b 767 select CRYPTO_HASH
1da177e4 768 help
584fffc8 769 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 770
584fffc8
SS		 771 Whirlpool-512 is part of the NESSIE cryptographic primitives.
772 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 773
774 See also:
6d8de74c 775 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 776
0e1227d3
HY		 777config CRYPTO_GHASH_CLMUL_NI_INTEL
778 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 779 depends on X86 && 64BIT
0e1227d3
HY		 780 select CRYPTO_CRYPTD
781 help
782 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
783 The implementation is accelerated by CLMUL-NI of Intel.
784
584fffc8 785comment "Ciphers"
1da177e4
LT		 786
787config CRYPTO_AES
788 tristate "AES cipher algorithms"
cce9e06d 789 select CRYPTO_ALGAPI
1da177e4 790 help
584fffc8 791 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 792 algorithm.
793
794 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 795 both hardware and software across a wide range of computing
796 environments regardless of its use in feedback or non-feedback
797 modes. Its key setup time is excellent, and its key agility is
798 good. Rijndael's very low memory requirements make it very well
799 suited for restricted-space environments, in which it also
800 demonstrates excellent performance. Rijndael's operations are
801 among the easiest to defend against power and timing attacks.
1da177e4 802
584fffc8 803 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 804
805 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
806
807config CRYPTO_AES_586
808 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 809 depends on (X86 || UML_X86) && !64BIT
810 select CRYPTO_ALGAPI
5157dea8 811 select CRYPTO_AES
1da177e4 812 help
584fffc8 813 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 814 algorithm.
815
816 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 817 both hardware and software across a wide range of computing
818 environments regardless of its use in feedback or non-feedback
819 modes. Its key setup time is excellent, and its key agility is
820 good. Rijndael's very low memory requirements make it very well
821 suited for restricted-space environments, in which it also
822 demonstrates excellent performance. Rijndael's operations are
823 among the easiest to defend against power and timing attacks.
1da177e4 824
584fffc8 825 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 826
827 See <http://csrc.nist.gov/encryption/aes/> for more information.
828
829config CRYPTO_AES_X86_64
830 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 831 depends on (X86 || UML_X86) && 64BIT
832 select CRYPTO_ALGAPI
81190b32 833 select CRYPTO_AES
a2a892a2 834 help
584fffc8 835 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 836 algorithm.
837
838 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 839 both hardware and software across a wide range of computing
840 environments regardless of its use in feedback or non-feedback
841 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 842 good. Rijndael's very low memory requirements make it very well
843 suited for restricted-space environments, in which it also
844 demonstrates excellent performance. Rijndael's operations are
845 among the easiest to defend against power and timing attacks.
846
847 The AES specifies three key sizes: 128, 192 and 256 bits
848
849 See <http://csrc.nist.gov/encryption/aes/> for more information.
850
851config CRYPTO_AES_NI_INTEL
852 tristate "AES cipher algorithms (AES-NI)"
8af00860 853 depends on X86
0d258efb
MK		 854 select CRYPTO_AES_X86_64 if 64BIT
855 select CRYPTO_AES_586 if !64BIT
54b6a1bd 856 select CRYPTO_CRYPTD
801201aa 857 select CRYPTO_ABLK_HELPER
54b6a1bd 858 select CRYPTO_ALGAPI
7643a11a 859 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 860 select CRYPTO_LRW
861 select CRYPTO_XTS
54b6a1bd
HY		 862 help
863 Use Intel AES-NI instructions for AES algorithm.
864
865 AES cipher algorithms (FIPS-197). AES uses the Rijndael
866 algorithm.
867
868 Rijndael appears to be consistently a very good performer in
869 both hardware and software across a wide range of computing
870 environments regardless of its use in feedback or non-feedback
871 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 872 good. Rijndael's very low memory requirements make it very well
873 suited for restricted-space environments, in which it also
874 demonstrates excellent performance. Rijndael's operations are
875 among the easiest to defend against power and timing attacks.
a2a892a2 876
584fffc8 877 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 878
879 See <http://csrc.nist.gov/encryption/aes/> for more information.
880
0d258efb
MK		 881 In addition to AES cipher algorithm support, the acceleration
882 for some popular block cipher mode is supported too, including
883 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
884 acceleration for CTR.
2cf4ac8b 885
9bf4852d
DM		 886config CRYPTO_AES_SPARC64
887 tristate "AES cipher algorithms (SPARC64)"
888 depends on SPARC64
889 select CRYPTO_CRYPTD
890 select CRYPTO_ALGAPI
891 help
892 Use SPARC64 crypto opcodes for AES algorithm.
893
894 AES cipher algorithms (FIPS-197). AES uses the Rijndael
895 algorithm.
896
897 Rijndael appears to be consistently a very good performer in
898 both hardware and software across a wide range of computing
899 environments regardless of its use in feedback or non-feedback
900 modes. Its key setup time is excellent, and its key agility is
901 good. Rijndael's very low memory requirements make it very well
902 suited for restricted-space environments, in which it also
903 demonstrates excellent performance. Rijndael's operations are
904 among the easiest to defend against power and timing attacks.
905
906 The AES specifies three key sizes: 128, 192 and 256 bits
907
908 See <http://csrc.nist.gov/encryption/aes/> for more information.
909
910 In addition to AES cipher algorithm support, the acceleration
911 for some popular block cipher mode is supported too, including
912 ECB and CBC.
913
504c6143
MS		 914config CRYPTO_AES_PPC_SPE
915 tristate "AES cipher algorithms (PPC SPE)"
916 depends on PPC && SPE
917 help
918 AES cipher algorithms (FIPS-197). Additionally the acceleration
919 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
920 This module should only be used for low power (router) devices
921 without hardware AES acceleration (e.g. caam crypto). It reduces the
922 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
923 timining attacks. Nevertheless it might be not as secure as other
924 architecture specific assembler implementations that work on 1KB
925 tables or 256 bytes S-boxes.
926
584fffc8
SS		 927config CRYPTO_ANUBIS
928 tristate "Anubis cipher algorithm"
929 select CRYPTO_ALGAPI
930 help
931 Anubis cipher algorithm.
932
933 Anubis is a variable key length cipher which can use keys from
934 128 bits to 320 bits in length. It was evaluated as a entrant
935 in the NESSIE competition.
936
937 See also:
6d8de74c
JM		 938 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
939 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 940
941config CRYPTO_ARC4
942 tristate "ARC4 cipher algorithm"
b9b0f080 943 select CRYPTO_BLKCIPHER
584fffc8
SS		 944 help
945 ARC4 cipher algorithm.
946
947 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
948 bits in length. This algorithm is required for driver-based
949 WEP, but it should not be for other purposes because of the
950 weakness of the algorithm.
951
952config CRYPTO_BLOWFISH
953 tristate "Blowfish cipher algorithm"
954 select CRYPTO_ALGAPI
52ba867c 955 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 956 help
957 Blowfish cipher algorithm, by Bruce Schneier.
958
959 This is a variable key length cipher which can use keys from 32
960 bits to 448 bits in length. It's fast, simple and specifically
961 designed for use on "large microprocessors".
962
963 See also:
964 <http://www.schneier.com/blowfish.html>
965
52ba867c
JK		 966config CRYPTO_BLOWFISH_COMMON
967 tristate
968 help
969 Common parts of the Blowfish cipher algorithm shared by the
970 generic c and the assembler implementations.
971
972 See also:
973 <http://www.schneier.com/blowfish.html>
974
64b94cea
JK		 975config CRYPTO_BLOWFISH_X86_64
976 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 977 depends on X86 && 64BIT
64b94cea
JK		 978 select CRYPTO_ALGAPI
979 select CRYPTO_BLOWFISH_COMMON
980 help
981 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
982
983 This is a variable key length cipher which can use keys from 32
984 bits to 448 bits in length. It's fast, simple and specifically
985 designed for use on "large microprocessors".
986
987 See also:
988 <http://www.schneier.com/blowfish.html>
989
584fffc8
SS		 990config CRYPTO_CAMELLIA
991 tristate "Camellia cipher algorithms"
992 depends on CRYPTO
993 select CRYPTO_ALGAPI
994 help
995 Camellia cipher algorithms module.
996
997 Camellia is a symmetric key block cipher developed jointly
998 at NTT and Mitsubishi Electric Corporation.
999
1000 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1001
1002 See also:
1003 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1004
0b95ec56
JK		 1005config CRYPTO_CAMELLIA_X86_64
1006 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1007 depends on X86 && 64BIT
0b95ec56
JK		 1008 depends on CRYPTO
1009 select CRYPTO_ALGAPI
964263af 1010 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1011 select CRYPTO_LRW
1012 select CRYPTO_XTS
1013 help
1014 Camellia cipher algorithm module (x86_64).
1015
1016 Camellia is a symmetric key block cipher developed jointly
1017 at NTT and Mitsubishi Electric Corporation.
1018
1019 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1020
1021 See also:
d9b1d2e7
JK		 1022 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1023
1024config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1025 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1026 depends on X86 && 64BIT
1027 depends on CRYPTO
1028 select CRYPTO_ALGAPI
1029 select CRYPTO_CRYPTD
801201aa 1030 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 1031 select CRYPTO_GLUE_HELPER_X86
1032 select CRYPTO_CAMELLIA_X86_64
1033 select CRYPTO_LRW
1034 select CRYPTO_XTS
1035 help
1036 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1037
1038 Camellia is a symmetric key block cipher developed jointly
1039 at NTT and Mitsubishi Electric Corporation.
1040
1041 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1042
1043 See also:
0b95ec56
JK		 1044 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1045
f3f935a7
JK		 1046config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1047 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1048 depends on X86 && 64BIT
1049 depends on CRYPTO
1050 select CRYPTO_ALGAPI
1051 select CRYPTO_CRYPTD
801201aa 1052 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 1053 select CRYPTO_GLUE_HELPER_X86
1054 select CRYPTO_CAMELLIA_X86_64
1055 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1056 select CRYPTO_LRW
1057 select CRYPTO_XTS
1058 help
1059 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1060
1061 Camellia is a symmetric key block cipher developed jointly
1062 at NTT and Mitsubishi Electric Corporation.
1063
1064 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1065
1066 See also:
1067 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1068
81658ad0
DM		 1069config CRYPTO_CAMELLIA_SPARC64
1070 tristate "Camellia cipher algorithm (SPARC64)"
1071 depends on SPARC64
1072 depends on CRYPTO
1073 select CRYPTO_ALGAPI
1074 help
1075 Camellia cipher algorithm module (SPARC64).
1076
1077 Camellia is a symmetric key block cipher developed jointly
1078 at NTT and Mitsubishi Electric Corporation.
1079
1080 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1081
1082 See also:
1083 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1084
044ab525
JK		 1085config CRYPTO_CAST_COMMON
1086 tristate
1087 help
1088 Common parts of the CAST cipher algorithms shared by the
1089 generic c and the assembler implementations.
1090
1da177e4
LT		 1091config CRYPTO_CAST5
1092 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1093 select CRYPTO_ALGAPI
044ab525 1094 select CRYPTO_CAST_COMMON
1da177e4
LT		 1095 help
1096 The CAST5 encryption algorithm (synonymous with CAST-128) is
1097 described in RFC2144.
1098
4d6d6a2c
JG		 1099config CRYPTO_CAST5_AVX_X86_64
1100 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1101 depends on X86 && 64BIT
1102 select CRYPTO_ALGAPI
1103 select CRYPTO_CRYPTD
801201aa 1104 select CRYPTO_ABLK_HELPER
044ab525 1105 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1106 select CRYPTO_CAST5
1107 help
1108 The CAST5 encryption algorithm (synonymous with CAST-128) is
1109 described in RFC2144.
1110
1111 This module provides the Cast5 cipher algorithm that processes
1112 sixteen blocks parallel using the AVX instruction set.
1113
1da177e4
LT		 1114config CRYPTO_CAST6
1115 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1116 select CRYPTO_ALGAPI
044ab525 1117 select CRYPTO_CAST_COMMON
1da177e4
LT		 1118 help
1119 The CAST6 encryption algorithm (synonymous with CAST-256) is
1120 described in RFC2612.
1121
4ea1277d
JG		 1122config CRYPTO_CAST6_AVX_X86_64
1123 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1124 depends on X86 && 64BIT
1125 select CRYPTO_ALGAPI
1126 select CRYPTO_CRYPTD
801201aa 1127 select CRYPTO_ABLK_HELPER
4ea1277d 1128 select CRYPTO_GLUE_HELPER_X86
044ab525 1129 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1130 select CRYPTO_CAST6
1131 select CRYPTO_LRW
1132 select CRYPTO_XTS
1133 help
1134 The CAST6 encryption algorithm (synonymous with CAST-256) is
1135 described in RFC2612.
1136
1137 This module provides the Cast6 cipher algorithm that processes
1138 eight blocks parallel using the AVX instruction set.
1139
584fffc8
SS		 1140config CRYPTO_DES
1141 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1142 select CRYPTO_ALGAPI
1da177e4 1143 help
584fffc8 1144 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1145
c5aac2df
DM		 1146config CRYPTO_DES_SPARC64
1147 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1148 depends on SPARC64
c5aac2df
DM		 1149 select CRYPTO_ALGAPI
1150 select CRYPTO_DES
1151 help
1152 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1153 optimized using SPARC64 crypto opcodes.
1154
6574e6c6
JK		 1155config CRYPTO_DES3_EDE_X86_64
1156 tristate "Triple DES EDE cipher algorithm (x86-64)"
1157 depends on X86 && 64BIT
1158 select CRYPTO_ALGAPI
1159 select CRYPTO_DES
1160 help
1161 Triple DES EDE (FIPS 46-3) algorithm.
1162
1163 This module provides implementation of the Triple DES EDE cipher
1164 algorithm that is optimized for x86-64 processors. Two versions of
1165 algorithm are provided; regular processing one input block and
1166 one that processes three blocks parallel.
1167
584fffc8
SS		 1168config CRYPTO_FCRYPT
1169 tristate "FCrypt cipher algorithm"
cce9e06d 1170 select CRYPTO_ALGAPI
584fffc8 1171 select CRYPTO_BLKCIPHER
1da177e4 1172 help
584fffc8 1173 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1174
1175config CRYPTO_KHAZAD
1176 tristate "Khazad cipher algorithm"
cce9e06d 1177 select CRYPTO_ALGAPI
1da177e4
LT		 1178 help
1179 Khazad cipher algorithm.
1180
1181 Khazad was a finalist in the initial NESSIE competition. It is
1182 an algorithm optimized for 64-bit processors with good performance
1183 on 32-bit processors. Khazad uses an 128 bit key size.
1184
1185 See also:
6d8de74c 1186 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1187
2407d608 1188config CRYPTO_SALSA20
3b4afaf2 1189 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1190 select CRYPTO_BLKCIPHER
1191 help
1192 Salsa20 stream cipher algorithm.
1193
1194 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1195 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1196
1197 The Salsa20 stream cipher algorithm is designed by Daniel J.
1198 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1199
1200config CRYPTO_SALSA20_586
3b4afaf2 1201 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1202 depends on (X86 || UML_X86) && !64BIT
974e4b75 1203 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1204 help
1205 Salsa20 stream cipher algorithm.
1206
1207 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1208 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1209
1210 The Salsa20 stream cipher algorithm is designed by Daniel J.
1211 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1212
1213config CRYPTO_SALSA20_X86_64
3b4afaf2 1214 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1215 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1216 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1217 help
1218 Salsa20 stream cipher algorithm.
1219
1220 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1221 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1222
1223 The Salsa20 stream cipher algorithm is designed by Daniel J.
1224 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1225
c08d0e64
MW		 1226config CRYPTO_CHACHA20
1227 tristate "ChaCha20 cipher algorithm"
1228 select CRYPTO_BLKCIPHER
1229 help
1230 ChaCha20 cipher algorithm, RFC7539.
1231
1232 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1233 Bernstein and further specified in RFC7539 for use in IETF protocols.
1234 This is the portable C implementation of ChaCha20.
1235
1236 See also:
1237 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1238
c9320b6d 1239config CRYPTO_CHACHA20_X86_64
3d1e93cd 1240 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
c9320b6d
MW		 1241 depends on X86 && 64BIT
1242 select CRYPTO_BLKCIPHER
1243 select CRYPTO_CHACHA20
1244 help
1245 ChaCha20 cipher algorithm, RFC7539.
1246
1247 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1248 Bernstein and further specified in RFC7539 for use in IETF protocols.
1249 This is the x86_64 assembler implementation using SIMD instructions.
1250
1251 See also:
1252 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1253
584fffc8
SS		 1254config CRYPTO_SEED
1255 tristate "SEED cipher algorithm"
cce9e06d 1256 select CRYPTO_ALGAPI
1da177e4 1257 help
584fffc8 1258 SEED cipher algorithm (RFC4269).
1da177e4 1259
584fffc8
SS		 1260 SEED is a 128-bit symmetric key block cipher that has been
1261 developed by KISA (Korea Information Security Agency) as a
1262 national standard encryption algorithm of the Republic of Korea.
1263 It is a 16 round block cipher with the key size of 128 bit.
1264
1265 See also:
1266 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1267
1268config CRYPTO_SERPENT
1269 tristate "Serpent cipher algorithm"
cce9e06d 1270 select CRYPTO_ALGAPI
1da177e4 1271 help
584fffc8 1272 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1273
584fffc8
SS		 1274 Keys are allowed to be from 0 to 256 bits in length, in steps
1275 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1276 variant of Serpent for compatibility with old kerneli.org code.
1277
1278 See also:
1279 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1280
937c30d7
JK		 1281config CRYPTO_SERPENT_SSE2_X86_64
1282 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1283 depends on X86 && 64BIT
1284 select CRYPTO_ALGAPI
341975bf 1285 select CRYPTO_CRYPTD
801201aa 1286 select CRYPTO_ABLK_HELPER
596d8750 1287 select CRYPTO_GLUE_HELPER_X86
937c30d7 1288 select CRYPTO_SERPENT
feaf0cfc
JK		 1289 select CRYPTO_LRW
1290 select CRYPTO_XTS
937c30d7
JK		 1291 help
1292 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1293
1294 Keys are allowed to be from 0 to 256 bits in length, in steps
1295 of 8 bits.
1296
1e6232f8 1297 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1298 blocks parallel using SSE2 instruction set.
1299
1300 See also:
1301 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1302
251496db
JK		 1303config CRYPTO_SERPENT_SSE2_586
1304 tristate "Serpent cipher algorithm (i586/SSE2)"
1305 depends on X86 && !64BIT
1306 select CRYPTO_ALGAPI
341975bf 1307 select CRYPTO_CRYPTD
801201aa 1308 select CRYPTO_ABLK_HELPER
596d8750 1309 select CRYPTO_GLUE_HELPER_X86
251496db 1310 select CRYPTO_SERPENT
feaf0cfc
JK		 1311 select CRYPTO_LRW
1312 select CRYPTO_XTS
251496db
JK		 1313 help
1314 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1315
1316 Keys are allowed to be from 0 to 256 bits in length, in steps
1317 of 8 bits.
1318
1319 This module provides Serpent cipher algorithm that processes four
1320 blocks parallel using SSE2 instruction set.
1321
1322 See also:
1323 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1324
1325config CRYPTO_SERPENT_AVX_X86_64
1326 tristate "Serpent cipher algorithm (x86_64/AVX)"
1327 depends on X86 && 64BIT
1328 select CRYPTO_ALGAPI
1329 select CRYPTO_CRYPTD
801201aa 1330 select CRYPTO_ABLK_HELPER
1d0debbd 1331 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1332 select CRYPTO_SERPENT
1333 select CRYPTO_LRW
1334 select CRYPTO_XTS
1335 help
1336 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1337
1338 Keys are allowed to be from 0 to 256 bits in length, in steps
1339 of 8 bits.
1340
1341 This module provides the Serpent cipher algorithm that processes
1342 eight blocks parallel using the AVX instruction set.
1343
1344 See also:
1345 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1346
56d76c96
JK		 1347config CRYPTO_SERPENT_AVX2_X86_64
1348 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1349 depends on X86 && 64BIT
1350 select CRYPTO_ALGAPI
1351 select CRYPTO_CRYPTD
801201aa 1352 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1353 select CRYPTO_GLUE_HELPER_X86
1354 select CRYPTO_SERPENT
1355 select CRYPTO_SERPENT_AVX_X86_64
1356 select CRYPTO_LRW
1357 select CRYPTO_XTS
1358 help
1359 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1360
1361 Keys are allowed to be from 0 to 256 bits in length, in steps
1362 of 8 bits.
1363
1364 This module provides Serpent cipher algorithm that processes 16
1365 blocks parallel using AVX2 instruction set.
1366
1367 See also:
1368 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1369
584fffc8
SS		 1370config CRYPTO_TEA
1371 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1372 select CRYPTO_ALGAPI
1da177e4 1373 help
584fffc8 1374 TEA cipher algorithm.
1da177e4 1375
584fffc8
SS		 1376 Tiny Encryption Algorithm is a simple cipher that uses
1377 many rounds for security. It is very fast and uses
1378 little memory.
1379
1380 Xtendend Tiny Encryption Algorithm is a modification to
1381 the TEA algorithm to address a potential key weakness
1382 in the TEA algorithm.
1383
1384 Xtendend Encryption Tiny Algorithm is a mis-implementation
1385 of the XTEA algorithm for compatibility purposes.
1386
1387config CRYPTO_TWOFISH
1388 tristate "Twofish cipher algorithm"
04ac7db3 1389 select CRYPTO_ALGAPI
584fffc8 1390 select CRYPTO_TWOFISH_COMMON
04ac7db3 1391 help
584fffc8 1392 Twofish cipher algorithm.
04ac7db3 1393
584fffc8
SS		 1394 Twofish was submitted as an AES (Advanced Encryption Standard)
1395 candidate cipher by researchers at CounterPane Systems. It is a
1396 16 round block cipher supporting key sizes of 128, 192, and 256
1397 bits.
04ac7db3 1398
584fffc8
SS		 1399 See also:
1400 <http://www.schneier.com/twofish.html>
1401
1402config CRYPTO_TWOFISH_COMMON
1403 tristate
1404 help
1405 Common parts of the Twofish cipher algorithm shared by the
1406 generic c and the assembler implementations.
1407
1408config CRYPTO_TWOFISH_586
1409 tristate "Twofish cipher algorithms (i586)"
1410 depends on (X86 || UML_X86) && !64BIT
1411 select CRYPTO_ALGAPI
1412 select CRYPTO_TWOFISH_COMMON
1413 help
1414 Twofish cipher algorithm.
1415
1416 Twofish was submitted as an AES (Advanced Encryption Standard)
1417 candidate cipher by researchers at CounterPane Systems. It is a
1418 16 round block cipher supporting key sizes of 128, 192, and 256
1419 bits.
04ac7db3
NT		 1420
1421 See also:
584fffc8 1422 <http://www.schneier.com/twofish.html>
04ac7db3 1423
584fffc8
SS		 1424config CRYPTO_TWOFISH_X86_64
1425 tristate "Twofish cipher algorithm (x86_64)"
1426 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1427 select CRYPTO_ALGAPI
584fffc8 1428 select CRYPTO_TWOFISH_COMMON
1da177e4 1429 help
584fffc8 1430 Twofish cipher algorithm (x86_64).
1da177e4 1431
584fffc8
SS		 1432 Twofish was submitted as an AES (Advanced Encryption Standard)
1433 candidate cipher by researchers at CounterPane Systems. It is a
1434 16 round block cipher supporting key sizes of 128, 192, and 256
1435 bits.
1436
1437 See also:
1438 <http://www.schneier.com/twofish.html>
1439
8280daad
JK		 1440config CRYPTO_TWOFISH_X86_64_3WAY
1441 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1442 depends on X86 && 64BIT
8280daad
JK		 1443 select CRYPTO_ALGAPI
1444 select CRYPTO_TWOFISH_COMMON
1445 select CRYPTO_TWOFISH_X86_64
414cb5e7 1446 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1447 select CRYPTO_LRW
1448 select CRYPTO_XTS
8280daad
JK		 1449 help
1450 Twofish cipher algorithm (x86_64, 3-way parallel).
1451
1452 Twofish was submitted as an AES (Advanced Encryption Standard)
1453 candidate cipher by researchers at CounterPane Systems. It is a
1454 16 round block cipher supporting key sizes of 128, 192, and 256
1455 bits.
1456
1457 This module provides Twofish cipher algorithm that processes three
1458 blocks parallel, utilizing resources of out-of-order CPUs better.
1459
1460 See also:
1461 <http://www.schneier.com/twofish.html>
1462
107778b5
JG		 1463config CRYPTO_TWOFISH_AVX_X86_64
1464 tristate "Twofish cipher algorithm (x86_64/AVX)"
1465 depends on X86 && 64BIT
1466 select CRYPTO_ALGAPI
1467 select CRYPTO_CRYPTD
801201aa 1468 select CRYPTO_ABLK_HELPER
a7378d4e 1469 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1470 select CRYPTO_TWOFISH_COMMON
1471 select CRYPTO_TWOFISH_X86_64
1472 select CRYPTO_TWOFISH_X86_64_3WAY
1473 select CRYPTO_LRW
1474 select CRYPTO_XTS
1475 help
1476 Twofish cipher algorithm (x86_64/AVX).
1477
1478 Twofish was submitted as an AES (Advanced Encryption Standard)
1479 candidate cipher by researchers at CounterPane Systems. It is a
1480 16 round block cipher supporting key sizes of 128, 192, and 256
1481 bits.
1482
1483 This module provides the Twofish cipher algorithm that processes
1484 eight blocks parallel using the AVX Instruction Set.
1485
1486 See also:
1487 <http://www.schneier.com/twofish.html>
1488
584fffc8
SS		 1489comment "Compression"
1490
1491config CRYPTO_DEFLATE
1492 tristate "Deflate compression algorithm"
1493 select CRYPTO_ALGAPI
1494 select ZLIB_INFLATE
1495 select ZLIB_DEFLATE
3c09f17c 1496 help
584fffc8
SS		 1497 This is the Deflate algorithm (RFC1951), specified for use in
1498 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1499
1500 You will most probably want this if using IPSec.
3c09f17c 1501
0b77abb3
ZS		 1502config CRYPTO_LZO
1503 tristate "LZO compression algorithm"
1504 select CRYPTO_ALGAPI
1505 select LZO_COMPRESS
1506 select LZO_DECOMPRESS
1507 help
1508 This is the LZO algorithm.
1509
35a1fc18
SJ		 1510config CRYPTO_842
1511 tristate "842 compression algorithm"
2062c5b6
DS		 1512 select CRYPTO_ALGAPI
1513 select 842_COMPRESS
1514 select 842_DECOMPRESS
35a1fc18
SJ		 1515 help
1516 This is the 842 algorithm.
0ea8530d
CM		 1517
1518config CRYPTO_LZ4
1519 tristate "LZ4 compression algorithm"
1520 select CRYPTO_ALGAPI
1521 select LZ4_COMPRESS
1522 select LZ4_DECOMPRESS
1523 help
1524 This is the LZ4 algorithm.
1525
1526config CRYPTO_LZ4HC
1527 tristate "LZ4HC compression algorithm"
1528 select CRYPTO_ALGAPI
1529 select LZ4HC_COMPRESS
1530 select LZ4_DECOMPRESS
1531 help
1532 This is the LZ4 high compression mode algorithm.
35a1fc18 1533
17f0f4a4
NH		 1534comment "Random Number Generation"
1535
1536config CRYPTO_ANSI_CPRNG
1537 tristate "Pseudo Random Number Generation for Cryptographic modules"
1538 select CRYPTO_AES
1539 select CRYPTO_RNG
17f0f4a4
NH		 1540 help
1541 This option enables the generic pseudo random number generator
1542 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1543 ANSI X9.31 A.2.4. Note that this option must be enabled if
1544 CRYPTO_FIPS is selected
17f0f4a4 1545
f2c89a10 1546menuconfig CRYPTO_DRBG_MENU
419090c6 1547 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1548 help
1549 NIST SP800-90A compliant DRBG. In the following submenu, one or
1550 more of the DRBG types must be selected.
1551
f2c89a10 1552if CRYPTO_DRBG_MENU
419090c6
SM		 1553
1554config CRYPTO_DRBG_HMAC
401e4238 1555 bool
419090c6 1556 default y
419090c6 1557 select CRYPTO_HMAC
826775bb 1558 select CRYPTO_SHA256
419090c6
SM		 1559
1560config CRYPTO_DRBG_HASH
1561 bool "Enable Hash DRBG"
826775bb 1562 select CRYPTO_SHA256
419090c6
SM		 1563 help
1564 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1565
1566config CRYPTO_DRBG_CTR
1567 bool "Enable CTR DRBG"
419090c6
SM		 1568 select CRYPTO_AES
1569 help
1570 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1571
f2c89a10
HX		 1572config CRYPTO_DRBG
1573 tristate
401e4238 1574 default CRYPTO_DRBG_MENU
f2c89a10 1575 select CRYPTO_RNG
bb5530e4 1576 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1577
1578endif # if CRYPTO_DRBG_MENU
419090c6 1579
bb5530e4
SM		 1580config CRYPTO_JITTERENTROPY
1581 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1582 select CRYPTO_RNG
bb5530e4
SM		 1583 help
1584 The Jitterentropy RNG is a noise that is intended
1585 to provide seed to another RNG. The RNG does not
1586 perform any cryptographic whitening of the generated
1587 random numbers. This Jitterentropy RNG registers with
1588 the kernel crypto API and can be used by any caller.
1589
03c8efc1
HX		 1590config CRYPTO_USER_API
1591 tristate
1592
fe869cdb
HX		 1593config CRYPTO_USER_API_HASH
1594 tristate "User-space interface for hash algorithms"
7451708f 1595 depends on NET
fe869cdb
HX		 1596 select CRYPTO_HASH
1597 select CRYPTO_USER_API
1598 help
1599 This option enables the user-spaces interface for hash
1600 algorithms.
1601
8ff59090
HX		 1602config CRYPTO_USER_API_SKCIPHER
1603 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1604 depends on NET
8ff59090
HX		 1605 select CRYPTO_BLKCIPHER
1606 select CRYPTO_USER_API
1607 help
1608 This option enables the user-spaces interface for symmetric
1609 key cipher algorithms.
1610
2f375538
SM		 1611config CRYPTO_USER_API_RNG
1612 tristate "User-space interface for random number generator algorithms"
1613 depends on NET
1614 select CRYPTO_RNG
1615 select CRYPTO_USER_API
1616 help
1617 This option enables the user-spaces interface for random
1618 number generator algorithms.
1619
b64a2d95
HX		 1620config CRYPTO_USER_API_AEAD
1621 tristate "User-space interface for AEAD cipher algorithms"
1622 depends on NET
1623 select CRYPTO_AEAD
1624 select CRYPTO_USER_API
1625 help
1626 This option enables the user-spaces interface for AEAD
1627 cipher algorithms.
1628
ee08997f
DK		 1629config CRYPTO_HASH_INFO
1630 bool
1631
1da177e4 1632source "drivers/crypto/Kconfig"
964f3b3b 1633source crypto/asymmetric_keys/Kconfig
cfc411e7 1634source certs/Kconfig
1da177e4 1635
cce9e06d 1636endif # if CRYPTO
Linux 6.x block layer and io_uring tree(s)