projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'drm-next-4.2' of git://people.freedesktop.org/~agd5f/linux
[linux-2.6-block.git] / crypto / Kconfig
CommitLineData
685784aa
DW		 1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
1da177e4 7#
9bc89cd8 8# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 9#
9bc89cd8 10source "crypto/async_tx/Kconfig"
1da177e4 11
9bc89cd8
DW		 12#
13# Cryptographic API Configuration
14#
2e290f43 15menuconfig CRYPTO
c3715cb9 16 tristate "Cryptographic API"
1da177e4
LT		 17 help
18 This option provides the core Cryptographic API.
19
cce9e06d
HX		 20if CRYPTO
21
584fffc8
SS		 22comment "Crypto core or helper"
23
ccb778e1
NH		 24config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
f2c89a10 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
002c77a4 27 depends on MODULE_SIG
ccb778e1
NH		 28 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
e84c5480 32 this is.
ccb778e1 33
cce9e06d
HX		 34config CRYPTO_ALGAPI
35 tristate
6a0fcbb4 36 select CRYPTO_ALGAPI2
cce9e06d
HX		 37 help
38 This option provides the API for cryptographic algorithms.
39
6a0fcbb4
HX		 40config CRYPTO_ALGAPI2
41 tristate
42
1ae97820
HX		 43config CRYPTO_AEAD
44 tristate
6a0fcbb4 45 select CRYPTO_AEAD2
1ae97820
HX		 46 select CRYPTO_ALGAPI
47
6a0fcbb4
HX		 48config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
51
5cde0af2
HX		 52config CRYPTO_BLKCIPHER
53 tristate
6a0fcbb4 54 select CRYPTO_BLKCIPHER2
5cde0af2 55 select CRYPTO_ALGAPI
6a0fcbb4
HX		 56
57config CRYPTO_BLKCIPHER2
58 tristate
59 select CRYPTO_ALGAPI2
60 select CRYPTO_RNG2
0a2e821d 61 select CRYPTO_WORKQUEUE
5cde0af2 62
055bcee3
HX		 63config CRYPTO_HASH
64 tristate
6a0fcbb4 65 select CRYPTO_HASH2
055bcee3
HX		 66 select CRYPTO_ALGAPI
67
6a0fcbb4
HX		 68config CRYPTO_HASH2
69 tristate
70 select CRYPTO_ALGAPI2
71
17f0f4a4
NH		 72config CRYPTO_RNG
73 tristate
6a0fcbb4 74 select CRYPTO_RNG2
17f0f4a4
NH		 75 select CRYPTO_ALGAPI
76
6a0fcbb4
HX		 77config CRYPTO_RNG2
78 tristate
79 select CRYPTO_ALGAPI2
80
401e4238
HX		 81config CRYPTO_RNG_DEFAULT
82 tristate
83 select CRYPTO_DRBG_MENU
84
a1d2f095 85config CRYPTO_PCOMP
bc94e596
HX		 86 tristate
87 select CRYPTO_PCOMP2
88 select CRYPTO_ALGAPI
89
90config CRYPTO_PCOMP2
a1d2f095
GU		 91 tristate
92 select CRYPTO_ALGAPI2
93
3c339ab8
TS		 94config CRYPTO_AKCIPHER2
95 tristate
96 select CRYPTO_ALGAPI2
97
98config CRYPTO_AKCIPHER
99 tristate
100 select CRYPTO_AKCIPHER2
101 select CRYPTO_ALGAPI
102
cfc2bb32
TS		 103config CRYPTO_RSA
104 tristate "RSA algorithm"
425e0172 105 select CRYPTO_AKCIPHER
cfc2bb32
TS		 106 select MPILIB
107 select ASN1
108 help
109 Generic implementation of the RSA public key algorithm.
110
2b8c19db
HX		 111config CRYPTO_MANAGER
112 tristate "Cryptographic algorithm manager"
6a0fcbb4 113 select CRYPTO_MANAGER2
2b8c19db
HX		 114 help
115 Create default cryptographic template instantiations such as
116 cbc(aes).
117
6a0fcbb4
HX		 118config CRYPTO_MANAGER2
119 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
120 select CRYPTO_AEAD2
121 select CRYPTO_HASH2
122 select CRYPTO_BLKCIPHER2
bc94e596 123 select CRYPTO_PCOMP2
946cc463 124 select CRYPTO_AKCIPHER2
6a0fcbb4 125
a38f7907
SK		 126config CRYPTO_USER
127 tristate "Userspace cryptographic algorithm configuration"
5db017aa 128 depends on NET
a38f7907
SK		 129 select CRYPTO_MANAGER
130 help
d19978f5 131 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 132 cbc(aes).
133
326a6346
HX		 134config CRYPTO_MANAGER_DISABLE_TESTS
135 bool "Disable run-time self tests"
00ca28a5
HX		 136 default y
137 depends on CRYPTO_MANAGER2
0b767f96 138 help
326a6346
HX		 139 Disable run-time self tests that normally take place at
140 algorithm registration.
0b767f96 141
584fffc8 142config CRYPTO_GF128MUL
08c70fc3 143 tristate "GF(2^128) multiplication functions"
333b0d7e 144 help
584fffc8
SS		 145 Efficient table driven implementation of multiplications in the
146 field GF(2^128). This is needed by some cypher modes. This
147 option will be selected automatically if you select such a
148 cipher mode. Only select this option by hand if you expect to load
149 an external module that requires these functions.
333b0d7e 150
1da177e4
LT		 151config CRYPTO_NULL
152 tristate "Null algorithms"
cce9e06d 153 select CRYPTO_ALGAPI
c8620c25 154 select CRYPTO_BLKCIPHER
d35d2454 155 select CRYPTO_HASH
1da177e4
LT		 156 help
157 These are 'Null' algorithms, used by IPsec, which do nothing.
158
5068c7a8 159config CRYPTO_PCRYPT
3b4afaf2
KC		 160 tristate "Parallel crypto engine"
161 depends on SMP
5068c7a8
SK		 162 select PADATA
163 select CRYPTO_MANAGER
164 select CRYPTO_AEAD
165 help
166 This converts an arbitrary crypto algorithm into a parallel
167 algorithm that executes in kernel threads.
168
25c38d3f
HY		 169config CRYPTO_WORKQUEUE
170 tristate
171
584fffc8
SS		 172config CRYPTO_CRYPTD
173 tristate "Software async crypto daemon"
174 select CRYPTO_BLKCIPHER
b8a28251 175 select CRYPTO_HASH
584fffc8 176 select CRYPTO_MANAGER
254eff77 177 select CRYPTO_WORKQUEUE
1da177e4 178 help
584fffc8
SS		 179 This is a generic software asynchronous crypto daemon that
180 converts an arbitrary synchronous software crypto algorithm
181 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 182
1e65b81a
TC		 183config CRYPTO_MCRYPTD
184 tristate "Software async multi-buffer crypto daemon"
185 select CRYPTO_BLKCIPHER
186 select CRYPTO_HASH
187 select CRYPTO_MANAGER
188 select CRYPTO_WORKQUEUE
189 help
190 This is a generic software asynchronous crypto daemon that
191 provides the kernel thread to assist multi-buffer crypto
192 algorithms for submitting jobs and flushing jobs in multi-buffer
193 crypto algorithms. Multi-buffer crypto algorithms are executed
194 in the context of this kernel thread and drivers can post
0e56673b 195 their crypto request asynchronously to be processed by this daemon.
1e65b81a 196
584fffc8
SS		 197config CRYPTO_AUTHENC
198 tristate "Authenc support"
199 select CRYPTO_AEAD
200 select CRYPTO_BLKCIPHER
201 select CRYPTO_MANAGER
202 select CRYPTO_HASH
1da177e4 203 help
584fffc8
SS		 204 Authenc: Combined mode wrapper for IPsec.
205 This is required for IPSec.
1da177e4 206
584fffc8
SS		 207config CRYPTO_TEST
208 tristate "Testing module"
209 depends on m
da7f033d 210 select CRYPTO_MANAGER
1da177e4 211 help
584fffc8 212 Quick & dirty crypto test module.
1da177e4 213
a62b01cd 214config CRYPTO_ABLK_HELPER
ffaf9156 215 tristate
ffaf9156
JK		 216 select CRYPTO_CRYPTD
217
596d8750
JK		 218config CRYPTO_GLUE_HELPER_X86
219 tristate
220 depends on X86
221 select CRYPTO_ALGAPI
222
584fffc8 223comment "Authenticated Encryption with Associated Data"
cd12fb90 224
584fffc8
SS		 225config CRYPTO_CCM
226 tristate "CCM support"
227 select CRYPTO_CTR
228 select CRYPTO_AEAD
1da177e4 229 help
584fffc8 230 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 231
584fffc8
SS		 232config CRYPTO_GCM
233 tristate "GCM/GMAC support"
234 select CRYPTO_CTR
235 select CRYPTO_AEAD
9382d97a 236 select CRYPTO_GHASH
9489667d 237 select CRYPTO_NULL
1da177e4 238 help
584fffc8
SS		 239 Support for Galois/Counter Mode (GCM) and Galois Message
240 Authentication Code (GMAC). Required for IPSec.
1da177e4 241
71ebc4d1
MW		 242config CRYPTO_CHACHA20POLY1305
243 tristate "ChaCha20-Poly1305 AEAD support"
244 select CRYPTO_CHACHA20
245 select CRYPTO_POLY1305
246 select CRYPTO_AEAD
247 help
248 ChaCha20-Poly1305 AEAD support, RFC7539.
249
250 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
251 with the Poly1305 authenticator. It is defined in RFC7539 for use in
252 IETF protocols.
253
584fffc8
SS		 254config CRYPTO_SEQIV
255 tristate "Sequence Number IV Generator"
256 select CRYPTO_AEAD
257 select CRYPTO_BLKCIPHER
856e3f40 258 select CRYPTO_NULL
401e4238 259 select CRYPTO_RNG_DEFAULT
1da177e4 260 help
584fffc8
SS		 261 This IV generator generates an IV based on a sequence number by
262 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 263
a10f554f
HX		 264config CRYPTO_ECHAINIV
265 tristate "Encrypted Chain IV Generator"
266 select CRYPTO_AEAD
267 select CRYPTO_NULL
401e4238 268 select CRYPTO_RNG_DEFAULT
3491244c 269 default m
a10f554f
HX		 270 help
271 This IV generator generates an IV based on the encryption of
272 a sequence number xored with a salt. This is the default
273 algorithm for CBC.
274
584fffc8 275comment "Block modes"
c494e070 276
584fffc8
SS		 277config CRYPTO_CBC
278 tristate "CBC support"
db131ef9 279 select CRYPTO_BLKCIPHER
43518407 280 select CRYPTO_MANAGER
db131ef9 281 help
584fffc8
SS		 282 CBC: Cipher Block Chaining mode
283 This block cipher algorithm is required for IPSec.
db131ef9 284
584fffc8
SS		 285config CRYPTO_CTR
286 tristate "CTR support"
db131ef9 287 select CRYPTO_BLKCIPHER
584fffc8 288 select CRYPTO_SEQIV
43518407 289 select CRYPTO_MANAGER
db131ef9 290 help
584fffc8 291 CTR: Counter mode
db131ef9
HX		 292 This block cipher algorithm is required for IPSec.
293
584fffc8
SS		 294config CRYPTO_CTS
295 tristate "CTS support"
296 select CRYPTO_BLKCIPHER
297 help
298 CTS: Cipher Text Stealing
299 This is the Cipher Text Stealing mode as described by
300 Section 8 of rfc2040 and referenced by rfc3962.
301 (rfc3962 includes errata information in its Appendix A)
302 This mode is required for Kerberos gss mechanism support
303 for AES encryption.
304
305config CRYPTO_ECB
306 tristate "ECB support"
91652be5
DH		 307 select CRYPTO_BLKCIPHER
308 select CRYPTO_MANAGER
91652be5 309 help
584fffc8
SS		 310 ECB: Electronic CodeBook mode
311 This is the simplest block cipher algorithm. It simply encrypts
312 the input block by block.
91652be5 313
64470f1b 314config CRYPTO_LRW
2470a2b2 315 tristate "LRW support"
64470f1b
RS		 316 select CRYPTO_BLKCIPHER
317 select CRYPTO_MANAGER
318 select CRYPTO_GF128MUL
319 help
320 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
321 narrow block cipher mode for dm-crypt. Use it with cipher
322 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
323 The first 128, 192 or 256 bits in the key are used for AES and the
324 rest is used to tie each cipher block to its logical position.
325
584fffc8
SS		 326config CRYPTO_PCBC
327 tristate "PCBC support"
328 select CRYPTO_BLKCIPHER
329 select CRYPTO_MANAGER
330 help
331 PCBC: Propagating Cipher Block Chaining mode
332 This block cipher algorithm is required for RxRPC.
333
f19f5111 334config CRYPTO_XTS
5bcf8e6d 335 tristate "XTS support"
f19f5111
RS		 336 select CRYPTO_BLKCIPHER
337 select CRYPTO_MANAGER
338 select CRYPTO_GF128MUL
339 help
340 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
341 key size 256, 384 or 512 bits. This implementation currently
342 can't handle a sectorsize which is not a multiple of 16 bytes.
343
584fffc8
SS		 344comment "Hash modes"
345
93b5e86a
JK		 346config CRYPTO_CMAC
347 tristate "CMAC support"
348 select CRYPTO_HASH
349 select CRYPTO_MANAGER
350 help
351 Cipher-based Message Authentication Code (CMAC) specified by
352 The National Institute of Standards and Technology (NIST).
353
354 https://tools.ietf.org/html/rfc4493
355 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
356
584fffc8
SS		 357config CRYPTO_HMAC
358 tristate "HMAC support"
359 select CRYPTO_HASH
23e353c8 360 select CRYPTO_MANAGER
23e353c8 361 help
584fffc8
SS		 362 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
363 This is required for IPSec.
23e353c8 364
584fffc8
SS		 365config CRYPTO_XCBC
366 tristate "XCBC support"
584fffc8
SS		 367 select CRYPTO_HASH
368 select CRYPTO_MANAGER
76cb9521 369 help
584fffc8
SS		 370 XCBC: Keyed-Hashing with encryption algorithm
371 http://www.ietf.org/rfc/rfc3566.txt
372 http://csrc.nist.gov/encryption/modes/proposedmodes/
373 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 374
f1939f7c
SW		 375config CRYPTO_VMAC
376 tristate "VMAC support"
f1939f7c
SW		 377 select CRYPTO_HASH
378 select CRYPTO_MANAGER
379 help
380 VMAC is a message authentication algorithm designed for
381 very high speed on 64-bit architectures.
382
383 See also:
384 <http://fastcrypto.org/vmac>
385
584fffc8 386comment "Digest"
28db8e3e 387
584fffc8
SS		 388config CRYPTO_CRC32C
389 tristate "CRC32c CRC algorithm"
5773a3e6 390 select CRYPTO_HASH
6a0962b2 391 select CRC32
4a49b499 392 help
584fffc8
SS		 393 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
394 by iSCSI for header and data digests and by others.
69c35efc 395 See Castagnoli93. Module will be crc32c.
4a49b499 396
8cb51ba8
AZ		 397config CRYPTO_CRC32C_INTEL
398 tristate "CRC32c INTEL hardware acceleration"
399 depends on X86
400 select CRYPTO_HASH
401 help
402 In Intel processor with SSE4.2 supported, the processor will
403 support CRC32C implementation using hardware accelerated CRC32
404 instruction. This option will create 'crc32c-intel' module,
405 which will enable any routine to use the CRC32 instruction to
406 gain performance compared with software implementation.
407 Module will be crc32c-intel.
408
442a7c40
DM		 409config CRYPTO_CRC32C_SPARC64
410 tristate "CRC32c CRC algorithm (SPARC64)"
411 depends on SPARC64
412 select CRYPTO_HASH
413 select CRC32
414 help
415 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
416 when available.
417
78c37d19
AB		 418config CRYPTO_CRC32
419 tristate "CRC32 CRC algorithm"
420 select CRYPTO_HASH
421 select CRC32
422 help
423 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
424 Shash crypto api wrappers to crc32_le function.
425
426config CRYPTO_CRC32_PCLMUL
427 tristate "CRC32 PCLMULQDQ hardware acceleration"
428 depends on X86
429 select CRYPTO_HASH
430 select CRC32
431 help
432 From Intel Westmere and AMD Bulldozer processor with SSE4.2
433 and PCLMULQDQ supported, the processor will support
434 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
435 instruction. This option will create 'crc32-plcmul' module,
436 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
437 and gain better performance as compared with the table implementation.
438
68411521
HX		 439config CRYPTO_CRCT10DIF
440 tristate "CRCT10DIF algorithm"
441 select CRYPTO_HASH
442 help
443 CRC T10 Data Integrity Field computation is being cast as
444 a crypto transform. This allows for faster crc t10 diff
445 transforms to be used if they are available.
446
447config CRYPTO_CRCT10DIF_PCLMUL
448 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
449 depends on X86 && 64BIT && CRC_T10DIF
450 select CRYPTO_HASH
451 help
452 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
453 CRC T10 DIF PCLMULQDQ computation can be hardware
454 accelerated PCLMULQDQ instruction. This option will create
455 'crct10dif-plcmul' module, which is faster when computing the
456 crct10dif checksum as compared with the generic table implementation.
457
2cdc6899
HY		 458config CRYPTO_GHASH
459 tristate "GHASH digest algorithm"
2cdc6899
HY		 460 select CRYPTO_GF128MUL
461 help
462 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
463
f979e014
MW		 464config CRYPTO_POLY1305
465 tristate "Poly1305 authenticator algorithm"
466 help
467 Poly1305 authenticator algorithm, RFC7539.
468
469 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
470 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
471 in IETF protocols. This is the portable C implementation of Poly1305.
472
584fffc8
SS		 473config CRYPTO_MD4
474 tristate "MD4 digest algorithm"
808a1763 475 select CRYPTO_HASH
124b53d0 476 help
584fffc8 477 MD4 message digest algorithm (RFC1320).
124b53d0 478
584fffc8
SS		 479config CRYPTO_MD5
480 tristate "MD5 digest algorithm"
14b75ba7 481 select CRYPTO_HASH
1da177e4 482 help
584fffc8 483 MD5 message digest algorithm (RFC1321).
1da177e4 484
d69e75de
AK		 485config CRYPTO_MD5_OCTEON
486 tristate "MD5 digest algorithm (OCTEON)"
487 depends on CPU_CAVIUM_OCTEON
488 select CRYPTO_MD5
489 select CRYPTO_HASH
490 help
491 MD5 message digest algorithm (RFC1321) implemented
492 using OCTEON crypto instructions, when available.
493
e8e59953
MS		 494config CRYPTO_MD5_PPC
495 tristate "MD5 digest algorithm (PPC)"
496 depends on PPC
497 select CRYPTO_HASH
498 help
499 MD5 message digest algorithm (RFC1321) implemented
500 in PPC assembler.
501
fa4dfedc
DM		 502config CRYPTO_MD5_SPARC64
503 tristate "MD5 digest algorithm (SPARC64)"
504 depends on SPARC64
505 select CRYPTO_MD5
506 select CRYPTO_HASH
507 help
508 MD5 message digest algorithm (RFC1321) implemented
509 using sparc64 crypto instructions, when available.
510
584fffc8
SS		 511config CRYPTO_MICHAEL_MIC
512 tristate "Michael MIC keyed digest algorithm"
19e2bf14 513 select CRYPTO_HASH
90831639 514 help
584fffc8
SS		 515 Michael MIC is used for message integrity protection in TKIP
516 (IEEE 802.11i). This algorithm is required for TKIP, but it
517 should not be used for other purposes because of the weakness
518 of the algorithm.
90831639 519
82798f90 520config CRYPTO_RMD128
b6d44341 521 tristate "RIPEMD-128 digest algorithm"
7c4468bc 522 select CRYPTO_HASH
b6d44341
AB		 523 help
524 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 525
b6d44341 526 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 527 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 528 RIPEMD-160 should be used.
82798f90 529
b6d44341 530 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 531 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 532
533config CRYPTO_RMD160
b6d44341 534 tristate "RIPEMD-160 digest algorithm"
e5835fba 535 select CRYPTO_HASH
b6d44341
AB		 536 help
537 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 538
b6d44341
AB		 539 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
540 to be used as a secure replacement for the 128-bit hash functions
541 MD4, MD5 and it's predecessor RIPEMD
542 (not to be confused with RIPEMD-128).
82798f90 543
b6d44341
AB		 544 It's speed is comparable to SHA1 and there are no known attacks
545 against RIPEMD-160.
534fe2c1 546
b6d44341 547 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 548 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 549
550config CRYPTO_RMD256
b6d44341 551 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 552 select CRYPTO_HASH
b6d44341
AB		 553 help
554 RIPEMD-256 is an optional extension of RIPEMD-128 with a
555 256 bit hash. It is intended for applications that require
556 longer hash-results, without needing a larger security level
557 (than RIPEMD-128).
534fe2c1 558
b6d44341 559 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 560 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 561
562config CRYPTO_RMD320
b6d44341 563 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 564 select CRYPTO_HASH
b6d44341
AB		 565 help
566 RIPEMD-320 is an optional extension of RIPEMD-160 with a
567 320 bit hash. It is intended for applications that require
568 longer hash-results, without needing a larger security level
569 (than RIPEMD-160).
534fe2c1 570
b6d44341 571 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 572 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 573
584fffc8
SS		 574config CRYPTO_SHA1
575 tristate "SHA1 digest algorithm"
54ccb367 576 select CRYPTO_HASH
1da177e4 577 help
584fffc8 578 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 579
66be8951 580config CRYPTO_SHA1_SSSE3
7c1da8d0 581 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
66be8951
MK		 582 depends on X86 && 64BIT
583 select CRYPTO_SHA1
584 select CRYPTO_HASH
585 help
586 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
587 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
7c1da8d0 588 Extensions (AVX/AVX2), when available.
66be8951 589
8275d1aa
TC		 590config CRYPTO_SHA256_SSSE3
591 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
592 depends on X86 && 64BIT
593 select CRYPTO_SHA256
594 select CRYPTO_HASH
595 help
596 SHA-256 secure hash standard (DFIPS 180-2) implemented
597 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
598 Extensions version 1 (AVX1), or Advanced Vector Extensions
87de4579
TC		 599 version 2 (AVX2) instructions, when available.
600
601config CRYPTO_SHA512_SSSE3
602 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
603 depends on X86 && 64BIT
604 select CRYPTO_SHA512
605 select CRYPTO_HASH
606 help
607 SHA-512 secure hash standard (DFIPS 180-2) implemented
608 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
609 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 610 version 2 (AVX2) instructions, when available.
611
efdb6f6e
AK		 612config CRYPTO_SHA1_OCTEON
613 tristate "SHA1 digest algorithm (OCTEON)"
614 depends on CPU_CAVIUM_OCTEON
615 select CRYPTO_SHA1
616 select CRYPTO_HASH
617 help
618 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
619 using OCTEON crypto instructions, when available.
620
4ff28d4c
DM		 621config CRYPTO_SHA1_SPARC64
622 tristate "SHA1 digest algorithm (SPARC64)"
623 depends on SPARC64
624 select CRYPTO_SHA1
625 select CRYPTO_HASH
626 help
627 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
628 using sparc64 crypto instructions, when available.
629
323a6bf1
ME		 630config CRYPTO_SHA1_PPC
631 tristate "SHA1 digest algorithm (powerpc)"
632 depends on PPC
633 help
634 This is the powerpc hardware accelerated implementation of the
635 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
636
d9850fc5
MS		 637config CRYPTO_SHA1_PPC_SPE
638 tristate "SHA1 digest algorithm (PPC SPE)"
639 depends on PPC && SPE
640 help
641 SHA-1 secure hash standard (DFIPS 180-4) implemented
642 using powerpc SPE SIMD instruction set.
643
1e65b81a
TC		 644config CRYPTO_SHA1_MB
645 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
646 depends on X86 && 64BIT
647 select CRYPTO_SHA1
648 select CRYPTO_HASH
649 select CRYPTO_MCRYPTD
650 help
651 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
652 using multi-buffer technique. This algorithm computes on
653 multiple data lanes concurrently with SIMD instructions for
654 better throughput. It should not be enabled by default but
655 used when there is significant amount of work to keep the keep
656 the data lanes filled to get performance benefit. If the data
657 lanes remain unfilled, a flush operation will be initiated to
658 process the crypto jobs, adding a slight latency.
659
584fffc8
SS		 660config CRYPTO_SHA256
661 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 662 select CRYPTO_HASH
1da177e4 663 help
584fffc8 664 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 665
584fffc8
SS		 666 This version of SHA implements a 256 bit hash with 128 bits of
667 security against collision attacks.
2729bb42 668
b6d44341
AB		 669 This code also includes SHA-224, a 224 bit hash with 112 bits
670 of security against collision attacks.
584fffc8 671
2ecc1e95
MS		 672config CRYPTO_SHA256_PPC_SPE
673 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
674 depends on PPC && SPE
675 select CRYPTO_SHA256
676 select CRYPTO_HASH
677 help
678 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
679 implemented using powerpc SPE SIMD instruction set.
680
efdb6f6e
AK		 681config CRYPTO_SHA256_OCTEON
682 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
683 depends on CPU_CAVIUM_OCTEON
684 select CRYPTO_SHA256
685 select CRYPTO_HASH
686 help
687 SHA-256 secure hash standard (DFIPS 180-2) implemented
688 using OCTEON crypto instructions, when available.
689
86c93b24
DM		 690config CRYPTO_SHA256_SPARC64
691 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
692 depends on SPARC64
693 select CRYPTO_SHA256
694 select CRYPTO_HASH
695 help
696 SHA-256 secure hash standard (DFIPS 180-2) implemented
697 using sparc64 crypto instructions, when available.
698
584fffc8
SS		 699config CRYPTO_SHA512
700 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 701 select CRYPTO_HASH
b9f535ff 702 help
584fffc8 703 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 704
584fffc8
SS		 705 This version of SHA implements a 512 bit hash with 256 bits of
706 security against collision attacks.
b9f535ff 707
584fffc8
SS		 708 This code also includes SHA-384, a 384 bit hash with 192 bits
709 of security against collision attacks.
b9f535ff 710
efdb6f6e
AK		 711config CRYPTO_SHA512_OCTEON
712 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
713 depends on CPU_CAVIUM_OCTEON
714 select CRYPTO_SHA512
715 select CRYPTO_HASH
716 help
717 SHA-512 secure hash standard (DFIPS 180-2) implemented
718 using OCTEON crypto instructions, when available.
719
775e0c69
DM		 720config CRYPTO_SHA512_SPARC64
721 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
722 depends on SPARC64
723 select CRYPTO_SHA512
724 select CRYPTO_HASH
725 help
726 SHA-512 secure hash standard (DFIPS 180-2) implemented
727 using sparc64 crypto instructions, when available.
728
584fffc8
SS		 729config CRYPTO_TGR192
730 tristate "Tiger digest algorithms"
f63fbd3d 731 select CRYPTO_HASH
eaf44088 732 help
584fffc8 733 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 734
584fffc8
SS		 735 Tiger is a hash function optimized for 64-bit processors while
736 still having decent performance on 32-bit processors.
737 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 738
739 See also:
584fffc8 740 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 741
584fffc8
SS		 742config CRYPTO_WP512
743 tristate "Whirlpool digest algorithms"
4946510b 744 select CRYPTO_HASH
1da177e4 745 help
584fffc8 746 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 747
584fffc8
SS		 748 Whirlpool-512 is part of the NESSIE cryptographic primitives.
749 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 750
751 See also:
6d8de74c 752 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 753
0e1227d3
HY		 754config CRYPTO_GHASH_CLMUL_NI_INTEL
755 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 756 depends on X86 && 64BIT
0e1227d3
HY		 757 select CRYPTO_CRYPTD
758 help
759 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
760 The implementation is accelerated by CLMUL-NI of Intel.
761
584fffc8 762comment "Ciphers"
1da177e4
LT		 763
764config CRYPTO_AES
765 tristate "AES cipher algorithms"
cce9e06d 766 select CRYPTO_ALGAPI
1da177e4 767 help
584fffc8 768 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 769 algorithm.
770
771 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 772 both hardware and software across a wide range of computing
773 environments regardless of its use in feedback or non-feedback
774 modes. Its key setup time is excellent, and its key agility is
775 good. Rijndael's very low memory requirements make it very well
776 suited for restricted-space environments, in which it also
777 demonstrates excellent performance. Rijndael's operations are
778 among the easiest to defend against power and timing attacks.
1da177e4 779
584fffc8 780 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 781
782 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
783
784config CRYPTO_AES_586
785 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 786 depends on (X86 || UML_X86) && !64BIT
787 select CRYPTO_ALGAPI
5157dea8 788 select CRYPTO_AES
1da177e4 789 help
584fffc8 790 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 791 algorithm.
792
793 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 794 both hardware and software across a wide range of computing
795 environments regardless of its use in feedback or non-feedback
796 modes. Its key setup time is excellent, and its key agility is
797 good. Rijndael's very low memory requirements make it very well
798 suited for restricted-space environments, in which it also
799 demonstrates excellent performance. Rijndael's operations are
800 among the easiest to defend against power and timing attacks.
1da177e4 801
584fffc8 802 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 803
804 See <http://csrc.nist.gov/encryption/aes/> for more information.
805
806config CRYPTO_AES_X86_64
807 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 808 depends on (X86 || UML_X86) && 64BIT
809 select CRYPTO_ALGAPI
81190b32 810 select CRYPTO_AES
a2a892a2 811 help
584fffc8 812 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 813 algorithm.
814
815 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 816 both hardware and software across a wide range of computing
817 environments regardless of its use in feedback or non-feedback
818 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 819 good. Rijndael's very low memory requirements make it very well
820 suited for restricted-space environments, in which it also
821 demonstrates excellent performance. Rijndael's operations are
822 among the easiest to defend against power and timing attacks.
823
824 The AES specifies three key sizes: 128, 192 and 256 bits
825
826 See <http://csrc.nist.gov/encryption/aes/> for more information.
827
828config CRYPTO_AES_NI_INTEL
829 tristate "AES cipher algorithms (AES-NI)"
8af00860 830 depends on X86
0d258efb
MK		 831 select CRYPTO_AES_X86_64 if 64BIT
832 select CRYPTO_AES_586 if !64BIT
54b6a1bd 833 select CRYPTO_CRYPTD
801201aa 834 select CRYPTO_ABLK_HELPER
54b6a1bd 835 select CRYPTO_ALGAPI
7643a11a 836 select CRYPTO_GLUE_HELPER_X86 if 64BIT
023af608
JK		 837 select CRYPTO_LRW
838 select CRYPTO_XTS
54b6a1bd
HY		 839 help
840 Use Intel AES-NI instructions for AES algorithm.
841
842 AES cipher algorithms (FIPS-197). AES uses the Rijndael
843 algorithm.
844
845 Rijndael appears to be consistently a very good performer in
846 both hardware and software across a wide range of computing
847 environments regardless of its use in feedback or non-feedback
848 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 849 good. Rijndael's very low memory requirements make it very well
850 suited for restricted-space environments, in which it also
851 demonstrates excellent performance. Rijndael's operations are
852 among the easiest to defend against power and timing attacks.
a2a892a2 853
584fffc8 854 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 855
856 See <http://csrc.nist.gov/encryption/aes/> for more information.
857
0d258efb
MK		 858 In addition to AES cipher algorithm support, the acceleration
859 for some popular block cipher mode is supported too, including
860 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
861 acceleration for CTR.
2cf4ac8b 862
9bf4852d
DM		 863config CRYPTO_AES_SPARC64
864 tristate "AES cipher algorithms (SPARC64)"
865 depends on SPARC64
866 select CRYPTO_CRYPTD
867 select CRYPTO_ALGAPI
868 help
869 Use SPARC64 crypto opcodes for AES algorithm.
870
871 AES cipher algorithms (FIPS-197). AES uses the Rijndael
872 algorithm.
873
874 Rijndael appears to be consistently a very good performer in
875 both hardware and software across a wide range of computing
876 environments regardless of its use in feedback or non-feedback
877 modes. Its key setup time is excellent, and its key agility is
878 good. Rijndael's very low memory requirements make it very well
879 suited for restricted-space environments, in which it also
880 demonstrates excellent performance. Rijndael's operations are
881 among the easiest to defend against power and timing attacks.
882
883 The AES specifies three key sizes: 128, 192 and 256 bits
884
885 See <http://csrc.nist.gov/encryption/aes/> for more information.
886
887 In addition to AES cipher algorithm support, the acceleration
888 for some popular block cipher mode is supported too, including
889 ECB and CBC.
890
504c6143
MS		 891config CRYPTO_AES_PPC_SPE
892 tristate "AES cipher algorithms (PPC SPE)"
893 depends on PPC && SPE
894 help
895 AES cipher algorithms (FIPS-197). Additionally the acceleration
896 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
897 This module should only be used for low power (router) devices
898 without hardware AES acceleration (e.g. caam crypto). It reduces the
899 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
900 timining attacks. Nevertheless it might be not as secure as other
901 architecture specific assembler implementations that work on 1KB
902 tables or 256 bytes S-boxes.
903
584fffc8
SS		 904config CRYPTO_ANUBIS
905 tristate "Anubis cipher algorithm"
906 select CRYPTO_ALGAPI
907 help
908 Anubis cipher algorithm.
909
910 Anubis is a variable key length cipher which can use keys from
911 128 bits to 320 bits in length. It was evaluated as a entrant
912 in the NESSIE competition.
913
914 See also:
6d8de74c
JM		 915 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
916 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 917
918config CRYPTO_ARC4
919 tristate "ARC4 cipher algorithm"
b9b0f080 920 select CRYPTO_BLKCIPHER
584fffc8
SS		 921 help
922 ARC4 cipher algorithm.
923
924 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
925 bits in length. This algorithm is required for driver-based
926 WEP, but it should not be for other purposes because of the
927 weakness of the algorithm.
928
929config CRYPTO_BLOWFISH
930 tristate "Blowfish cipher algorithm"
931 select CRYPTO_ALGAPI
52ba867c 932 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 933 help
934 Blowfish cipher algorithm, by Bruce Schneier.
935
936 This is a variable key length cipher which can use keys from 32
937 bits to 448 bits in length. It's fast, simple and specifically
938 designed for use on "large microprocessors".
939
940 See also:
941 <http://www.schneier.com/blowfish.html>
942
52ba867c
JK		 943config CRYPTO_BLOWFISH_COMMON
944 tristate
945 help
946 Common parts of the Blowfish cipher algorithm shared by the
947 generic c and the assembler implementations.
948
949 See also:
950 <http://www.schneier.com/blowfish.html>
951
64b94cea
JK		 952config CRYPTO_BLOWFISH_X86_64
953 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 954 depends on X86 && 64BIT
64b94cea
JK		 955 select CRYPTO_ALGAPI
956 select CRYPTO_BLOWFISH_COMMON
957 help
958 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
959
960 This is a variable key length cipher which can use keys from 32
961 bits to 448 bits in length. It's fast, simple and specifically
962 designed for use on "large microprocessors".
963
964 See also:
965 <http://www.schneier.com/blowfish.html>
966
584fffc8
SS		 967config CRYPTO_CAMELLIA
968 tristate "Camellia cipher algorithms"
969 depends on CRYPTO
970 select CRYPTO_ALGAPI
971 help
972 Camellia cipher algorithms module.
973
974 Camellia is a symmetric key block cipher developed jointly
975 at NTT and Mitsubishi Electric Corporation.
976
977 The Camellia specifies three key sizes: 128, 192 and 256 bits.
978
979 See also:
980 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
981
0b95ec56
JK		 982config CRYPTO_CAMELLIA_X86_64
983 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 984 depends on X86 && 64BIT
0b95ec56
JK		 985 depends on CRYPTO
986 select CRYPTO_ALGAPI
964263af 987 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 988 select CRYPTO_LRW
989 select CRYPTO_XTS
990 help
991 Camellia cipher algorithm module (x86_64).
992
993 Camellia is a symmetric key block cipher developed jointly
994 at NTT and Mitsubishi Electric Corporation.
995
996 The Camellia specifies three key sizes: 128, 192 and 256 bits.
997
998 See also:
d9b1d2e7
JK		 999 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1000
1001config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1002 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1003 depends on X86 && 64BIT
1004 depends on CRYPTO
1005 select CRYPTO_ALGAPI
1006 select CRYPTO_CRYPTD
801201aa 1007 select CRYPTO_ABLK_HELPER
d9b1d2e7
JK		 1008 select CRYPTO_GLUE_HELPER_X86
1009 select CRYPTO_CAMELLIA_X86_64
1010 select CRYPTO_LRW
1011 select CRYPTO_XTS
1012 help
1013 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1014
1015 Camellia is a symmetric key block cipher developed jointly
1016 at NTT and Mitsubishi Electric Corporation.
1017
1018 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1019
1020 See also:
0b95ec56
JK		 1021 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1022
f3f935a7
JK		 1023config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1024 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1025 depends on X86 && 64BIT
1026 depends on CRYPTO
1027 select CRYPTO_ALGAPI
1028 select CRYPTO_CRYPTD
801201aa 1029 select CRYPTO_ABLK_HELPER
f3f935a7
JK		 1030 select CRYPTO_GLUE_HELPER_X86
1031 select CRYPTO_CAMELLIA_X86_64
1032 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1033 select CRYPTO_LRW
1034 select CRYPTO_XTS
1035 help
1036 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1037
1038 Camellia is a symmetric key block cipher developed jointly
1039 at NTT and Mitsubishi Electric Corporation.
1040
1041 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1042
1043 See also:
1044 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1045
81658ad0
DM		 1046config CRYPTO_CAMELLIA_SPARC64
1047 tristate "Camellia cipher algorithm (SPARC64)"
1048 depends on SPARC64
1049 depends on CRYPTO
1050 select CRYPTO_ALGAPI
1051 help
1052 Camellia cipher algorithm module (SPARC64).
1053
1054 Camellia is a symmetric key block cipher developed jointly
1055 at NTT and Mitsubishi Electric Corporation.
1056
1057 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1058
1059 See also:
1060 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1061
044ab525
JK		 1062config CRYPTO_CAST_COMMON
1063 tristate
1064 help
1065 Common parts of the CAST cipher algorithms shared by the
1066 generic c and the assembler implementations.
1067
1da177e4
LT		 1068config CRYPTO_CAST5
1069 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1070 select CRYPTO_ALGAPI
044ab525 1071 select CRYPTO_CAST_COMMON
1da177e4
LT		 1072 help
1073 The CAST5 encryption algorithm (synonymous with CAST-128) is
1074 described in RFC2144.
1075
4d6d6a2c
JG		 1076config CRYPTO_CAST5_AVX_X86_64
1077 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1078 depends on X86 && 64BIT
1079 select CRYPTO_ALGAPI
1080 select CRYPTO_CRYPTD
801201aa 1081 select CRYPTO_ABLK_HELPER
044ab525 1082 select CRYPTO_CAST_COMMON
4d6d6a2c
JG		 1083 select CRYPTO_CAST5
1084 help
1085 The CAST5 encryption algorithm (synonymous with CAST-128) is
1086 described in RFC2144.
1087
1088 This module provides the Cast5 cipher algorithm that processes
1089 sixteen blocks parallel using the AVX instruction set.
1090
1da177e4
LT		 1091config CRYPTO_CAST6
1092 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1093 select CRYPTO_ALGAPI
044ab525 1094 select CRYPTO_CAST_COMMON
1da177e4
LT		 1095 help
1096 The CAST6 encryption algorithm (synonymous with CAST-256) is
1097 described in RFC2612.
1098
4ea1277d
JG		 1099config CRYPTO_CAST6_AVX_X86_64
1100 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1101 depends on X86 && 64BIT
1102 select CRYPTO_ALGAPI
1103 select CRYPTO_CRYPTD
801201aa 1104 select CRYPTO_ABLK_HELPER
4ea1277d 1105 select CRYPTO_GLUE_HELPER_X86
044ab525 1106 select CRYPTO_CAST_COMMON
4ea1277d
JG		 1107 select CRYPTO_CAST6
1108 select CRYPTO_LRW
1109 select CRYPTO_XTS
1110 help
1111 The CAST6 encryption algorithm (synonymous with CAST-256) is
1112 described in RFC2612.
1113
1114 This module provides the Cast6 cipher algorithm that processes
1115 eight blocks parallel using the AVX instruction set.
1116
584fffc8
SS		 1117config CRYPTO_DES
1118 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1119 select CRYPTO_ALGAPI
1da177e4 1120 help
584fffc8 1121 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1122
c5aac2df
DM		 1123config CRYPTO_DES_SPARC64
1124 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1125 depends on SPARC64
c5aac2df
DM		 1126 select CRYPTO_ALGAPI
1127 select CRYPTO_DES
1128 help
1129 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1130 optimized using SPARC64 crypto opcodes.
1131
6574e6c6
JK		 1132config CRYPTO_DES3_EDE_X86_64
1133 tristate "Triple DES EDE cipher algorithm (x86-64)"
1134 depends on X86 && 64BIT
1135 select CRYPTO_ALGAPI
1136 select CRYPTO_DES
1137 help
1138 Triple DES EDE (FIPS 46-3) algorithm.
1139
1140 This module provides implementation of the Triple DES EDE cipher
1141 algorithm that is optimized for x86-64 processors. Two versions of
1142 algorithm are provided; regular processing one input block and
1143 one that processes three blocks parallel.
1144
584fffc8
SS		 1145config CRYPTO_FCRYPT
1146 tristate "FCrypt cipher algorithm"
cce9e06d 1147 select CRYPTO_ALGAPI
584fffc8 1148 select CRYPTO_BLKCIPHER
1da177e4 1149 help
584fffc8 1150 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1151
1152config CRYPTO_KHAZAD
1153 tristate "Khazad cipher algorithm"
cce9e06d 1154 select CRYPTO_ALGAPI
1da177e4
LT		 1155 help
1156 Khazad cipher algorithm.
1157
1158 Khazad was a finalist in the initial NESSIE competition. It is
1159 an algorithm optimized for 64-bit processors with good performance
1160 on 32-bit processors. Khazad uses an 128 bit key size.
1161
1162 See also:
6d8de74c 1163 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1164
2407d608 1165config CRYPTO_SALSA20
3b4afaf2 1166 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1167 select CRYPTO_BLKCIPHER
1168 help
1169 Salsa20 stream cipher algorithm.
1170
1171 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1172 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1173
1174 The Salsa20 stream cipher algorithm is designed by Daniel J.
1175 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1176
1177config CRYPTO_SALSA20_586
3b4afaf2 1178 tristate "Salsa20 stream cipher algorithm (i586)"
974e4b75 1179 depends on (X86 || UML_X86) && !64BIT
974e4b75 1180 select CRYPTO_BLKCIPHER
974e4b75
TSH		 1181 help
1182 Salsa20 stream cipher algorithm.
1183
1184 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1185 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
9a7dafbb
TSH		 1186
1187 The Salsa20 stream cipher algorithm is designed by Daniel J.
1188 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1189
1190config CRYPTO_SALSA20_X86_64
3b4afaf2 1191 tristate "Salsa20 stream cipher algorithm (x86_64)"
9a7dafbb 1192 depends on (X86 || UML_X86) && 64BIT
9a7dafbb 1193 select CRYPTO_BLKCIPHER
9a7dafbb
TSH		 1194 help
1195 Salsa20 stream cipher algorithm.
1196
1197 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1198 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
2407d608
TSH		 1199
1200 The Salsa20 stream cipher algorithm is designed by Daniel J.
1201 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1da177e4 1202
c08d0e64
MW		 1203config CRYPTO_CHACHA20
1204 tristate "ChaCha20 cipher algorithm"
1205 select CRYPTO_BLKCIPHER
1206 help
1207 ChaCha20 cipher algorithm, RFC7539.
1208
1209 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1210 Bernstein and further specified in RFC7539 for use in IETF protocols.
1211 This is the portable C implementation of ChaCha20.
1212
1213 See also:
1214 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1215
584fffc8
SS		 1216config CRYPTO_SEED
1217 tristate "SEED cipher algorithm"
cce9e06d 1218 select CRYPTO_ALGAPI
1da177e4 1219 help
584fffc8 1220 SEED cipher algorithm (RFC4269).
1da177e4 1221
584fffc8
SS		 1222 SEED is a 128-bit symmetric key block cipher that has been
1223 developed by KISA (Korea Information Security Agency) as a
1224 national standard encryption algorithm of the Republic of Korea.
1225 It is a 16 round block cipher with the key size of 128 bit.
1226
1227 See also:
1228 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1229
1230config CRYPTO_SERPENT
1231 tristate "Serpent cipher algorithm"
cce9e06d 1232 select CRYPTO_ALGAPI
1da177e4 1233 help
584fffc8 1234 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1235
584fffc8
SS		 1236 Keys are allowed to be from 0 to 256 bits in length, in steps
1237 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1238 variant of Serpent for compatibility with old kerneli.org code.
1239
1240 See also:
1241 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1242
937c30d7
JK		 1243config CRYPTO_SERPENT_SSE2_X86_64
1244 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1245 depends on X86 && 64BIT
1246 select CRYPTO_ALGAPI
341975bf 1247 select CRYPTO_CRYPTD
801201aa 1248 select CRYPTO_ABLK_HELPER
596d8750 1249 select CRYPTO_GLUE_HELPER_X86
937c30d7 1250 select CRYPTO_SERPENT
feaf0cfc
JK		 1251 select CRYPTO_LRW
1252 select CRYPTO_XTS
937c30d7
JK		 1253 help
1254 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1255
1256 Keys are allowed to be from 0 to 256 bits in length, in steps
1257 of 8 bits.
1258
1e6232f8 1259 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1260 blocks parallel using SSE2 instruction set.
1261
1262 See also:
1263 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1264
251496db
JK		 1265config CRYPTO_SERPENT_SSE2_586
1266 tristate "Serpent cipher algorithm (i586/SSE2)"
1267 depends on X86 && !64BIT
1268 select CRYPTO_ALGAPI
341975bf 1269 select CRYPTO_CRYPTD
801201aa 1270 select CRYPTO_ABLK_HELPER
596d8750 1271 select CRYPTO_GLUE_HELPER_X86
251496db 1272 select CRYPTO_SERPENT
feaf0cfc
JK		 1273 select CRYPTO_LRW
1274 select CRYPTO_XTS
251496db
JK		 1275 help
1276 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1277
1278 Keys are allowed to be from 0 to 256 bits in length, in steps
1279 of 8 bits.
1280
1281 This module provides Serpent cipher algorithm that processes four
1282 blocks parallel using SSE2 instruction set.
1283
1284 See also:
1285 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1286
1287config CRYPTO_SERPENT_AVX_X86_64
1288 tristate "Serpent cipher algorithm (x86_64/AVX)"
1289 depends on X86 && 64BIT
1290 select CRYPTO_ALGAPI
1291 select CRYPTO_CRYPTD
801201aa 1292 select CRYPTO_ABLK_HELPER
1d0debbd 1293 select CRYPTO_GLUE_HELPER_X86
7efe4076
JG		 1294 select CRYPTO_SERPENT
1295 select CRYPTO_LRW
1296 select CRYPTO_XTS
1297 help
1298 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1299
1300 Keys are allowed to be from 0 to 256 bits in length, in steps
1301 of 8 bits.
1302
1303 This module provides the Serpent cipher algorithm that processes
1304 eight blocks parallel using the AVX instruction set.
1305
1306 See also:
1307 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1308
56d76c96
JK		 1309config CRYPTO_SERPENT_AVX2_X86_64
1310 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1311 depends on X86 && 64BIT
1312 select CRYPTO_ALGAPI
1313 select CRYPTO_CRYPTD
801201aa 1314 select CRYPTO_ABLK_HELPER
56d76c96
JK		 1315 select CRYPTO_GLUE_HELPER_X86
1316 select CRYPTO_SERPENT
1317 select CRYPTO_SERPENT_AVX_X86_64
1318 select CRYPTO_LRW
1319 select CRYPTO_XTS
1320 help
1321 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1322
1323 Keys are allowed to be from 0 to 256 bits in length, in steps
1324 of 8 bits.
1325
1326 This module provides Serpent cipher algorithm that processes 16
1327 blocks parallel using AVX2 instruction set.
1328
1329 See also:
1330 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1331
584fffc8
SS		 1332config CRYPTO_TEA
1333 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1334 select CRYPTO_ALGAPI
1da177e4 1335 help
584fffc8 1336 TEA cipher algorithm.
1da177e4 1337
584fffc8
SS		 1338 Tiny Encryption Algorithm is a simple cipher that uses
1339 many rounds for security. It is very fast and uses
1340 little memory.
1341
1342 Xtendend Tiny Encryption Algorithm is a modification to
1343 the TEA algorithm to address a potential key weakness
1344 in the TEA algorithm.
1345
1346 Xtendend Encryption Tiny Algorithm is a mis-implementation
1347 of the XTEA algorithm for compatibility purposes.
1348
1349config CRYPTO_TWOFISH
1350 tristate "Twofish cipher algorithm"
04ac7db3 1351 select CRYPTO_ALGAPI
584fffc8 1352 select CRYPTO_TWOFISH_COMMON
04ac7db3 1353 help
584fffc8 1354 Twofish cipher algorithm.
04ac7db3 1355
584fffc8
SS		 1356 Twofish was submitted as an AES (Advanced Encryption Standard)
1357 candidate cipher by researchers at CounterPane Systems. It is a
1358 16 round block cipher supporting key sizes of 128, 192, and 256
1359 bits.
04ac7db3 1360
584fffc8
SS		 1361 See also:
1362 <http://www.schneier.com/twofish.html>
1363
1364config CRYPTO_TWOFISH_COMMON
1365 tristate
1366 help
1367 Common parts of the Twofish cipher algorithm shared by the
1368 generic c and the assembler implementations.
1369
1370config CRYPTO_TWOFISH_586
1371 tristate "Twofish cipher algorithms (i586)"
1372 depends on (X86 || UML_X86) && !64BIT
1373 select CRYPTO_ALGAPI
1374 select CRYPTO_TWOFISH_COMMON
1375 help
1376 Twofish cipher algorithm.
1377
1378 Twofish was submitted as an AES (Advanced Encryption Standard)
1379 candidate cipher by researchers at CounterPane Systems. It is a
1380 16 round block cipher supporting key sizes of 128, 192, and 256
1381 bits.
04ac7db3
NT		 1382
1383 See also:
584fffc8 1384 <http://www.schneier.com/twofish.html>
04ac7db3 1385
584fffc8
SS		 1386config CRYPTO_TWOFISH_X86_64
1387 tristate "Twofish cipher algorithm (x86_64)"
1388 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1389 select CRYPTO_ALGAPI
584fffc8 1390 select CRYPTO_TWOFISH_COMMON
1da177e4 1391 help
584fffc8 1392 Twofish cipher algorithm (x86_64).
1da177e4 1393
584fffc8
SS		 1394 Twofish was submitted as an AES (Advanced Encryption Standard)
1395 candidate cipher by researchers at CounterPane Systems. It is a
1396 16 round block cipher supporting key sizes of 128, 192, and 256
1397 bits.
1398
1399 See also:
1400 <http://www.schneier.com/twofish.html>
1401
8280daad
JK		 1402config CRYPTO_TWOFISH_X86_64_3WAY
1403 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1404 depends on X86 && 64BIT
8280daad
JK		 1405 select CRYPTO_ALGAPI
1406 select CRYPTO_TWOFISH_COMMON
1407 select CRYPTO_TWOFISH_X86_64
414cb5e7 1408 select CRYPTO_GLUE_HELPER_X86
e7cda5d2
JK		 1409 select CRYPTO_LRW
1410 select CRYPTO_XTS
8280daad
JK		 1411 help
1412 Twofish cipher algorithm (x86_64, 3-way parallel).
1413
1414 Twofish was submitted as an AES (Advanced Encryption Standard)
1415 candidate cipher by researchers at CounterPane Systems. It is a
1416 16 round block cipher supporting key sizes of 128, 192, and 256
1417 bits.
1418
1419 This module provides Twofish cipher algorithm that processes three
1420 blocks parallel, utilizing resources of out-of-order CPUs better.
1421
1422 See also:
1423 <http://www.schneier.com/twofish.html>
1424
107778b5
JG		 1425config CRYPTO_TWOFISH_AVX_X86_64
1426 tristate "Twofish cipher algorithm (x86_64/AVX)"
1427 depends on X86 && 64BIT
1428 select CRYPTO_ALGAPI
1429 select CRYPTO_CRYPTD
801201aa 1430 select CRYPTO_ABLK_HELPER
a7378d4e 1431 select CRYPTO_GLUE_HELPER_X86
107778b5
JG		 1432 select CRYPTO_TWOFISH_COMMON
1433 select CRYPTO_TWOFISH_X86_64
1434 select CRYPTO_TWOFISH_X86_64_3WAY
1435 select CRYPTO_LRW
1436 select CRYPTO_XTS
1437 help
1438 Twofish cipher algorithm (x86_64/AVX).
1439
1440 Twofish was submitted as an AES (Advanced Encryption Standard)
1441 candidate cipher by researchers at CounterPane Systems. It is a
1442 16 round block cipher supporting key sizes of 128, 192, and 256
1443 bits.
1444
1445 This module provides the Twofish cipher algorithm that processes
1446 eight blocks parallel using the AVX Instruction Set.
1447
1448 See also:
1449 <http://www.schneier.com/twofish.html>
1450
584fffc8
SS		 1451comment "Compression"
1452
1453config CRYPTO_DEFLATE
1454 tristate "Deflate compression algorithm"
1455 select CRYPTO_ALGAPI
1456 select ZLIB_INFLATE
1457 select ZLIB_DEFLATE
3c09f17c 1458 help
584fffc8
SS		 1459 This is the Deflate algorithm (RFC1951), specified for use in
1460 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1461
1462 You will most probably want this if using IPSec.
3c09f17c 1463
bf68e65e
GU		 1464config CRYPTO_ZLIB
1465 tristate "Zlib compression algorithm"
1466 select CRYPTO_PCOMP
1467 select ZLIB_INFLATE
1468 select ZLIB_DEFLATE
1469 select NLATTR
1470 help
1471 This is the zlib algorithm.
1472
0b77abb3
ZS		 1473config CRYPTO_LZO
1474 tristate "LZO compression algorithm"
1475 select CRYPTO_ALGAPI
1476 select LZO_COMPRESS
1477 select LZO_DECOMPRESS
1478 help
1479 This is the LZO algorithm.
1480
35a1fc18
SJ		 1481config CRYPTO_842
1482 tristate "842 compression algorithm"
2062c5b6
DS		 1483 select CRYPTO_ALGAPI
1484 select 842_COMPRESS
1485 select 842_DECOMPRESS
35a1fc18
SJ		 1486 help
1487 This is the 842 algorithm.
0ea8530d
CM		 1488
1489config CRYPTO_LZ4
1490 tristate "LZ4 compression algorithm"
1491 select CRYPTO_ALGAPI
1492 select LZ4_COMPRESS
1493 select LZ4_DECOMPRESS
1494 help
1495 This is the LZ4 algorithm.
1496
1497config CRYPTO_LZ4HC
1498 tristate "LZ4HC compression algorithm"
1499 select CRYPTO_ALGAPI
1500 select LZ4HC_COMPRESS
1501 select LZ4_DECOMPRESS
1502 help
1503 This is the LZ4 high compression mode algorithm.
35a1fc18 1504
17f0f4a4
NH		 1505comment "Random Number Generation"
1506
1507config CRYPTO_ANSI_CPRNG
1508 tristate "Pseudo Random Number Generation for Cryptographic modules"
1509 select CRYPTO_AES
1510 select CRYPTO_RNG
17f0f4a4
NH		 1511 help
1512 This option enables the generic pseudo random number generator
1513 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1514 ANSI X9.31 A.2.4. Note that this option must be enabled if
1515 CRYPTO_FIPS is selected
17f0f4a4 1516
f2c89a10 1517menuconfig CRYPTO_DRBG_MENU
419090c6 1518 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1519 help
1520 NIST SP800-90A compliant DRBG. In the following submenu, one or
1521 more of the DRBG types must be selected.
1522
f2c89a10 1523if CRYPTO_DRBG_MENU
419090c6
SM		 1524
1525config CRYPTO_DRBG_HMAC
401e4238 1526 bool
419090c6 1527 default y
419090c6 1528 select CRYPTO_HMAC
826775bb 1529 select CRYPTO_SHA256
419090c6
SM		 1530
1531config CRYPTO_DRBG_HASH
1532 bool "Enable Hash DRBG"
826775bb 1533 select CRYPTO_SHA256
419090c6
SM		 1534 help
1535 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1536
1537config CRYPTO_DRBG_CTR
1538 bool "Enable CTR DRBG"
419090c6
SM		 1539 select CRYPTO_AES
1540 help
1541 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1542
f2c89a10
HX		 1543config CRYPTO_DRBG
1544 tristate
401e4238 1545 default CRYPTO_DRBG_MENU
f2c89a10 1546 select CRYPTO_RNG
bb5530e4 1547 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1548
1549endif # if CRYPTO_DRBG_MENU
419090c6 1550
bb5530e4
SM		 1551config CRYPTO_JITTERENTROPY
1552 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1553 help
1554 The Jitterentropy RNG is a noise that is intended
1555 to provide seed to another RNG. The RNG does not
1556 perform any cryptographic whitening of the generated
1557 random numbers. This Jitterentropy RNG registers with
1558 the kernel crypto API and can be used by any caller.
1559
03c8efc1
HX		 1560config CRYPTO_USER_API
1561 tristate
1562
fe869cdb
HX		 1563config CRYPTO_USER_API_HASH
1564 tristate "User-space interface for hash algorithms"
7451708f 1565 depends on NET
fe869cdb
HX		 1566 select CRYPTO_HASH
1567 select CRYPTO_USER_API
1568 help
1569 This option enables the user-spaces interface for hash
1570 algorithms.
1571
8ff59090
HX		 1572config CRYPTO_USER_API_SKCIPHER
1573 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1574 depends on NET
8ff59090
HX		 1575 select CRYPTO_BLKCIPHER
1576 select CRYPTO_USER_API
1577 help
1578 This option enables the user-spaces interface for symmetric
1579 key cipher algorithms.
1580
2f375538
SM		 1581config CRYPTO_USER_API_RNG
1582 tristate "User-space interface for random number generator algorithms"
1583 depends on NET
1584 select CRYPTO_RNG
1585 select CRYPTO_USER_API
1586 help
1587 This option enables the user-spaces interface for random
1588 number generator algorithms.
1589
b64a2d95
HX		 1590config CRYPTO_USER_API_AEAD
1591 tristate "User-space interface for AEAD cipher algorithms"
1592 depends on NET
1593 select CRYPTO_AEAD
1594 select CRYPTO_USER_API
1595 help
1596 This option enables the user-spaces interface for AEAD
1597 cipher algorithms.
1598
ee08997f
DK		 1599config CRYPTO_HASH_INFO
1600 bool
1601
1da177e4 1602source "drivers/crypto/Kconfig"
964f3b3b 1603source crypto/asymmetric_keys/Kconfig
1da177e4 1604
cce9e06d 1605endif # if CRYPTO
Linux 6.x block layer and io_uring tree(s)