projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ARM: mvebu_v7_defconfig: enable SFP support
[linux-2.6-block.git] / crypto / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
685784aa
DW		 2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
1da177e4 8#
9bc89cd8 9# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 10#
9bc89cd8 11source "crypto/async_tx/Kconfig"
1da177e4 12
9bc89cd8
DW		 13#
14# Cryptographic API Configuration
15#
2e290f43 16menuconfig CRYPTO
c3715cb9 17 tristate "Cryptographic API"
1da177e4
LT		 18 help
19 This option provides the core Cryptographic API.
20
cce9e06d
HX		 21if CRYPTO
22
584fffc8
SS		 23comment "Crypto core or helper"
24
ccb778e1
NH		 25config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
f2c89a10 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
1f696097 28 depends on (MODULE_SIG || !MODULES)
ccb778e1
NH		 29 help
30 This options enables the fips boot option which is
31 required if you want to system to operate in a FIPS 200
32 certification. You should say no unless you know what
e84c5480 33 this is.
ccb778e1 34
cce9e06d
HX		 35config CRYPTO_ALGAPI
36 tristate
6a0fcbb4 37 select CRYPTO_ALGAPI2
cce9e06d
HX		 38 help
39 This option provides the API for cryptographic algorithms.
40
6a0fcbb4
HX		 41config CRYPTO_ALGAPI2
42 tristate
43
1ae97820
HX		 44config CRYPTO_AEAD
45 tristate
6a0fcbb4 46 select CRYPTO_AEAD2
1ae97820
HX		 47 select CRYPTO_ALGAPI
48
6a0fcbb4
HX		 49config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
149a3971
HX		 52 select CRYPTO_NULL2
53 select CRYPTO_RNG2
6a0fcbb4 54
5cde0af2
HX		 55config CRYPTO_BLKCIPHER
56 tristate
6a0fcbb4 57 select CRYPTO_BLKCIPHER2
5cde0af2 58 select CRYPTO_ALGAPI
6a0fcbb4
HX		 59
60config CRYPTO_BLKCIPHER2
61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
0a2e821d 64 select CRYPTO_WORKQUEUE
5cde0af2 65
055bcee3
HX		 66config CRYPTO_HASH
67 tristate
6a0fcbb4 68 select CRYPTO_HASH2
055bcee3
HX		 69 select CRYPTO_ALGAPI
70
6a0fcbb4
HX		 71config CRYPTO_HASH2
72 tristate
73 select CRYPTO_ALGAPI2
74
17f0f4a4
NH		 75config CRYPTO_RNG
76 tristate
6a0fcbb4 77 select CRYPTO_RNG2
17f0f4a4
NH		 78 select CRYPTO_ALGAPI
79
6a0fcbb4
HX		 80config CRYPTO_RNG2
81 tristate
82 select CRYPTO_ALGAPI2
83
401e4238
HX		 84config CRYPTO_RNG_DEFAULT
85 tristate
86 select CRYPTO_DRBG_MENU
87
3c339ab8
TS		 88config CRYPTO_AKCIPHER2
89 tristate
90 select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93 tristate
94 select CRYPTO_AKCIPHER2
95 select CRYPTO_ALGAPI
96
4e5f2c40
SB		 97config CRYPTO_KPP2
98 tristate
99 select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102 tristate
103 select CRYPTO_ALGAPI
104 select CRYPTO_KPP2
105
2ebda74f
GC		 106config CRYPTO_ACOMP2
107 tristate
108 select CRYPTO_ALGAPI2
8cd579d2 109 select SGL_ALLOC
2ebda74f
GC		 110
111config CRYPTO_ACOMP
112 tristate
113 select CRYPTO_ALGAPI
114 select CRYPTO_ACOMP2
115
cfc2bb32
TS		 116config CRYPTO_RSA
117 tristate "RSA algorithm"
425e0172 118 select CRYPTO_AKCIPHER
58446fef 119 select CRYPTO_MANAGER
cfc2bb32
TS		 120 select MPILIB
121 select ASN1
122 help
123 Generic implementation of the RSA public key algorithm.
124
802c7f1c
SB		 125config CRYPTO_DH
126 tristate "Diffie-Hellman algorithm"
127 select CRYPTO_KPP
128 select MPILIB
129 help
130 Generic implementation of the Diffie-Hellman algorithm.
131
3c4b2390
SB		 132config CRYPTO_ECDH
133 tristate "ECDH algorithm"
b5b90077 134 select CRYPTO_KPP
6755fd26 135 select CRYPTO_RNG_DEFAULT
3c4b2390
SB		 136 help
137 Generic implementation of the ECDH algorithm
802c7f1c 138
2b8c19db
HX		 139config CRYPTO_MANAGER
140 tristate "Cryptographic algorithm manager"
6a0fcbb4 141 select CRYPTO_MANAGER2
2b8c19db
HX		 142 help
143 Create default cryptographic template instantiations such as
144 cbc(aes).
145
6a0fcbb4
HX		 146config CRYPTO_MANAGER2
147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148 select CRYPTO_AEAD2
149 select CRYPTO_HASH2
150 select CRYPTO_BLKCIPHER2
946cc463 151 select CRYPTO_AKCIPHER2
4e5f2c40 152 select CRYPTO_KPP2
2ebda74f 153 select CRYPTO_ACOMP2
6a0fcbb4 154
a38f7907
SK		 155config CRYPTO_USER
156 tristate "Userspace cryptographic algorithm configuration"
5db017aa 157 depends on NET
a38f7907
SK		 158 select CRYPTO_MANAGER
159 help
d19978f5 160 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 161 cbc(aes).
162
326a6346
HX		 163config CRYPTO_MANAGER_DISABLE_TESTS
164 bool "Disable run-time self tests"
00ca28a5
HX		 165 default y
166 depends on CRYPTO_MANAGER2
0b767f96 167 help
326a6346
HX		 168 Disable run-time self tests that normally take place at
169 algorithm registration.
0b767f96 170
584fffc8 171config CRYPTO_GF128MUL
08c70fc3 172 tristate "GF(2^128) multiplication functions"
333b0d7e 173 help
584fffc8
SS		 174 Efficient table driven implementation of multiplications in the
175 field GF(2^128). This is needed by some cypher modes. This
176 option will be selected automatically if you select such a
177 cipher mode. Only select this option by hand if you expect to load
178 an external module that requires these functions.
333b0d7e 179
1da177e4
LT		 180config CRYPTO_NULL
181 tristate "Null algorithms"
149a3971 182 select CRYPTO_NULL2
1da177e4
LT		 183 help
184 These are 'Null' algorithms, used by IPsec, which do nothing.
185
149a3971 186config CRYPTO_NULL2
dd43c4e9 187 tristate
149a3971
HX		 188 select CRYPTO_ALGAPI2
189 select CRYPTO_BLKCIPHER2
190 select CRYPTO_HASH2
191
5068c7a8 192config CRYPTO_PCRYPT
3b4afaf2
KC		 193 tristate "Parallel crypto engine"
194 depends on SMP
5068c7a8
SK		 195 select PADATA
196 select CRYPTO_MANAGER
197 select CRYPTO_AEAD
198 help
199 This converts an arbitrary crypto algorithm into a parallel
200 algorithm that executes in kernel threads.
201
25c38d3f
HY		 202config CRYPTO_WORKQUEUE
203 tristate
204
584fffc8
SS		 205config CRYPTO_CRYPTD
206 tristate "Software async crypto daemon"
207 select CRYPTO_BLKCIPHER
b8a28251 208 select CRYPTO_HASH
584fffc8 209 select CRYPTO_MANAGER
254eff77 210 select CRYPTO_WORKQUEUE
1da177e4 211 help
584fffc8
SS		 212 This is a generic software asynchronous crypto daemon that
213 converts an arbitrary synchronous software crypto algorithm
214 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 215
1e65b81a
TC		 216config CRYPTO_MCRYPTD
217 tristate "Software async multi-buffer crypto daemon"
218 select CRYPTO_BLKCIPHER
219 select CRYPTO_HASH
220 select CRYPTO_MANAGER
221 select CRYPTO_WORKQUEUE
222 help
223 This is a generic software asynchronous crypto daemon that
224 provides the kernel thread to assist multi-buffer crypto
225 algorithms for submitting jobs and flushing jobs in multi-buffer
226 crypto algorithms. Multi-buffer crypto algorithms are executed
227 in the context of this kernel thread and drivers can post
0e56673b 228 their crypto request asynchronously to be processed by this daemon.
1e65b81a 229
584fffc8
SS		 230config CRYPTO_AUTHENC
231 tristate "Authenc support"
232 select CRYPTO_AEAD
233 select CRYPTO_BLKCIPHER
234 select CRYPTO_MANAGER
235 select CRYPTO_HASH
e94c6a7a 236 select CRYPTO_NULL
1da177e4 237 help
584fffc8
SS		 238 Authenc: Combined mode wrapper for IPsec.
239 This is required for IPSec.
1da177e4 240
584fffc8
SS		 241config CRYPTO_TEST
242 tristate "Testing module"
243 depends on m
da7f033d 244 select CRYPTO_MANAGER
1da177e4 245 help
584fffc8 246 Quick & dirty crypto test module.
1da177e4 247
266d0516
HX		 248config CRYPTO_SIMD
249 tristate
ffaf9156
JK		 250 select CRYPTO_CRYPTD
251
596d8750
JK		 252config CRYPTO_GLUE_HELPER_X86
253 tristate
254 depends on X86
065ce327 255 select CRYPTO_BLKCIPHER
596d8750 256
735d37b5
BW		 257config CRYPTO_ENGINE
258 tristate
259
584fffc8 260comment "Authenticated Encryption with Associated Data"
cd12fb90 261
584fffc8
SS		 262config CRYPTO_CCM
263 tristate "CCM support"
264 select CRYPTO_CTR
f15f05b0 265 select CRYPTO_HASH
584fffc8 266 select CRYPTO_AEAD
1da177e4 267 help
584fffc8 268 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 269
584fffc8
SS		 270config CRYPTO_GCM
271 tristate "GCM/GMAC support"
272 select CRYPTO_CTR
273 select CRYPTO_AEAD
9382d97a 274 select CRYPTO_GHASH
9489667d 275 select CRYPTO_NULL
1da177e4 276 help
584fffc8
SS		 277 Support for Galois/Counter Mode (GCM) and Galois Message
278 Authentication Code (GMAC). Required for IPSec.
1da177e4 279
71ebc4d1
MW		 280config CRYPTO_CHACHA20POLY1305
281 tristate "ChaCha20-Poly1305 AEAD support"
282 select CRYPTO_CHACHA20
283 select CRYPTO_POLY1305
284 select CRYPTO_AEAD
285 help
286 ChaCha20-Poly1305 AEAD support, RFC7539.
287
288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
289 with the Poly1305 authenticator. It is defined in RFC7539 for use in
290 IETF protocols.
291
f606a88e
OM		 292config CRYPTO_AEGIS128
293 tristate "AEGIS-128 AEAD algorithm"
294 select CRYPTO_AEAD
295 select CRYPTO_AES # for AES S-box tables
296 help
297 Support for the AEGIS-128 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128L
300 tristate "AEGIS-128L AEAD algorithm"
301 select CRYPTO_AEAD
302 select CRYPTO_AES # for AES S-box tables
303 help
304 Support for the AEGIS-128L dedicated AEAD algorithm.
305
306config CRYPTO_AEGIS256
307 tristate "AEGIS-256 AEAD algorithm"
308 select CRYPTO_AEAD
309 select CRYPTO_AES # for AES S-box tables
310 help
311 Support for the AEGIS-256 dedicated AEAD algorithm.
312
1d373d4e
OM		 313config CRYPTO_AEGIS128_AESNI_SSE2
314 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
315 depends on X86 && 64BIT
316 select CRYPTO_AEAD
317 select CRYPTO_CRYPTD
318 help
319 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
320
321config CRYPTO_AEGIS128L_AESNI_SSE2
322 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
323 depends on X86 && 64BIT
324 select CRYPTO_AEAD
325 select CRYPTO_CRYPTD
326 help
327 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
328
329config CRYPTO_AEGIS256_AESNI_SSE2
330 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
331 depends on X86 && 64BIT
332 select CRYPTO_AEAD
333 select CRYPTO_CRYPTD
334 help
335 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
336
396be41f
OM		 337config CRYPTO_MORUS640
338 tristate "MORUS-640 AEAD algorithm"
339 select CRYPTO_AEAD
340 help
341 Support for the MORUS-640 dedicated AEAD algorithm.
342
56e8e57f 343config CRYPTO_MORUS640_GLUE
2808f173
OM		 344 tristate
345 depends on X86
56e8e57f
OM		 346 select CRYPTO_AEAD
347 select CRYPTO_CRYPTD
348 help
349 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
350 algorithm.
351
6ecc9d9f
OM		 352config CRYPTO_MORUS640_SSE2
353 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
354 depends on X86 && 64BIT
355 select CRYPTO_AEAD
356 select CRYPTO_MORUS640_GLUE
357 help
358 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
359
396be41f
OM		 360config CRYPTO_MORUS1280
361 tristate "MORUS-1280 AEAD algorithm"
362 select CRYPTO_AEAD
363 help
364 Support for the MORUS-1280 dedicated AEAD algorithm.
365
56e8e57f 366config CRYPTO_MORUS1280_GLUE
2808f173
OM		 367 tristate
368 depends on X86
56e8e57f
OM		 369 select CRYPTO_AEAD
370 select CRYPTO_CRYPTD
371 help
372 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
6ecc9d9f
OM		 373 algorithm.
374
375config CRYPTO_MORUS1280_SSE2
376 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
377 depends on X86 && 64BIT
378 select CRYPTO_AEAD
379 select CRYPTO_MORUS1280_GLUE
380 help
381 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
382 algorithm.
383
384config CRYPTO_MORUS1280_AVX2
385 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
386 depends on X86 && 64BIT
387 select CRYPTO_AEAD
388 select CRYPTO_MORUS1280_GLUE
389 help
390 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
56e8e57f
OM		 391 algorithm.
392
584fffc8
SS		 393config CRYPTO_SEQIV
394 tristate "Sequence Number IV Generator"
395 select CRYPTO_AEAD
396 select CRYPTO_BLKCIPHER
856e3f40 397 select CRYPTO_NULL
401e4238 398 select CRYPTO_RNG_DEFAULT
1da177e4 399 help
584fffc8
SS		 400 This IV generator generates an IV based on a sequence number by
401 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 402
a10f554f
HX		 403config CRYPTO_ECHAINIV
404 tristate "Encrypted Chain IV Generator"
405 select CRYPTO_AEAD
406 select CRYPTO_NULL
401e4238 407 select CRYPTO_RNG_DEFAULT
3491244c 408 default m
a10f554f
HX		 409 help
410 This IV generator generates an IV based on the encryption of
411 a sequence number xored with a salt. This is the default
412 algorithm for CBC.
413
584fffc8 414comment "Block modes"
c494e070 415
584fffc8
SS		 416config CRYPTO_CBC
417 tristate "CBC support"
db131ef9 418 select CRYPTO_BLKCIPHER
43518407 419 select CRYPTO_MANAGER
db131ef9 420 help
584fffc8
SS		 421 CBC: Cipher Block Chaining mode
422 This block cipher algorithm is required for IPSec.
db131ef9 423
a7d85e06
JB		 424config CRYPTO_CFB
425 tristate "CFB support"
426 select CRYPTO_BLKCIPHER
427 select CRYPTO_MANAGER
428 help
429 CFB: Cipher FeedBack mode
430 This block cipher algorithm is required for TPM2 Cryptography.
431
584fffc8
SS		 432config CRYPTO_CTR
433 tristate "CTR support"
db131ef9 434 select CRYPTO_BLKCIPHER
584fffc8 435 select CRYPTO_SEQIV
43518407 436 select CRYPTO_MANAGER
db131ef9 437 help
584fffc8 438 CTR: Counter mode
db131ef9
HX		 439 This block cipher algorithm is required for IPSec.
440
584fffc8
SS		 441config CRYPTO_CTS
442 tristate "CTS support"
443 select CRYPTO_BLKCIPHER
444 help
445 CTS: Cipher Text Stealing
446 This is the Cipher Text Stealing mode as described by
447 Section 8 of rfc2040 and referenced by rfc3962.
448 (rfc3962 includes errata information in its Appendix A)
449 This mode is required for Kerberos gss mechanism support
450 for AES encryption.
451
452config CRYPTO_ECB
453 tristate "ECB support"
91652be5
DH		 454 select CRYPTO_BLKCIPHER
455 select CRYPTO_MANAGER
91652be5 456 help
584fffc8
SS		 457 ECB: Electronic CodeBook mode
458 This is the simplest block cipher algorithm. It simply encrypts
459 the input block by block.
91652be5 460
64470f1b 461config CRYPTO_LRW
2470a2b2 462 tristate "LRW support"
64470f1b
RS		 463 select CRYPTO_BLKCIPHER
464 select CRYPTO_MANAGER
465 select CRYPTO_GF128MUL
466 help
467 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
468 narrow block cipher mode for dm-crypt. Use it with cipher
469 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
470 The first 128, 192 or 256 bits in the key are used for AES and the
471 rest is used to tie each cipher block to its logical position.
472
584fffc8
SS		 473config CRYPTO_PCBC
474 tristate "PCBC support"
475 select CRYPTO_BLKCIPHER
476 select CRYPTO_MANAGER
477 help
478 PCBC: Propagating Cipher Block Chaining mode
479 This block cipher algorithm is required for RxRPC.
480
f19f5111 481config CRYPTO_XTS
5bcf8e6d 482 tristate "XTS support"
f19f5111
RS		 483 select CRYPTO_BLKCIPHER
484 select CRYPTO_MANAGER
12cb3a1c 485 select CRYPTO_ECB
f19f5111
RS		 486 help
487 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
488 key size 256, 384 or 512 bits. This implementation currently
489 can't handle a sectorsize which is not a multiple of 16 bytes.
490
1c49678e
SM		 491config CRYPTO_KEYWRAP
492 tristate "Key wrapping support"
493 select CRYPTO_BLKCIPHER
494 help
495 Support for key wrapping (NIST SP800-38F / RFC3394) without
496 padding.
497
584fffc8
SS		 498comment "Hash modes"
499
93b5e86a
JK		 500config CRYPTO_CMAC
501 tristate "CMAC support"
502 select CRYPTO_HASH
503 select CRYPTO_MANAGER
504 help
505 Cipher-based Message Authentication Code (CMAC) specified by
506 The National Institute of Standards and Technology (NIST).
507
508 https://tools.ietf.org/html/rfc4493
509 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
510
584fffc8
SS		 511config CRYPTO_HMAC
512 tristate "HMAC support"
513 select CRYPTO_HASH
23e353c8 514 select CRYPTO_MANAGER
23e353c8 515 help
584fffc8
SS		 516 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
517 This is required for IPSec.
23e353c8 518
584fffc8
SS		 519config CRYPTO_XCBC
520 tristate "XCBC support"
584fffc8
SS		 521 select CRYPTO_HASH
522 select CRYPTO_MANAGER
76cb9521 523 help
584fffc8
SS		 524 XCBC: Keyed-Hashing with encryption algorithm
525 http://www.ietf.org/rfc/rfc3566.txt
526 http://csrc.nist.gov/encryption/modes/proposedmodes/
527 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 528
f1939f7c
SW		 529config CRYPTO_VMAC
530 tristate "VMAC support"
f1939f7c
SW		 531 select CRYPTO_HASH
532 select CRYPTO_MANAGER
533 help
534 VMAC is a message authentication algorithm designed for
535 very high speed on 64-bit architectures.
536
537 See also:
538 <http://fastcrypto.org/vmac>
539
584fffc8 540comment "Digest"
28db8e3e 541
584fffc8
SS		 542config CRYPTO_CRC32C
543 tristate "CRC32c CRC algorithm"
5773a3e6 544 select CRYPTO_HASH
6a0962b2 545 select CRC32
4a49b499 546 help
584fffc8
SS		 547 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
548 by iSCSI for header and data digests and by others.
69c35efc 549 See Castagnoli93. Module will be crc32c.
4a49b499 550
8cb51ba8
AZ		 551config CRYPTO_CRC32C_INTEL
552 tristate "CRC32c INTEL hardware acceleration"
553 depends on X86
554 select CRYPTO_HASH
555 help
556 In Intel processor with SSE4.2 supported, the processor will
557 support CRC32C implementation using hardware accelerated CRC32
558 instruction. This option will create 'crc32c-intel' module,
559 which will enable any routine to use the CRC32 instruction to
560 gain performance compared with software implementation.
561 Module will be crc32c-intel.
562
7cf31864 563config CRYPTO_CRC32C_VPMSUM
6dd7a82c 564 tristate "CRC32c CRC algorithm (powerpc64)"
c12abf34 565 depends on PPC64 && ALTIVEC
6dd7a82c
AB		 566 select CRYPTO_HASH
567 select CRC32
568 help
569 CRC32c algorithm implemented using vector polynomial multiply-sum
570 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
571 and newer processors for improved performance.
572
573
442a7c40
DM		 574config CRYPTO_CRC32C_SPARC64
575 tristate "CRC32c CRC algorithm (SPARC64)"
576 depends on SPARC64
577 select CRYPTO_HASH
578 select CRC32
579 help
580 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
581 when available.
582
78c37d19
AB		 583config CRYPTO_CRC32
584 tristate "CRC32 CRC algorithm"
585 select CRYPTO_HASH
586 select CRC32
587 help
588 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
589 Shash crypto api wrappers to crc32_le function.
590
591config CRYPTO_CRC32_PCLMUL
592 tristate "CRC32 PCLMULQDQ hardware acceleration"
593 depends on X86
594 select CRYPTO_HASH
595 select CRC32
596 help
597 From Intel Westmere and AMD Bulldozer processor with SSE4.2
598 and PCLMULQDQ supported, the processor will support
599 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
600 instruction. This option will create 'crc32-plcmul' module,
601 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
602 and gain better performance as compared with the table implementation.
603
4a5dc51e
MN		 604config CRYPTO_CRC32_MIPS
605 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
606 depends on MIPS_CRC_SUPPORT
607 select CRYPTO_HASH
608 help
609 CRC32c and CRC32 CRC algorithms implemented using mips crypto
610 instructions, when available.
611
612
68411521
HX		 613config CRYPTO_CRCT10DIF
614 tristate "CRCT10DIF algorithm"
615 select CRYPTO_HASH
616 help
617 CRC T10 Data Integrity Field computation is being cast as
618 a crypto transform. This allows for faster crc t10 diff
619 transforms to be used if they are available.
620
621config CRYPTO_CRCT10DIF_PCLMUL
622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
623 depends on X86 && 64BIT && CRC_T10DIF
624 select CRYPTO_HASH
625 help
626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
627 CRC T10 DIF PCLMULQDQ computation can be hardware
628 accelerated PCLMULQDQ instruction. This option will create
629 'crct10dif-plcmul' module, which is faster when computing the
630 crct10dif checksum as compared with the generic table implementation.
631
b01df1c1
DA		 632config CRYPTO_CRCT10DIF_VPMSUM
633 tristate "CRC32T10DIF powerpc64 hardware acceleration"
634 depends on PPC64 && ALTIVEC && CRC_T10DIF
635 select CRYPTO_HASH
636 help
637 CRC10T10DIF algorithm implemented using vector polynomial
638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
639 POWER8 and newer processors for improved performance.
640
146c8688
DA		 641config CRYPTO_VPMSUM_TESTER
642 tristate "Powerpc64 vpmsum hardware acceleration tester"
643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
644 help
645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
646 POWER8 vpmsum instructions.
647 Unless you are testing these algorithms, you don't need this.
648
2cdc6899
HY		 649config CRYPTO_GHASH
650 tristate "GHASH digest algorithm"
2cdc6899 651 select CRYPTO_GF128MUL
578c60fb 652 select CRYPTO_HASH
2cdc6899
HY		 653 help
654 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
655
f979e014
MW		 656config CRYPTO_POLY1305
657 tristate "Poly1305 authenticator algorithm"
578c60fb 658 select CRYPTO_HASH
f979e014
MW		 659 help
660 Poly1305 authenticator algorithm, RFC7539.
661
662 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
663 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
664 in IETF protocols. This is the portable C implementation of Poly1305.
665
c70f4abe 666config CRYPTO_POLY1305_X86_64
b1ccc8f4 667 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 668 depends on X86 && 64BIT
669 select CRYPTO_POLY1305
670 help
671 Poly1305 authenticator algorithm, RFC7539.
672
673 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
674 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
675 in IETF protocols. This is the x86_64 assembler implementation using SIMD
676 instructions.
677
584fffc8
SS		 678config CRYPTO_MD4
679 tristate "MD4 digest algorithm"
808a1763 680 select CRYPTO_HASH
124b53d0 681 help
584fffc8 682 MD4 message digest algorithm (RFC1320).
124b53d0 683
584fffc8
SS		 684config CRYPTO_MD5
685 tristate "MD5 digest algorithm"
14b75ba7 686 select CRYPTO_HASH
1da177e4 687 help
584fffc8 688 MD5 message digest algorithm (RFC1321).
1da177e4 689
d69e75de
AK		 690config CRYPTO_MD5_OCTEON
691 tristate "MD5 digest algorithm (OCTEON)"
692 depends on CPU_CAVIUM_OCTEON
693 select CRYPTO_MD5
694 select CRYPTO_HASH
695 help
696 MD5 message digest algorithm (RFC1321) implemented
697 using OCTEON crypto instructions, when available.
698
e8e59953
MS		 699config CRYPTO_MD5_PPC
700 tristate "MD5 digest algorithm (PPC)"
701 depends on PPC
702 select CRYPTO_HASH
703 help
704 MD5 message digest algorithm (RFC1321) implemented
705 in PPC assembler.
706
fa4dfedc
DM		 707config CRYPTO_MD5_SPARC64
708 tristate "MD5 digest algorithm (SPARC64)"
709 depends on SPARC64
710 select CRYPTO_MD5
711 select CRYPTO_HASH
712 help
713 MD5 message digest algorithm (RFC1321) implemented
714 using sparc64 crypto instructions, when available.
715
584fffc8
SS		 716config CRYPTO_MICHAEL_MIC
717 tristate "Michael MIC keyed digest algorithm"
19e2bf14 718 select CRYPTO_HASH
90831639 719 help
584fffc8
SS		 720 Michael MIC is used for message integrity protection in TKIP
721 (IEEE 802.11i). This algorithm is required for TKIP, but it
722 should not be used for other purposes because of the weakness
723 of the algorithm.
90831639 724
82798f90 725config CRYPTO_RMD128
b6d44341 726 tristate "RIPEMD-128 digest algorithm"
7c4468bc 727 select CRYPTO_HASH
b6d44341
AB		 728 help
729 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 730
b6d44341 731 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 732 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 733 RIPEMD-160 should be used.
82798f90 734
b6d44341 735 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 736 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 737
738config CRYPTO_RMD160
b6d44341 739 tristate "RIPEMD-160 digest algorithm"
e5835fba 740 select CRYPTO_HASH
b6d44341
AB		 741 help
742 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 743
b6d44341
AB		 744 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
745 to be used as a secure replacement for the 128-bit hash functions
746 MD4, MD5 and it's predecessor RIPEMD
747 (not to be confused with RIPEMD-128).
82798f90 748
b6d44341
AB		 749 It's speed is comparable to SHA1 and there are no known attacks
750 against RIPEMD-160.
534fe2c1 751
b6d44341 752 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 753 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 754
755config CRYPTO_RMD256
b6d44341 756 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 757 select CRYPTO_HASH
b6d44341
AB		 758 help
759 RIPEMD-256 is an optional extension of RIPEMD-128 with a
760 256 bit hash. It is intended for applications that require
761 longer hash-results, without needing a larger security level
762 (than RIPEMD-128).
534fe2c1 763
b6d44341 764 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 765 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 766
767config CRYPTO_RMD320
b6d44341 768 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 769 select CRYPTO_HASH
b6d44341
AB		 770 help
771 RIPEMD-320 is an optional extension of RIPEMD-160 with a
772 320 bit hash. It is intended for applications that require
773 longer hash-results, without needing a larger security level
774 (than RIPEMD-160).
534fe2c1 775
b6d44341 776 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 777 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 778
584fffc8
SS		 779config CRYPTO_SHA1
780 tristate "SHA1 digest algorithm"
54ccb367 781 select CRYPTO_HASH
1da177e4 782 help
584fffc8 783 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 784
66be8951 785config CRYPTO_SHA1_SSSE3
e38b6b7f 786 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 787 depends on X86 && 64BIT
788 select CRYPTO_SHA1
789 select CRYPTO_HASH
790 help
791 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
792 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 793 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
794 when available.
66be8951 795
8275d1aa 796config CRYPTO_SHA256_SSSE3
e38b6b7f 797 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 798 depends on X86 && 64BIT
799 select CRYPTO_SHA256
800 select CRYPTO_HASH
801 help
802 SHA-256 secure hash standard (DFIPS 180-2) implemented
803 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
804 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 805 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
806 Instructions) when available.
87de4579
TC		 807
808config CRYPTO_SHA512_SSSE3
809 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
810 depends on X86 && 64BIT
811 select CRYPTO_SHA512
812 select CRYPTO_HASH
813 help
814 SHA-512 secure hash standard (DFIPS 180-2) implemented
815 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
816 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 817 version 2 (AVX2) instructions, when available.
818
efdb6f6e
AK		 819config CRYPTO_SHA1_OCTEON
820 tristate "SHA1 digest algorithm (OCTEON)"
821 depends on CPU_CAVIUM_OCTEON
822 select CRYPTO_SHA1
823 select CRYPTO_HASH
824 help
825 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
826 using OCTEON crypto instructions, when available.
827
4ff28d4c
DM		 828config CRYPTO_SHA1_SPARC64
829 tristate "SHA1 digest algorithm (SPARC64)"
830 depends on SPARC64
831 select CRYPTO_SHA1
832 select CRYPTO_HASH
833 help
834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
835 using sparc64 crypto instructions, when available.
836
323a6bf1
ME		 837config CRYPTO_SHA1_PPC
838 tristate "SHA1 digest algorithm (powerpc)"
839 depends on PPC
840 help
841 This is the powerpc hardware accelerated implementation of the
842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
843
d9850fc5
MS		 844config CRYPTO_SHA1_PPC_SPE
845 tristate "SHA1 digest algorithm (PPC SPE)"
846 depends on PPC && SPE
847 help
848 SHA-1 secure hash standard (DFIPS 180-4) implemented
849 using powerpc SPE SIMD instruction set.
850
1e65b81a
TC		 851config CRYPTO_SHA1_MB
852 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
853 depends on X86 && 64BIT
854 select CRYPTO_SHA1
855 select CRYPTO_HASH
856 select CRYPTO_MCRYPTD
857 help
858 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
859 using multi-buffer technique. This algorithm computes on
860 multiple data lanes concurrently with SIMD instructions for
861 better throughput. It should not be enabled by default but
862 used when there is significant amount of work to keep the keep
863 the data lanes filled to get performance benefit. If the data
864 lanes remain unfilled, a flush operation will be initiated to
865 process the crypto jobs, adding a slight latency.
866
9be7e244
MD		 867config CRYPTO_SHA256_MB
868 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
869 depends on X86 && 64BIT
870 select CRYPTO_SHA256
871 select CRYPTO_HASH
872 select CRYPTO_MCRYPTD
873 help
874 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
875 using multi-buffer technique. This algorithm computes on
876 multiple data lanes concurrently with SIMD instructions for
877 better throughput. It should not be enabled by default but
878 used when there is significant amount of work to keep the keep
879 the data lanes filled to get performance benefit. If the data
880 lanes remain unfilled, a flush operation will be initiated to
881 process the crypto jobs, adding a slight latency.
882
026bb8aa
MD		 883config CRYPTO_SHA512_MB
884 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
885 depends on X86 && 64BIT
886 select CRYPTO_SHA512
887 select CRYPTO_HASH
888 select CRYPTO_MCRYPTD
889 help
890 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
891 using multi-buffer technique. This algorithm computes on
892 multiple data lanes concurrently with SIMD instructions for
893 better throughput. It should not be enabled by default but
894 used when there is significant amount of work to keep the keep
895 the data lanes filled to get performance benefit. If the data
896 lanes remain unfilled, a flush operation will be initiated to
897 process the crypto jobs, adding a slight latency.
898
584fffc8
SS		 899config CRYPTO_SHA256
900 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 901 select CRYPTO_HASH
1da177e4 902 help
584fffc8 903 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 904
584fffc8
SS		 905 This version of SHA implements a 256 bit hash with 128 bits of
906 security against collision attacks.
2729bb42 907
b6d44341
AB		 908 This code also includes SHA-224, a 224 bit hash with 112 bits
909 of security against collision attacks.
584fffc8 910
2ecc1e95
MS		 911config CRYPTO_SHA256_PPC_SPE
912 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
913 depends on PPC && SPE
914 select CRYPTO_SHA256
915 select CRYPTO_HASH
916 help
917 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
918 implemented using powerpc SPE SIMD instruction set.
919
efdb6f6e
AK		 920config CRYPTO_SHA256_OCTEON
921 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
922 depends on CPU_CAVIUM_OCTEON
923 select CRYPTO_SHA256
924 select CRYPTO_HASH
925 help
926 SHA-256 secure hash standard (DFIPS 180-2) implemented
927 using OCTEON crypto instructions, when available.
928
86c93b24
DM		 929config CRYPTO_SHA256_SPARC64
930 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
931 depends on SPARC64
932 select CRYPTO_SHA256
933 select CRYPTO_HASH
934 help
935 SHA-256 secure hash standard (DFIPS 180-2) implemented
936 using sparc64 crypto instructions, when available.
937
584fffc8
SS		 938config CRYPTO_SHA512
939 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 940 select CRYPTO_HASH
b9f535ff 941 help
584fffc8 942 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 943
584fffc8
SS		 944 This version of SHA implements a 512 bit hash with 256 bits of
945 security against collision attacks.
b9f535ff 946
584fffc8
SS		 947 This code also includes SHA-384, a 384 bit hash with 192 bits
948 of security against collision attacks.
b9f535ff 949
efdb6f6e
AK		 950config CRYPTO_SHA512_OCTEON
951 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
952 depends on CPU_CAVIUM_OCTEON
953 select CRYPTO_SHA512
954 select CRYPTO_HASH
955 help
956 SHA-512 secure hash standard (DFIPS 180-2) implemented
957 using OCTEON crypto instructions, when available.
958
775e0c69
DM		 959config CRYPTO_SHA512_SPARC64
960 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
961 depends on SPARC64
962 select CRYPTO_SHA512
963 select CRYPTO_HASH
964 help
965 SHA-512 secure hash standard (DFIPS 180-2) implemented
966 using sparc64 crypto instructions, when available.
967
53964b9e
JG		 968config CRYPTO_SHA3
969 tristate "SHA3 digest algorithm"
970 select CRYPTO_HASH
971 help
972 SHA-3 secure hash standard (DFIPS 202). It's based on
973 cryptographic sponge function family called Keccak.
974
975 References:
976 http://keccak.noekeon.org/
977
4f0fc160
GBY		 978config CRYPTO_SM3
979 tristate "SM3 digest algorithm"
980 select CRYPTO_HASH
981 help
982 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
983 It is part of the Chinese Commercial Cryptography suite.
984
985 References:
986 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
987 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
988
584fffc8
SS		 989config CRYPTO_TGR192
990 tristate "Tiger digest algorithms"
f63fbd3d 991 select CRYPTO_HASH
eaf44088 992 help
584fffc8 993 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 994
584fffc8
SS		 995 Tiger is a hash function optimized for 64-bit processors while
996 still having decent performance on 32-bit processors.
997 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 998
999 See also:
584fffc8 1000 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 1001
584fffc8
SS		 1002config CRYPTO_WP512
1003 tristate "Whirlpool digest algorithms"
4946510b 1004 select CRYPTO_HASH
1da177e4 1005 help
584fffc8 1006 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 1007
584fffc8
SS		 1008 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1009 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 1010
1011 See also:
6d8de74c 1012 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 1013
0e1227d3
HY		 1014config CRYPTO_GHASH_CLMUL_NI_INTEL
1015 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 1016 depends on X86 && 64BIT
0e1227d3
HY		 1017 select CRYPTO_CRYPTD
1018 help
1019 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1020 The implementation is accelerated by CLMUL-NI of Intel.
1021
584fffc8 1022comment "Ciphers"
1da177e4
LT		 1023
1024config CRYPTO_AES
1025 tristate "AES cipher algorithms"
cce9e06d 1026 select CRYPTO_ALGAPI
1da177e4 1027 help
584fffc8 1028 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1029 algorithm.
1030
1031 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1032 both hardware and software across a wide range of computing
1033 environments regardless of its use in feedback or non-feedback
1034 modes. Its key setup time is excellent, and its key agility is
1035 good. Rijndael's very low memory requirements make it very well
1036 suited for restricted-space environments, in which it also
1037 demonstrates excellent performance. Rijndael's operations are
1038 among the easiest to defend against power and timing attacks.
1da177e4 1039
584fffc8 1040 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1041
1042 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1043
b5e0b032
AB		 1044config CRYPTO_AES_TI
1045 tristate "Fixed time AES cipher"
1046 select CRYPTO_ALGAPI
1047 help
1048 This is a generic implementation of AES that attempts to eliminate
1049 data dependent latencies as much as possible without affecting
1050 performance too much. It is intended for use by the generic CCM
1051 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1052 solely on encryption (although decryption is supported as well, but
1053 with a more dramatic performance hit)
1054
1055 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1056 8 for decryption), this implementation only uses just two S-boxes of
1057 256 bytes each, and attempts to eliminate data dependent latencies by
1058 prefetching the entire table into the cache at the start of each
1059 block.
1060
1da177e4
LT		 1061config CRYPTO_AES_586
1062 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 1063 depends on (X86 || UML_X86) && !64BIT
1064 select CRYPTO_ALGAPI
5157dea8 1065 select CRYPTO_AES
1da177e4 1066 help
584fffc8 1067 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1068 algorithm.
1069
1070 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1071 both hardware and software across a wide range of computing
1072 environments regardless of its use in feedback or non-feedback
1073 modes. Its key setup time is excellent, and its key agility is
1074 good. Rijndael's very low memory requirements make it very well
1075 suited for restricted-space environments, in which it also
1076 demonstrates excellent performance. Rijndael's operations are
1077 among the easiest to defend against power and timing attacks.
1da177e4 1078
584fffc8 1079 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 1080
1081 See <http://csrc.nist.gov/encryption/aes/> for more information.
1082
1083config CRYPTO_AES_X86_64
1084 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 1085 depends on (X86 || UML_X86) && 64BIT
1086 select CRYPTO_ALGAPI
81190b32 1087 select CRYPTO_AES
a2a892a2 1088 help
584fffc8 1089 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 1090 algorithm.
1091
1092 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1093 both hardware and software across a wide range of computing
1094 environments regardless of its use in feedback or non-feedback
1095 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 1096 good. Rijndael's very low memory requirements make it very well
1097 suited for restricted-space environments, in which it also
1098 demonstrates excellent performance. Rijndael's operations are
1099 among the easiest to defend against power and timing attacks.
1100
1101 The AES specifies three key sizes: 128, 192 and 256 bits
1102
1103 See <http://csrc.nist.gov/encryption/aes/> for more information.
1104
1105config CRYPTO_AES_NI_INTEL
1106 tristate "AES cipher algorithms (AES-NI)"
8af00860 1107 depends on X86
85671860 1108 select CRYPTO_AEAD
0d258efb
MK		 1109 select CRYPTO_AES_X86_64 if 64BIT
1110 select CRYPTO_AES_586 if !64BIT
54b6a1bd 1111 select CRYPTO_ALGAPI
85671860 1112 select CRYPTO_BLKCIPHER
7643a11a 1113 select CRYPTO_GLUE_HELPER_X86 if 64BIT
85671860 1114 select CRYPTO_SIMD
54b6a1bd
HY		 1115 help
1116 Use Intel AES-NI instructions for AES algorithm.
1117
1118 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1119 algorithm.
1120
1121 Rijndael appears to be consistently a very good performer in
1122 both hardware and software across a wide range of computing
1123 environments regardless of its use in feedback or non-feedback
1124 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 1125 good. Rijndael's very low memory requirements make it very well
1126 suited for restricted-space environments, in which it also
1127 demonstrates excellent performance. Rijndael's operations are
1128 among the easiest to defend against power and timing attacks.
a2a892a2 1129
584fffc8 1130 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1131
1132 See <http://csrc.nist.gov/encryption/aes/> for more information.
1133
0d258efb
MK		 1134 In addition to AES cipher algorithm support, the acceleration
1135 for some popular block cipher mode is supported too, including
1136 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1137 acceleration for CTR.
2cf4ac8b 1138
9bf4852d
DM		 1139config CRYPTO_AES_SPARC64
1140 tristate "AES cipher algorithms (SPARC64)"
1141 depends on SPARC64
1142 select CRYPTO_CRYPTD
1143 select CRYPTO_ALGAPI
1144 help
1145 Use SPARC64 crypto opcodes for AES algorithm.
1146
1147 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1148 algorithm.
1149
1150 Rijndael appears to be consistently a very good performer in
1151 both hardware and software across a wide range of computing
1152 environments regardless of its use in feedback or non-feedback
1153 modes. Its key setup time is excellent, and its key agility is
1154 good. Rijndael's very low memory requirements make it very well
1155 suited for restricted-space environments, in which it also
1156 demonstrates excellent performance. Rijndael's operations are
1157 among the easiest to defend against power and timing attacks.
1158
1159 The AES specifies three key sizes: 128, 192 and 256 bits
1160
1161 See <http://csrc.nist.gov/encryption/aes/> for more information.
1162
1163 In addition to AES cipher algorithm support, the acceleration
1164 for some popular block cipher mode is supported too, including
1165 ECB and CBC.
1166
504c6143
MS		 1167config CRYPTO_AES_PPC_SPE
1168 tristate "AES cipher algorithms (PPC SPE)"
1169 depends on PPC && SPE
1170 help
1171 AES cipher algorithms (FIPS-197). Additionally the acceleration
1172 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1173 This module should only be used for low power (router) devices
1174 without hardware AES acceleration (e.g. caam crypto). It reduces the
1175 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1176 timining attacks. Nevertheless it might be not as secure as other
1177 architecture specific assembler implementations that work on 1KB
1178 tables or 256 bytes S-boxes.
1179
584fffc8
SS		 1180config CRYPTO_ANUBIS
1181 tristate "Anubis cipher algorithm"
1182 select CRYPTO_ALGAPI
1183 help
1184 Anubis cipher algorithm.
1185
1186 Anubis is a variable key length cipher which can use keys from
1187 128 bits to 320 bits in length. It was evaluated as a entrant
1188 in the NESSIE competition.
1189
1190 See also:
6d8de74c
JM		 1191 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1192 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 1193
1194config CRYPTO_ARC4
1195 tristate "ARC4 cipher algorithm"
b9b0f080 1196 select CRYPTO_BLKCIPHER
584fffc8
SS		 1197 help
1198 ARC4 cipher algorithm.
1199
1200 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1201 bits in length. This algorithm is required for driver-based
1202 WEP, but it should not be for other purposes because of the
1203 weakness of the algorithm.
1204
1205config CRYPTO_BLOWFISH
1206 tristate "Blowfish cipher algorithm"
1207 select CRYPTO_ALGAPI
52ba867c 1208 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 1209 help
1210 Blowfish cipher algorithm, by Bruce Schneier.
1211
1212 This is a variable key length cipher which can use keys from 32
1213 bits to 448 bits in length. It's fast, simple and specifically
1214 designed for use on "large microprocessors".
1215
1216 See also:
1217 <http://www.schneier.com/blowfish.html>
1218
52ba867c
JK		 1219config CRYPTO_BLOWFISH_COMMON
1220 tristate
1221 help
1222 Common parts of the Blowfish cipher algorithm shared by the
1223 generic c and the assembler implementations.
1224
1225 See also:
1226 <http://www.schneier.com/blowfish.html>
1227
64b94cea
JK		 1228config CRYPTO_BLOWFISH_X86_64
1229 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 1230 depends on X86 && 64BIT
c1679171 1231 select CRYPTO_BLKCIPHER
64b94cea
JK		 1232 select CRYPTO_BLOWFISH_COMMON
1233 help
1234 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1235
1236 This is a variable key length cipher which can use keys from 32
1237 bits to 448 bits in length. It's fast, simple and specifically
1238 designed for use on "large microprocessors".
1239
1240 See also:
1241 <http://www.schneier.com/blowfish.html>
1242
584fffc8
SS		 1243config CRYPTO_CAMELLIA
1244 tristate "Camellia cipher algorithms"
1245 depends on CRYPTO
1246 select CRYPTO_ALGAPI
1247 help
1248 Camellia cipher algorithms module.
1249
1250 Camellia is a symmetric key block cipher developed jointly
1251 at NTT and Mitsubishi Electric Corporation.
1252
1253 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1254
1255 See also:
1256 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1257
0b95ec56
JK		 1258config CRYPTO_CAMELLIA_X86_64
1259 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1260 depends on X86 && 64BIT
0b95ec56 1261 depends on CRYPTO
1af6d037 1262 select CRYPTO_BLKCIPHER
964263af 1263 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1264 help
1265 Camellia cipher algorithm module (x86_64).
1266
1267 Camellia is a symmetric key block cipher developed jointly
1268 at NTT and Mitsubishi Electric Corporation.
1269
1270 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1271
1272 See also:
d9b1d2e7
JK		 1273 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1274
1275config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1276 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1277 depends on X86 && 64BIT
1278 depends on CRYPTO
44893bc2 1279 select CRYPTO_BLKCIPHER
d9b1d2e7 1280 select CRYPTO_CAMELLIA_X86_64
44893bc2
EB		 1281 select CRYPTO_GLUE_HELPER_X86
1282 select CRYPTO_SIMD
d9b1d2e7
JK		 1283 select CRYPTO_XTS
1284 help
1285 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1286
1287 Camellia is a symmetric key block cipher developed jointly
1288 at NTT and Mitsubishi Electric Corporation.
1289
1290 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1291
1292 See also:
0b95ec56
JK		 1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1294
f3f935a7
JK		 1295config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1296 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1297 depends on X86 && 64BIT
1298 depends on CRYPTO
f3f935a7 1299 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
f3f935a7
JK		 1300 help
1301 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1302
1303 Camellia is a symmetric key block cipher developed jointly
1304 at NTT and Mitsubishi Electric Corporation.
1305
1306 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1307
1308 See also:
1309 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1310
81658ad0
DM		 1311config CRYPTO_CAMELLIA_SPARC64
1312 tristate "Camellia cipher algorithm (SPARC64)"
1313 depends on SPARC64
1314 depends on CRYPTO
1315 select CRYPTO_ALGAPI
1316 help
1317 Camellia cipher algorithm module (SPARC64).
1318
1319 Camellia is a symmetric key block cipher developed jointly
1320 at NTT and Mitsubishi Electric Corporation.
1321
1322 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1323
1324 See also:
1325 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1326
044ab525
JK		 1327config CRYPTO_CAST_COMMON
1328 tristate
1329 help
1330 Common parts of the CAST cipher algorithms shared by the
1331 generic c and the assembler implementations.
1332
1da177e4
LT		 1333config CRYPTO_CAST5
1334 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1335 select CRYPTO_ALGAPI
044ab525 1336 select CRYPTO_CAST_COMMON
1da177e4
LT		 1337 help
1338 The CAST5 encryption algorithm (synonymous with CAST-128) is
1339 described in RFC2144.
1340
4d6d6a2c
JG		 1341config CRYPTO_CAST5_AVX_X86_64
1342 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1343 depends on X86 && 64BIT
1e63183a 1344 select CRYPTO_BLKCIPHER
4d6d6a2c 1345 select CRYPTO_CAST5
1e63183a
EB		 1346 select CRYPTO_CAST_COMMON
1347 select CRYPTO_SIMD
4d6d6a2c
JG		 1348 help
1349 The CAST5 encryption algorithm (synonymous with CAST-128) is
1350 described in RFC2144.
1351
1352 This module provides the Cast5 cipher algorithm that processes
1353 sixteen blocks parallel using the AVX instruction set.
1354
1da177e4
LT		 1355config CRYPTO_CAST6
1356 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1357 select CRYPTO_ALGAPI
044ab525 1358 select CRYPTO_CAST_COMMON
1da177e4
LT		 1359 help
1360 The CAST6 encryption algorithm (synonymous with CAST-256) is
1361 described in RFC2612.
1362
4ea1277d
JG		 1363config CRYPTO_CAST6_AVX_X86_64
1364 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1365 depends on X86 && 64BIT
4bd96924 1366 select CRYPTO_BLKCIPHER
4ea1277d 1367 select CRYPTO_CAST6
4bd96924
EB		 1368 select CRYPTO_CAST_COMMON
1369 select CRYPTO_GLUE_HELPER_X86
1370 select CRYPTO_SIMD
4ea1277d
JG		 1371 select CRYPTO_XTS
1372 help
1373 The CAST6 encryption algorithm (synonymous with CAST-256) is
1374 described in RFC2612.
1375
1376 This module provides the Cast6 cipher algorithm that processes
1377 eight blocks parallel using the AVX instruction set.
1378
584fffc8
SS		 1379config CRYPTO_DES
1380 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1381 select CRYPTO_ALGAPI
1da177e4 1382 help
584fffc8 1383 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1384
c5aac2df
DM		 1385config CRYPTO_DES_SPARC64
1386 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1387 depends on SPARC64
c5aac2df
DM		 1388 select CRYPTO_ALGAPI
1389 select CRYPTO_DES
1390 help
1391 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1392 optimized using SPARC64 crypto opcodes.
1393
6574e6c6
JK		 1394config CRYPTO_DES3_EDE_X86_64
1395 tristate "Triple DES EDE cipher algorithm (x86-64)"
1396 depends on X86 && 64BIT
09c0f03b 1397 select CRYPTO_BLKCIPHER
6574e6c6
JK		 1398 select CRYPTO_DES
1399 help
1400 Triple DES EDE (FIPS 46-3) algorithm.
1401
1402 This module provides implementation of the Triple DES EDE cipher
1403 algorithm that is optimized for x86-64 processors. Two versions of
1404 algorithm are provided; regular processing one input block and
1405 one that processes three blocks parallel.
1406
584fffc8
SS		 1407config CRYPTO_FCRYPT
1408 tristate "FCrypt cipher algorithm"
cce9e06d 1409 select CRYPTO_ALGAPI
584fffc8 1410 select CRYPTO_BLKCIPHER
1da177e4 1411 help
584fffc8 1412 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1413
1414config CRYPTO_KHAZAD
1415 tristate "Khazad cipher algorithm"
cce9e06d 1416 select CRYPTO_ALGAPI
1da177e4
LT		 1417 help
1418 Khazad cipher algorithm.
1419
1420 Khazad was a finalist in the initial NESSIE competition. It is
1421 an algorithm optimized for 64-bit processors with good performance
1422 on 32-bit processors. Khazad uses an 128 bit key size.
1423
1424 See also:
6d8de74c 1425 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1426
2407d608 1427config CRYPTO_SALSA20
3b4afaf2 1428 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1429 select CRYPTO_BLKCIPHER
1430 help
1431 Salsa20 stream cipher algorithm.
1432
1433 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1434 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1435
1436 The Salsa20 stream cipher algorithm is designed by Daniel J.
1437 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1438
c08d0e64
MW		 1439config CRYPTO_CHACHA20
1440 tristate "ChaCha20 cipher algorithm"
1441 select CRYPTO_BLKCIPHER
1442 help
1443 ChaCha20 cipher algorithm, RFC7539.
1444
1445 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1446 Bernstein and further specified in RFC7539 for use in IETF protocols.
1447 This is the portable C implementation of ChaCha20.
1448
1449 See also:
1450 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1451
c9320b6d 1452config CRYPTO_CHACHA20_X86_64
3d1e93cd 1453 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
c9320b6d
MW		 1454 depends on X86 && 64BIT
1455 select CRYPTO_BLKCIPHER
1456 select CRYPTO_CHACHA20
1457 help
1458 ChaCha20 cipher algorithm, RFC7539.
1459
1460 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1461 Bernstein and further specified in RFC7539 for use in IETF protocols.
1462 This is the x86_64 assembler implementation using SIMD instructions.
1463
1464 See also:
1465 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1466
584fffc8
SS		 1467config CRYPTO_SEED
1468 tristate "SEED cipher algorithm"
cce9e06d 1469 select CRYPTO_ALGAPI
1da177e4 1470 help
584fffc8 1471 SEED cipher algorithm (RFC4269).
1da177e4 1472
584fffc8
SS		 1473 SEED is a 128-bit symmetric key block cipher that has been
1474 developed by KISA (Korea Information Security Agency) as a
1475 national standard encryption algorithm of the Republic of Korea.
1476 It is a 16 round block cipher with the key size of 128 bit.
1477
1478 See also:
1479 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1480
1481config CRYPTO_SERPENT
1482 tristate "Serpent cipher algorithm"
cce9e06d 1483 select CRYPTO_ALGAPI
1da177e4 1484 help
584fffc8 1485 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1486
584fffc8
SS		 1487 Keys are allowed to be from 0 to 256 bits in length, in steps
1488 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1489 variant of Serpent for compatibility with old kerneli.org code.
1490
1491 See also:
1492 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1493
937c30d7
JK		 1494config CRYPTO_SERPENT_SSE2_X86_64
1495 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1496 depends on X86 && 64BIT
e0f409dc 1497 select CRYPTO_BLKCIPHER
596d8750 1498 select CRYPTO_GLUE_HELPER_X86
937c30d7 1499 select CRYPTO_SERPENT
e0f409dc 1500 select CRYPTO_SIMD
937c30d7
JK		 1501 help
1502 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1503
1504 Keys are allowed to be from 0 to 256 bits in length, in steps
1505 of 8 bits.
1506
1e6232f8 1507 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1508 blocks parallel using SSE2 instruction set.
1509
1510 See also:
1511 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1512
251496db
JK		 1513config CRYPTO_SERPENT_SSE2_586
1514 tristate "Serpent cipher algorithm (i586/SSE2)"
1515 depends on X86 && !64BIT
e0f409dc 1516 select CRYPTO_BLKCIPHER
596d8750 1517 select CRYPTO_GLUE_HELPER_X86
251496db 1518 select CRYPTO_SERPENT
e0f409dc 1519 select CRYPTO_SIMD
251496db
JK		 1520 help
1521 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1522
1523 Keys are allowed to be from 0 to 256 bits in length, in steps
1524 of 8 bits.
1525
1526 This module provides Serpent cipher algorithm that processes four
1527 blocks parallel using SSE2 instruction set.
1528
1529 See also:
1530 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1531
1532config CRYPTO_SERPENT_AVX_X86_64
1533 tristate "Serpent cipher algorithm (x86_64/AVX)"
1534 depends on X86 && 64BIT
e16bf974 1535 select CRYPTO_BLKCIPHER
1d0debbd 1536 select CRYPTO_GLUE_HELPER_X86
7efe4076 1537 select CRYPTO_SERPENT
e16bf974 1538 select CRYPTO_SIMD
7efe4076
JG		 1539 select CRYPTO_XTS
1540 help
1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1542
1543 Keys are allowed to be from 0 to 256 bits in length, in steps
1544 of 8 bits.
1545
1546 This module provides the Serpent cipher algorithm that processes
1547 eight blocks parallel using the AVX instruction set.
1548
1549 See also:
1550 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1551
56d76c96
JK		 1552config CRYPTO_SERPENT_AVX2_X86_64
1553 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1554 depends on X86 && 64BIT
56d76c96 1555 select CRYPTO_SERPENT_AVX_X86_64
56d76c96
JK		 1556 help
1557 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1558
1559 Keys are allowed to be from 0 to 256 bits in length, in steps
1560 of 8 bits.
1561
1562 This module provides Serpent cipher algorithm that processes 16
1563 blocks parallel using AVX2 instruction set.
1564
1565 See also:
1566 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1567
747c8ce4
GBY		 1568config CRYPTO_SM4
1569 tristate "SM4 cipher algorithm"
1570 select CRYPTO_ALGAPI
1571 help
1572 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1573
1574 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1575 Organization of State Commercial Administration of China (OSCCA)
1576 as an authorized cryptographic algorithms for the use within China.
1577
1578 SMS4 was originally created for use in protecting wireless
1579 networks, and is mandated in the Chinese National Standard for
1580 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1581 (GB.15629.11-2003).
1582
1583 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1584 standardized through TC 260 of the Standardization Administration
1585 of the People's Republic of China (SAC).
1586
1587 The input, output, and key of SMS4 are each 128 bits.
1588
1589 See also: <https://eprint.iacr.org/2008/329.pdf>
1590
1591 If unsure, say N.
1592
da7a0ab5
EB		 1593config CRYPTO_SPECK
1594 tristate "Speck cipher algorithm"
1595 select CRYPTO_ALGAPI
1596 help
1597 Speck is a lightweight block cipher that is tuned for optimal
1598 performance in software (rather than hardware).
1599
1600 Speck may not be as secure as AES, and should only be used on systems
1601 where AES is not fast enough.
1602
1603 See also: <https://eprint.iacr.org/2013/404.pdf>
1604
1605 If unsure, say N.
1606
584fffc8
SS		 1607config CRYPTO_TEA
1608 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1609 select CRYPTO_ALGAPI
1da177e4 1610 help
584fffc8 1611 TEA cipher algorithm.
1da177e4 1612
584fffc8
SS		 1613 Tiny Encryption Algorithm is a simple cipher that uses
1614 many rounds for security. It is very fast and uses
1615 little memory.
1616
1617 Xtendend Tiny Encryption Algorithm is a modification to
1618 the TEA algorithm to address a potential key weakness
1619 in the TEA algorithm.
1620
1621 Xtendend Encryption Tiny Algorithm is a mis-implementation
1622 of the XTEA algorithm for compatibility purposes.
1623
1624config CRYPTO_TWOFISH
1625 tristate "Twofish cipher algorithm"
04ac7db3 1626 select CRYPTO_ALGAPI
584fffc8 1627 select CRYPTO_TWOFISH_COMMON
04ac7db3 1628 help
584fffc8 1629 Twofish cipher algorithm.
04ac7db3 1630
584fffc8
SS		 1631 Twofish was submitted as an AES (Advanced Encryption Standard)
1632 candidate cipher by researchers at CounterPane Systems. It is a
1633 16 round block cipher supporting key sizes of 128, 192, and 256
1634 bits.
04ac7db3 1635
584fffc8
SS		 1636 See also:
1637 <http://www.schneier.com/twofish.html>
1638
1639config CRYPTO_TWOFISH_COMMON
1640 tristate
1641 help
1642 Common parts of the Twofish cipher algorithm shared by the
1643 generic c and the assembler implementations.
1644
1645config CRYPTO_TWOFISH_586
1646 tristate "Twofish cipher algorithms (i586)"
1647 depends on (X86 || UML_X86) && !64BIT
1648 select CRYPTO_ALGAPI
1649 select CRYPTO_TWOFISH_COMMON
1650 help
1651 Twofish cipher algorithm.
1652
1653 Twofish was submitted as an AES (Advanced Encryption Standard)
1654 candidate cipher by researchers at CounterPane Systems. It is a
1655 16 round block cipher supporting key sizes of 128, 192, and 256
1656 bits.
04ac7db3
NT		 1657
1658 See also:
584fffc8 1659 <http://www.schneier.com/twofish.html>
04ac7db3 1660
584fffc8
SS		 1661config CRYPTO_TWOFISH_X86_64
1662 tristate "Twofish cipher algorithm (x86_64)"
1663 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1664 select CRYPTO_ALGAPI
584fffc8 1665 select CRYPTO_TWOFISH_COMMON
1da177e4 1666 help
584fffc8 1667 Twofish cipher algorithm (x86_64).
1da177e4 1668
584fffc8
SS		 1669 Twofish was submitted as an AES (Advanced Encryption Standard)
1670 candidate cipher by researchers at CounterPane Systems. It is a
1671 16 round block cipher supporting key sizes of 128, 192, and 256
1672 bits.
1673
1674 See also:
1675 <http://www.schneier.com/twofish.html>
1676
8280daad
JK		 1677config CRYPTO_TWOFISH_X86_64_3WAY
1678 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1679 depends on X86 && 64BIT
37992fa4 1680 select CRYPTO_BLKCIPHER
8280daad
JK		 1681 select CRYPTO_TWOFISH_COMMON
1682 select CRYPTO_TWOFISH_X86_64
414cb5e7 1683 select CRYPTO_GLUE_HELPER_X86
8280daad
JK		 1684 help
1685 Twofish cipher algorithm (x86_64, 3-way parallel).
1686
1687 Twofish was submitted as an AES (Advanced Encryption Standard)
1688 candidate cipher by researchers at CounterPane Systems. It is a
1689 16 round block cipher supporting key sizes of 128, 192, and 256
1690 bits.
1691
1692 This module provides Twofish cipher algorithm that processes three
1693 blocks parallel, utilizing resources of out-of-order CPUs better.
1694
1695 See also:
1696 <http://www.schneier.com/twofish.html>
1697
107778b5
JG		 1698config CRYPTO_TWOFISH_AVX_X86_64
1699 tristate "Twofish cipher algorithm (x86_64/AVX)"
1700 depends on X86 && 64BIT
0e6ab46d 1701 select CRYPTO_BLKCIPHER
a7378d4e 1702 select CRYPTO_GLUE_HELPER_X86
0e6ab46d 1703 select CRYPTO_SIMD
107778b5
JG		 1704 select CRYPTO_TWOFISH_COMMON
1705 select CRYPTO_TWOFISH_X86_64
1706 select CRYPTO_TWOFISH_X86_64_3WAY
107778b5
JG		 1707 help
1708 Twofish cipher algorithm (x86_64/AVX).
1709
1710 Twofish was submitted as an AES (Advanced Encryption Standard)
1711 candidate cipher by researchers at CounterPane Systems. It is a
1712 16 round block cipher supporting key sizes of 128, 192, and 256
1713 bits.
1714
1715 This module provides the Twofish cipher algorithm that processes
1716 eight blocks parallel using the AVX Instruction Set.
1717
1718 See also:
1719 <http://www.schneier.com/twofish.html>
1720
584fffc8
SS		 1721comment "Compression"
1722
1723config CRYPTO_DEFLATE
1724 tristate "Deflate compression algorithm"
1725 select CRYPTO_ALGAPI
f6ded09d 1726 select CRYPTO_ACOMP2
584fffc8
SS		 1727 select ZLIB_INFLATE
1728 select ZLIB_DEFLATE
3c09f17c 1729 help
584fffc8
SS		 1730 This is the Deflate algorithm (RFC1951), specified for use in
1731 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1732
1733 You will most probably want this if using IPSec.
3c09f17c 1734
0b77abb3
ZS		 1735config CRYPTO_LZO
1736 tristate "LZO compression algorithm"
1737 select CRYPTO_ALGAPI
ac9d2c4b 1738 select CRYPTO_ACOMP2
0b77abb3
ZS		 1739 select LZO_COMPRESS
1740 select LZO_DECOMPRESS
1741 help
1742 This is the LZO algorithm.
1743
35a1fc18
SJ		 1744config CRYPTO_842
1745 tristate "842 compression algorithm"
2062c5b6 1746 select CRYPTO_ALGAPI
6a8de3ae 1747 select CRYPTO_ACOMP2
2062c5b6
DS		 1748 select 842_COMPRESS
1749 select 842_DECOMPRESS
35a1fc18
SJ		 1750 help
1751 This is the 842 algorithm.
0ea8530d
CM		 1752
1753config CRYPTO_LZ4
1754 tristate "LZ4 compression algorithm"
1755 select CRYPTO_ALGAPI
8cd9330e 1756 select CRYPTO_ACOMP2
0ea8530d
CM		 1757 select LZ4_COMPRESS
1758 select LZ4_DECOMPRESS
1759 help
1760 This is the LZ4 algorithm.
1761
1762config CRYPTO_LZ4HC
1763 tristate "LZ4HC compression algorithm"
1764 select CRYPTO_ALGAPI
91d53d96 1765 select CRYPTO_ACOMP2
0ea8530d
CM		 1766 select LZ4HC_COMPRESS
1767 select LZ4_DECOMPRESS
1768 help
1769 This is the LZ4 high compression mode algorithm.
35a1fc18 1770
d28fc3db
NT		 1771config CRYPTO_ZSTD
1772 tristate "Zstd compression algorithm"
1773 select CRYPTO_ALGAPI
1774 select CRYPTO_ACOMP2
1775 select ZSTD_COMPRESS
1776 select ZSTD_DECOMPRESS
1777 help
1778 This is the zstd algorithm.
1779
17f0f4a4
NH		 1780comment "Random Number Generation"
1781
1782config CRYPTO_ANSI_CPRNG
1783 tristate "Pseudo Random Number Generation for Cryptographic modules"
1784 select CRYPTO_AES
1785 select CRYPTO_RNG
17f0f4a4
NH		 1786 help
1787 This option enables the generic pseudo random number generator
1788 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1789 ANSI X9.31 A.2.4. Note that this option must be enabled if
1790 CRYPTO_FIPS is selected
17f0f4a4 1791
f2c89a10 1792menuconfig CRYPTO_DRBG_MENU
419090c6 1793 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1794 help
1795 NIST SP800-90A compliant DRBG. In the following submenu, one or
1796 more of the DRBG types must be selected.
1797
f2c89a10 1798if CRYPTO_DRBG_MENU
419090c6
SM		 1799
1800config CRYPTO_DRBG_HMAC
401e4238 1801 bool
419090c6 1802 default y
419090c6 1803 select CRYPTO_HMAC
826775bb 1804 select CRYPTO_SHA256
419090c6
SM		 1805
1806config CRYPTO_DRBG_HASH
1807 bool "Enable Hash DRBG"
826775bb 1808 select CRYPTO_SHA256
419090c6
SM		 1809 help
1810 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1811
1812config CRYPTO_DRBG_CTR
1813 bool "Enable CTR DRBG"
419090c6 1814 select CRYPTO_AES
35591285 1815 depends on CRYPTO_CTR
419090c6
SM		 1816 help
1817 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1818
f2c89a10
HX		 1819config CRYPTO_DRBG
1820 tristate
401e4238 1821 default CRYPTO_DRBG_MENU
f2c89a10 1822 select CRYPTO_RNG
bb5530e4 1823 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1824
1825endif # if CRYPTO_DRBG_MENU
419090c6 1826
bb5530e4
SM		 1827config CRYPTO_JITTERENTROPY
1828 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1829 select CRYPTO_RNG
bb5530e4
SM		 1830 help
1831 The Jitterentropy RNG is a noise that is intended
1832 to provide seed to another RNG. The RNG does not
1833 perform any cryptographic whitening of the generated
1834 random numbers. This Jitterentropy RNG registers with
1835 the kernel crypto API and can be used by any caller.
1836
03c8efc1
HX		 1837config CRYPTO_USER_API
1838 tristate
1839
fe869cdb
HX		 1840config CRYPTO_USER_API_HASH
1841 tristate "User-space interface for hash algorithms"
7451708f 1842 depends on NET
fe869cdb
HX		 1843 select CRYPTO_HASH
1844 select CRYPTO_USER_API
1845 help
1846 This option enables the user-spaces interface for hash
1847 algorithms.
1848
8ff59090
HX		 1849config CRYPTO_USER_API_SKCIPHER
1850 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1851 depends on NET
8ff59090
HX		 1852 select CRYPTO_BLKCIPHER
1853 select CRYPTO_USER_API
1854 help
1855 This option enables the user-spaces interface for symmetric
1856 key cipher algorithms.
1857
2f375538
SM		 1858config CRYPTO_USER_API_RNG
1859 tristate "User-space interface for random number generator algorithms"
1860 depends on NET
1861 select CRYPTO_RNG
1862 select CRYPTO_USER_API
1863 help
1864 This option enables the user-spaces interface for random
1865 number generator algorithms.
1866
b64a2d95
HX		 1867config CRYPTO_USER_API_AEAD
1868 tristate "User-space interface for AEAD cipher algorithms"
1869 depends on NET
1870 select CRYPTO_AEAD
72548b09
SM		 1871 select CRYPTO_BLKCIPHER
1872 select CRYPTO_NULL
b64a2d95
HX		 1873 select CRYPTO_USER_API
1874 help
1875 This option enables the user-spaces interface for AEAD
1876 cipher algorithms.
1877
ee08997f
DK		 1878config CRYPTO_HASH_INFO
1879 bool
1880
1da177e4 1881source "drivers/crypto/Kconfig"
964f3b3b 1882source crypto/asymmetric_keys/Kconfig
cfc411e7 1883source certs/Kconfig
1da177e4 1884
cce9e06d 1885endif # if CRYPTO
Linux 6.x block layer and io_uring tree(s)