projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'asoc-fix-v5.11-rc2' of https://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6-block.git] / crypto / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
685784aa
DW		 2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
1da177e4 8#
9bc89cd8 9# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 10#
9bc89cd8 11source "crypto/async_tx/Kconfig"
1da177e4 12
9bc89cd8
DW		 13#
14# Cryptographic API Configuration
15#
2e290f43 16menuconfig CRYPTO
c3715cb9 17 tristate "Cryptographic API"
1da177e4
LT		 18 help
19 This option provides the core Cryptographic API.
20
cce9e06d
HX		 21if CRYPTO
22
584fffc8
SS		 23comment "Crypto core or helper"
24
ccb778e1
NH		 25config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
f2c89a10 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
1f696097 28 depends on (MODULE_SIG || !MODULES)
ccb778e1 29 help
d99324c2
GU		 30 This option enables the fips boot option which is
31 required if you want the system to operate in a FIPS 200
ccb778e1 32 certification. You should say no unless you know what
e84c5480 33 this is.
ccb778e1 34
cce9e06d
HX		 35config CRYPTO_ALGAPI
36 tristate
6a0fcbb4 37 select CRYPTO_ALGAPI2
cce9e06d
HX		 38 help
39 This option provides the API for cryptographic algorithms.
40
6a0fcbb4
HX		 41config CRYPTO_ALGAPI2
42 tristate
43
1ae97820
HX		 44config CRYPTO_AEAD
45 tristate
6a0fcbb4 46 select CRYPTO_AEAD2
1ae97820
HX		 47 select CRYPTO_ALGAPI
48
6a0fcbb4
HX		 49config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
149a3971
HX		 52 select CRYPTO_NULL2
53 select CRYPTO_RNG2
6a0fcbb4 54
b95bba5d 55config CRYPTO_SKCIPHER
5cde0af2 56 tristate
b95bba5d 57 select CRYPTO_SKCIPHER2
5cde0af2 58 select CRYPTO_ALGAPI
6a0fcbb4 59
b95bba5d 60config CRYPTO_SKCIPHER2
6a0fcbb4
HX		 61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
5cde0af2 64
055bcee3
HX		 65config CRYPTO_HASH
66 tristate
6a0fcbb4 67 select CRYPTO_HASH2
055bcee3
HX		 68 select CRYPTO_ALGAPI
69
6a0fcbb4
HX		 70config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
17f0f4a4
NH		 74config CRYPTO_RNG
75 tristate
6a0fcbb4 76 select CRYPTO_RNG2
17f0f4a4
NH		 77 select CRYPTO_ALGAPI
78
6a0fcbb4
HX		 79config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
401e4238
HX		 83config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
3c339ab8
TS		 87config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
4e5f2c40
SB		 96config CRYPTO_KPP2
97 tristate
98 select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101 tristate
102 select CRYPTO_ALGAPI
103 select CRYPTO_KPP2
104
2ebda74f
GC		 105config CRYPTO_ACOMP2
106 tristate
107 select CRYPTO_ALGAPI2
8cd579d2 108 select SGL_ALLOC
2ebda74f
GC		 109
110config CRYPTO_ACOMP
111 tristate
112 select CRYPTO_ALGAPI
113 select CRYPTO_ACOMP2
114
2b8c19db
HX		 115config CRYPTO_MANAGER
116 tristate "Cryptographic algorithm manager"
6a0fcbb4 117 select CRYPTO_MANAGER2
2b8c19db
HX		 118 help
119 Create default cryptographic template instantiations such as
120 cbc(aes).
121
6a0fcbb4
HX		 122config CRYPTO_MANAGER2
123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124 select CRYPTO_AEAD2
125 select CRYPTO_HASH2
b95bba5d 126 select CRYPTO_SKCIPHER2
946cc463 127 select CRYPTO_AKCIPHER2
4e5f2c40 128 select CRYPTO_KPP2
2ebda74f 129 select CRYPTO_ACOMP2
6a0fcbb4 130
a38f7907
SK		 131config CRYPTO_USER
132 tristate "Userspace cryptographic algorithm configuration"
5db017aa 133 depends on NET
a38f7907
SK		 134 select CRYPTO_MANAGER
135 help
d19978f5 136 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 137 cbc(aes).
138
326a6346
HX		 139config CRYPTO_MANAGER_DISABLE_TESTS
140 bool "Disable run-time self tests"
00ca28a5 141 default y
0b767f96 142 help
326a6346
HX		 143 Disable run-time self tests that normally take place at
144 algorithm registration.
0b767f96 145
5b2706a4
EB		 146config CRYPTO_MANAGER_EXTRA_TESTS
147 bool "Enable extra run-time crypto self tests"
6569e309 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
5b2706a4
EB		 149 help
150 Enable extra run-time self tests of registered crypto algorithms,
151 including randomized fuzz tests.
152
153 This is intended for developer use only, as these tests take much
154 longer to run than the normal self tests.
155
584fffc8 156config CRYPTO_GF128MUL
e590e132 157 tristate
333b0d7e 158
1da177e4
LT		 159config CRYPTO_NULL
160 tristate "Null algorithms"
149a3971 161 select CRYPTO_NULL2
1da177e4
LT		 162 help
163 These are 'Null' algorithms, used by IPsec, which do nothing.
164
149a3971 165config CRYPTO_NULL2
dd43c4e9 166 tristate
149a3971 167 select CRYPTO_ALGAPI2
b95bba5d 168 select CRYPTO_SKCIPHER2
149a3971
HX		 169 select CRYPTO_HASH2
170
5068c7a8 171config CRYPTO_PCRYPT
3b4afaf2
KC		 172 tristate "Parallel crypto engine"
173 depends on SMP
5068c7a8
SK		 174 select PADATA
175 select CRYPTO_MANAGER
176 select CRYPTO_AEAD
177 help
178 This converts an arbitrary crypto algorithm into a parallel
179 algorithm that executes in kernel threads.
180
584fffc8
SS		 181config CRYPTO_CRYPTD
182 tristate "Software async crypto daemon"
b95bba5d 183 select CRYPTO_SKCIPHER
b8a28251 184 select CRYPTO_HASH
584fffc8 185 select CRYPTO_MANAGER
1da177e4 186 help
584fffc8
SS		 187 This is a generic software asynchronous crypto daemon that
188 converts an arbitrary synchronous software crypto algorithm
189 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 190
584fffc8
SS		 191config CRYPTO_AUTHENC
192 tristate "Authenc support"
193 select CRYPTO_AEAD
b95bba5d 194 select CRYPTO_SKCIPHER
584fffc8
SS		 195 select CRYPTO_MANAGER
196 select CRYPTO_HASH
e94c6a7a 197 select CRYPTO_NULL
1da177e4 198 help
584fffc8
SS		 199 Authenc: Combined mode wrapper for IPsec.
200 This is required for IPSec.
1da177e4 201
584fffc8
SS		 202config CRYPTO_TEST
203 tristate "Testing module"
00ea27f1 204 depends on m || EXPERT
da7f033d 205 select CRYPTO_MANAGER
1da177e4 206 help
584fffc8 207 Quick & dirty crypto test module.
1da177e4 208
266d0516
HX		 209config CRYPTO_SIMD
210 tristate
ffaf9156
JK		 211 select CRYPTO_CRYPTD
212
596d8750
JK		 213config CRYPTO_GLUE_HELPER_X86
214 tristate
215 depends on X86
b95bba5d 216 select CRYPTO_SKCIPHER
596d8750 217
735d37b5
BW		 218config CRYPTO_ENGINE
219 tristate
220
3d6228a5
VC		 221comment "Public-key cryptography"
222
223config CRYPTO_RSA
224 tristate "RSA algorithm"
225 select CRYPTO_AKCIPHER
226 select CRYPTO_MANAGER
227 select MPILIB
228 select ASN1
229 help
230 Generic implementation of the RSA public key algorithm.
231
232config CRYPTO_DH
233 tristate "Diffie-Hellman algorithm"
234 select CRYPTO_KPP
235 select MPILIB
236 help
237 Generic implementation of the Diffie-Hellman algorithm.
238
4a2289da
VC		 239config CRYPTO_ECC
240 tristate
241
3d6228a5
VC		 242config CRYPTO_ECDH
243 tristate "ECDH algorithm"
4a2289da 244 select CRYPTO_ECC
3d6228a5
VC		 245 select CRYPTO_KPP
246 select CRYPTO_RNG_DEFAULT
247 help
248 Generic implementation of the ECDH algorithm
249
0d7a7864
VC		 250config CRYPTO_ECRDSA
251 tristate "EC-RDSA (GOST 34.10) algorithm"
252 select CRYPTO_ECC
253 select CRYPTO_AKCIPHER
254 select CRYPTO_STREEBOG
1036633e
VC		 255 select OID_REGISTRY
256 select ASN1
0d7a7864
VC		 257 help
258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
260 standard algorithms (called GOST algorithms). Only signature verification
261 is implemented.
262
ea7ecb66
TZ		 263config CRYPTO_SM2
264 tristate "SM2 algorithm"
265 select CRYPTO_SM3
266 select CRYPTO_AKCIPHER
267 select CRYPTO_MANAGER
268 select MPILIB
269 select ASN1
270 help
271 Generic implementation of the SM2 public key algorithm. It was
272 published by State Encryption Management Bureau, China.
273 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
274
275 References:
276 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
277 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
278 http://www.gmbz.org.cn/main/bzlb.html
279
ee772cb6
AB		 280config CRYPTO_CURVE25519
281 tristate "Curve25519 algorithm"
282 select CRYPTO_KPP
283 select CRYPTO_LIB_CURVE25519_GENERIC
284
bb611bdf
JD		 285config CRYPTO_CURVE25519_X86
286 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
287 depends on X86 && 64BIT
288 select CRYPTO_LIB_CURVE25519_GENERIC
289 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
290
584fffc8 291comment "Authenticated Encryption with Associated Data"
cd12fb90 292
584fffc8
SS		 293config CRYPTO_CCM
294 tristate "CCM support"
295 select CRYPTO_CTR
f15f05b0 296 select CRYPTO_HASH
584fffc8 297 select CRYPTO_AEAD
c8a3315a 298 select CRYPTO_MANAGER
1da177e4 299 help
584fffc8 300 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 301
584fffc8
SS		 302config CRYPTO_GCM
303 tristate "GCM/GMAC support"
304 select CRYPTO_CTR
305 select CRYPTO_AEAD
9382d97a 306 select CRYPTO_GHASH
9489667d 307 select CRYPTO_NULL
c8a3315a 308 select CRYPTO_MANAGER
1da177e4 309 help
584fffc8
SS		 310 Support for Galois/Counter Mode (GCM) and Galois Message
311 Authentication Code (GMAC). Required for IPSec.
1da177e4 312
71ebc4d1
MW		 313config CRYPTO_CHACHA20POLY1305
314 tristate "ChaCha20-Poly1305 AEAD support"
315 select CRYPTO_CHACHA20
316 select CRYPTO_POLY1305
317 select CRYPTO_AEAD
c8a3315a 318 select CRYPTO_MANAGER
71ebc4d1
MW		 319 help
320 ChaCha20-Poly1305 AEAD support, RFC7539.
321
322 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
323 with the Poly1305 authenticator. It is defined in RFC7539 for use in
324 IETF protocols.
325
f606a88e
OM		 326config CRYPTO_AEGIS128
327 tristate "AEGIS-128 AEAD algorithm"
328 select CRYPTO_AEAD
329 select CRYPTO_AES # for AES S-box tables
330 help
331 Support for the AEGIS-128 dedicated AEAD algorithm.
332
a4397635
AB		 333config CRYPTO_AEGIS128_SIMD
334 bool "Support SIMD acceleration for AEGIS-128"
335 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
336 default y
337
1d373d4e
OM		 338config CRYPTO_AEGIS128_AESNI_SSE2
339 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
340 depends on X86 && 64BIT
341 select CRYPTO_AEAD
de272ca7 342 select CRYPTO_SIMD
1d373d4e 343 help
4e5180eb 344 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
1d373d4e 345
584fffc8
SS		 346config CRYPTO_SEQIV
347 tristate "Sequence Number IV Generator"
348 select CRYPTO_AEAD
b95bba5d 349 select CRYPTO_SKCIPHER
856e3f40 350 select CRYPTO_NULL
401e4238 351 select CRYPTO_RNG_DEFAULT
c8a3315a 352 select CRYPTO_MANAGER
1da177e4 353 help
584fffc8
SS		 354 This IV generator generates an IV based on a sequence number by
355 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 356
a10f554f
HX		 357config CRYPTO_ECHAINIV
358 tristate "Encrypted Chain IV Generator"
359 select CRYPTO_AEAD
360 select CRYPTO_NULL
401e4238 361 select CRYPTO_RNG_DEFAULT
c8a3315a 362 select CRYPTO_MANAGER
a10f554f
HX		 363 help
364 This IV generator generates an IV based on the encryption of
365 a sequence number xored with a salt. This is the default
366 algorithm for CBC.
367
584fffc8 368comment "Block modes"
c494e070 369
584fffc8
SS		 370config CRYPTO_CBC
371 tristate "CBC support"
b95bba5d 372 select CRYPTO_SKCIPHER
43518407 373 select CRYPTO_MANAGER
db131ef9 374 help
584fffc8
SS		 375 CBC: Cipher Block Chaining mode
376 This block cipher algorithm is required for IPSec.
db131ef9 377
a7d85e06
JB		 378config CRYPTO_CFB
379 tristate "CFB support"
b95bba5d 380 select CRYPTO_SKCIPHER
a7d85e06
JB		 381 select CRYPTO_MANAGER
382 help
383 CFB: Cipher FeedBack mode
384 This block cipher algorithm is required for TPM2 Cryptography.
385
584fffc8
SS		 386config CRYPTO_CTR
387 tristate "CTR support"
b95bba5d 388 select CRYPTO_SKCIPHER
43518407 389 select CRYPTO_MANAGER
db131ef9 390 help
584fffc8 391 CTR: Counter mode
db131ef9
HX		 392 This block cipher algorithm is required for IPSec.
393
584fffc8
SS		 394config CRYPTO_CTS
395 tristate "CTS support"
b95bba5d 396 select CRYPTO_SKCIPHER
c8a3315a 397 select CRYPTO_MANAGER
584fffc8
SS		 398 help
399 CTS: Cipher Text Stealing
400 This is the Cipher Text Stealing mode as described by
ecd6d5c9
GBY		 401 Section 8 of rfc2040 and referenced by rfc3962
402 (rfc3962 includes errata information in its Appendix A) or
403 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
584fffc8
SS		 404 This mode is required for Kerberos gss mechanism support
405 for AES encryption.
406
ecd6d5c9
GBY		 407 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
408
584fffc8
SS		 409config CRYPTO_ECB
410 tristate "ECB support"
b95bba5d 411 select CRYPTO_SKCIPHER
91652be5 412 select CRYPTO_MANAGER
91652be5 413 help
584fffc8
SS		 414 ECB: Electronic CodeBook mode
415 This is the simplest block cipher algorithm. It simply encrypts
416 the input block by block.
91652be5 417
64470f1b 418config CRYPTO_LRW
2470a2b2 419 tristate "LRW support"
b95bba5d 420 select CRYPTO_SKCIPHER
64470f1b
RS		 421 select CRYPTO_MANAGER
422 select CRYPTO_GF128MUL
423 help
424 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
425 narrow block cipher mode for dm-crypt. Use it with cipher
426 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
427 The first 128, 192 or 256 bits in the key are used for AES and the
428 rest is used to tie each cipher block to its logical position.
429
e497c518
GBY		 430config CRYPTO_OFB
431 tristate "OFB support"
b95bba5d 432 select CRYPTO_SKCIPHER
e497c518
GBY		 433 select CRYPTO_MANAGER
434 help
435 OFB: the Output Feedback mode makes a block cipher into a synchronous
436 stream cipher. It generates keystream blocks, which are then XORed
437 with the plaintext blocks to get the ciphertext. Flipping a bit in the
438 ciphertext produces a flipped bit in the plaintext at the same
439 location. This property allows many error correcting codes to function
440 normally even when applied before encryption.
441
584fffc8
SS		 442config CRYPTO_PCBC
443 tristate "PCBC support"
b95bba5d 444 select CRYPTO_SKCIPHER
584fffc8
SS		 445 select CRYPTO_MANAGER
446 help
447 PCBC: Propagating Cipher Block Chaining mode
448 This block cipher algorithm is required for RxRPC.
449
f19f5111 450config CRYPTO_XTS
5bcf8e6d 451 tristate "XTS support"
b95bba5d 452 select CRYPTO_SKCIPHER
f19f5111 453 select CRYPTO_MANAGER
12cb3a1c 454 select CRYPTO_ECB
f19f5111
RS		 455 help
456 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
457 key size 256, 384 or 512 bits. This implementation currently
458 can't handle a sectorsize which is not a multiple of 16 bytes.
459
1c49678e
SM		 460config CRYPTO_KEYWRAP
461 tristate "Key wrapping support"
b95bba5d 462 select CRYPTO_SKCIPHER
c8a3315a 463 select CRYPTO_MANAGER
1c49678e
SM		 464 help
465 Support for key wrapping (NIST SP800-38F / RFC3394) without
466 padding.
467
26609a21
EB		 468config CRYPTO_NHPOLY1305
469 tristate
470 select CRYPTO_HASH
48ea8c6e 471 select CRYPTO_LIB_POLY1305_GENERIC
26609a21 472
012c8238
EB		 473config CRYPTO_NHPOLY1305_SSE2
474 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
475 depends on X86 && 64BIT
476 select CRYPTO_NHPOLY1305
477 help
478 SSE2 optimized implementation of the hash function used by the
479 Adiantum encryption mode.
480
0f961f9f
EB		 481config CRYPTO_NHPOLY1305_AVX2
482 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
483 depends on X86 && 64BIT
484 select CRYPTO_NHPOLY1305
485 help
486 AVX2 optimized implementation of the hash function used by the
487 Adiantum encryption mode.
488
059c2a4d
EB		 489config CRYPTO_ADIANTUM
490 tristate "Adiantum support"
491 select CRYPTO_CHACHA20
48ea8c6e 492 select CRYPTO_LIB_POLY1305_GENERIC
059c2a4d 493 select CRYPTO_NHPOLY1305
c8a3315a 494 select CRYPTO_MANAGER
059c2a4d
EB		 495 help
496 Adiantum is a tweakable, length-preserving encryption mode
497 designed for fast and secure disk encryption, especially on
498 CPUs without dedicated crypto instructions. It encrypts
499 each sector using the XChaCha12 stream cipher, two passes of
500 an ε-almost-∆-universal hash function, and an invocation of
501 the AES-256 block cipher on a single 16-byte block. On CPUs
502 without AES instructions, Adiantum is much faster than
503 AES-XTS.
504
505 Adiantum's security is provably reducible to that of its
506 underlying stream and block ciphers, subject to a security
507 bound. Unlike XTS, Adiantum is a true wide-block encryption
508 mode, so it actually provides an even stronger notion of
509 security than XTS, subject to the security bound.
510
511 If unsure, say N.
512
be1eb7f7
AB		 513config CRYPTO_ESSIV
514 tristate "ESSIV support for block encryption"
515 select CRYPTO_AUTHENC
516 help
517 Encrypted salt-sector initialization vector (ESSIV) is an IV
518 generation method that is used in some cases by fscrypt and/or
519 dm-crypt. It uses the hash of the block encryption key as the
520 symmetric key for a block encryption pass applied to the input
521 IV, making low entropy IV sources more suitable for block
522 encryption.
523
524 This driver implements a crypto API template that can be
ab3d436b 525 instantiated either as an skcipher or as an AEAD (depending on the
be1eb7f7
AB		 526 type of the first template argument), and which defers encryption
527 and decryption requests to the encapsulated cipher after applying
ab3d436b 528 ESSIV to the input IV. Note that in the AEAD case, it is assumed
be1eb7f7
AB		 529 that the keys are presented in the same format used by the authenc
530 template, and that the IV appears at the end of the authenticated
531 associated data (AAD) region (which is how dm-crypt uses it.)
532
533 Note that the use of ESSIV is not recommended for new deployments,
534 and so this only needs to be enabled when interoperability with
535 existing encrypted volumes of filesystems is required, or when
536 building for a particular system that requires it (e.g., when
537 the SoC in question has accelerated CBC but not XTS, making CBC
538 combined with ESSIV the only feasible mode for h/w accelerated
539 block encryption)
540
584fffc8
SS		 541comment "Hash modes"
542
93b5e86a
JK		 543config CRYPTO_CMAC
544 tristate "CMAC support"
545 select CRYPTO_HASH
546 select CRYPTO_MANAGER
547 help
548 Cipher-based Message Authentication Code (CMAC) specified by
549 The National Institute of Standards and Technology (NIST).
550
551 https://tools.ietf.org/html/rfc4493
552 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
553
584fffc8
SS		 554config CRYPTO_HMAC
555 tristate "HMAC support"
556 select CRYPTO_HASH
23e353c8 557 select CRYPTO_MANAGER
23e353c8 558 help
584fffc8
SS		 559 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
560 This is required for IPSec.
23e353c8 561
584fffc8
SS		 562config CRYPTO_XCBC
563 tristate "XCBC support"
584fffc8
SS		 564 select CRYPTO_HASH
565 select CRYPTO_MANAGER
76cb9521 566 help
584fffc8 567 XCBC: Keyed-Hashing with encryption algorithm
9332a9e7 568 https://www.ietf.org/rfc/rfc3566.txt
584fffc8
SS		 569 http://csrc.nist.gov/encryption/modes/proposedmodes/
570 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 571
f1939f7c
SW		 572config CRYPTO_VMAC
573 tristate "VMAC support"
f1939f7c
SW		 574 select CRYPTO_HASH
575 select CRYPTO_MANAGER
576 help
577 VMAC is a message authentication algorithm designed for
578 very high speed on 64-bit architectures.
579
580 See also:
9332a9e7 581 <https://fastcrypto.org/vmac>
f1939f7c 582
584fffc8 583comment "Digest"
28db8e3e 584
584fffc8
SS		 585config CRYPTO_CRC32C
586 tristate "CRC32c CRC algorithm"
5773a3e6 587 select CRYPTO_HASH
6a0962b2 588 select CRC32
4a49b499 589 help
584fffc8
SS		 590 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
591 by iSCSI for header and data digests and by others.
69c35efc 592 See Castagnoli93. Module will be crc32c.
4a49b499 593
8cb51ba8
AZ		 594config CRYPTO_CRC32C_INTEL
595 tristate "CRC32c INTEL hardware acceleration"
596 depends on X86
597 select CRYPTO_HASH
598 help
599 In Intel processor with SSE4.2 supported, the processor will
600 support CRC32C implementation using hardware accelerated CRC32
601 instruction. This option will create 'crc32c-intel' module,
602 which will enable any routine to use the CRC32 instruction to
603 gain performance compared with software implementation.
604 Module will be crc32c-intel.
605
7cf31864 606config CRYPTO_CRC32C_VPMSUM
6dd7a82c 607 tristate "CRC32c CRC algorithm (powerpc64)"
c12abf34 608 depends on PPC64 && ALTIVEC
6dd7a82c
AB		 609 select CRYPTO_HASH
610 select CRC32
611 help
612 CRC32c algorithm implemented using vector polynomial multiply-sum
613 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
614 and newer processors for improved performance.
615
616
442a7c40
DM		 617config CRYPTO_CRC32C_SPARC64
618 tristate "CRC32c CRC algorithm (SPARC64)"
619 depends on SPARC64
620 select CRYPTO_HASH
621 select CRC32
622 help
623 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
624 when available.
625
78c37d19
AB		 626config CRYPTO_CRC32
627 tristate "CRC32 CRC algorithm"
628 select CRYPTO_HASH
629 select CRC32
630 help
631 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
632 Shash crypto api wrappers to crc32_le function.
633
634config CRYPTO_CRC32_PCLMUL
635 tristate "CRC32 PCLMULQDQ hardware acceleration"
636 depends on X86
637 select CRYPTO_HASH
638 select CRC32
639 help
640 From Intel Westmere and AMD Bulldozer processor with SSE4.2
641 and PCLMULQDQ supported, the processor will support
642 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
af8cb01f 643 instruction. This option will create 'crc32-pclmul' module,
78c37d19
AB		 644 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
645 and gain better performance as compared with the table implementation.
646
4a5dc51e
MN		 647config CRYPTO_CRC32_MIPS
648 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
649 depends on MIPS_CRC_SUPPORT
650 select CRYPTO_HASH
651 help
652 CRC32c and CRC32 CRC algorithms implemented using mips crypto
653 instructions, when available.
654
655
67882e76
NB		 656config CRYPTO_XXHASH
657 tristate "xxHash hash algorithm"
658 select CRYPTO_HASH
659 select XXHASH
660 help
661 xxHash non-cryptographic hash algorithm. Extremely fast, working at
662 speeds close to RAM limits.
663
91d68933
DS		 664config CRYPTO_BLAKE2B
665 tristate "BLAKE2b digest algorithm"
666 select CRYPTO_HASH
667 help
668 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
669 optimized for 64bit platforms and can produce digests of any size
670 between 1 to 64. The keyed hash is also implemented.
671
672 This module provides the following algorithms:
673
674 - blake2b-160
675 - blake2b-256
676 - blake2b-384
677 - blake2b-512
678
679 See https://blake2.net for further information.
680
7f9b0880
AB		 681config CRYPTO_BLAKE2S
682 tristate "BLAKE2s digest algorithm"
683 select CRYPTO_LIB_BLAKE2S_GENERIC
684 select CRYPTO_HASH
685 help
686 Implementation of cryptographic hash function BLAKE2s
687 optimized for 8-32bit platforms and can produce digests of any size
688 between 1 to 32. The keyed hash is also implemented.
689
690 This module provides the following algorithms:
691
692 - blake2s-128
693 - blake2s-160
694 - blake2s-224
695 - blake2s-256
696
697 See https://blake2.net for further information.
698
ed0356ed
JD		 699config CRYPTO_BLAKE2S_X86
700 tristate "BLAKE2s digest algorithm (x86 accelerated version)"
701 depends on X86 && 64BIT
702 select CRYPTO_LIB_BLAKE2S_GENERIC
703 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
704
68411521
HX		 705config CRYPTO_CRCT10DIF
706 tristate "CRCT10DIF algorithm"
707 select CRYPTO_HASH
708 help
709 CRC T10 Data Integrity Field computation is being cast as
710 a crypto transform. This allows for faster crc t10 diff
711 transforms to be used if they are available.
712
713config CRYPTO_CRCT10DIF_PCLMUL
714 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
715 depends on X86 && 64BIT && CRC_T10DIF
716 select CRYPTO_HASH
717 help
718 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
719 CRC T10 DIF PCLMULQDQ computation can be hardware
720 accelerated PCLMULQDQ instruction. This option will create
af8cb01f 721 'crct10dif-pclmul' module, which is faster when computing the
68411521
HX		 722 crct10dif checksum as compared with the generic table implementation.
723
b01df1c1
DA		 724config CRYPTO_CRCT10DIF_VPMSUM
725 tristate "CRC32T10DIF powerpc64 hardware acceleration"
726 depends on PPC64 && ALTIVEC && CRC_T10DIF
727 select CRYPTO_HASH
728 help
729 CRC10T10DIF algorithm implemented using vector polynomial
730 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
731 POWER8 and newer processors for improved performance.
732
146c8688
DA		 733config CRYPTO_VPMSUM_TESTER
734 tristate "Powerpc64 vpmsum hardware acceleration tester"
735 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
736 help
737 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
738 POWER8 vpmsum instructions.
739 Unless you are testing these algorithms, you don't need this.
740
2cdc6899 741config CRYPTO_GHASH
8dfa20fc 742 tristate "GHASH hash function"
2cdc6899 743 select CRYPTO_GF128MUL
578c60fb 744 select CRYPTO_HASH
2cdc6899 745 help
8dfa20fc
EB		 746 GHASH is the hash function used in GCM (Galois/Counter Mode).
747 It is not a general-purpose cryptographic hash function.
2cdc6899 748
f979e014
MW		 749config CRYPTO_POLY1305
750 tristate "Poly1305 authenticator algorithm"
578c60fb 751 select CRYPTO_HASH
48ea8c6e 752 select CRYPTO_LIB_POLY1305_GENERIC
f979e014
MW		 753 help
754 Poly1305 authenticator algorithm, RFC7539.
755
756 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
757 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
758 in IETF protocols. This is the portable C implementation of Poly1305.
759
c70f4abe 760config CRYPTO_POLY1305_X86_64
b1ccc8f4 761 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe 762 depends on X86 && 64BIT
1b2c6a51 763 select CRYPTO_LIB_POLY1305_GENERIC
f0e89bcf 764 select CRYPTO_ARCH_HAVE_LIB_POLY1305
c70f4abe
MW		 765 help
766 Poly1305 authenticator algorithm, RFC7539.
767
768 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
769 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
770 in IETF protocols. This is the x86_64 assembler implementation using SIMD
771 instructions.
772
a11d055e
AB		 773config CRYPTO_POLY1305_MIPS
774 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
775 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
776 select CRYPTO_ARCH_HAVE_LIB_POLY1305
777
584fffc8
SS		 778config CRYPTO_MD4
779 tristate "MD4 digest algorithm"
808a1763 780 select CRYPTO_HASH
124b53d0 781 help
584fffc8 782 MD4 message digest algorithm (RFC1320).
124b53d0 783
584fffc8
SS		 784config CRYPTO_MD5
785 tristate "MD5 digest algorithm"
14b75ba7 786 select CRYPTO_HASH
1da177e4 787 help
584fffc8 788 MD5 message digest algorithm (RFC1321).
1da177e4 789
d69e75de
AK		 790config CRYPTO_MD5_OCTEON
791 tristate "MD5 digest algorithm (OCTEON)"
792 depends on CPU_CAVIUM_OCTEON
793 select CRYPTO_MD5
794 select CRYPTO_HASH
795 help
796 MD5 message digest algorithm (RFC1321) implemented
797 using OCTEON crypto instructions, when available.
798
e8e59953
MS		 799config CRYPTO_MD5_PPC
800 tristate "MD5 digest algorithm (PPC)"
801 depends on PPC
802 select CRYPTO_HASH
803 help
804 MD5 message digest algorithm (RFC1321) implemented
805 in PPC assembler.
806
fa4dfedc
DM		 807config CRYPTO_MD5_SPARC64
808 tristate "MD5 digest algorithm (SPARC64)"
809 depends on SPARC64
810 select CRYPTO_MD5
811 select CRYPTO_HASH
812 help
813 MD5 message digest algorithm (RFC1321) implemented
814 using sparc64 crypto instructions, when available.
815
584fffc8
SS		 816config CRYPTO_MICHAEL_MIC
817 tristate "Michael MIC keyed digest algorithm"
19e2bf14 818 select CRYPTO_HASH
90831639 819 help
584fffc8
SS		 820 Michael MIC is used for message integrity protection in TKIP
821 (IEEE 802.11i). This algorithm is required for TKIP, but it
822 should not be used for other purposes because of the weakness
823 of the algorithm.
90831639 824
82798f90 825config CRYPTO_RMD128
b6d44341 826 tristate "RIPEMD-128 digest algorithm"
7c4468bc 827 select CRYPTO_HASH
b6d44341
AB		 828 help
829 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 830
b6d44341 831 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 832 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 833 RIPEMD-160 should be used.
82798f90 834
b6d44341 835 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
9332a9e7 836 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 837
838config CRYPTO_RMD160
b6d44341 839 tristate "RIPEMD-160 digest algorithm"
e5835fba 840 select CRYPTO_HASH
b6d44341
AB		 841 help
842 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 843
b6d44341
AB		 844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
845 to be used as a secure replacement for the 128-bit hash functions
846 MD4, MD5 and it's predecessor RIPEMD
847 (not to be confused with RIPEMD-128).
82798f90 848
b6d44341
AB		 849 It's speed is comparable to SHA1 and there are no known attacks
850 against RIPEMD-160.
534fe2c1 851
b6d44341 852 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
9332a9e7 853 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 854
855config CRYPTO_RMD256
b6d44341 856 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 857 select CRYPTO_HASH
b6d44341
AB		 858 help
859 RIPEMD-256 is an optional extension of RIPEMD-128 with a
860 256 bit hash. It is intended for applications that require
861 longer hash-results, without needing a larger security level
862 (than RIPEMD-128).
534fe2c1 863
b6d44341 864 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
9332a9e7 865 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 866
867config CRYPTO_RMD320
b6d44341 868 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 869 select CRYPTO_HASH
b6d44341
AB		 870 help
871 RIPEMD-320 is an optional extension of RIPEMD-160 with a
872 320 bit hash. It is intended for applications that require
873 longer hash-results, without needing a larger security level
874 (than RIPEMD-160).
534fe2c1 875
b6d44341 876 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
9332a9e7 877 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 878
584fffc8
SS		 879config CRYPTO_SHA1
880 tristate "SHA1 digest algorithm"
54ccb367 881 select CRYPTO_HASH
1da177e4 882 help
584fffc8 883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 884
66be8951 885config CRYPTO_SHA1_SSSE3
e38b6b7f 886 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 887 depends on X86 && 64BIT
888 select CRYPTO_SHA1
889 select CRYPTO_HASH
890 help
891 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
892 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 893 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
894 when available.
66be8951 895
8275d1aa 896config CRYPTO_SHA256_SSSE3
e38b6b7f 897 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 898 depends on X86 && 64BIT
899 select CRYPTO_SHA256
900 select CRYPTO_HASH
901 help
902 SHA-256 secure hash standard (DFIPS 180-2) implemented
903 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
904 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 905 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
906 Instructions) when available.
87de4579
TC		 907
908config CRYPTO_SHA512_SSSE3
909 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
910 depends on X86 && 64BIT
911 select CRYPTO_SHA512
912 select CRYPTO_HASH
913 help
914 SHA-512 secure hash standard (DFIPS 180-2) implemented
915 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
916 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 917 version 2 (AVX2) instructions, when available.
918
efdb6f6e
AK		 919config CRYPTO_SHA1_OCTEON
920 tristate "SHA1 digest algorithm (OCTEON)"
921 depends on CPU_CAVIUM_OCTEON
922 select CRYPTO_SHA1
923 select CRYPTO_HASH
924 help
925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
926 using OCTEON crypto instructions, when available.
927
4ff28d4c
DM		 928config CRYPTO_SHA1_SPARC64
929 tristate "SHA1 digest algorithm (SPARC64)"
930 depends on SPARC64
931 select CRYPTO_SHA1
932 select CRYPTO_HASH
933 help
934 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
935 using sparc64 crypto instructions, when available.
936
323a6bf1
ME		 937config CRYPTO_SHA1_PPC
938 tristate "SHA1 digest algorithm (powerpc)"
939 depends on PPC
940 help
941 This is the powerpc hardware accelerated implementation of the
942 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
943
d9850fc5
MS		 944config CRYPTO_SHA1_PPC_SPE
945 tristate "SHA1 digest algorithm (PPC SPE)"
946 depends on PPC && SPE
947 help
948 SHA-1 secure hash standard (DFIPS 180-4) implemented
949 using powerpc SPE SIMD instruction set.
950
584fffc8
SS		 951config CRYPTO_SHA256
952 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 953 select CRYPTO_HASH
08c327f6 954 select CRYPTO_LIB_SHA256
1da177e4 955 help
584fffc8 956 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 957
584fffc8
SS		 958 This version of SHA implements a 256 bit hash with 128 bits of
959 security against collision attacks.
2729bb42 960
b6d44341
AB		 961 This code also includes SHA-224, a 224 bit hash with 112 bits
962 of security against collision attacks.
584fffc8 963
2ecc1e95
MS		 964config CRYPTO_SHA256_PPC_SPE
965 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
966 depends on PPC && SPE
967 select CRYPTO_SHA256
968 select CRYPTO_HASH
969 help
970 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
971 implemented using powerpc SPE SIMD instruction set.
972
efdb6f6e
AK		 973config CRYPTO_SHA256_OCTEON
974 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
975 depends on CPU_CAVIUM_OCTEON
976 select CRYPTO_SHA256
977 select CRYPTO_HASH
978 help
979 SHA-256 secure hash standard (DFIPS 180-2) implemented
980 using OCTEON crypto instructions, when available.
981
86c93b24
DM		 982config CRYPTO_SHA256_SPARC64
983 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
984 depends on SPARC64
985 select CRYPTO_SHA256
986 select CRYPTO_HASH
987 help
988 SHA-256 secure hash standard (DFIPS 180-2) implemented
989 using sparc64 crypto instructions, when available.
990
584fffc8
SS		 991config CRYPTO_SHA512
992 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 993 select CRYPTO_HASH
b9f535ff 994 help
584fffc8 995 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 996
584fffc8
SS		 997 This version of SHA implements a 512 bit hash with 256 bits of
998 security against collision attacks.
b9f535ff 999
584fffc8
SS		 1000 This code also includes SHA-384, a 384 bit hash with 192 bits
1001 of security against collision attacks.
b9f535ff 1002
efdb6f6e
AK		 1003config CRYPTO_SHA512_OCTEON
1004 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
1005 depends on CPU_CAVIUM_OCTEON
1006 select CRYPTO_SHA512
1007 select CRYPTO_HASH
1008 help
1009 SHA-512 secure hash standard (DFIPS 180-2) implemented
1010 using OCTEON crypto instructions, when available.
1011
775e0c69
DM		 1012config CRYPTO_SHA512_SPARC64
1013 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
1014 depends on SPARC64
1015 select CRYPTO_SHA512
1016 select CRYPTO_HASH
1017 help
1018 SHA-512 secure hash standard (DFIPS 180-2) implemented
1019 using sparc64 crypto instructions, when available.
1020
53964b9e
JG		 1021config CRYPTO_SHA3
1022 tristate "SHA3 digest algorithm"
1023 select CRYPTO_HASH
1024 help
1025 SHA-3 secure hash standard (DFIPS 202). It's based on
1026 cryptographic sponge function family called Keccak.
1027
1028 References:
1029 http://keccak.noekeon.org/
1030
4f0fc160
GBY		 1031config CRYPTO_SM3
1032 tristate "SM3 digest algorithm"
1033 select CRYPTO_HASH
1034 help
1035 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1036 It is part of the Chinese Commercial Cryptography suite.
1037
1038 References:
1039 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1040 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1041
fe18957e
VC		 1042config CRYPTO_STREEBOG
1043 tristate "Streebog Hash Function"
1044 select CRYPTO_HASH
1045 help
1046 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1047 cryptographic standard algorithms (called GOST algorithms).
1048 This setting enables two hash algorithms with 256 and 512 bits output.
1049
1050 References:
1051 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1052 https://tools.ietf.org/html/rfc6986
1053
584fffc8
SS		 1054config CRYPTO_TGR192
1055 tristate "Tiger digest algorithms"
f63fbd3d 1056 select CRYPTO_HASH
eaf44088 1057 help
584fffc8 1058 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 1059
584fffc8
SS		 1060 Tiger is a hash function optimized for 64-bit processors while
1061 still having decent performance on 32-bit processors.
1062 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 1063
1064 See also:
9332a9e7 1065 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 1066
584fffc8
SS		 1067config CRYPTO_WP512
1068 tristate "Whirlpool digest algorithms"
4946510b 1069 select CRYPTO_HASH
1da177e4 1070 help
584fffc8 1071 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 1072
584fffc8
SS		 1073 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1074 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 1075
1076 See also:
6d8de74c 1077 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 1078
0e1227d3 1079config CRYPTO_GHASH_CLMUL_NI_INTEL
8dfa20fc 1080 tristate "GHASH hash function (CLMUL-NI accelerated)"
8af00860 1081 depends on X86 && 64BIT
0e1227d3
HY		 1082 select CRYPTO_CRYPTD
1083 help
8dfa20fc
EB		 1084 This is the x86_64 CLMUL-NI accelerated implementation of
1085 GHASH, the hash function used in GCM (Galois/Counter mode).
0e1227d3 1086
584fffc8 1087comment "Ciphers"
1da177e4
LT		 1088
1089config CRYPTO_AES
1090 tristate "AES cipher algorithms"
cce9e06d 1091 select CRYPTO_ALGAPI
5bb12d78 1092 select CRYPTO_LIB_AES
1da177e4 1093 help
584fffc8 1094 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1095 algorithm.
1096
1097 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1098 both hardware and software across a wide range of computing
1099 environments regardless of its use in feedback or non-feedback
1100 modes. Its key setup time is excellent, and its key agility is
1101 good. Rijndael's very low memory requirements make it very well
1102 suited for restricted-space environments, in which it also
1103 demonstrates excellent performance. Rijndael's operations are
1104 among the easiest to defend against power and timing attacks.
1da177e4 1105
584fffc8 1106 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1107
1108 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1109
b5e0b032
AB		 1110config CRYPTO_AES_TI
1111 tristate "Fixed time AES cipher"
1112 select CRYPTO_ALGAPI
e59c1c98 1113 select CRYPTO_LIB_AES
b5e0b032
AB		 1114 help
1115 This is a generic implementation of AES that attempts to eliminate
1116 data dependent latencies as much as possible without affecting
1117 performance too much. It is intended for use by the generic CCM
1118 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1119 solely on encryption (although decryption is supported as well, but
1120 with a more dramatic performance hit)
1121
1122 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1123 8 for decryption), this implementation only uses just two S-boxes of
1124 256 bytes each, and attempts to eliminate data dependent latencies by
1125 prefetching the entire table into the cache at the start of each
0a6a40c2
EB		 1126 block. Interrupts are also disabled to avoid races where cachelines
1127 are evicted when the CPU is interrupted to do something else.
b5e0b032 1128
54b6a1bd
HY		 1129config CRYPTO_AES_NI_INTEL
1130 tristate "AES cipher algorithms (AES-NI)"
8af00860 1131 depends on X86
85671860 1132 select CRYPTO_AEAD
2c53fd11 1133 select CRYPTO_LIB_AES
54b6a1bd 1134 select CRYPTO_ALGAPI
b95bba5d 1135 select CRYPTO_SKCIPHER
7643a11a 1136 select CRYPTO_GLUE_HELPER_X86 if 64BIT
85671860 1137 select CRYPTO_SIMD
54b6a1bd
HY		 1138 help
1139 Use Intel AES-NI instructions for AES algorithm.
1140
1141 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1142 algorithm.
1143
1144 Rijndael appears to be consistently a very good performer in
1145 both hardware and software across a wide range of computing
1146 environments regardless of its use in feedback or non-feedback
1147 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 1148 good. Rijndael's very low memory requirements make it very well
1149 suited for restricted-space environments, in which it also
1150 demonstrates excellent performance. Rijndael's operations are
1151 among the easiest to defend against power and timing attacks.
a2a892a2 1152
584fffc8 1153 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1154
1155 See <http://csrc.nist.gov/encryption/aes/> for more information.
1156
0d258efb
MK		 1157 In addition to AES cipher algorithm support, the acceleration
1158 for some popular block cipher mode is supported too, including
944585a6 1159 ECB, CBC, LRW, XTS. The 64 bit version has additional
0d258efb 1160 acceleration for CTR.
2cf4ac8b 1161
9bf4852d
DM		 1162config CRYPTO_AES_SPARC64
1163 tristate "AES cipher algorithms (SPARC64)"
1164 depends on SPARC64
b95bba5d 1165 select CRYPTO_SKCIPHER
9bf4852d
DM		 1166 help
1167 Use SPARC64 crypto opcodes for AES algorithm.
1168
1169 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1170 algorithm.
1171
1172 Rijndael appears to be consistently a very good performer in
1173 both hardware and software across a wide range of computing
1174 environments regardless of its use in feedback or non-feedback
1175 modes. Its key setup time is excellent, and its key agility is
1176 good. Rijndael's very low memory requirements make it very well
1177 suited for restricted-space environments, in which it also
1178 demonstrates excellent performance. Rijndael's operations are
1179 among the easiest to defend against power and timing attacks.
1180
1181 The AES specifies three key sizes: 128, 192 and 256 bits
1182
1183 See <http://csrc.nist.gov/encryption/aes/> for more information.
1184
1185 In addition to AES cipher algorithm support, the acceleration
1186 for some popular block cipher mode is supported too, including
1187 ECB and CBC.
1188
504c6143
MS		 1189config CRYPTO_AES_PPC_SPE
1190 tristate "AES cipher algorithms (PPC SPE)"
1191 depends on PPC && SPE
b95bba5d 1192 select CRYPTO_SKCIPHER
504c6143
MS		 1193 help
1194 AES cipher algorithms (FIPS-197). Additionally the acceleration
1195 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1196 This module should only be used for low power (router) devices
1197 without hardware AES acceleration (e.g. caam crypto). It reduces the
1198 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1199 timining attacks. Nevertheless it might be not as secure as other
1200 architecture specific assembler implementations that work on 1KB
1201 tables or 256 bytes S-boxes.
1202
584fffc8
SS		 1203config CRYPTO_ANUBIS
1204 tristate "Anubis cipher algorithm"
1674aea5 1205 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
584fffc8
SS		 1206 select CRYPTO_ALGAPI
1207 help
1208 Anubis cipher algorithm.
1209
1210 Anubis is a variable key length cipher which can use keys from
1211 128 bits to 320 bits in length. It was evaluated as a entrant
1212 in the NESSIE competition.
1213
1214 See also:
6d8de74c
JM		 1215 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1216 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 1217
1218config CRYPTO_ARC4
1219 tristate "ARC4 cipher algorithm"
9ace6771 1220 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
b95bba5d 1221 select CRYPTO_SKCIPHER
dc51f257 1222 select CRYPTO_LIB_ARC4
584fffc8
SS		 1223 help
1224 ARC4 cipher algorithm.
1225
1226 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1227 bits in length. This algorithm is required for driver-based
1228 WEP, but it should not be for other purposes because of the
1229 weakness of the algorithm.
1230
1231config CRYPTO_BLOWFISH
1232 tristate "Blowfish cipher algorithm"
1233 select CRYPTO_ALGAPI
52ba867c 1234 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 1235 help
1236 Blowfish cipher algorithm, by Bruce Schneier.
1237
1238 This is a variable key length cipher which can use keys from 32
1239 bits to 448 bits in length. It's fast, simple and specifically
1240 designed for use on "large microprocessors".
1241
1242 See also:
9332a9e7 1243 <https://www.schneier.com/blowfish.html>
584fffc8 1244
52ba867c
JK		 1245config CRYPTO_BLOWFISH_COMMON
1246 tristate
1247 help
1248 Common parts of the Blowfish cipher algorithm shared by the
1249 generic c and the assembler implementations.
1250
1251 See also:
9332a9e7 1252 <https://www.schneier.com/blowfish.html>
52ba867c 1253
64b94cea
JK		 1254config CRYPTO_BLOWFISH_X86_64
1255 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 1256 depends on X86 && 64BIT
b95bba5d 1257 select CRYPTO_SKCIPHER
64b94cea
JK		 1258 select CRYPTO_BLOWFISH_COMMON
1259 help
1260 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1261
1262 This is a variable key length cipher which can use keys from 32
1263 bits to 448 bits in length. It's fast, simple and specifically
1264 designed for use on "large microprocessors".
1265
1266 See also:
9332a9e7 1267 <https://www.schneier.com/blowfish.html>
64b94cea 1268
584fffc8
SS		 1269config CRYPTO_CAMELLIA
1270 tristate "Camellia cipher algorithms"
1271 depends on CRYPTO
1272 select CRYPTO_ALGAPI
1273 help
1274 Camellia cipher algorithms module.
1275
1276 Camellia is a symmetric key block cipher developed jointly
1277 at NTT and Mitsubishi Electric Corporation.
1278
1279 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1280
1281 See also:
1282 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1283
0b95ec56
JK		 1284config CRYPTO_CAMELLIA_X86_64
1285 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1286 depends on X86 && 64BIT
0b95ec56 1287 depends on CRYPTO
b95bba5d 1288 select CRYPTO_SKCIPHER
964263af 1289 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1290 help
1291 Camellia cipher algorithm module (x86_64).
1292
1293 Camellia is a symmetric key block cipher developed jointly
1294 at NTT and Mitsubishi Electric Corporation.
1295
1296 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1297
1298 See also:
d9b1d2e7
JK		 1299 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1300
1301config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1302 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1303 depends on X86 && 64BIT
1304 depends on CRYPTO
b95bba5d 1305 select CRYPTO_SKCIPHER
d9b1d2e7 1306 select CRYPTO_CAMELLIA_X86_64
44893bc2
EB		 1307 select CRYPTO_GLUE_HELPER_X86
1308 select CRYPTO_SIMD
d9b1d2e7
JK		 1309 select CRYPTO_XTS
1310 help
1311 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1312
1313 Camellia is a symmetric key block cipher developed jointly
1314 at NTT and Mitsubishi Electric Corporation.
1315
1316 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1317
1318 See also:
0b95ec56
JK		 1319 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1320
f3f935a7
JK		 1321config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1322 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1323 depends on X86 && 64BIT
1324 depends on CRYPTO
f3f935a7 1325 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
f3f935a7
JK		 1326 help
1327 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1328
1329 Camellia is a symmetric key block cipher developed jointly
1330 at NTT and Mitsubishi Electric Corporation.
1331
1332 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1333
1334 See also:
1335 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1336
81658ad0
DM		 1337config CRYPTO_CAMELLIA_SPARC64
1338 tristate "Camellia cipher algorithm (SPARC64)"
1339 depends on SPARC64
1340 depends on CRYPTO
1341 select CRYPTO_ALGAPI
b95bba5d 1342 select CRYPTO_SKCIPHER
81658ad0
DM		 1343 help
1344 Camellia cipher algorithm module (SPARC64).
1345
1346 Camellia is a symmetric key block cipher developed jointly
1347 at NTT and Mitsubishi Electric Corporation.
1348
1349 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1350
1351 See also:
1352 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1353
044ab525
JK		 1354config CRYPTO_CAST_COMMON
1355 tristate
1356 help
1357 Common parts of the CAST cipher algorithms shared by the
1358 generic c and the assembler implementations.
1359
1da177e4
LT		 1360config CRYPTO_CAST5
1361 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1362 select CRYPTO_ALGAPI
044ab525 1363 select CRYPTO_CAST_COMMON
1da177e4
LT		 1364 help
1365 The CAST5 encryption algorithm (synonymous with CAST-128) is
1366 described in RFC2144.
1367
4d6d6a2c
JG		 1368config CRYPTO_CAST5_AVX_X86_64
1369 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1370 depends on X86 && 64BIT
b95bba5d 1371 select CRYPTO_SKCIPHER
4d6d6a2c 1372 select CRYPTO_CAST5
1e63183a
EB		 1373 select CRYPTO_CAST_COMMON
1374 select CRYPTO_SIMD
4d6d6a2c
JG		 1375 help
1376 The CAST5 encryption algorithm (synonymous with CAST-128) is
1377 described in RFC2144.
1378
1379 This module provides the Cast5 cipher algorithm that processes
1380 sixteen blocks parallel using the AVX instruction set.
1381
1da177e4
LT		 1382config CRYPTO_CAST6
1383 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1384 select CRYPTO_ALGAPI
044ab525 1385 select CRYPTO_CAST_COMMON
1da177e4
LT		 1386 help
1387 The CAST6 encryption algorithm (synonymous with CAST-256) is
1388 described in RFC2612.
1389
4ea1277d
JG		 1390config CRYPTO_CAST6_AVX_X86_64
1391 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1392 depends on X86 && 64BIT
b95bba5d 1393 select CRYPTO_SKCIPHER
4ea1277d 1394 select CRYPTO_CAST6
4bd96924
EB		 1395 select CRYPTO_CAST_COMMON
1396 select CRYPTO_GLUE_HELPER_X86
1397 select CRYPTO_SIMD
4ea1277d
JG		 1398 select CRYPTO_XTS
1399 help
1400 The CAST6 encryption algorithm (synonymous with CAST-256) is
1401 described in RFC2612.
1402
1403 This module provides the Cast6 cipher algorithm that processes
1404 eight blocks parallel using the AVX instruction set.
1405
584fffc8
SS		 1406config CRYPTO_DES
1407 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1408 select CRYPTO_ALGAPI
04007b0e 1409 select CRYPTO_LIB_DES
1da177e4 1410 help
584fffc8 1411 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1412
c5aac2df
DM		 1413config CRYPTO_DES_SPARC64
1414 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1415 depends on SPARC64
c5aac2df 1416 select CRYPTO_ALGAPI
04007b0e 1417 select CRYPTO_LIB_DES
b95bba5d 1418 select CRYPTO_SKCIPHER
c5aac2df
DM		 1419 help
1420 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1421 optimized using SPARC64 crypto opcodes.
1422
6574e6c6
JK		 1423config CRYPTO_DES3_EDE_X86_64
1424 tristate "Triple DES EDE cipher algorithm (x86-64)"
1425 depends on X86 && 64BIT
b95bba5d 1426 select CRYPTO_SKCIPHER
04007b0e 1427 select CRYPTO_LIB_DES
6574e6c6
JK		 1428 help
1429 Triple DES EDE (FIPS 46-3) algorithm.
1430
1431 This module provides implementation of the Triple DES EDE cipher
1432 algorithm that is optimized for x86-64 processors. Two versions of
1433 algorithm are provided; regular processing one input block and
1434 one that processes three blocks parallel.
1435
584fffc8
SS		 1436config CRYPTO_FCRYPT
1437 tristate "FCrypt cipher algorithm"
cce9e06d 1438 select CRYPTO_ALGAPI
b95bba5d 1439 select CRYPTO_SKCIPHER
1da177e4 1440 help
584fffc8 1441 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1442
1443config CRYPTO_KHAZAD
1444 tristate "Khazad cipher algorithm"
1674aea5 1445 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1446 select CRYPTO_ALGAPI
1da177e4
LT		 1447 help
1448 Khazad cipher algorithm.
1449
1450 Khazad was a finalist in the initial NESSIE competition. It is
1451 an algorithm optimized for 64-bit processors with good performance
1452 on 32-bit processors. Khazad uses an 128 bit key size.
1453
1454 See also:
6d8de74c 1455 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1456
2407d608 1457config CRYPTO_SALSA20
3b4afaf2 1458 tristate "Salsa20 stream cipher algorithm"
b95bba5d 1459 select CRYPTO_SKCIPHER
2407d608
TSH		 1460 help
1461 Salsa20 stream cipher algorithm.
1462
1463 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
9332a9e7 1464 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1465
1466 The Salsa20 stream cipher algorithm is designed by Daniel J.
9332a9e7 1467 Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html>
974e4b75 1468
c08d0e64 1469config CRYPTO_CHACHA20
aa762409 1470 tristate "ChaCha stream cipher algorithms"
5fb8ef25 1471 select CRYPTO_LIB_CHACHA_GENERIC
b95bba5d 1472 select CRYPTO_SKCIPHER
c08d0e64 1473 help
aa762409 1474 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
c08d0e64
MW		 1475
1476 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1477 Bernstein and further specified in RFC7539 for use in IETF protocols.
de61d7ae 1478 This is the portable C implementation of ChaCha20. See also:
9332a9e7 1479 <https://cr.yp.to/chacha/chacha-20080128.pdf>
c08d0e64 1480
de61d7ae
EB		 1481 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1482 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1483 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1484 while provably retaining ChaCha20's security. See also:
1485 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1486
aa762409
EB		 1487 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1488 reduced security margin but increased performance. It can be needed
1489 in some performance-sensitive scenarios.
1490
c9320b6d 1491config CRYPTO_CHACHA20_X86_64
4af78261 1492 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
c9320b6d 1493 depends on X86 && 64BIT
b95bba5d 1494 select CRYPTO_SKCIPHER
28e8d89b 1495 select CRYPTO_LIB_CHACHA_GENERIC
84e03fa3 1496 select CRYPTO_ARCH_HAVE_LIB_CHACHA
c9320b6d 1497 help
7a507d62
EB		 1498 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1499 XChaCha20, and XChaCha12 stream ciphers.
c9320b6d 1500
3a2f58f3
AB		 1501config CRYPTO_CHACHA_MIPS
1502 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1503 depends on CPU_MIPS32_R2
660eda8d 1504 select CRYPTO_SKCIPHER
3a2f58f3
AB		 1505 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1506
584fffc8
SS		 1507config CRYPTO_SEED
1508 tristate "SEED cipher algorithm"
1674aea5 1509 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1510 select CRYPTO_ALGAPI
1da177e4 1511 help
584fffc8 1512 SEED cipher algorithm (RFC4269).
1da177e4 1513
584fffc8
SS		 1514 SEED is a 128-bit symmetric key block cipher that has been
1515 developed by KISA (Korea Information Security Agency) as a
1516 national standard encryption algorithm of the Republic of Korea.
1517 It is a 16 round block cipher with the key size of 128 bit.
1518
1519 See also:
1520 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1521
1522config CRYPTO_SERPENT
1523 tristate "Serpent cipher algorithm"
cce9e06d 1524 select CRYPTO_ALGAPI
1da177e4 1525 help
584fffc8 1526 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1527
584fffc8
SS		 1528 Keys are allowed to be from 0 to 256 bits in length, in steps
1529 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1530 variant of Serpent for compatibility with old kerneli.org code.
1531
1532 See also:
9332a9e7 1533 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
584fffc8 1534
937c30d7
JK		 1535config CRYPTO_SERPENT_SSE2_X86_64
1536 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1537 depends on X86 && 64BIT
b95bba5d 1538 select CRYPTO_SKCIPHER
596d8750 1539 select CRYPTO_GLUE_HELPER_X86
937c30d7 1540 select CRYPTO_SERPENT
e0f409dc 1541 select CRYPTO_SIMD
937c30d7
JK		 1542 help
1543 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544
1545 Keys are allowed to be from 0 to 256 bits in length, in steps
1546 of 8 bits.
1547
1e6232f8 1548 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1549 blocks parallel using SSE2 instruction set.
1550
1551 See also:
9332a9e7 1552 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
937c30d7 1553
251496db
JK		 1554config CRYPTO_SERPENT_SSE2_586
1555 tristate "Serpent cipher algorithm (i586/SSE2)"
1556 depends on X86 && !64BIT
b95bba5d 1557 select CRYPTO_SKCIPHER
596d8750 1558 select CRYPTO_GLUE_HELPER_X86
251496db 1559 select CRYPTO_SERPENT
e0f409dc 1560 select CRYPTO_SIMD
251496db
JK		 1561 help
1562 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1563
1564 Keys are allowed to be from 0 to 256 bits in length, in steps
1565 of 8 bits.
1566
1567 This module provides Serpent cipher algorithm that processes four
1568 blocks parallel using SSE2 instruction set.
1569
1570 See also:
9332a9e7 1571 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1572
1573config CRYPTO_SERPENT_AVX_X86_64
1574 tristate "Serpent cipher algorithm (x86_64/AVX)"
1575 depends on X86 && 64BIT
b95bba5d 1576 select CRYPTO_SKCIPHER
1d0debbd 1577 select CRYPTO_GLUE_HELPER_X86
7efe4076 1578 select CRYPTO_SERPENT
e16bf974 1579 select CRYPTO_SIMD
7efe4076
JG		 1580 select CRYPTO_XTS
1581 help
1582 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1583
1584 Keys are allowed to be from 0 to 256 bits in length, in steps
1585 of 8 bits.
1586
1587 This module provides the Serpent cipher algorithm that processes
1588 eight blocks parallel using the AVX instruction set.
1589
1590 See also:
9332a9e7 1591 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1592
56d76c96
JK		 1593config CRYPTO_SERPENT_AVX2_X86_64
1594 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1595 depends on X86 && 64BIT
56d76c96 1596 select CRYPTO_SERPENT_AVX_X86_64
56d76c96
JK		 1597 help
1598 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1599
1600 Keys are allowed to be from 0 to 256 bits in length, in steps
1601 of 8 bits.
1602
1603 This module provides Serpent cipher algorithm that processes 16
1604 blocks parallel using AVX2 instruction set.
1605
1606 See also:
9332a9e7 1607 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
56d76c96 1608
747c8ce4
GBY		 1609config CRYPTO_SM4
1610 tristate "SM4 cipher algorithm"
1611 select CRYPTO_ALGAPI
1612 help
1613 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1614
1615 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1616 Organization of State Commercial Administration of China (OSCCA)
1617 as an authorized cryptographic algorithms for the use within China.
1618
1619 SMS4 was originally created for use in protecting wireless
1620 networks, and is mandated in the Chinese National Standard for
1621 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1622 (GB.15629.11-2003).
1623
1624 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1625 standardized through TC 260 of the Standardization Administration
1626 of the People's Republic of China (SAC).
1627
1628 The input, output, and key of SMS4 are each 128 bits.
1629
1630 See also: <https://eprint.iacr.org/2008/329.pdf>
1631
1632 If unsure, say N.
1633
584fffc8
SS		 1634config CRYPTO_TEA
1635 tristate "TEA, XTEA and XETA cipher algorithms"
1674aea5 1636 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
cce9e06d 1637 select CRYPTO_ALGAPI
1da177e4 1638 help
584fffc8 1639 TEA cipher algorithm.
1da177e4 1640
584fffc8
SS		 1641 Tiny Encryption Algorithm is a simple cipher that uses
1642 many rounds for security. It is very fast and uses
1643 little memory.
1644
1645 Xtendend Tiny Encryption Algorithm is a modification to
1646 the TEA algorithm to address a potential key weakness
1647 in the TEA algorithm.
1648
1649 Xtendend Encryption Tiny Algorithm is a mis-implementation
1650 of the XTEA algorithm for compatibility purposes.
1651
1652config CRYPTO_TWOFISH
1653 tristate "Twofish cipher algorithm"
04ac7db3 1654 select CRYPTO_ALGAPI
584fffc8 1655 select CRYPTO_TWOFISH_COMMON
04ac7db3 1656 help
584fffc8 1657 Twofish cipher algorithm.
04ac7db3 1658
584fffc8
SS		 1659 Twofish was submitted as an AES (Advanced Encryption Standard)
1660 candidate cipher by researchers at CounterPane Systems. It is a
1661 16 round block cipher supporting key sizes of 128, 192, and 256
1662 bits.
04ac7db3 1663
584fffc8 1664 See also:
9332a9e7 1665 <https://www.schneier.com/twofish.html>
584fffc8
SS		 1666
1667config CRYPTO_TWOFISH_COMMON
1668 tristate
1669 help
1670 Common parts of the Twofish cipher algorithm shared by the
1671 generic c and the assembler implementations.
1672
1673config CRYPTO_TWOFISH_586
1674 tristate "Twofish cipher algorithms (i586)"
1675 depends on (X86 || UML_X86) && !64BIT
1676 select CRYPTO_ALGAPI
1677 select CRYPTO_TWOFISH_COMMON
1678 help
1679 Twofish cipher algorithm.
1680
1681 Twofish was submitted as an AES (Advanced Encryption Standard)
1682 candidate cipher by researchers at CounterPane Systems. It is a
1683 16 round block cipher supporting key sizes of 128, 192, and 256
1684 bits.
04ac7db3
NT		 1685
1686 See also:
9332a9e7 1687 <https://www.schneier.com/twofish.html>
04ac7db3 1688
584fffc8
SS		 1689config CRYPTO_TWOFISH_X86_64
1690 tristate "Twofish cipher algorithm (x86_64)"
1691 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1692 select CRYPTO_ALGAPI
584fffc8 1693 select CRYPTO_TWOFISH_COMMON
1da177e4 1694 help
584fffc8 1695 Twofish cipher algorithm (x86_64).
1da177e4 1696
584fffc8
SS		 1697 Twofish was submitted as an AES (Advanced Encryption Standard)
1698 candidate cipher by researchers at CounterPane Systems. It is a
1699 16 round block cipher supporting key sizes of 128, 192, and 256
1700 bits.
1701
1702 See also:
9332a9e7 1703 <https://www.schneier.com/twofish.html>
584fffc8 1704
8280daad
JK		 1705config CRYPTO_TWOFISH_X86_64_3WAY
1706 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1707 depends on X86 && 64BIT
b95bba5d 1708 select CRYPTO_SKCIPHER
8280daad
JK		 1709 select CRYPTO_TWOFISH_COMMON
1710 select CRYPTO_TWOFISH_X86_64
414cb5e7 1711 select CRYPTO_GLUE_HELPER_X86
8280daad
JK		 1712 help
1713 Twofish cipher algorithm (x86_64, 3-way parallel).
1714
1715 Twofish was submitted as an AES (Advanced Encryption Standard)
1716 candidate cipher by researchers at CounterPane Systems. It is a
1717 16 round block cipher supporting key sizes of 128, 192, and 256
1718 bits.
1719
1720 This module provides Twofish cipher algorithm that processes three
1721 blocks parallel, utilizing resources of out-of-order CPUs better.
1722
1723 See also:
9332a9e7 1724 <https://www.schneier.com/twofish.html>
8280daad 1725
107778b5
JG		 1726config CRYPTO_TWOFISH_AVX_X86_64
1727 tristate "Twofish cipher algorithm (x86_64/AVX)"
1728 depends on X86 && 64BIT
b95bba5d 1729 select CRYPTO_SKCIPHER
a7378d4e 1730 select CRYPTO_GLUE_HELPER_X86
0e6ab46d 1731 select CRYPTO_SIMD
107778b5
JG		 1732 select CRYPTO_TWOFISH_COMMON
1733 select CRYPTO_TWOFISH_X86_64
1734 select CRYPTO_TWOFISH_X86_64_3WAY
107778b5
JG		 1735 help
1736 Twofish cipher algorithm (x86_64/AVX).
1737
1738 Twofish was submitted as an AES (Advanced Encryption Standard)
1739 candidate cipher by researchers at CounterPane Systems. It is a
1740 16 round block cipher supporting key sizes of 128, 192, and 256
1741 bits.
1742
1743 This module provides the Twofish cipher algorithm that processes
1744 eight blocks parallel using the AVX Instruction Set.
1745
1746 See also:
9332a9e7 1747 <https://www.schneier.com/twofish.html>
107778b5 1748
584fffc8
SS		 1749comment "Compression"
1750
1751config CRYPTO_DEFLATE
1752 tristate "Deflate compression algorithm"
1753 select CRYPTO_ALGAPI
f6ded09d 1754 select CRYPTO_ACOMP2
584fffc8
SS		 1755 select ZLIB_INFLATE
1756 select ZLIB_DEFLATE
3c09f17c 1757 help
584fffc8
SS		 1758 This is the Deflate algorithm (RFC1951), specified for use in
1759 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1760
1761 You will most probably want this if using IPSec.
3c09f17c 1762
0b77abb3
ZS		 1763config CRYPTO_LZO
1764 tristate "LZO compression algorithm"
1765 select CRYPTO_ALGAPI
ac9d2c4b 1766 select CRYPTO_ACOMP2
0b77abb3
ZS		 1767 select LZO_COMPRESS
1768 select LZO_DECOMPRESS
1769 help
1770 This is the LZO algorithm.
1771
35a1fc18
SJ		 1772config CRYPTO_842
1773 tristate "842 compression algorithm"
2062c5b6 1774 select CRYPTO_ALGAPI
6a8de3ae 1775 select CRYPTO_ACOMP2
2062c5b6
DS		 1776 select 842_COMPRESS
1777 select 842_DECOMPRESS
35a1fc18
SJ		 1778 help
1779 This is the 842 algorithm.
0ea8530d
CM		 1780
1781config CRYPTO_LZ4
1782 tristate "LZ4 compression algorithm"
1783 select CRYPTO_ALGAPI
8cd9330e 1784 select CRYPTO_ACOMP2
0ea8530d
CM		 1785 select LZ4_COMPRESS
1786 select LZ4_DECOMPRESS
1787 help
1788 This is the LZ4 algorithm.
1789
1790config CRYPTO_LZ4HC
1791 tristate "LZ4HC compression algorithm"
1792 select CRYPTO_ALGAPI
91d53d96 1793 select CRYPTO_ACOMP2
0ea8530d
CM		 1794 select LZ4HC_COMPRESS
1795 select LZ4_DECOMPRESS
1796 help
1797 This is the LZ4 high compression mode algorithm.
35a1fc18 1798
d28fc3db
NT		 1799config CRYPTO_ZSTD
1800 tristate "Zstd compression algorithm"
1801 select CRYPTO_ALGAPI
1802 select CRYPTO_ACOMP2
1803 select ZSTD_COMPRESS
1804 select ZSTD_DECOMPRESS
1805 help
1806 This is the zstd algorithm.
1807
17f0f4a4
NH		 1808comment "Random Number Generation"
1809
1810config CRYPTO_ANSI_CPRNG
1811 tristate "Pseudo Random Number Generation for Cryptographic modules"
1812 select CRYPTO_AES
1813 select CRYPTO_RNG
17f0f4a4
NH		 1814 help
1815 This option enables the generic pseudo random number generator
1816 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1817 ANSI X9.31 A.2.4. Note that this option must be enabled if
1818 CRYPTO_FIPS is selected
17f0f4a4 1819
f2c89a10 1820menuconfig CRYPTO_DRBG_MENU
419090c6 1821 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1822 help
1823 NIST SP800-90A compliant DRBG. In the following submenu, one or
1824 more of the DRBG types must be selected.
1825
f2c89a10 1826if CRYPTO_DRBG_MENU
419090c6
SM		 1827
1828config CRYPTO_DRBG_HMAC
401e4238 1829 bool
419090c6 1830 default y
419090c6 1831 select CRYPTO_HMAC
826775bb 1832 select CRYPTO_SHA256
419090c6
SM		 1833
1834config CRYPTO_DRBG_HASH
1835 bool "Enable Hash DRBG"
826775bb 1836 select CRYPTO_SHA256
419090c6
SM		 1837 help
1838 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1839
1840config CRYPTO_DRBG_CTR
1841 bool "Enable CTR DRBG"
419090c6 1842 select CRYPTO_AES
d6fc1a45 1843 select CRYPTO_CTR
419090c6
SM		 1844 help
1845 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1846
f2c89a10
HX		 1847config CRYPTO_DRBG
1848 tristate
401e4238 1849 default CRYPTO_DRBG_MENU
f2c89a10 1850 select CRYPTO_RNG
bb5530e4 1851 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1852
1853endif # if CRYPTO_DRBG_MENU
419090c6 1854
bb5530e4
SM		 1855config CRYPTO_JITTERENTROPY
1856 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1857 select CRYPTO_RNG
bb5530e4
SM		 1858 help
1859 The Jitterentropy RNG is a noise that is intended
1860 to provide seed to another RNG. The RNG does not
1861 perform any cryptographic whitening of the generated
1862 random numbers. This Jitterentropy RNG registers with
1863 the kernel crypto API and can be used by any caller.
1864
03c8efc1
HX		 1865config CRYPTO_USER_API
1866 tristate
1867
fe869cdb
HX		 1868config CRYPTO_USER_API_HASH
1869 tristate "User-space interface for hash algorithms"
7451708f 1870 depends on NET
fe869cdb
HX		 1871 select CRYPTO_HASH
1872 select CRYPTO_USER_API
1873 help
1874 This option enables the user-spaces interface for hash
1875 algorithms.
1876
8ff59090
HX		 1877config CRYPTO_USER_API_SKCIPHER
1878 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1879 depends on NET
b95bba5d 1880 select CRYPTO_SKCIPHER
8ff59090
HX		 1881 select CRYPTO_USER_API
1882 help
1883 This option enables the user-spaces interface for symmetric
1884 key cipher algorithms.
1885
2f375538
SM		 1886config CRYPTO_USER_API_RNG
1887 tristate "User-space interface for random number generator algorithms"
1888 depends on NET
1889 select CRYPTO_RNG
1890 select CRYPTO_USER_API
1891 help
1892 This option enables the user-spaces interface for random
1893 number generator algorithms.
1894
77ebdabe
EP		 1895config CRYPTO_USER_API_RNG_CAVP
1896 bool "Enable CAVP testing of DRBG"
1897 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1898 help
1899 This option enables extra API for CAVP testing via the user-space
1900 interface: resetting of DRBG entropy, and providing Additional Data.
1901 This should only be enabled for CAVP testing. You should say
1902 no unless you know what this is.
1903
b64a2d95
HX		 1904config CRYPTO_USER_API_AEAD
1905 tristate "User-space interface for AEAD cipher algorithms"
1906 depends on NET
1907 select CRYPTO_AEAD
b95bba5d 1908 select CRYPTO_SKCIPHER
72548b09 1909 select CRYPTO_NULL
b64a2d95
HX		 1910 select CRYPTO_USER_API
1911 help
1912 This option enables the user-spaces interface for AEAD
1913 cipher algorithms.
1914
9ace6771
AB		 1915config CRYPTO_USER_API_ENABLE_OBSOLETE
1916 bool "Enable obsolete cryptographic algorithms for userspace"
1917 depends on CRYPTO_USER_API
1918 default y
1919 help
1920 Allow obsolete cryptographic algorithms to be selected that have
1921 already been phased out from internal use by the kernel, and are
1922 only useful for userspace clients that still rely on them.
1923
cac5818c
CL		 1924config CRYPTO_STATS
1925 bool "Crypto usage statistics for User-space"
a6a31385 1926 depends on CRYPTO_USER
cac5818c
CL		 1927 help
1928 This option enables the gathering of crypto stats.
1929 This will collect:
1930 - encrypt/decrypt size and numbers of symmeric operations
1931 - compress/decompress size and numbers of compress operations
1932 - size and numbers of hash operations
1933 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1934 - generate/seed numbers for rng operations
1935
ee08997f
DK		 1936config CRYPTO_HASH_INFO
1937 bool
1938
746b2e02 1939source "lib/crypto/Kconfig"
1da177e4 1940source "drivers/crypto/Kconfig"
8636a1f9
MY		 1941source "crypto/asymmetric_keys/Kconfig"
1942source "certs/Kconfig"
1da177e4 1943
cce9e06d 1944endif # if CRYPTO
Linux 6.x block layer and io_uring tree(s)