projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: ecc - make ecc into separate module
[linux-block.git] / crypto / Kconfig
CommitLineData
b2441318 1# SPDX-License-Identifier: GPL-2.0
685784aa
DW		 2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6 tristate
7
1da177e4 8#
9bc89cd8 9# async_tx api: hardware offloaded memory transfer/transform support
1da177e4 10#
9bc89cd8 11source "crypto/async_tx/Kconfig"
1da177e4 12
9bc89cd8
DW		 13#
14# Cryptographic API Configuration
15#
2e290f43 16menuconfig CRYPTO
c3715cb9 17 tristate "Cryptographic API"
1da177e4
LT		 18 help
19 This option provides the core Cryptographic API.
20
cce9e06d
HX		 21if CRYPTO
22
584fffc8
SS		 23comment "Crypto core or helper"
24
ccb778e1
NH		 25config CRYPTO_FIPS
26 bool "FIPS 200 compliance"
f2c89a10 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
1f696097 28 depends on (MODULE_SIG || !MODULES)
ccb778e1 29 help
d99324c2
GU		 30 This option enables the fips boot option which is
31 required if you want the system to operate in a FIPS 200
ccb778e1 32 certification. You should say no unless you know what
e84c5480 33 this is.
ccb778e1 34
cce9e06d
HX		 35config CRYPTO_ALGAPI
36 tristate
6a0fcbb4 37 select CRYPTO_ALGAPI2
cce9e06d
HX		 38 help
39 This option provides the API for cryptographic algorithms.
40
6a0fcbb4
HX		 41config CRYPTO_ALGAPI2
42 tristate
43
1ae97820
HX		 44config CRYPTO_AEAD
45 tristate
6a0fcbb4 46 select CRYPTO_AEAD2
1ae97820
HX		 47 select CRYPTO_ALGAPI
48
6a0fcbb4
HX		 49config CRYPTO_AEAD2
50 tristate
51 select CRYPTO_ALGAPI2
149a3971
HX		 52 select CRYPTO_NULL2
53 select CRYPTO_RNG2
6a0fcbb4 54
5cde0af2
HX		 55config CRYPTO_BLKCIPHER
56 tristate
6a0fcbb4 57 select CRYPTO_BLKCIPHER2
5cde0af2 58 select CRYPTO_ALGAPI
6a0fcbb4
HX		 59
60config CRYPTO_BLKCIPHER2
61 tristate
62 select CRYPTO_ALGAPI2
63 select CRYPTO_RNG2
0a2e821d 64 select CRYPTO_WORKQUEUE
5cde0af2 65
055bcee3
HX		 66config CRYPTO_HASH
67 tristate
6a0fcbb4 68 select CRYPTO_HASH2
055bcee3
HX		 69 select CRYPTO_ALGAPI
70
6a0fcbb4
HX		 71config CRYPTO_HASH2
72 tristate
73 select CRYPTO_ALGAPI2
74
17f0f4a4
NH		 75config CRYPTO_RNG
76 tristate
6a0fcbb4 77 select CRYPTO_RNG2
17f0f4a4
NH		 78 select CRYPTO_ALGAPI
79
6a0fcbb4
HX		 80config CRYPTO_RNG2
81 tristate
82 select CRYPTO_ALGAPI2
83
401e4238
HX		 84config CRYPTO_RNG_DEFAULT
85 tristate
86 select CRYPTO_DRBG_MENU
87
3c339ab8
TS		 88config CRYPTO_AKCIPHER2
89 tristate
90 select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93 tristate
94 select CRYPTO_AKCIPHER2
95 select CRYPTO_ALGAPI
96
4e5f2c40
SB		 97config CRYPTO_KPP2
98 tristate
99 select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102 tristate
103 select CRYPTO_ALGAPI
104 select CRYPTO_KPP2
105
2ebda74f
GC		 106config CRYPTO_ACOMP2
107 tristate
108 select CRYPTO_ALGAPI2
8cd579d2 109 select SGL_ALLOC
2ebda74f
GC		 110
111config CRYPTO_ACOMP
112 tristate
113 select CRYPTO_ALGAPI
114 select CRYPTO_ACOMP2
115
2b8c19db
HX		 116config CRYPTO_MANAGER
117 tristate "Cryptographic algorithm manager"
6a0fcbb4 118 select CRYPTO_MANAGER2
2b8c19db
HX		 119 help
120 Create default cryptographic template instantiations such as
121 cbc(aes).
122
6a0fcbb4
HX		 123config CRYPTO_MANAGER2
124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
125 select CRYPTO_AEAD2
126 select CRYPTO_HASH2
127 select CRYPTO_BLKCIPHER2
946cc463 128 select CRYPTO_AKCIPHER2
4e5f2c40 129 select CRYPTO_KPP2
2ebda74f 130 select CRYPTO_ACOMP2
6a0fcbb4 131
a38f7907
SK		 132config CRYPTO_USER
133 tristate "Userspace cryptographic algorithm configuration"
5db017aa 134 depends on NET
a38f7907
SK		 135 select CRYPTO_MANAGER
136 help
d19978f5 137 Userspace configuration for cryptographic instantiations such as
a38f7907
SK		 138 cbc(aes).
139
326a6346
HX		 140config CRYPTO_MANAGER_DISABLE_TESTS
141 bool "Disable run-time self tests"
00ca28a5
HX		 142 default y
143 depends on CRYPTO_MANAGER2
0b767f96 144 help
326a6346
HX		 145 Disable run-time self tests that normally take place at
146 algorithm registration.
0b767f96 147
5b2706a4
EB		 148config CRYPTO_MANAGER_EXTRA_TESTS
149 bool "Enable extra run-time crypto self tests"
150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
151 help
152 Enable extra run-time self tests of registered crypto algorithms,
153 including randomized fuzz tests.
154
155 This is intended for developer use only, as these tests take much
156 longer to run than the normal self tests.
157
584fffc8 158config CRYPTO_GF128MUL
08c70fc3 159 tristate "GF(2^128) multiplication functions"
333b0d7e 160 help
584fffc8
SS		 161 Efficient table driven implementation of multiplications in the
162 field GF(2^128). This is needed by some cypher modes. This
163 option will be selected automatically if you select such a
164 cipher mode. Only select this option by hand if you expect to load
165 an external module that requires these functions.
333b0d7e 166
1da177e4
LT		 167config CRYPTO_NULL
168 tristate "Null algorithms"
149a3971 169 select CRYPTO_NULL2
1da177e4
LT		 170 help
171 These are 'Null' algorithms, used by IPsec, which do nothing.
172
149a3971 173config CRYPTO_NULL2
dd43c4e9 174 tristate
149a3971
HX		 175 select CRYPTO_ALGAPI2
176 select CRYPTO_BLKCIPHER2
177 select CRYPTO_HASH2
178
5068c7a8 179config CRYPTO_PCRYPT
3b4afaf2
KC		 180 tristate "Parallel crypto engine"
181 depends on SMP
5068c7a8
SK		 182 select PADATA
183 select CRYPTO_MANAGER
184 select CRYPTO_AEAD
185 help
186 This converts an arbitrary crypto algorithm into a parallel
187 algorithm that executes in kernel threads.
188
25c38d3f
HY		 189config CRYPTO_WORKQUEUE
190 tristate
191
584fffc8
SS		 192config CRYPTO_CRYPTD
193 tristate "Software async crypto daemon"
194 select CRYPTO_BLKCIPHER
b8a28251 195 select CRYPTO_HASH
584fffc8 196 select CRYPTO_MANAGER
254eff77 197 select CRYPTO_WORKQUEUE
1da177e4 198 help
584fffc8
SS		 199 This is a generic software asynchronous crypto daemon that
200 converts an arbitrary synchronous software crypto algorithm
201 into an asynchronous algorithm that executes in a kernel thread.
1da177e4 202
584fffc8
SS		 203config CRYPTO_AUTHENC
204 tristate "Authenc support"
205 select CRYPTO_AEAD
206 select CRYPTO_BLKCIPHER
207 select CRYPTO_MANAGER
208 select CRYPTO_HASH
e94c6a7a 209 select CRYPTO_NULL
1da177e4 210 help
584fffc8
SS		 211 Authenc: Combined mode wrapper for IPsec.
212 This is required for IPSec.
1da177e4 213
584fffc8
SS		 214config CRYPTO_TEST
215 tristate "Testing module"
216 depends on m
da7f033d 217 select CRYPTO_MANAGER
1da177e4 218 help
584fffc8 219 Quick & dirty crypto test module.
1da177e4 220
266d0516
HX		 221config CRYPTO_SIMD
222 tristate
ffaf9156
JK		 223 select CRYPTO_CRYPTD
224
596d8750
JK		 225config CRYPTO_GLUE_HELPER_X86
226 tristate
227 depends on X86
065ce327 228 select CRYPTO_BLKCIPHER
596d8750 229
735d37b5
BW		 230config CRYPTO_ENGINE
231 tristate
232
3d6228a5
VC		 233comment "Public-key cryptography"
234
235config CRYPTO_RSA
236 tristate "RSA algorithm"
237 select CRYPTO_AKCIPHER
238 select CRYPTO_MANAGER
239 select MPILIB
240 select ASN1
241 help
242 Generic implementation of the RSA public key algorithm.
243
244config CRYPTO_DH
245 tristate "Diffie-Hellman algorithm"
246 select CRYPTO_KPP
247 select MPILIB
248 help
249 Generic implementation of the Diffie-Hellman algorithm.
250
4a2289da
VC		 251config CRYPTO_ECC
252 tristate
253
3d6228a5
VC		 254config CRYPTO_ECDH
255 tristate "ECDH algorithm"
4a2289da 256 select CRYPTO_ECC
3d6228a5
VC		 257 select CRYPTO_KPP
258 select CRYPTO_RNG_DEFAULT
259 help
260 Generic implementation of the ECDH algorithm
261
584fffc8 262comment "Authenticated Encryption with Associated Data"
cd12fb90 263
584fffc8
SS		 264config CRYPTO_CCM
265 tristate "CCM support"
266 select CRYPTO_CTR
f15f05b0 267 select CRYPTO_HASH
584fffc8 268 select CRYPTO_AEAD
1da177e4 269 help
584fffc8 270 Support for Counter with CBC MAC. Required for IPsec.
1da177e4 271
584fffc8
SS		 272config CRYPTO_GCM
273 tristate "GCM/GMAC support"
274 select CRYPTO_CTR
275 select CRYPTO_AEAD
9382d97a 276 select CRYPTO_GHASH
9489667d 277 select CRYPTO_NULL
1da177e4 278 help
584fffc8
SS		 279 Support for Galois/Counter Mode (GCM) and Galois Message
280 Authentication Code (GMAC). Required for IPSec.
1da177e4 281
71ebc4d1
MW		 282config CRYPTO_CHACHA20POLY1305
283 tristate "ChaCha20-Poly1305 AEAD support"
284 select CRYPTO_CHACHA20
285 select CRYPTO_POLY1305
286 select CRYPTO_AEAD
287 help
288 ChaCha20-Poly1305 AEAD support, RFC7539.
289
290 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
291 with the Poly1305 authenticator. It is defined in RFC7539 for use in
292 IETF protocols.
293
f606a88e
OM		 294config CRYPTO_AEGIS128
295 tristate "AEGIS-128 AEAD algorithm"
296 select CRYPTO_AEAD
297 select CRYPTO_AES # for AES S-box tables
298 help
299 Support for the AEGIS-128 dedicated AEAD algorithm.
300
301config CRYPTO_AEGIS128L
302 tristate "AEGIS-128L AEAD algorithm"
303 select CRYPTO_AEAD
304 select CRYPTO_AES # for AES S-box tables
305 help
306 Support for the AEGIS-128L dedicated AEAD algorithm.
307
308config CRYPTO_AEGIS256
309 tristate "AEGIS-256 AEAD algorithm"
310 select CRYPTO_AEAD
311 select CRYPTO_AES # for AES S-box tables
312 help
313 Support for the AEGIS-256 dedicated AEAD algorithm.
314
1d373d4e
OM		 315config CRYPTO_AEGIS128_AESNI_SSE2
316 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
317 depends on X86 && 64BIT
318 select CRYPTO_AEAD
de272ca7 319 select CRYPTO_SIMD
1d373d4e 320 help
4e5180eb 321 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
1d373d4e
OM		 322
323config CRYPTO_AEGIS128L_AESNI_SSE2
324 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
325 depends on X86 && 64BIT
326 select CRYPTO_AEAD
d628132a 327 select CRYPTO_SIMD
1d373d4e 328 help
4e5180eb 329 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
1d373d4e
OM		 330
331config CRYPTO_AEGIS256_AESNI_SSE2
332 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
333 depends on X86 && 64BIT
334 select CRYPTO_AEAD
b6708c2d 335 select CRYPTO_SIMD
1d373d4e 336 help
4e5180eb 337 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
1d373d4e 338
396be41f
OM		 339config CRYPTO_MORUS640
340 tristate "MORUS-640 AEAD algorithm"
341 select CRYPTO_AEAD
342 help
343 Support for the MORUS-640 dedicated AEAD algorithm.
344
56e8e57f 345config CRYPTO_MORUS640_GLUE
2808f173
OM		 346 tristate
347 depends on X86
56e8e57f 348 select CRYPTO_AEAD
47730958 349 select CRYPTO_SIMD
56e8e57f
OM		 350 help
351 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
352 algorithm.
353
6ecc9d9f
OM		 354config CRYPTO_MORUS640_SSE2
355 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
356 depends on X86 && 64BIT
357 select CRYPTO_AEAD
358 select CRYPTO_MORUS640_GLUE
359 help
360 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
361
396be41f
OM		 362config CRYPTO_MORUS1280
363 tristate "MORUS-1280 AEAD algorithm"
364 select CRYPTO_AEAD
365 help
366 Support for the MORUS-1280 dedicated AEAD algorithm.
367
56e8e57f 368config CRYPTO_MORUS1280_GLUE
2808f173
OM		 369 tristate
370 depends on X86
56e8e57f 371 select CRYPTO_AEAD
e151a8d2 372 select CRYPTO_SIMD
56e8e57f
OM		 373 help
374 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
6ecc9d9f
OM		 375 algorithm.
376
377config CRYPTO_MORUS1280_SSE2
378 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
379 depends on X86 && 64BIT
380 select CRYPTO_AEAD
381 select CRYPTO_MORUS1280_GLUE
382 help
383 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
384 algorithm.
385
386config CRYPTO_MORUS1280_AVX2
387 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
388 depends on X86 && 64BIT
389 select CRYPTO_AEAD
390 select CRYPTO_MORUS1280_GLUE
391 help
392 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
56e8e57f
OM		 393 algorithm.
394
584fffc8
SS		 395config CRYPTO_SEQIV
396 tristate "Sequence Number IV Generator"
397 select CRYPTO_AEAD
398 select CRYPTO_BLKCIPHER
856e3f40 399 select CRYPTO_NULL
401e4238 400 select CRYPTO_RNG_DEFAULT
1da177e4 401 help
584fffc8
SS		 402 This IV generator generates an IV based on a sequence number by
403 xoring it with a salt. This algorithm is mainly useful for CTR
1da177e4 404
a10f554f
HX		 405config CRYPTO_ECHAINIV
406 tristate "Encrypted Chain IV Generator"
407 select CRYPTO_AEAD
408 select CRYPTO_NULL
401e4238 409 select CRYPTO_RNG_DEFAULT
3491244c 410 default m
a10f554f
HX		 411 help
412 This IV generator generates an IV based on the encryption of
413 a sequence number xored with a salt. This is the default
414 algorithm for CBC.
415
584fffc8 416comment "Block modes"
c494e070 417
584fffc8
SS		 418config CRYPTO_CBC
419 tristate "CBC support"
db131ef9 420 select CRYPTO_BLKCIPHER
43518407 421 select CRYPTO_MANAGER
db131ef9 422 help
584fffc8
SS		 423 CBC: Cipher Block Chaining mode
424 This block cipher algorithm is required for IPSec.
db131ef9 425
a7d85e06
JB		 426config CRYPTO_CFB
427 tristate "CFB support"
428 select CRYPTO_BLKCIPHER
429 select CRYPTO_MANAGER
430 help
431 CFB: Cipher FeedBack mode
432 This block cipher algorithm is required for TPM2 Cryptography.
433
584fffc8
SS		 434config CRYPTO_CTR
435 tristate "CTR support"
db131ef9 436 select CRYPTO_BLKCIPHER
584fffc8 437 select CRYPTO_SEQIV
43518407 438 select CRYPTO_MANAGER
db131ef9 439 help
584fffc8 440 CTR: Counter mode
db131ef9
HX		 441 This block cipher algorithm is required for IPSec.
442
584fffc8
SS		 443config CRYPTO_CTS
444 tristate "CTS support"
445 select CRYPTO_BLKCIPHER
446 help
447 CTS: Cipher Text Stealing
448 This is the Cipher Text Stealing mode as described by
ecd6d5c9
GBY		 449 Section 8 of rfc2040 and referenced by rfc3962
450 (rfc3962 includes errata information in its Appendix A) or
451 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
584fffc8
SS		 452 This mode is required for Kerberos gss mechanism support
453 for AES encryption.
454
ecd6d5c9
GBY		 455 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
456
584fffc8
SS		 457config CRYPTO_ECB
458 tristate "ECB support"
91652be5
DH		 459 select CRYPTO_BLKCIPHER
460 select CRYPTO_MANAGER
91652be5 461 help
584fffc8
SS		 462 ECB: Electronic CodeBook mode
463 This is the simplest block cipher algorithm. It simply encrypts
464 the input block by block.
91652be5 465
64470f1b 466config CRYPTO_LRW
2470a2b2 467 tristate "LRW support"
64470f1b
RS		 468 select CRYPTO_BLKCIPHER
469 select CRYPTO_MANAGER
470 select CRYPTO_GF128MUL
471 help
472 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
473 narrow block cipher mode for dm-crypt. Use it with cipher
474 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
475 The first 128, 192 or 256 bits in the key are used for AES and the
476 rest is used to tie each cipher block to its logical position.
477
e497c518
GBY		 478config CRYPTO_OFB
479 tristate "OFB support"
480 select CRYPTO_BLKCIPHER
481 select CRYPTO_MANAGER
482 help
483 OFB: the Output Feedback mode makes a block cipher into a synchronous
484 stream cipher. It generates keystream blocks, which are then XORed
485 with the plaintext blocks to get the ciphertext. Flipping a bit in the
486 ciphertext produces a flipped bit in the plaintext at the same
487 location. This property allows many error correcting codes to function
488 normally even when applied before encryption.
489
584fffc8
SS		 490config CRYPTO_PCBC
491 tristate "PCBC support"
492 select CRYPTO_BLKCIPHER
493 select CRYPTO_MANAGER
494 help
495 PCBC: Propagating Cipher Block Chaining mode
496 This block cipher algorithm is required for RxRPC.
497
f19f5111 498config CRYPTO_XTS
5bcf8e6d 499 tristate "XTS support"
f19f5111
RS		 500 select CRYPTO_BLKCIPHER
501 select CRYPTO_MANAGER
12cb3a1c 502 select CRYPTO_ECB
f19f5111
RS		 503 help
504 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
505 key size 256, 384 or 512 bits. This implementation currently
506 can't handle a sectorsize which is not a multiple of 16 bytes.
507
1c49678e
SM		 508config CRYPTO_KEYWRAP
509 tristate "Key wrapping support"
510 select CRYPTO_BLKCIPHER
511 help
512 Support for key wrapping (NIST SP800-38F / RFC3394) without
513 padding.
514
26609a21
EB		 515config CRYPTO_NHPOLY1305
516 tristate
517 select CRYPTO_HASH
518 select CRYPTO_POLY1305
519
012c8238
EB		 520config CRYPTO_NHPOLY1305_SSE2
521 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
522 depends on X86 && 64BIT
523 select CRYPTO_NHPOLY1305
524 help
525 SSE2 optimized implementation of the hash function used by the
526 Adiantum encryption mode.
527
0f961f9f
EB		 528config CRYPTO_NHPOLY1305_AVX2
529 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
530 depends on X86 && 64BIT
531 select CRYPTO_NHPOLY1305
532 help
533 AVX2 optimized implementation of the hash function used by the
534 Adiantum encryption mode.
535
059c2a4d
EB		 536config CRYPTO_ADIANTUM
537 tristate "Adiantum support"
538 select CRYPTO_CHACHA20
539 select CRYPTO_POLY1305
540 select CRYPTO_NHPOLY1305
541 help
542 Adiantum is a tweakable, length-preserving encryption mode
543 designed for fast and secure disk encryption, especially on
544 CPUs without dedicated crypto instructions. It encrypts
545 each sector using the XChaCha12 stream cipher, two passes of
546 an ε-almost-∆-universal hash function, and an invocation of
547 the AES-256 block cipher on a single 16-byte block. On CPUs
548 without AES instructions, Adiantum is much faster than
549 AES-XTS.
550
551 Adiantum's security is provably reducible to that of its
552 underlying stream and block ciphers, subject to a security
553 bound. Unlike XTS, Adiantum is a true wide-block encryption
554 mode, so it actually provides an even stronger notion of
555 security than XTS, subject to the security bound.
556
557 If unsure, say N.
558
584fffc8
SS		 559comment "Hash modes"
560
93b5e86a
JK		 561config CRYPTO_CMAC
562 tristate "CMAC support"
563 select CRYPTO_HASH
564 select CRYPTO_MANAGER
565 help
566 Cipher-based Message Authentication Code (CMAC) specified by
567 The National Institute of Standards and Technology (NIST).
568
569 https://tools.ietf.org/html/rfc4493
570 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
571
584fffc8
SS		 572config CRYPTO_HMAC
573 tristate "HMAC support"
574 select CRYPTO_HASH
23e353c8 575 select CRYPTO_MANAGER
23e353c8 576 help
584fffc8
SS		 577 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
578 This is required for IPSec.
23e353c8 579
584fffc8
SS		 580config CRYPTO_XCBC
581 tristate "XCBC support"
584fffc8
SS		 582 select CRYPTO_HASH
583 select CRYPTO_MANAGER
76cb9521 584 help
584fffc8
SS		 585 XCBC: Keyed-Hashing with encryption algorithm
586 http://www.ietf.org/rfc/rfc3566.txt
587 http://csrc.nist.gov/encryption/modes/proposedmodes/
588 xcbc-mac/xcbc-mac-spec.pdf
76cb9521 589
f1939f7c
SW		 590config CRYPTO_VMAC
591 tristate "VMAC support"
f1939f7c
SW		 592 select CRYPTO_HASH
593 select CRYPTO_MANAGER
594 help
595 VMAC is a message authentication algorithm designed for
596 very high speed on 64-bit architectures.
597
598 See also:
599 <http://fastcrypto.org/vmac>
600
584fffc8 601comment "Digest"
28db8e3e 602
584fffc8
SS		 603config CRYPTO_CRC32C
604 tristate "CRC32c CRC algorithm"
5773a3e6 605 select CRYPTO_HASH
6a0962b2 606 select CRC32
4a49b499 607 help
584fffc8
SS		 608 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
609 by iSCSI for header and data digests and by others.
69c35efc 610 See Castagnoli93. Module will be crc32c.
4a49b499 611
8cb51ba8
AZ		 612config CRYPTO_CRC32C_INTEL
613 tristate "CRC32c INTEL hardware acceleration"
614 depends on X86
615 select CRYPTO_HASH
616 help
617 In Intel processor with SSE4.2 supported, the processor will
618 support CRC32C implementation using hardware accelerated CRC32
619 instruction. This option will create 'crc32c-intel' module,
620 which will enable any routine to use the CRC32 instruction to
621 gain performance compared with software implementation.
622 Module will be crc32c-intel.
623
7cf31864 624config CRYPTO_CRC32C_VPMSUM
6dd7a82c 625 tristate "CRC32c CRC algorithm (powerpc64)"
c12abf34 626 depends on PPC64 && ALTIVEC
6dd7a82c
AB		 627 select CRYPTO_HASH
628 select CRC32
629 help
630 CRC32c algorithm implemented using vector polynomial multiply-sum
631 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
632 and newer processors for improved performance.
633
634
442a7c40
DM		 635config CRYPTO_CRC32C_SPARC64
636 tristate "CRC32c CRC algorithm (SPARC64)"
637 depends on SPARC64
638 select CRYPTO_HASH
639 select CRC32
640 help
641 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
642 when available.
643
78c37d19
AB		 644config CRYPTO_CRC32
645 tristate "CRC32 CRC algorithm"
646 select CRYPTO_HASH
647 select CRC32
648 help
649 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
650 Shash crypto api wrappers to crc32_le function.
651
652config CRYPTO_CRC32_PCLMUL
653 tristate "CRC32 PCLMULQDQ hardware acceleration"
654 depends on X86
655 select CRYPTO_HASH
656 select CRC32
657 help
658 From Intel Westmere and AMD Bulldozer processor with SSE4.2
659 and PCLMULQDQ supported, the processor will support
660 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
af8cb01f 661 instruction. This option will create 'crc32-pclmul' module,
78c37d19
AB		 662 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
663 and gain better performance as compared with the table implementation.
664
4a5dc51e
MN		 665config CRYPTO_CRC32_MIPS
666 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
667 depends on MIPS_CRC_SUPPORT
668 select CRYPTO_HASH
669 help
670 CRC32c and CRC32 CRC algorithms implemented using mips crypto
671 instructions, when available.
672
673
68411521
HX		 674config CRYPTO_CRCT10DIF
675 tristate "CRCT10DIF algorithm"
676 select CRYPTO_HASH
677 help
678 CRC T10 Data Integrity Field computation is being cast as
679 a crypto transform. This allows for faster crc t10 diff
680 transforms to be used if they are available.
681
682config CRYPTO_CRCT10DIF_PCLMUL
683 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
684 depends on X86 && 64BIT && CRC_T10DIF
685 select CRYPTO_HASH
686 help
687 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
688 CRC T10 DIF PCLMULQDQ computation can be hardware
689 accelerated PCLMULQDQ instruction. This option will create
af8cb01f 690 'crct10dif-pclmul' module, which is faster when computing the
68411521
HX		 691 crct10dif checksum as compared with the generic table implementation.
692
b01df1c1
DA		 693config CRYPTO_CRCT10DIF_VPMSUM
694 tristate "CRC32T10DIF powerpc64 hardware acceleration"
695 depends on PPC64 && ALTIVEC && CRC_T10DIF
696 select CRYPTO_HASH
697 help
698 CRC10T10DIF algorithm implemented using vector polynomial
699 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
700 POWER8 and newer processors for improved performance.
701
146c8688
DA		 702config CRYPTO_VPMSUM_TESTER
703 tristate "Powerpc64 vpmsum hardware acceleration tester"
704 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
705 help
706 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
707 POWER8 vpmsum instructions.
708 Unless you are testing these algorithms, you don't need this.
709
2cdc6899
HY		 710config CRYPTO_GHASH
711 tristate "GHASH digest algorithm"
2cdc6899 712 select CRYPTO_GF128MUL
578c60fb 713 select CRYPTO_HASH
2cdc6899
HY		 714 help
715 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
716
f979e014
MW		 717config CRYPTO_POLY1305
718 tristate "Poly1305 authenticator algorithm"
578c60fb 719 select CRYPTO_HASH
f979e014
MW		 720 help
721 Poly1305 authenticator algorithm, RFC7539.
722
723 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
724 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
725 in IETF protocols. This is the portable C implementation of Poly1305.
726
c70f4abe 727config CRYPTO_POLY1305_X86_64
b1ccc8f4 728 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
c70f4abe
MW		 729 depends on X86 && 64BIT
730 select CRYPTO_POLY1305
731 help
732 Poly1305 authenticator algorithm, RFC7539.
733
734 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
735 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
736 in IETF protocols. This is the x86_64 assembler implementation using SIMD
737 instructions.
738
584fffc8
SS		 739config CRYPTO_MD4
740 tristate "MD4 digest algorithm"
808a1763 741 select CRYPTO_HASH
124b53d0 742 help
584fffc8 743 MD4 message digest algorithm (RFC1320).
124b53d0 744
584fffc8
SS		 745config CRYPTO_MD5
746 tristate "MD5 digest algorithm"
14b75ba7 747 select CRYPTO_HASH
1da177e4 748 help
584fffc8 749 MD5 message digest algorithm (RFC1321).
1da177e4 750
d69e75de
AK		 751config CRYPTO_MD5_OCTEON
752 tristate "MD5 digest algorithm (OCTEON)"
753 depends on CPU_CAVIUM_OCTEON
754 select CRYPTO_MD5
755 select CRYPTO_HASH
756 help
757 MD5 message digest algorithm (RFC1321) implemented
758 using OCTEON crypto instructions, when available.
759
e8e59953
MS		 760config CRYPTO_MD5_PPC
761 tristate "MD5 digest algorithm (PPC)"
762 depends on PPC
763 select CRYPTO_HASH
764 help
765 MD5 message digest algorithm (RFC1321) implemented
766 in PPC assembler.
767
fa4dfedc
DM		 768config CRYPTO_MD5_SPARC64
769 tristate "MD5 digest algorithm (SPARC64)"
770 depends on SPARC64
771 select CRYPTO_MD5
772 select CRYPTO_HASH
773 help
774 MD5 message digest algorithm (RFC1321) implemented
775 using sparc64 crypto instructions, when available.
776
584fffc8
SS		 777config CRYPTO_MICHAEL_MIC
778 tristate "Michael MIC keyed digest algorithm"
19e2bf14 779 select CRYPTO_HASH
90831639 780 help
584fffc8
SS		 781 Michael MIC is used for message integrity protection in TKIP
782 (IEEE 802.11i). This algorithm is required for TKIP, but it
783 should not be used for other purposes because of the weakness
784 of the algorithm.
90831639 785
82798f90 786config CRYPTO_RMD128
b6d44341 787 tristate "RIPEMD-128 digest algorithm"
7c4468bc 788 select CRYPTO_HASH
b6d44341
AB		 789 help
790 RIPEMD-128 (ISO/IEC 10118-3:2004).
82798f90 791
b6d44341 792 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
35ed4b35 793 be used as a secure replacement for RIPEMD. For other use cases,
b6d44341 794 RIPEMD-160 should be used.
82798f90 795
b6d44341 796 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 797 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90
AKR		 798
799config CRYPTO_RMD160
b6d44341 800 tristate "RIPEMD-160 digest algorithm"
e5835fba 801 select CRYPTO_HASH
b6d44341
AB		 802 help
803 RIPEMD-160 (ISO/IEC 10118-3:2004).
82798f90 804
b6d44341
AB		 805 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
806 to be used as a secure replacement for the 128-bit hash functions
807 MD4, MD5 and it's predecessor RIPEMD
808 (not to be confused with RIPEMD-128).
82798f90 809
b6d44341
AB		 810 It's speed is comparable to SHA1 and there are no known attacks
811 against RIPEMD-160.
534fe2c1 812
b6d44341 813 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 814 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 815
816config CRYPTO_RMD256
b6d44341 817 tristate "RIPEMD-256 digest algorithm"
d8a5e2e9 818 select CRYPTO_HASH
b6d44341
AB		 819 help
820 RIPEMD-256 is an optional extension of RIPEMD-128 with a
821 256 bit hash. It is intended for applications that require
822 longer hash-results, without needing a larger security level
823 (than RIPEMD-128).
534fe2c1 824
b6d44341 825 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 826 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534fe2c1
AKR		 827
828config CRYPTO_RMD320
b6d44341 829 tristate "RIPEMD-320 digest algorithm"
3b8efb4c 830 select CRYPTO_HASH
b6d44341
AB		 831 help
832 RIPEMD-320 is an optional extension of RIPEMD-160 with a
833 320 bit hash. It is intended for applications that require
834 longer hash-results, without needing a larger security level
835 (than RIPEMD-160).
534fe2c1 836
b6d44341 837 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
6d8de74c 838 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
82798f90 839
584fffc8
SS		 840config CRYPTO_SHA1
841 tristate "SHA1 digest algorithm"
54ccb367 842 select CRYPTO_HASH
1da177e4 843 help
584fffc8 844 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1da177e4 845
66be8951 846config CRYPTO_SHA1_SSSE3
e38b6b7f 847 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
66be8951
MK		 848 depends on X86 && 64BIT
849 select CRYPTO_SHA1
850 select CRYPTO_HASH
851 help
852 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
853 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
e38b6b7f 854 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
855 when available.
66be8951 856
8275d1aa 857config CRYPTO_SHA256_SSSE3
e38b6b7f 858 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
8275d1aa
TC		 859 depends on X86 && 64BIT
860 select CRYPTO_SHA256
861 select CRYPTO_HASH
862 help
863 SHA-256 secure hash standard (DFIPS 180-2) implemented
864 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
865 Extensions version 1 (AVX1), or Advanced Vector Extensions
e38b6b7f 866 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
867 Instructions) when available.
87de4579
TC		 868
869config CRYPTO_SHA512_SSSE3
870 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
871 depends on X86 && 64BIT
872 select CRYPTO_SHA512
873 select CRYPTO_HASH
874 help
875 SHA-512 secure hash standard (DFIPS 180-2) implemented
876 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
877 Extensions version 1 (AVX1), or Advanced Vector Extensions
8275d1aa
TC		 878 version 2 (AVX2) instructions, when available.
879
efdb6f6e
AK		 880config CRYPTO_SHA1_OCTEON
881 tristate "SHA1 digest algorithm (OCTEON)"
882 depends on CPU_CAVIUM_OCTEON
883 select CRYPTO_SHA1
884 select CRYPTO_HASH
885 help
886 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
887 using OCTEON crypto instructions, when available.
888
4ff28d4c
DM		 889config CRYPTO_SHA1_SPARC64
890 tristate "SHA1 digest algorithm (SPARC64)"
891 depends on SPARC64
892 select CRYPTO_SHA1
893 select CRYPTO_HASH
894 help
895 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
896 using sparc64 crypto instructions, when available.
897
323a6bf1
ME		 898config CRYPTO_SHA1_PPC
899 tristate "SHA1 digest algorithm (powerpc)"
900 depends on PPC
901 help
902 This is the powerpc hardware accelerated implementation of the
903 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
904
d9850fc5
MS		 905config CRYPTO_SHA1_PPC_SPE
906 tristate "SHA1 digest algorithm (PPC SPE)"
907 depends on PPC && SPE
908 help
909 SHA-1 secure hash standard (DFIPS 180-4) implemented
910 using powerpc SPE SIMD instruction set.
911
584fffc8
SS		 912config CRYPTO_SHA256
913 tristate "SHA224 and SHA256 digest algorithm"
50e109b5 914 select CRYPTO_HASH
1da177e4 915 help
584fffc8 916 SHA256 secure hash standard (DFIPS 180-2).
1da177e4 917
584fffc8
SS		 918 This version of SHA implements a 256 bit hash with 128 bits of
919 security against collision attacks.
2729bb42 920
b6d44341
AB		 921 This code also includes SHA-224, a 224 bit hash with 112 bits
922 of security against collision attacks.
584fffc8 923
2ecc1e95
MS		 924config CRYPTO_SHA256_PPC_SPE
925 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
926 depends on PPC && SPE
927 select CRYPTO_SHA256
928 select CRYPTO_HASH
929 help
930 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
931 implemented using powerpc SPE SIMD instruction set.
932
efdb6f6e
AK		 933config CRYPTO_SHA256_OCTEON
934 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
935 depends on CPU_CAVIUM_OCTEON
936 select CRYPTO_SHA256
937 select CRYPTO_HASH
938 help
939 SHA-256 secure hash standard (DFIPS 180-2) implemented
940 using OCTEON crypto instructions, when available.
941
86c93b24
DM		 942config CRYPTO_SHA256_SPARC64
943 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
944 depends on SPARC64
945 select CRYPTO_SHA256
946 select CRYPTO_HASH
947 help
948 SHA-256 secure hash standard (DFIPS 180-2) implemented
949 using sparc64 crypto instructions, when available.
950
584fffc8
SS		 951config CRYPTO_SHA512
952 tristate "SHA384 and SHA512 digest algorithms"
bd9d20db 953 select CRYPTO_HASH
b9f535ff 954 help
584fffc8 955 SHA512 secure hash standard (DFIPS 180-2).
b9f535ff 956
584fffc8
SS		 957 This version of SHA implements a 512 bit hash with 256 bits of
958 security against collision attacks.
b9f535ff 959
584fffc8
SS		 960 This code also includes SHA-384, a 384 bit hash with 192 bits
961 of security against collision attacks.
b9f535ff 962
efdb6f6e
AK		 963config CRYPTO_SHA512_OCTEON
964 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
965 depends on CPU_CAVIUM_OCTEON
966 select CRYPTO_SHA512
967 select CRYPTO_HASH
968 help
969 SHA-512 secure hash standard (DFIPS 180-2) implemented
970 using OCTEON crypto instructions, when available.
971
775e0c69
DM		 972config CRYPTO_SHA512_SPARC64
973 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
974 depends on SPARC64
975 select CRYPTO_SHA512
976 select CRYPTO_HASH
977 help
978 SHA-512 secure hash standard (DFIPS 180-2) implemented
979 using sparc64 crypto instructions, when available.
980
53964b9e
JG		 981config CRYPTO_SHA3
982 tristate "SHA3 digest algorithm"
983 select CRYPTO_HASH
984 help
985 SHA-3 secure hash standard (DFIPS 202). It's based on
986 cryptographic sponge function family called Keccak.
987
988 References:
989 http://keccak.noekeon.org/
990
4f0fc160
GBY		 991config CRYPTO_SM3
992 tristate "SM3 digest algorithm"
993 select CRYPTO_HASH
994 help
995 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
996 It is part of the Chinese Commercial Cryptography suite.
997
998 References:
999 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1000 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1001
fe18957e
VC		 1002config CRYPTO_STREEBOG
1003 tristate "Streebog Hash Function"
1004 select CRYPTO_HASH
1005 help
1006 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1007 cryptographic standard algorithms (called GOST algorithms).
1008 This setting enables two hash algorithms with 256 and 512 bits output.
1009
1010 References:
1011 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1012 https://tools.ietf.org/html/rfc6986
1013
584fffc8
SS		 1014config CRYPTO_TGR192
1015 tristate "Tiger digest algorithms"
f63fbd3d 1016 select CRYPTO_HASH
eaf44088 1017 help
584fffc8 1018 Tiger hash algorithm 192, 160 and 128-bit hashes
eaf44088 1019
584fffc8
SS		 1020 Tiger is a hash function optimized for 64-bit processors while
1021 still having decent performance on 32-bit processors.
1022 Tiger was developed by Ross Anderson and Eli Biham.
eaf44088
JF		 1023
1024 See also:
584fffc8 1025 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
eaf44088 1026
584fffc8
SS		 1027config CRYPTO_WP512
1028 tristate "Whirlpool digest algorithms"
4946510b 1029 select CRYPTO_HASH
1da177e4 1030 help
584fffc8 1031 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1da177e4 1032
584fffc8
SS		 1033 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1034 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1da177e4
LT		 1035
1036 See also:
6d8de74c 1037 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
584fffc8 1038
0e1227d3
HY		 1039config CRYPTO_GHASH_CLMUL_NI_INTEL
1040 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
8af00860 1041 depends on X86 && 64BIT
0e1227d3
HY		 1042 select CRYPTO_CRYPTD
1043 help
1044 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1045 The implementation is accelerated by CLMUL-NI of Intel.
1046
584fffc8 1047comment "Ciphers"
1da177e4
LT		 1048
1049config CRYPTO_AES
1050 tristate "AES cipher algorithms"
cce9e06d 1051 select CRYPTO_ALGAPI
1da177e4 1052 help
584fffc8 1053 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1054 algorithm.
1055
1056 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1057 both hardware and software across a wide range of computing
1058 environments regardless of its use in feedback or non-feedback
1059 modes. Its key setup time is excellent, and its key agility is
1060 good. Rijndael's very low memory requirements make it very well
1061 suited for restricted-space environments, in which it also
1062 demonstrates excellent performance. Rijndael's operations are
1063 among the easiest to defend against power and timing attacks.
1da177e4 1064
584fffc8 1065 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1066
1067 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1068
b5e0b032
AB		 1069config CRYPTO_AES_TI
1070 tristate "Fixed time AES cipher"
1071 select CRYPTO_ALGAPI
1072 help
1073 This is a generic implementation of AES that attempts to eliminate
1074 data dependent latencies as much as possible without affecting
1075 performance too much. It is intended for use by the generic CCM
1076 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1077 solely on encryption (although decryption is supported as well, but
1078 with a more dramatic performance hit)
1079
1080 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1081 8 for decryption), this implementation only uses just two S-boxes of
1082 256 bytes each, and attempts to eliminate data dependent latencies by
1083 prefetching the entire table into the cache at the start of each
0a6a40c2
EB		 1084 block. Interrupts are also disabled to avoid races where cachelines
1085 are evicted when the CPU is interrupted to do something else.
b5e0b032 1086
1da177e4
LT		 1087config CRYPTO_AES_586
1088 tristate "AES cipher algorithms (i586)"
cce9e06d
HX		 1089 depends on (X86 || UML_X86) && !64BIT
1090 select CRYPTO_ALGAPI
5157dea8 1091 select CRYPTO_AES
1da177e4 1092 help
584fffc8 1093 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1da177e4
LT		 1094 algorithm.
1095
1096 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1097 both hardware and software across a wide range of computing
1098 environments regardless of its use in feedback or non-feedback
1099 modes. Its key setup time is excellent, and its key agility is
1100 good. Rijndael's very low memory requirements make it very well
1101 suited for restricted-space environments, in which it also
1102 demonstrates excellent performance. Rijndael's operations are
1103 among the easiest to defend against power and timing attacks.
1da177e4 1104
584fffc8 1105 The AES specifies three key sizes: 128, 192 and 256 bits
a2a892a2
AS		 1106
1107 See <http://csrc.nist.gov/encryption/aes/> for more information.
1108
1109config CRYPTO_AES_X86_64
1110 tristate "AES cipher algorithms (x86_64)"
cce9e06d
HX		 1111 depends on (X86 || UML_X86) && 64BIT
1112 select CRYPTO_ALGAPI
81190b32 1113 select CRYPTO_AES
a2a892a2 1114 help
584fffc8 1115 AES cipher algorithms (FIPS-197). AES uses the Rijndael
a2a892a2
AS		 1116 algorithm.
1117
1118 Rijndael appears to be consistently a very good performer in
584fffc8
SS		 1119 both hardware and software across a wide range of computing
1120 environments regardless of its use in feedback or non-feedback
1121 modes. Its key setup time is excellent, and its key agility is
54b6a1bd
HY		 1122 good. Rijndael's very low memory requirements make it very well
1123 suited for restricted-space environments, in which it also
1124 demonstrates excellent performance. Rijndael's operations are
1125 among the easiest to defend against power and timing attacks.
1126
1127 The AES specifies three key sizes: 128, 192 and 256 bits
1128
1129 See <http://csrc.nist.gov/encryption/aes/> for more information.
1130
1131config CRYPTO_AES_NI_INTEL
1132 tristate "AES cipher algorithms (AES-NI)"
8af00860 1133 depends on X86
85671860 1134 select CRYPTO_AEAD
0d258efb
MK		 1135 select CRYPTO_AES_X86_64 if 64BIT
1136 select CRYPTO_AES_586 if !64BIT
54b6a1bd 1137 select CRYPTO_ALGAPI
85671860 1138 select CRYPTO_BLKCIPHER
7643a11a 1139 select CRYPTO_GLUE_HELPER_X86 if 64BIT
85671860 1140 select CRYPTO_SIMD
54b6a1bd
HY		 1141 help
1142 Use Intel AES-NI instructions for AES algorithm.
1143
1144 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1145 algorithm.
1146
1147 Rijndael appears to be consistently a very good performer in
1148 both hardware and software across a wide range of computing
1149 environments regardless of its use in feedback or non-feedback
1150 modes. Its key setup time is excellent, and its key agility is
584fffc8
SS		 1151 good. Rijndael's very low memory requirements make it very well
1152 suited for restricted-space environments, in which it also
1153 demonstrates excellent performance. Rijndael's operations are
1154 among the easiest to defend against power and timing attacks.
a2a892a2 1155
584fffc8 1156 The AES specifies three key sizes: 128, 192 and 256 bits
1da177e4
LT		 1157
1158 See <http://csrc.nist.gov/encryption/aes/> for more information.
1159
0d258efb
MK		 1160 In addition to AES cipher algorithm support, the acceleration
1161 for some popular block cipher mode is supported too, including
944585a6 1162 ECB, CBC, LRW, XTS. The 64 bit version has additional
0d258efb 1163 acceleration for CTR.
2cf4ac8b 1164
9bf4852d
DM		 1165config CRYPTO_AES_SPARC64
1166 tristate "AES cipher algorithms (SPARC64)"
1167 depends on SPARC64
1168 select CRYPTO_CRYPTD
1169 select CRYPTO_ALGAPI
1170 help
1171 Use SPARC64 crypto opcodes for AES algorithm.
1172
1173 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1174 algorithm.
1175
1176 Rijndael appears to be consistently a very good performer in
1177 both hardware and software across a wide range of computing
1178 environments regardless of its use in feedback or non-feedback
1179 modes. Its key setup time is excellent, and its key agility is
1180 good. Rijndael's very low memory requirements make it very well
1181 suited for restricted-space environments, in which it also
1182 demonstrates excellent performance. Rijndael's operations are
1183 among the easiest to defend against power and timing attacks.
1184
1185 The AES specifies three key sizes: 128, 192 and 256 bits
1186
1187 See <http://csrc.nist.gov/encryption/aes/> for more information.
1188
1189 In addition to AES cipher algorithm support, the acceleration
1190 for some popular block cipher mode is supported too, including
1191 ECB and CBC.
1192
504c6143
MS		 1193config CRYPTO_AES_PPC_SPE
1194 tristate "AES cipher algorithms (PPC SPE)"
1195 depends on PPC && SPE
1196 help
1197 AES cipher algorithms (FIPS-197). Additionally the acceleration
1198 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1199 This module should only be used for low power (router) devices
1200 without hardware AES acceleration (e.g. caam crypto). It reduces the
1201 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1202 timining attacks. Nevertheless it might be not as secure as other
1203 architecture specific assembler implementations that work on 1KB
1204 tables or 256 bytes S-boxes.
1205
584fffc8
SS		 1206config CRYPTO_ANUBIS
1207 tristate "Anubis cipher algorithm"
1208 select CRYPTO_ALGAPI
1209 help
1210 Anubis cipher algorithm.
1211
1212 Anubis is a variable key length cipher which can use keys from
1213 128 bits to 320 bits in length. It was evaluated as a entrant
1214 in the NESSIE competition.
1215
1216 See also:
6d8de74c
JM		 1217 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1218 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
584fffc8
SS		 1219
1220config CRYPTO_ARC4
1221 tristate "ARC4 cipher algorithm"
b9b0f080 1222 select CRYPTO_BLKCIPHER
584fffc8
SS		 1223 help
1224 ARC4 cipher algorithm.
1225
1226 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1227 bits in length. This algorithm is required for driver-based
1228 WEP, but it should not be for other purposes because of the
1229 weakness of the algorithm.
1230
1231config CRYPTO_BLOWFISH
1232 tristate "Blowfish cipher algorithm"
1233 select CRYPTO_ALGAPI
52ba867c 1234 select CRYPTO_BLOWFISH_COMMON
584fffc8
SS		 1235 help
1236 Blowfish cipher algorithm, by Bruce Schneier.
1237
1238 This is a variable key length cipher which can use keys from 32
1239 bits to 448 bits in length. It's fast, simple and specifically
1240 designed for use on "large microprocessors".
1241
1242 See also:
1243 <http://www.schneier.com/blowfish.html>
1244
52ba867c
JK		 1245config CRYPTO_BLOWFISH_COMMON
1246 tristate
1247 help
1248 Common parts of the Blowfish cipher algorithm shared by the
1249 generic c and the assembler implementations.
1250
1251 See also:
1252 <http://www.schneier.com/blowfish.html>
1253
64b94cea
JK		 1254config CRYPTO_BLOWFISH_X86_64
1255 tristate "Blowfish cipher algorithm (x86_64)"
f21a7c19 1256 depends on X86 && 64BIT
c1679171 1257 select CRYPTO_BLKCIPHER
64b94cea
JK		 1258 select CRYPTO_BLOWFISH_COMMON
1259 help
1260 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1261
1262 This is a variable key length cipher which can use keys from 32
1263 bits to 448 bits in length. It's fast, simple and specifically
1264 designed for use on "large microprocessors".
1265
1266 See also:
1267 <http://www.schneier.com/blowfish.html>
1268
584fffc8
SS		 1269config CRYPTO_CAMELLIA
1270 tristate "Camellia cipher algorithms"
1271 depends on CRYPTO
1272 select CRYPTO_ALGAPI
1273 help
1274 Camellia cipher algorithms module.
1275
1276 Camellia is a symmetric key block cipher developed jointly
1277 at NTT and Mitsubishi Electric Corporation.
1278
1279 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1280
1281 See also:
1282 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1283
0b95ec56
JK		 1284config CRYPTO_CAMELLIA_X86_64
1285 tristate "Camellia cipher algorithm (x86_64)"
f21a7c19 1286 depends on X86 && 64BIT
0b95ec56 1287 depends on CRYPTO
1af6d037 1288 select CRYPTO_BLKCIPHER
964263af 1289 select CRYPTO_GLUE_HELPER_X86
0b95ec56
JK		 1290 help
1291 Camellia cipher algorithm module (x86_64).
1292
1293 Camellia is a symmetric key block cipher developed jointly
1294 at NTT and Mitsubishi Electric Corporation.
1295
1296 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1297
1298 See also:
d9b1d2e7
JK		 1299 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1300
1301config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1302 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1303 depends on X86 && 64BIT
1304 depends on CRYPTO
44893bc2 1305 select CRYPTO_BLKCIPHER
d9b1d2e7 1306 select CRYPTO_CAMELLIA_X86_64
44893bc2
EB		 1307 select CRYPTO_GLUE_HELPER_X86
1308 select CRYPTO_SIMD
d9b1d2e7
JK		 1309 select CRYPTO_XTS
1310 help
1311 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1312
1313 Camellia is a symmetric key block cipher developed jointly
1314 at NTT and Mitsubishi Electric Corporation.
1315
1316 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1317
1318 See also:
0b95ec56
JK		 1319 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1320
f3f935a7
JK		 1321config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1322 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1323 depends on X86 && 64BIT
1324 depends on CRYPTO
f3f935a7 1325 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
f3f935a7
JK		 1326 help
1327 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1328
1329 Camellia is a symmetric key block cipher developed jointly
1330 at NTT and Mitsubishi Electric Corporation.
1331
1332 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1333
1334 See also:
1335 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1336
81658ad0
DM		 1337config CRYPTO_CAMELLIA_SPARC64
1338 tristate "Camellia cipher algorithm (SPARC64)"
1339 depends on SPARC64
1340 depends on CRYPTO
1341 select CRYPTO_ALGAPI
1342 help
1343 Camellia cipher algorithm module (SPARC64).
1344
1345 Camellia is a symmetric key block cipher developed jointly
1346 at NTT and Mitsubishi Electric Corporation.
1347
1348 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1349
1350 See also:
1351 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1352
044ab525
JK		 1353config CRYPTO_CAST_COMMON
1354 tristate
1355 help
1356 Common parts of the CAST cipher algorithms shared by the
1357 generic c and the assembler implementations.
1358
1da177e4
LT		 1359config CRYPTO_CAST5
1360 tristate "CAST5 (CAST-128) cipher algorithm"
cce9e06d 1361 select CRYPTO_ALGAPI
044ab525 1362 select CRYPTO_CAST_COMMON
1da177e4
LT		 1363 help
1364 The CAST5 encryption algorithm (synonymous with CAST-128) is
1365 described in RFC2144.
1366
4d6d6a2c
JG		 1367config CRYPTO_CAST5_AVX_X86_64
1368 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1369 depends on X86 && 64BIT
1e63183a 1370 select CRYPTO_BLKCIPHER
4d6d6a2c 1371 select CRYPTO_CAST5
1e63183a
EB		 1372 select CRYPTO_CAST_COMMON
1373 select CRYPTO_SIMD
4d6d6a2c
JG		 1374 help
1375 The CAST5 encryption algorithm (synonymous with CAST-128) is
1376 described in RFC2144.
1377
1378 This module provides the Cast5 cipher algorithm that processes
1379 sixteen blocks parallel using the AVX instruction set.
1380
1da177e4
LT		 1381config CRYPTO_CAST6
1382 tristate "CAST6 (CAST-256) cipher algorithm"
cce9e06d 1383 select CRYPTO_ALGAPI
044ab525 1384 select CRYPTO_CAST_COMMON
1da177e4
LT		 1385 help
1386 The CAST6 encryption algorithm (synonymous with CAST-256) is
1387 described in RFC2612.
1388
4ea1277d
JG		 1389config CRYPTO_CAST6_AVX_X86_64
1390 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1391 depends on X86 && 64BIT
4bd96924 1392 select CRYPTO_BLKCIPHER
4ea1277d 1393 select CRYPTO_CAST6
4bd96924
EB		 1394 select CRYPTO_CAST_COMMON
1395 select CRYPTO_GLUE_HELPER_X86
1396 select CRYPTO_SIMD
4ea1277d
JG		 1397 select CRYPTO_XTS
1398 help
1399 The CAST6 encryption algorithm (synonymous with CAST-256) is
1400 described in RFC2612.
1401
1402 This module provides the Cast6 cipher algorithm that processes
1403 eight blocks parallel using the AVX instruction set.
1404
584fffc8
SS		 1405config CRYPTO_DES
1406 tristate "DES and Triple DES EDE cipher algorithms"
cce9e06d 1407 select CRYPTO_ALGAPI
1da177e4 1408 help
584fffc8 1409 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
fb4f10ed 1410
c5aac2df
DM		 1411config CRYPTO_DES_SPARC64
1412 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
97da37b3 1413 depends on SPARC64
c5aac2df
DM		 1414 select CRYPTO_ALGAPI
1415 select CRYPTO_DES
1416 help
1417 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1418 optimized using SPARC64 crypto opcodes.
1419
6574e6c6
JK		 1420config CRYPTO_DES3_EDE_X86_64
1421 tristate "Triple DES EDE cipher algorithm (x86-64)"
1422 depends on X86 && 64BIT
09c0f03b 1423 select CRYPTO_BLKCIPHER
6574e6c6
JK		 1424 select CRYPTO_DES
1425 help
1426 Triple DES EDE (FIPS 46-3) algorithm.
1427
1428 This module provides implementation of the Triple DES EDE cipher
1429 algorithm that is optimized for x86-64 processors. Two versions of
1430 algorithm are provided; regular processing one input block and
1431 one that processes three blocks parallel.
1432
584fffc8
SS		 1433config CRYPTO_FCRYPT
1434 tristate "FCrypt cipher algorithm"
cce9e06d 1435 select CRYPTO_ALGAPI
584fffc8 1436 select CRYPTO_BLKCIPHER
1da177e4 1437 help
584fffc8 1438 FCrypt algorithm used by RxRPC.
1da177e4
LT		 1439
1440config CRYPTO_KHAZAD
1441 tristate "Khazad cipher algorithm"
cce9e06d 1442 select CRYPTO_ALGAPI
1da177e4
LT		 1443 help
1444 Khazad cipher algorithm.
1445
1446 Khazad was a finalist in the initial NESSIE competition. It is
1447 an algorithm optimized for 64-bit processors with good performance
1448 on 32-bit processors. Khazad uses an 128 bit key size.
1449
1450 See also:
6d8de74c 1451 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1da177e4 1452
2407d608 1453config CRYPTO_SALSA20
3b4afaf2 1454 tristate "Salsa20 stream cipher algorithm"
2407d608
TSH		 1455 select CRYPTO_BLKCIPHER
1456 help
1457 Salsa20 stream cipher algorithm.
1458
1459 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1460 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974e4b75
TSH		 1461
1462 The Salsa20 stream cipher algorithm is designed by Daniel J.
1463 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1464
c08d0e64 1465config CRYPTO_CHACHA20
aa762409 1466 tristate "ChaCha stream cipher algorithms"
c08d0e64
MW		 1467 select CRYPTO_BLKCIPHER
1468 help
aa762409 1469 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
c08d0e64
MW		 1470
1471 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1472 Bernstein and further specified in RFC7539 for use in IETF protocols.
de61d7ae 1473 This is the portable C implementation of ChaCha20. See also:
c08d0e64
MW		 1474 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1475
de61d7ae
EB		 1476 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1477 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1478 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1479 while provably retaining ChaCha20's security. See also:
1480 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1481
aa762409
EB		 1482 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1483 reduced security margin but increased performance. It can be needed
1484 in some performance-sensitive scenarios.
1485
c9320b6d 1486config CRYPTO_CHACHA20_X86_64
4af78261 1487 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
c9320b6d
MW		 1488 depends on X86 && 64BIT
1489 select CRYPTO_BLKCIPHER
1490 select CRYPTO_CHACHA20
1491 help
7a507d62
EB		 1492 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1493 XChaCha20, and XChaCha12 stream ciphers.
c9320b6d 1494
584fffc8
SS		 1495config CRYPTO_SEED
1496 tristate "SEED cipher algorithm"
cce9e06d 1497 select CRYPTO_ALGAPI
1da177e4 1498 help
584fffc8 1499 SEED cipher algorithm (RFC4269).
1da177e4 1500
584fffc8
SS		 1501 SEED is a 128-bit symmetric key block cipher that has been
1502 developed by KISA (Korea Information Security Agency) as a
1503 national standard encryption algorithm of the Republic of Korea.
1504 It is a 16 round block cipher with the key size of 128 bit.
1505
1506 See also:
1507 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1508
1509config CRYPTO_SERPENT
1510 tristate "Serpent cipher algorithm"
cce9e06d 1511 select CRYPTO_ALGAPI
1da177e4 1512 help
584fffc8 1513 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1da177e4 1514
584fffc8
SS		 1515 Keys are allowed to be from 0 to 256 bits in length, in steps
1516 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1517 variant of Serpent for compatibility with old kerneli.org code.
1518
1519 See also:
1520 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1521
937c30d7
JK		 1522config CRYPTO_SERPENT_SSE2_X86_64
1523 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1524 depends on X86 && 64BIT
e0f409dc 1525 select CRYPTO_BLKCIPHER
596d8750 1526 select CRYPTO_GLUE_HELPER_X86
937c30d7 1527 select CRYPTO_SERPENT
e0f409dc 1528 select CRYPTO_SIMD
937c30d7
JK		 1529 help
1530 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1531
1532 Keys are allowed to be from 0 to 256 bits in length, in steps
1533 of 8 bits.
1534
1e6232f8 1535 This module provides Serpent cipher algorithm that processes eight
937c30d7
JK		 1536 blocks parallel using SSE2 instruction set.
1537
1538 See also:
1539 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1540
251496db
JK		 1541config CRYPTO_SERPENT_SSE2_586
1542 tristate "Serpent cipher algorithm (i586/SSE2)"
1543 depends on X86 && !64BIT
e0f409dc 1544 select CRYPTO_BLKCIPHER
596d8750 1545 select CRYPTO_GLUE_HELPER_X86
251496db 1546 select CRYPTO_SERPENT
e0f409dc 1547 select CRYPTO_SIMD
251496db
JK		 1548 help
1549 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1550
1551 Keys are allowed to be from 0 to 256 bits in length, in steps
1552 of 8 bits.
1553
1554 This module provides Serpent cipher algorithm that processes four
1555 blocks parallel using SSE2 instruction set.
1556
1557 See also:
1558 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
7efe4076
JG		 1559
1560config CRYPTO_SERPENT_AVX_X86_64
1561 tristate "Serpent cipher algorithm (x86_64/AVX)"
1562 depends on X86 && 64BIT
e16bf974 1563 select CRYPTO_BLKCIPHER
1d0debbd 1564 select CRYPTO_GLUE_HELPER_X86
7efe4076 1565 select CRYPTO_SERPENT
e16bf974 1566 select CRYPTO_SIMD
7efe4076
JG		 1567 select CRYPTO_XTS
1568 help
1569 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1570
1571 Keys are allowed to be from 0 to 256 bits in length, in steps
1572 of 8 bits.
1573
1574 This module provides the Serpent cipher algorithm that processes
1575 eight blocks parallel using the AVX instruction set.
1576
1577 See also:
1578 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
251496db 1579
56d76c96
JK		 1580config CRYPTO_SERPENT_AVX2_X86_64
1581 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1582 depends on X86 && 64BIT
56d76c96 1583 select CRYPTO_SERPENT_AVX_X86_64
56d76c96
JK		 1584 help
1585 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1586
1587 Keys are allowed to be from 0 to 256 bits in length, in steps
1588 of 8 bits.
1589
1590 This module provides Serpent cipher algorithm that processes 16
1591 blocks parallel using AVX2 instruction set.
1592
1593 See also:
1594 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1595
747c8ce4
GBY		 1596config CRYPTO_SM4
1597 tristate "SM4 cipher algorithm"
1598 select CRYPTO_ALGAPI
1599 help
1600 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1601
1602 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1603 Organization of State Commercial Administration of China (OSCCA)
1604 as an authorized cryptographic algorithms for the use within China.
1605
1606 SMS4 was originally created for use in protecting wireless
1607 networks, and is mandated in the Chinese National Standard for
1608 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1609 (GB.15629.11-2003).
1610
1611 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1612 standardized through TC 260 of the Standardization Administration
1613 of the People's Republic of China (SAC).
1614
1615 The input, output, and key of SMS4 are each 128 bits.
1616
1617 See also: <https://eprint.iacr.org/2008/329.pdf>
1618
1619 If unsure, say N.
1620
584fffc8
SS		 1621config CRYPTO_TEA
1622 tristate "TEA, XTEA and XETA cipher algorithms"
cce9e06d 1623 select CRYPTO_ALGAPI
1da177e4 1624 help
584fffc8 1625 TEA cipher algorithm.
1da177e4 1626
584fffc8
SS		 1627 Tiny Encryption Algorithm is a simple cipher that uses
1628 many rounds for security. It is very fast and uses
1629 little memory.
1630
1631 Xtendend Tiny Encryption Algorithm is a modification to
1632 the TEA algorithm to address a potential key weakness
1633 in the TEA algorithm.
1634
1635 Xtendend Encryption Tiny Algorithm is a mis-implementation
1636 of the XTEA algorithm for compatibility purposes.
1637
1638config CRYPTO_TWOFISH
1639 tristate "Twofish cipher algorithm"
04ac7db3 1640 select CRYPTO_ALGAPI
584fffc8 1641 select CRYPTO_TWOFISH_COMMON
04ac7db3 1642 help
584fffc8 1643 Twofish cipher algorithm.
04ac7db3 1644
584fffc8
SS		 1645 Twofish was submitted as an AES (Advanced Encryption Standard)
1646 candidate cipher by researchers at CounterPane Systems. It is a
1647 16 round block cipher supporting key sizes of 128, 192, and 256
1648 bits.
04ac7db3 1649
584fffc8
SS		 1650 See also:
1651 <http://www.schneier.com/twofish.html>
1652
1653config CRYPTO_TWOFISH_COMMON
1654 tristate
1655 help
1656 Common parts of the Twofish cipher algorithm shared by the
1657 generic c and the assembler implementations.
1658
1659config CRYPTO_TWOFISH_586
1660 tristate "Twofish cipher algorithms (i586)"
1661 depends on (X86 || UML_X86) && !64BIT
1662 select CRYPTO_ALGAPI
1663 select CRYPTO_TWOFISH_COMMON
1664 help
1665 Twofish cipher algorithm.
1666
1667 Twofish was submitted as an AES (Advanced Encryption Standard)
1668 candidate cipher by researchers at CounterPane Systems. It is a
1669 16 round block cipher supporting key sizes of 128, 192, and 256
1670 bits.
04ac7db3
NT		 1671
1672 See also:
584fffc8 1673 <http://www.schneier.com/twofish.html>
04ac7db3 1674
584fffc8
SS		 1675config CRYPTO_TWOFISH_X86_64
1676 tristate "Twofish cipher algorithm (x86_64)"
1677 depends on (X86 || UML_X86) && 64BIT
cce9e06d 1678 select CRYPTO_ALGAPI
584fffc8 1679 select CRYPTO_TWOFISH_COMMON
1da177e4 1680 help
584fffc8 1681 Twofish cipher algorithm (x86_64).
1da177e4 1682
584fffc8
SS		 1683 Twofish was submitted as an AES (Advanced Encryption Standard)
1684 candidate cipher by researchers at CounterPane Systems. It is a
1685 16 round block cipher supporting key sizes of 128, 192, and 256
1686 bits.
1687
1688 See also:
1689 <http://www.schneier.com/twofish.html>
1690
8280daad
JK		 1691config CRYPTO_TWOFISH_X86_64_3WAY
1692 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
f21a7c19 1693 depends on X86 && 64BIT
37992fa4 1694 select CRYPTO_BLKCIPHER
8280daad
JK		 1695 select CRYPTO_TWOFISH_COMMON
1696 select CRYPTO_TWOFISH_X86_64
414cb5e7 1697 select CRYPTO_GLUE_HELPER_X86
8280daad
JK		 1698 help
1699 Twofish cipher algorithm (x86_64, 3-way parallel).
1700
1701 Twofish was submitted as an AES (Advanced Encryption Standard)
1702 candidate cipher by researchers at CounterPane Systems. It is a
1703 16 round block cipher supporting key sizes of 128, 192, and 256
1704 bits.
1705
1706 This module provides Twofish cipher algorithm that processes three
1707 blocks parallel, utilizing resources of out-of-order CPUs better.
1708
1709 See also:
1710 <http://www.schneier.com/twofish.html>
1711
107778b5
JG		 1712config CRYPTO_TWOFISH_AVX_X86_64
1713 tristate "Twofish cipher algorithm (x86_64/AVX)"
1714 depends on X86 && 64BIT
0e6ab46d 1715 select CRYPTO_BLKCIPHER
a7378d4e 1716 select CRYPTO_GLUE_HELPER_X86
0e6ab46d 1717 select CRYPTO_SIMD
107778b5
JG		 1718 select CRYPTO_TWOFISH_COMMON
1719 select CRYPTO_TWOFISH_X86_64
1720 select CRYPTO_TWOFISH_X86_64_3WAY
107778b5
JG		 1721 help
1722 Twofish cipher algorithm (x86_64/AVX).
1723
1724 Twofish was submitted as an AES (Advanced Encryption Standard)
1725 candidate cipher by researchers at CounterPane Systems. It is a
1726 16 round block cipher supporting key sizes of 128, 192, and 256
1727 bits.
1728
1729 This module provides the Twofish cipher algorithm that processes
1730 eight blocks parallel using the AVX Instruction Set.
1731
1732 See also:
1733 <http://www.schneier.com/twofish.html>
1734
584fffc8
SS		 1735comment "Compression"
1736
1737config CRYPTO_DEFLATE
1738 tristate "Deflate compression algorithm"
1739 select CRYPTO_ALGAPI
f6ded09d 1740 select CRYPTO_ACOMP2
584fffc8
SS		 1741 select ZLIB_INFLATE
1742 select ZLIB_DEFLATE
3c09f17c 1743 help
584fffc8
SS		 1744 This is the Deflate algorithm (RFC1951), specified for use in
1745 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1746
1747 You will most probably want this if using IPSec.
3c09f17c 1748
0b77abb3
ZS		 1749config CRYPTO_LZO
1750 tristate "LZO compression algorithm"
1751 select CRYPTO_ALGAPI
ac9d2c4b 1752 select CRYPTO_ACOMP2
0b77abb3
ZS		 1753 select LZO_COMPRESS
1754 select LZO_DECOMPRESS
1755 help
1756 This is the LZO algorithm.
1757
35a1fc18
SJ		 1758config CRYPTO_842
1759 tristate "842 compression algorithm"
2062c5b6 1760 select CRYPTO_ALGAPI
6a8de3ae 1761 select CRYPTO_ACOMP2
2062c5b6
DS		 1762 select 842_COMPRESS
1763 select 842_DECOMPRESS
35a1fc18
SJ		 1764 help
1765 This is the 842 algorithm.
0ea8530d
CM		 1766
1767config CRYPTO_LZ4
1768 tristate "LZ4 compression algorithm"
1769 select CRYPTO_ALGAPI
8cd9330e 1770 select CRYPTO_ACOMP2
0ea8530d
CM		 1771 select LZ4_COMPRESS
1772 select LZ4_DECOMPRESS
1773 help
1774 This is the LZ4 algorithm.
1775
1776config CRYPTO_LZ4HC
1777 tristate "LZ4HC compression algorithm"
1778 select CRYPTO_ALGAPI
91d53d96 1779 select CRYPTO_ACOMP2
0ea8530d
CM		 1780 select LZ4HC_COMPRESS
1781 select LZ4_DECOMPRESS
1782 help
1783 This is the LZ4 high compression mode algorithm.
35a1fc18 1784
d28fc3db
NT		 1785config CRYPTO_ZSTD
1786 tristate "Zstd compression algorithm"
1787 select CRYPTO_ALGAPI
1788 select CRYPTO_ACOMP2
1789 select ZSTD_COMPRESS
1790 select ZSTD_DECOMPRESS
1791 help
1792 This is the zstd algorithm.
1793
17f0f4a4
NH		 1794comment "Random Number Generation"
1795
1796config CRYPTO_ANSI_CPRNG
1797 tristate "Pseudo Random Number Generation for Cryptographic modules"
1798 select CRYPTO_AES
1799 select CRYPTO_RNG
17f0f4a4
NH		 1800 help
1801 This option enables the generic pseudo random number generator
1802 for cryptographic modules. Uses the Algorithm specified in
7dd607e8
JK		 1803 ANSI X9.31 A.2.4. Note that this option must be enabled if
1804 CRYPTO_FIPS is selected
17f0f4a4 1805
f2c89a10 1806menuconfig CRYPTO_DRBG_MENU
419090c6 1807 tristate "NIST SP800-90A DRBG"
419090c6
SM		 1808 help
1809 NIST SP800-90A compliant DRBG. In the following submenu, one or
1810 more of the DRBG types must be selected.
1811
f2c89a10 1812if CRYPTO_DRBG_MENU
419090c6
SM		 1813
1814config CRYPTO_DRBG_HMAC
401e4238 1815 bool
419090c6 1816 default y
419090c6 1817 select CRYPTO_HMAC
826775bb 1818 select CRYPTO_SHA256
419090c6
SM		 1819
1820config CRYPTO_DRBG_HASH
1821 bool "Enable Hash DRBG"
826775bb 1822 select CRYPTO_SHA256
419090c6
SM		 1823 help
1824 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1825
1826config CRYPTO_DRBG_CTR
1827 bool "Enable CTR DRBG"
419090c6 1828 select CRYPTO_AES
35591285 1829 depends on CRYPTO_CTR
419090c6
SM		 1830 help
1831 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1832
f2c89a10
HX		 1833config CRYPTO_DRBG
1834 tristate
401e4238 1835 default CRYPTO_DRBG_MENU
f2c89a10 1836 select CRYPTO_RNG
bb5530e4 1837 select CRYPTO_JITTERENTROPY
f2c89a10
HX		 1838
1839endif # if CRYPTO_DRBG_MENU
419090c6 1840
bb5530e4
SM		 1841config CRYPTO_JITTERENTROPY
1842 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2f313e02 1843 select CRYPTO_RNG
bb5530e4
SM		 1844 help
1845 The Jitterentropy RNG is a noise that is intended
1846 to provide seed to another RNG. The RNG does not
1847 perform any cryptographic whitening of the generated
1848 random numbers. This Jitterentropy RNG registers with
1849 the kernel crypto API and can be used by any caller.
1850
03c8efc1
HX		 1851config CRYPTO_USER_API
1852 tristate
1853
fe869cdb
HX		 1854config CRYPTO_USER_API_HASH
1855 tristate "User-space interface for hash algorithms"
7451708f 1856 depends on NET
fe869cdb
HX		 1857 select CRYPTO_HASH
1858 select CRYPTO_USER_API
1859 help
1860 This option enables the user-spaces interface for hash
1861 algorithms.
1862
8ff59090
HX		 1863config CRYPTO_USER_API_SKCIPHER
1864 tristate "User-space interface for symmetric key cipher algorithms"
7451708f 1865 depends on NET
8ff59090
HX		 1866 select CRYPTO_BLKCIPHER
1867 select CRYPTO_USER_API
1868 help
1869 This option enables the user-spaces interface for symmetric
1870 key cipher algorithms.
1871
2f375538
SM		 1872config CRYPTO_USER_API_RNG
1873 tristate "User-space interface for random number generator algorithms"
1874 depends on NET
1875 select CRYPTO_RNG
1876 select CRYPTO_USER_API
1877 help
1878 This option enables the user-spaces interface for random
1879 number generator algorithms.
1880
b64a2d95
HX		 1881config CRYPTO_USER_API_AEAD
1882 tristate "User-space interface for AEAD cipher algorithms"
1883 depends on NET
1884 select CRYPTO_AEAD
72548b09
SM		 1885 select CRYPTO_BLKCIPHER
1886 select CRYPTO_NULL
b64a2d95
HX		 1887 select CRYPTO_USER_API
1888 help
1889 This option enables the user-spaces interface for AEAD
1890 cipher algorithms.
1891
cac5818c
CL		 1892config CRYPTO_STATS
1893 bool "Crypto usage statistics for User-space"
a6a31385 1894 depends on CRYPTO_USER
cac5818c
CL		 1895 help
1896 This option enables the gathering of crypto stats.
1897 This will collect:
1898 - encrypt/decrypt size and numbers of symmeric operations
1899 - compress/decompress size and numbers of compress operations
1900 - size and numbers of hash operations
1901 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1902 - generate/seed numbers for rng operations
1903
ee08997f
DK		 1904config CRYPTO_HASH_INFO
1905 bool
1906
1da177e4 1907source "drivers/crypto/Kconfig"
8636a1f9
MY		 1908source "crypto/asymmetric_keys/Kconfig"
1909source "certs/Kconfig"
1da177e4 1910
cce9e06d 1911endif # if CRYPTO
Linux 6.x block layer and io_uring tree(s)