blob: 93a1fdc1feee68c9a8b15bef682886015884ce98 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
Herbert Xuf2c89a12014-07-04 22:15:08 +080026 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
Jarod Wilson002c77a2014-07-02 15:37:30 -040027 depends on MODULE_SIG
Neil Hormanccb778e2008-08-05 14:13:08 +080028 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
Chuck Ebberte84c5482010-09-03 19:17:49 +080032 this is.
Neil Hormanccb778e2008-08-05 14:13:08 +080033
Herbert Xucce9e062006-08-21 21:08:13 +100034config CRYPTO_ALGAPI
35 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110036 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100037 help
38 This option provides the API for cryptographic algorithms.
39
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110040config CRYPTO_ALGAPI2
41 tristate
42
Herbert Xu1ae97822007-08-30 15:36:14 +080043config CRYPTO_AEAD
44 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110045 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080046 select CRYPTO_ALGAPI
47
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110048config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
Herbert Xu149a3972015-08-13 17:28:58 +080051 select CRYPTO_NULL2
52 select CRYPTO_RNG2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110053
Herbert Xu5cde0af2006-08-22 00:07:53 +100054config CRYPTO_BLKCIPHER
55 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110056 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100057 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110058
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080063 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100064
Herbert Xu055bcee2006-08-19 22:24:23 +100065config CRYPTO_HASH
66 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110067 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100068 select CRYPTO_ALGAPI
69
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110070config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
Neil Horman17f0f4a2008-08-14 22:15:52 +100074config CRYPTO_RNG
75 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110076 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100077 select CRYPTO_ALGAPI
78
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110079config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
Herbert Xu401e4232015-06-03 14:49:31 +080083config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
Tadeusz Struk3c339ab2015-06-16 10:30:55 -070087config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -070096config CRYPTO_RSA
97 tristate "RSA algorithm"
Tadeusz Struk425e0172015-06-19 10:27:39 -070098 select CRYPTO_AKCIPHER
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -070099 select MPILIB
100 select ASN1
101 help
102 Generic implementation of the RSA public key algorithm.
103
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000104config CRYPTO_MANAGER
105 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100106 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000107 help
108 Create default cryptographic template instantiations such as
109 cbc(aes).
110
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100111config CRYPTO_MANAGER2
112 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
113 select CRYPTO_AEAD2
114 select CRYPTO_HASH2
115 select CRYPTO_BLKCIPHER2
Tadeusz Struk946cc462015-06-16 10:31:06 -0700116 select CRYPTO_AKCIPHER2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100117
Steffen Klasserta38f7902011-09-27 07:23:50 +0200118config CRYPTO_USER
119 tristate "Userspace cryptographic algorithm configuration"
Herbert Xu5db017a2011-11-01 12:12:43 +1100120 depends on NET
Steffen Klasserta38f7902011-09-27 07:23:50 +0200121 select CRYPTO_MANAGER
122 help
Valdis.Kletnieks@vt.edud19978f2011-11-09 01:29:20 -0500123 Userspace configuration for cryptographic instantiations such as
Steffen Klasserta38f7902011-09-27 07:23:50 +0200124 cbc(aes).
125
Herbert Xu326a6342010-08-06 09:40:28 +0800126config CRYPTO_MANAGER_DISABLE_TESTS
127 bool "Disable run-time self tests"
Herbert Xu00ca28a2010-08-06 10:34:00 +0800128 default y
129 depends on CRYPTO_MANAGER2
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000130 help
Herbert Xu326a6342010-08-06 09:40:28 +0800131 Disable run-time self tests that normally take place at
132 algorithm registration.
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000133
Rik Snelc494e072006-11-29 18:59:44 +1100134config CRYPTO_GF128MUL
Jussi Kivilinna08c70fc2011-12-13 12:53:22 +0200135 tristate "GF(2^128) multiplication functions"
Rik Snelc494e072006-11-29 18:59:44 +1100136 help
137 Efficient table driven implementation of multiplications in the
138 field GF(2^128). This is needed by some cypher modes. This
139 option will be selected automatically if you select such a
140 cipher mode. Only select this option by hand if you expect to load
141 an external module that requires these functions.
142
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800143config CRYPTO_NULL
144 tristate "Null algorithms"
Herbert Xu149a3972015-08-13 17:28:58 +0800145 select CRYPTO_NULL2
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800146 help
147 These are 'Null' algorithms, used by IPsec, which do nothing.
148
Herbert Xu149a3972015-08-13 17:28:58 +0800149config CRYPTO_NULL2
Herbert Xudd43c4e2015-08-17 20:39:40 +0800150 tristate
Herbert Xu149a3972015-08-13 17:28:58 +0800151 select CRYPTO_ALGAPI2
152 select CRYPTO_BLKCIPHER2
153 select CRYPTO_HASH2
154
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100155config CRYPTO_PCRYPT
Kees Cook3b4afaf2012-10-02 11:16:49 -0700156 tristate "Parallel crypto engine"
157 depends on SMP
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100158 select PADATA
159 select CRYPTO_MANAGER
160 select CRYPTO_AEAD
161 help
162 This converts an arbitrary crypto algorithm into a parallel
163 algorithm that executes in kernel threads.
164
Huang Ying25c38d32009-02-19 14:33:40 +0800165config CRYPTO_WORKQUEUE
166 tristate
167
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800168config CRYPTO_CRYPTD
169 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000170 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800171 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000172 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800173 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000174 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800175 This is a generic software asynchronous crypto daemon that
176 converts an arbitrary synchronous software crypto algorithm
177 into an asynchronous algorithm that executes in a kernel thread.
178
Tim Chen1e65b812014-07-31 10:29:51 -0700179config CRYPTO_MCRYPTD
180 tristate "Software async multi-buffer crypto daemon"
181 select CRYPTO_BLKCIPHER
182 select CRYPTO_HASH
183 select CRYPTO_MANAGER
184 select CRYPTO_WORKQUEUE
185 help
186 This is a generic software asynchronous crypto daemon that
187 provides the kernel thread to assist multi-buffer crypto
188 algorithms for submitting jobs and flushing jobs in multi-buffer
189 crypto algorithms. Multi-buffer crypto algorithms are executed
190 in the context of this kernel thread and drivers can post
Ted Percival0e566732014-09-04 15:18:21 +0800191 their crypto request asynchronously to be processed by this daemon.
Tim Chen1e65b812014-07-31 10:29:51 -0700192
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800193config CRYPTO_AUTHENC
194 tristate "Authenc support"
195 select CRYPTO_AEAD
196 select CRYPTO_BLKCIPHER
197 select CRYPTO_MANAGER
198 select CRYPTO_HASH
Herbert Xue94c6a72015-08-04 21:23:14 +0800199 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800200 help
201 Authenc: Combined mode wrapper for IPsec.
202 This is required for IPSec.
203
204config CRYPTO_TEST
205 tristate "Testing module"
206 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800207 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800208 help
209 Quick & dirty crypto test module.
210
Ard Biesheuvela62b01c2013-09-20 09:55:40 +0200211config CRYPTO_ABLK_HELPER
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300212 tristate
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300213 select CRYPTO_CRYPTD
214
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300215config CRYPTO_GLUE_HELPER_X86
216 tristate
217 depends on X86
218 select CRYPTO_ALGAPI
219
Baolin Wang735d37b2016-01-26 20:25:39 +0800220config CRYPTO_ENGINE
221 tristate
222
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800223comment "Authenticated Encryption with Associated Data"
224
225config CRYPTO_CCM
226 tristate "CCM support"
227 select CRYPTO_CTR
228 select CRYPTO_AEAD
229 help
230 Support for Counter with CBC MAC. Required for IPsec.
231
232config CRYPTO_GCM
233 tristate "GCM/GMAC support"
234 select CRYPTO_CTR
235 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000236 select CRYPTO_GHASH
Jussi Kivilinna9489667d2013-04-07 16:43:41 +0300237 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800238 help
239 Support for Galois/Counter Mode (GCM) and Galois Message
240 Authentication Code (GMAC). Required for IPSec.
241
Martin Willi71ebc4d2015-06-01 13:44:00 +0200242config CRYPTO_CHACHA20POLY1305
243 tristate "ChaCha20-Poly1305 AEAD support"
244 select CRYPTO_CHACHA20
245 select CRYPTO_POLY1305
246 select CRYPTO_AEAD
247 help
248 ChaCha20-Poly1305 AEAD support, RFC7539.
249
250 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
251 with the Poly1305 authenticator. It is defined in RFC7539 for use in
252 IETF protocols.
253
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800254config CRYPTO_SEQIV
255 tristate "Sequence Number IV Generator"
256 select CRYPTO_AEAD
257 select CRYPTO_BLKCIPHER
Herbert Xu856e3f402015-05-21 15:11:13 +0800258 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800259 select CRYPTO_RNG_DEFAULT
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800260 help
261 This IV generator generates an IV based on a sequence number by
262 xoring it with a salt. This algorithm is mainly useful for CTR
263
Herbert Xua10f5542015-05-21 15:11:15 +0800264config CRYPTO_ECHAINIV
265 tristate "Encrypted Chain IV Generator"
266 select CRYPTO_AEAD
267 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800268 select CRYPTO_RNG_DEFAULT
Herbert Xu34912442015-06-03 14:49:29 +0800269 default m
Herbert Xua10f5542015-05-21 15:11:15 +0800270 help
271 This IV generator generates an IV based on the encryption of
272 a sequence number xored with a salt. This is the default
273 algorithm for CBC.
274
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800275comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000276
277config CRYPTO_CBC
278 tristate "CBC support"
279 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000280 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000281 help
282 CBC: Cipher Block Chaining mode
283 This block cipher algorithm is required for IPSec.
284
Joy Latten23e353c2007-10-23 08:50:32 +0800285config CRYPTO_CTR
286 tristate "CTR support"
287 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100288 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800289 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800290 help
291 CTR: Counter mode
292 This block cipher algorithm is required for IPSec.
293
Kevin Coffman76cb9522008-03-24 21:26:16 +0800294config CRYPTO_CTS
295 tristate "CTS support"
296 select CRYPTO_BLKCIPHER
297 help
298 CTS: Cipher Text Stealing
299 This is the Cipher Text Stealing mode as described by
300 Section 8 of rfc2040 and referenced by rfc3962.
301 (rfc3962 includes errata information in its Appendix A)
302 This mode is required for Kerberos gss mechanism support
303 for AES encryption.
304
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800305config CRYPTO_ECB
306 tristate "ECB support"
Herbert Xu653ebd9c2007-11-27 19:48:27 +0800307 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000308 select CRYPTO_MANAGER
309 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800310 ECB: Electronic CodeBook mode
311 This is the simplest block cipher algorithm. It simply encrypts
312 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000313
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800314config CRYPTO_LRW
Jussi Kivilinna2470a2b2011-12-13 12:52:51 +0200315 tristate "LRW support"
David Howells90831632006-12-16 12:13:14 +1100316 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800317 select CRYPTO_MANAGER
318 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100319 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800320 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
321 narrow block cipher mode for dm-crypt. Use it with cipher
322 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
323 The first 128, 192 or 256 bits in the key are used for AES and the
324 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100325
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800326config CRYPTO_PCBC
327 tristate "PCBC support"
328 select CRYPTO_BLKCIPHER
329 select CRYPTO_MANAGER
330 help
331 PCBC: Propagating Cipher Block Chaining mode
332 This block cipher algorithm is required for RxRPC.
333
334config CRYPTO_XTS
Jussi Kivilinna5bcf8e62011-12-13 12:52:56 +0200335 tristate "XTS support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800336 select CRYPTO_BLKCIPHER
337 select CRYPTO_MANAGER
338 select CRYPTO_GF128MUL
339 help
340 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
341 key size 256, 384 or 512 bits. This implementation currently
342 can't handle a sectorsize which is not a multiple of 16 bytes.
343
Stephan Mueller1c49678e2015-09-21 20:58:56 +0200344config CRYPTO_KEYWRAP
345 tristate "Key wrapping support"
346 select CRYPTO_BLKCIPHER
347 help
348 Support for key wrapping (NIST SP800-38F / RFC3394) without
349 padding.
350
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800351comment "Hash modes"
352
Jussi Kivilinna93b5e862013-04-08 10:48:44 +0300353config CRYPTO_CMAC
354 tristate "CMAC support"
355 select CRYPTO_HASH
356 select CRYPTO_MANAGER
357 help
358 Cipher-based Message Authentication Code (CMAC) specified by
359 The National Institute of Standards and Technology (NIST).
360
361 https://tools.ietf.org/html/rfc4493
362 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
363
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800364config CRYPTO_HMAC
365 tristate "HMAC support"
366 select CRYPTO_HASH
367 select CRYPTO_MANAGER
368 help
369 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
370 This is required for IPSec.
371
372config CRYPTO_XCBC
373 tristate "XCBC support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800374 select CRYPTO_HASH
375 select CRYPTO_MANAGER
376 help
377 XCBC: Keyed-Hashing with encryption algorithm
378 http://www.ietf.org/rfc/rfc3566.txt
379 http://csrc.nist.gov/encryption/modes/proposedmodes/
380 xcbc-mac/xcbc-mac-spec.pdf
381
Shane Wangf1939f72009-09-02 20:05:22 +1000382config CRYPTO_VMAC
383 tristate "VMAC support"
Shane Wangf1939f72009-09-02 20:05:22 +1000384 select CRYPTO_HASH
385 select CRYPTO_MANAGER
386 help
387 VMAC is a message authentication algorithm designed for
388 very high speed on 64-bit architectures.
389
390 See also:
391 <http://fastcrypto.org/vmac>
392
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800393comment "Digest"
394
395config CRYPTO_CRC32C
396 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800397 select CRYPTO_HASH
Darrick J. Wong6a0962b2012-03-23 15:02:25 -0700398 select CRC32
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800399 help
400 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
401 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800402 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800403
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800404config CRYPTO_CRC32C_INTEL
405 tristate "CRC32c INTEL hardware acceleration"
406 depends on X86
407 select CRYPTO_HASH
408 help
409 In Intel processor with SSE4.2 supported, the processor will
410 support CRC32C implementation using hardware accelerated CRC32
411 instruction. This option will create 'crc32c-intel' module,
412 which will enable any routine to use the CRC32 instruction to
413 gain performance compared with software implementation.
414 Module will be crc32c-intel.
415
David S. Miller442a7c42012-08-22 20:47:36 -0700416config CRYPTO_CRC32C_SPARC64
417 tristate "CRC32c CRC algorithm (SPARC64)"
418 depends on SPARC64
419 select CRYPTO_HASH
420 select CRC32
421 help
422 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
423 when available.
424
Alexander Boyko78c37d12013-01-10 18:54:59 +0400425config CRYPTO_CRC32
426 tristate "CRC32 CRC algorithm"
427 select CRYPTO_HASH
428 select CRC32
429 help
430 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
431 Shash crypto api wrappers to crc32_le function.
432
433config CRYPTO_CRC32_PCLMUL
434 tristate "CRC32 PCLMULQDQ hardware acceleration"
435 depends on X86
436 select CRYPTO_HASH
437 select CRC32
438 help
439 From Intel Westmere and AMD Bulldozer processor with SSE4.2
440 and PCLMULQDQ supported, the processor will support
441 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
442 instruction. This option will create 'crc32-plcmul' module,
443 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
444 and gain better performance as compared with the table implementation.
445
Herbert Xu684115212013-09-07 12:56:26 +1000446config CRYPTO_CRCT10DIF
447 tristate "CRCT10DIF algorithm"
448 select CRYPTO_HASH
449 help
450 CRC T10 Data Integrity Field computation is being cast as
451 a crypto transform. This allows for faster crc t10 diff
452 transforms to be used if they are available.
453
454config CRYPTO_CRCT10DIF_PCLMUL
455 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
456 depends on X86 && 64BIT && CRC_T10DIF
457 select CRYPTO_HASH
458 help
459 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
460 CRC T10 DIF PCLMULQDQ computation can be hardware
461 accelerated PCLMULQDQ instruction. This option will create
462 'crct10dif-plcmul' module, which is faster when computing the
463 crct10dif checksum as compared with the generic table implementation.
464
Huang Ying2cdc6892009-08-06 15:32:38 +1000465config CRYPTO_GHASH
466 tristate "GHASH digest algorithm"
Huang Ying2cdc6892009-08-06 15:32:38 +1000467 select CRYPTO_GF128MUL
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100468 select CRYPTO_HASH
Huang Ying2cdc6892009-08-06 15:32:38 +1000469 help
470 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
471
Martin Willif979e012015-06-01 13:43:58 +0200472config CRYPTO_POLY1305
473 tristate "Poly1305 authenticator algorithm"
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100474 select CRYPTO_HASH
Martin Willif979e012015-06-01 13:43:58 +0200475 help
476 Poly1305 authenticator algorithm, RFC7539.
477
478 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
479 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
480 in IETF protocols. This is the portable C implementation of Poly1305.
481
Martin Willic70f4ab2015-07-16 19:14:06 +0200482config CRYPTO_POLY1305_X86_64
Martin Willib1ccc8f2015-07-16 19:14:08 +0200483 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
Martin Willic70f4ab2015-07-16 19:14:06 +0200484 depends on X86 && 64BIT
485 select CRYPTO_POLY1305
486 help
487 Poly1305 authenticator algorithm, RFC7539.
488
489 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
490 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
491 in IETF protocols. This is the x86_64 assembler implementation using SIMD
492 instructions.
493
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800494config CRYPTO_MD4
495 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800496 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700497 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800498 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700499
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800500config CRYPTO_MD5
501 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800502 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700503 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800504 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700505
Aaro Koskinend69e75d2014-12-21 22:54:02 +0200506config CRYPTO_MD5_OCTEON
507 tristate "MD5 digest algorithm (OCTEON)"
508 depends on CPU_CAVIUM_OCTEON
509 select CRYPTO_MD5
510 select CRYPTO_HASH
511 help
512 MD5 message digest algorithm (RFC1321) implemented
513 using OCTEON crypto instructions, when available.
514
Markus Stockhausene8e59952015-03-01 19:30:46 +0100515config CRYPTO_MD5_PPC
516 tristate "MD5 digest algorithm (PPC)"
517 depends on PPC
518 select CRYPTO_HASH
519 help
520 MD5 message digest algorithm (RFC1321) implemented
521 in PPC assembler.
522
David S. Millerfa4dfed2012-08-19 21:51:26 -0700523config CRYPTO_MD5_SPARC64
524 tristate "MD5 digest algorithm (SPARC64)"
525 depends on SPARC64
526 select CRYPTO_MD5
527 select CRYPTO_HASH
528 help
529 MD5 message digest algorithm (RFC1321) implemented
530 using sparc64 crypto instructions, when available.
531
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800532config CRYPTO_MICHAEL_MIC
533 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800534 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800535 help
536 Michael MIC is used for message integrity protection in TKIP
537 (IEEE 802.11i). This algorithm is required for TKIP, but it
538 should not be used for other purposes because of the weakness
539 of the algorithm.
540
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800541config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800542 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800543 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800544 help
545 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800546
Adrian Bunkb6d44342008-07-16 19:28:00 +0800547 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
Michael Witten35ed4b32011-07-09 04:02:31 +0000548 be used as a secure replacement for RIPEMD. For other use cases,
Adrian Bunkb6d44342008-07-16 19:28:00 +0800549 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800550
Adrian Bunkb6d44342008-07-16 19:28:00 +0800551 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800552 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800553
554config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800555 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800556 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800557 help
558 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800559
Adrian Bunkb6d44342008-07-16 19:28:00 +0800560 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
561 to be used as a secure replacement for the 128-bit hash functions
562 MD4, MD5 and it's predecessor RIPEMD
563 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800564
Adrian Bunkb6d44342008-07-16 19:28:00 +0800565 It's speed is comparable to SHA1 and there are no known attacks
566 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800567
Adrian Bunkb6d44342008-07-16 19:28:00 +0800568 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800569 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800570
571config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800572 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800573 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800574 help
575 RIPEMD-256 is an optional extension of RIPEMD-128 with a
576 256 bit hash. It is intended for applications that require
577 longer hash-results, without needing a larger security level
578 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800579
Adrian Bunkb6d44342008-07-16 19:28:00 +0800580 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800581 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800582
583config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800584 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800585 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800586 help
587 RIPEMD-320 is an optional extension of RIPEMD-160 with a
588 320 bit hash. It is intended for applications that require
589 longer hash-results, without needing a larger security level
590 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800591
Adrian Bunkb6d44342008-07-16 19:28:00 +0800592 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800593 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800594
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800595config CRYPTO_SHA1
596 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800597 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800598 help
599 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
600
Mathias Krause66be8952011-08-04 20:19:25 +0200601config CRYPTO_SHA1_SSSE3
time38b6b72015-09-10 15:27:26 -0700602 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Mathias Krause66be8952011-08-04 20:19:25 +0200603 depends on X86 && 64BIT
604 select CRYPTO_SHA1
605 select CRYPTO_HASH
606 help
607 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
608 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
time38b6b72015-09-10 15:27:26 -0700609 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
610 when available.
Mathias Krause66be8952011-08-04 20:19:25 +0200611
Tim Chen8275d1a2013-03-26 13:59:17 -0700612config CRYPTO_SHA256_SSSE3
time38b6b72015-09-10 15:27:26 -0700613 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Tim Chen8275d1a2013-03-26 13:59:17 -0700614 depends on X86 && 64BIT
615 select CRYPTO_SHA256
616 select CRYPTO_HASH
617 help
618 SHA-256 secure hash standard (DFIPS 180-2) implemented
619 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
620 Extensions version 1 (AVX1), or Advanced Vector Extensions
time38b6b72015-09-10 15:27:26 -0700621 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
622 Instructions) when available.
Tim Chen8275d1a2013-03-26 13:59:17 -0700623
Tim Chen87de4572013-03-26 14:00:02 -0700624config CRYPTO_SHA512_SSSE3
625 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
626 depends on X86 && 64BIT
627 select CRYPTO_SHA512
628 select CRYPTO_HASH
629 help
630 SHA-512 secure hash standard (DFIPS 180-2) implemented
631 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
632 Extensions version 1 (AVX1), or Advanced Vector Extensions
633 version 2 (AVX2) instructions, when available.
634
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200635config CRYPTO_SHA1_OCTEON
636 tristate "SHA1 digest algorithm (OCTEON)"
637 depends on CPU_CAVIUM_OCTEON
638 select CRYPTO_SHA1
639 select CRYPTO_HASH
640 help
641 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
642 using OCTEON crypto instructions, when available.
643
David S. Miller4ff28d42012-08-19 15:41:53 -0700644config CRYPTO_SHA1_SPARC64
645 tristate "SHA1 digest algorithm (SPARC64)"
646 depends on SPARC64
647 select CRYPTO_SHA1
648 select CRYPTO_HASH
649 help
650 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
651 using sparc64 crypto instructions, when available.
652
Michael Ellerman323a6bf2012-09-13 23:00:49 +0000653config CRYPTO_SHA1_PPC
654 tristate "SHA1 digest algorithm (powerpc)"
655 depends on PPC
656 help
657 This is the powerpc hardware accelerated implementation of the
658 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
659
Markus Stockhausend9850fc2015-02-24 20:36:50 +0100660config CRYPTO_SHA1_PPC_SPE
661 tristate "SHA1 digest algorithm (PPC SPE)"
662 depends on PPC && SPE
663 help
664 SHA-1 secure hash standard (DFIPS 180-4) implemented
665 using powerpc SPE SIMD instruction set.
666
Tim Chen1e65b812014-07-31 10:29:51 -0700667config CRYPTO_SHA1_MB
668 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
669 depends on X86 && 64BIT
670 select CRYPTO_SHA1
671 select CRYPTO_HASH
672 select CRYPTO_MCRYPTD
673 help
674 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
675 using multi-buffer technique. This algorithm computes on
676 multiple data lanes concurrently with SIMD instructions for
677 better throughput. It should not be enabled by default but
678 used when there is significant amount of work to keep the keep
679 the data lanes filled to get performance benefit. If the data
680 lanes remain unfilled, a flush operation will be initiated to
681 process the crypto jobs, adding a slight latency.
682
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800683config CRYPTO_SHA256
684 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800685 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800686 help
687 SHA256 secure hash standard (DFIPS 180-2).
688
689 This version of SHA implements a 256 bit hash with 128 bits of
690 security against collision attacks.
691
Adrian Bunkb6d44342008-07-16 19:28:00 +0800692 This code also includes SHA-224, a 224 bit hash with 112 bits
693 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800694
Markus Stockhausen2ecc1e92015-01-30 15:39:34 +0100695config CRYPTO_SHA256_PPC_SPE
696 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
697 depends on PPC && SPE
698 select CRYPTO_SHA256
699 select CRYPTO_HASH
700 help
701 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
702 implemented using powerpc SPE SIMD instruction set.
703
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200704config CRYPTO_SHA256_OCTEON
705 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
706 depends on CPU_CAVIUM_OCTEON
707 select CRYPTO_SHA256
708 select CRYPTO_HASH
709 help
710 SHA-256 secure hash standard (DFIPS 180-2) implemented
711 using OCTEON crypto instructions, when available.
712
David S. Miller86c93b22012-08-19 17:11:37 -0700713config CRYPTO_SHA256_SPARC64
714 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
715 depends on SPARC64
716 select CRYPTO_SHA256
717 select CRYPTO_HASH
718 help
719 SHA-256 secure hash standard (DFIPS 180-2) implemented
720 using sparc64 crypto instructions, when available.
721
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800722config CRYPTO_SHA512
723 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100724 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800725 help
726 SHA512 secure hash standard (DFIPS 180-2).
727
728 This version of SHA implements a 512 bit hash with 256 bits of
729 security against collision attacks.
730
731 This code also includes SHA-384, a 384 bit hash with 192 bits
732 of security against collision attacks.
733
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200734config CRYPTO_SHA512_OCTEON
735 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
736 depends on CPU_CAVIUM_OCTEON
737 select CRYPTO_SHA512
738 select CRYPTO_HASH
739 help
740 SHA-512 secure hash standard (DFIPS 180-2) implemented
741 using OCTEON crypto instructions, when available.
742
David S. Miller775e0c62012-08-19 17:37:56 -0700743config CRYPTO_SHA512_SPARC64
744 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
745 depends on SPARC64
746 select CRYPTO_SHA512
747 select CRYPTO_HASH
748 help
749 SHA-512 secure hash standard (DFIPS 180-2) implemented
750 using sparc64 crypto instructions, when available.
751
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800752config CRYPTO_TGR192
753 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800754 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800755 help
756 Tiger hash algorithm 192, 160 and 128-bit hashes
757
758 Tiger is a hash function optimized for 64-bit processors while
759 still having decent performance on 32-bit processors.
760 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700761
762 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800763 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
764
765config CRYPTO_WP512
766 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800767 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800768 help
769 Whirlpool hash algorithm 512, 384 and 256-bit hashes
770
771 Whirlpool-512 is part of the NESSIE cryptographic primitives.
772 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
773
774 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800775 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800776
Huang Ying0e1227d2009-10-19 11:53:06 +0900777config CRYPTO_GHASH_CLMUL_NI_INTEL
778 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800779 depends on X86 && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +0900780 select CRYPTO_CRYPTD
781 help
782 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
783 The implementation is accelerated by CLMUL-NI of Intel.
784
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800785comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700786
787config CRYPTO_AES
788 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000789 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700790 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800791 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700792 algorithm.
793
794 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800795 both hardware and software across a wide range of computing
796 environments regardless of its use in feedback or non-feedback
797 modes. Its key setup time is excellent, and its key agility is
798 good. Rijndael's very low memory requirements make it very well
799 suited for restricted-space environments, in which it also
800 demonstrates excellent performance. Rijndael's operations are
801 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700802
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800803 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700804
805 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
806
807config CRYPTO_AES_586
808 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000809 depends on (X86 || UML_X86) && !64BIT
810 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800811 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700812 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800813 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700814 algorithm.
815
816 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800817 both hardware and software across a wide range of computing
818 environments regardless of its use in feedback or non-feedback
819 modes. Its key setup time is excellent, and its key agility is
820 good. Rijndael's very low memory requirements make it very well
821 suited for restricted-space environments, in which it also
822 demonstrates excellent performance. Rijndael's operations are
823 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700824
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800825 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700826
827 See <http://csrc.nist.gov/encryption/aes/> for more information.
828
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700829config CRYPTO_AES_X86_64
830 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000831 depends on (X86 || UML_X86) && 64BIT
832 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800833 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700834 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800835 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700836 algorithm.
837
838 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800839 both hardware and software across a wide range of computing
840 environments regardless of its use in feedback or non-feedback
841 modes. Its key setup time is excellent, and its key agility is
842 good. Rijndael's very low memory requirements make it very well
843 suited for restricted-space environments, in which it also
844 demonstrates excellent performance. Rijndael's operations are
845 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700846
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800847 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700848
849 See <http://csrc.nist.gov/encryption/aes/> for more information.
850
Huang Ying54b6a1b2009-01-18 16:28:34 +1100851config CRYPTO_AES_NI_INTEL
852 tristate "AES cipher algorithms (AES-NI)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800853 depends on X86
Mathias Krause0d258ef2010-11-27 16:34:46 +0800854 select CRYPTO_AES_X86_64 if 64BIT
855 select CRYPTO_AES_586 if !64BIT
Huang Ying54b6a1b2009-01-18 16:28:34 +1100856 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200857 select CRYPTO_ABLK_HELPER
Huang Ying54b6a1b2009-01-18 16:28:34 +1100858 select CRYPTO_ALGAPI
Jussi Kivilinna7643a112013-04-10 18:39:20 +0300859 select CRYPTO_GLUE_HELPER_X86 if 64BIT
Jussi Kivilinna023af602012-07-22 18:18:37 +0300860 select CRYPTO_LRW
861 select CRYPTO_XTS
Huang Ying54b6a1b2009-01-18 16:28:34 +1100862 help
863 Use Intel AES-NI instructions for AES algorithm.
864
865 AES cipher algorithms (FIPS-197). AES uses the Rijndael
866 algorithm.
867
868 Rijndael appears to be consistently a very good performer in
869 both hardware and software across a wide range of computing
870 environments regardless of its use in feedback or non-feedback
871 modes. Its key setup time is excellent, and its key agility is
872 good. Rijndael's very low memory requirements make it very well
873 suited for restricted-space environments, in which it also
874 demonstrates excellent performance. Rijndael's operations are
875 among the easiest to defend against power and timing attacks.
876
877 The AES specifies three key sizes: 128, 192 and 256 bits
878
879 See <http://csrc.nist.gov/encryption/aes/> for more information.
880
Mathias Krause0d258ef2010-11-27 16:34:46 +0800881 In addition to AES cipher algorithm support, the acceleration
882 for some popular block cipher mode is supported too, including
883 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
884 acceleration for CTR.
Huang Ying2cf4ac82009-03-29 15:41:20 +0800885
David S. Miller9bf48522012-08-21 03:58:13 -0700886config CRYPTO_AES_SPARC64
887 tristate "AES cipher algorithms (SPARC64)"
888 depends on SPARC64
889 select CRYPTO_CRYPTD
890 select CRYPTO_ALGAPI
891 help
892 Use SPARC64 crypto opcodes for AES algorithm.
893
894 AES cipher algorithms (FIPS-197). AES uses the Rijndael
895 algorithm.
896
897 Rijndael appears to be consistently a very good performer in
898 both hardware and software across a wide range of computing
899 environments regardless of its use in feedback or non-feedback
900 modes. Its key setup time is excellent, and its key agility is
901 good. Rijndael's very low memory requirements make it very well
902 suited for restricted-space environments, in which it also
903 demonstrates excellent performance. Rijndael's operations are
904 among the easiest to defend against power and timing attacks.
905
906 The AES specifies three key sizes: 128, 192 and 256 bits
907
908 See <http://csrc.nist.gov/encryption/aes/> for more information.
909
910 In addition to AES cipher algorithm support, the acceleration
911 for some popular block cipher mode is supported too, including
912 ECB and CBC.
913
Markus Stockhausen504c6142015-02-22 10:00:10 +0100914config CRYPTO_AES_PPC_SPE
915 tristate "AES cipher algorithms (PPC SPE)"
916 depends on PPC && SPE
917 help
918 AES cipher algorithms (FIPS-197). Additionally the acceleration
919 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
920 This module should only be used for low power (router) devices
921 without hardware AES acceleration (e.g. caam crypto). It reduces the
922 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
923 timining attacks. Nevertheless it might be not as secure as other
924 architecture specific assembler implementations that work on 1KB
925 tables or 256 bytes S-boxes.
926
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800927config CRYPTO_ANUBIS
928 tristate "Anubis cipher algorithm"
929 select CRYPTO_ALGAPI
930 help
931 Anubis cipher algorithm.
932
933 Anubis is a variable key length cipher which can use keys from
934 128 bits to 320 bits in length. It was evaluated as a entrant
935 in the NESSIE competition.
936
937 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800938 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
939 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800940
941config CRYPTO_ARC4
942 tristate "ARC4 cipher algorithm"
Sebastian Andrzej Siewiorb9b0f082012-06-26 18:13:46 +0200943 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800944 help
945 ARC4 cipher algorithm.
946
947 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
948 bits in length. This algorithm is required for driver-based
949 WEP, but it should not be for other purposes because of the
950 weakness of the algorithm.
951
952config CRYPTO_BLOWFISH
953 tristate "Blowfish cipher algorithm"
954 select CRYPTO_ALGAPI
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300955 select CRYPTO_BLOWFISH_COMMON
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800956 help
957 Blowfish cipher algorithm, by Bruce Schneier.
958
959 This is a variable key length cipher which can use keys from 32
960 bits to 448 bits in length. It's fast, simple and specifically
961 designed for use on "large microprocessors".
962
963 See also:
964 <http://www.schneier.com/blowfish.html>
965
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300966config CRYPTO_BLOWFISH_COMMON
967 tristate
968 help
969 Common parts of the Blowfish cipher algorithm shared by the
970 generic c and the assembler implementations.
971
972 See also:
973 <http://www.schneier.com/blowfish.html>
974
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300975config CRYPTO_BLOWFISH_X86_64
976 tristate "Blowfish cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -0400977 depends on X86 && 64BIT
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300978 select CRYPTO_ALGAPI
979 select CRYPTO_BLOWFISH_COMMON
980 help
981 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
982
983 This is a variable key length cipher which can use keys from 32
984 bits to 448 bits in length. It's fast, simple and specifically
985 designed for use on "large microprocessors".
986
987 See also:
988 <http://www.schneier.com/blowfish.html>
989
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800990config CRYPTO_CAMELLIA
991 tristate "Camellia cipher algorithms"
992 depends on CRYPTO
993 select CRYPTO_ALGAPI
994 help
995 Camellia cipher algorithms module.
996
997 Camellia is a symmetric key block cipher developed jointly
998 at NTT and Mitsubishi Electric Corporation.
999
1000 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1001
1002 See also:
1003 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1004
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001005config CRYPTO_CAMELLIA_X86_64
1006 tristate "Camellia cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001007 depends on X86 && 64BIT
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001008 depends on CRYPTO
1009 select CRYPTO_ALGAPI
Jussi Kivilinna964263a2012-06-18 14:07:29 +03001010 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001011 select CRYPTO_LRW
1012 select CRYPTO_XTS
1013 help
1014 Camellia cipher algorithm module (x86_64).
1015
1016 Camellia is a symmetric key block cipher developed jointly
1017 at NTT and Mitsubishi Electric Corporation.
1018
1019 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1020
1021 See also:
1022 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1023
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001024config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1025 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1026 depends on X86 && 64BIT
1027 depends on CRYPTO
1028 select CRYPTO_ALGAPI
1029 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001030 select CRYPTO_ABLK_HELPER
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001031 select CRYPTO_GLUE_HELPER_X86
1032 select CRYPTO_CAMELLIA_X86_64
1033 select CRYPTO_LRW
1034 select CRYPTO_XTS
1035 help
1036 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1037
1038 Camellia is a symmetric key block cipher developed jointly
1039 at NTT and Mitsubishi Electric Corporation.
1040
1041 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1042
1043 See also:
1044 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1045
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001046config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1047 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1048 depends on X86 && 64BIT
1049 depends on CRYPTO
1050 select CRYPTO_ALGAPI
1051 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001052 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001053 select CRYPTO_GLUE_HELPER_X86
1054 select CRYPTO_CAMELLIA_X86_64
1055 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1056 select CRYPTO_LRW
1057 select CRYPTO_XTS
1058 help
1059 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1060
1061 Camellia is a symmetric key block cipher developed jointly
1062 at NTT and Mitsubishi Electric Corporation.
1063
1064 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1065
1066 See also:
1067 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1068
David S. Miller81658ad2012-08-28 12:05:54 -07001069config CRYPTO_CAMELLIA_SPARC64
1070 tristate "Camellia cipher algorithm (SPARC64)"
1071 depends on SPARC64
1072 depends on CRYPTO
1073 select CRYPTO_ALGAPI
1074 help
1075 Camellia cipher algorithm module (SPARC64).
1076
1077 Camellia is a symmetric key block cipher developed jointly
1078 at NTT and Mitsubishi Electric Corporation.
1079
1080 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1081
1082 See also:
1083 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1084
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001085config CRYPTO_CAST_COMMON
1086 tristate
1087 help
1088 Common parts of the CAST cipher algorithms shared by the
1089 generic c and the assembler implementations.
1090
Linus Torvalds1da177e2005-04-16 15:20:36 -07001091config CRYPTO_CAST5
1092 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001093 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001094 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001095 help
1096 The CAST5 encryption algorithm (synonymous with CAST-128) is
1097 described in RFC2144.
1098
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001099config CRYPTO_CAST5_AVX_X86_64
1100 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1101 depends on X86 && 64BIT
1102 select CRYPTO_ALGAPI
1103 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001104 select CRYPTO_ABLK_HELPER
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001105 select CRYPTO_CAST_COMMON
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001106 select CRYPTO_CAST5
1107 help
1108 The CAST5 encryption algorithm (synonymous with CAST-128) is
1109 described in RFC2144.
1110
1111 This module provides the Cast5 cipher algorithm that processes
1112 sixteen blocks parallel using the AVX instruction set.
1113
Linus Torvalds1da177e2005-04-16 15:20:36 -07001114config CRYPTO_CAST6
1115 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001116 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001117 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001118 help
1119 The CAST6 encryption algorithm (synonymous with CAST-256) is
1120 described in RFC2612.
1121
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001122config CRYPTO_CAST6_AVX_X86_64
1123 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1124 depends on X86 && 64BIT
1125 select CRYPTO_ALGAPI
1126 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001127 select CRYPTO_ABLK_HELPER
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001128 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001129 select CRYPTO_CAST_COMMON
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001130 select CRYPTO_CAST6
1131 select CRYPTO_LRW
1132 select CRYPTO_XTS
1133 help
1134 The CAST6 encryption algorithm (synonymous with CAST-256) is
1135 described in RFC2612.
1136
1137 This module provides the Cast6 cipher algorithm that processes
1138 eight blocks parallel using the AVX instruction set.
1139
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001140config CRYPTO_DES
1141 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001142 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001143 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001144 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -07001145
David S. Millerc5aac2d2012-08-25 22:37:23 -07001146config CRYPTO_DES_SPARC64
1147 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
Dave Jones97da37b2012-10-02 17:13:20 -04001148 depends on SPARC64
David S. Millerc5aac2d2012-08-25 22:37:23 -07001149 select CRYPTO_ALGAPI
1150 select CRYPTO_DES
1151 help
1152 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1153 optimized using SPARC64 crypto opcodes.
1154
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001155config CRYPTO_DES3_EDE_X86_64
1156 tristate "Triple DES EDE cipher algorithm (x86-64)"
1157 depends on X86 && 64BIT
1158 select CRYPTO_ALGAPI
1159 select CRYPTO_DES
1160 help
1161 Triple DES EDE (FIPS 46-3) algorithm.
1162
1163 This module provides implementation of the Triple DES EDE cipher
1164 algorithm that is optimized for x86-64 processors. Two versions of
1165 algorithm are provided; regular processing one input block and
1166 one that processes three blocks parallel.
1167
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001168config CRYPTO_FCRYPT
1169 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001170 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001171 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -07001172 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001173 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001174
1175config CRYPTO_KHAZAD
1176 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001177 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001178 help
1179 Khazad cipher algorithm.
1180
1181 Khazad was a finalist in the initial NESSIE competition. It is
1182 an algorithm optimized for 64-bit processors with good performance
1183 on 32-bit processors. Khazad uses an 128 bit key size.
1184
1185 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001186 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001187
Tan Swee Heng2407d602007-11-23 19:45:00 +08001188config CRYPTO_SALSA20
Kees Cook3b4afaf2012-10-02 11:16:49 -07001189 tristate "Salsa20 stream cipher algorithm"
Tan Swee Heng2407d602007-11-23 19:45:00 +08001190 select CRYPTO_BLKCIPHER
1191 help
1192 Salsa20 stream cipher algorithm.
1193
1194 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1195 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1196
1197 The Salsa20 stream cipher algorithm is designed by Daniel J.
1198 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001199
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001200config CRYPTO_SALSA20_586
Kees Cook3b4afaf2012-10-02 11:16:49 -07001201 tristate "Salsa20 stream cipher algorithm (i586)"
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001202 depends on (X86 || UML_X86) && !64BIT
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001203 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001204 help
1205 Salsa20 stream cipher algorithm.
1206
1207 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1208 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1209
1210 The Salsa20 stream cipher algorithm is designed by Daniel J.
1211 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1212
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001213config CRYPTO_SALSA20_X86_64
Kees Cook3b4afaf2012-10-02 11:16:49 -07001214 tristate "Salsa20 stream cipher algorithm (x86_64)"
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001215 depends on (X86 || UML_X86) && 64BIT
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001216 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001217 help
1218 Salsa20 stream cipher algorithm.
1219
1220 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1221 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1222
1223 The Salsa20 stream cipher algorithm is designed by Daniel J.
1224 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1225
Martin Willic08d0e62015-06-01 13:43:56 +02001226config CRYPTO_CHACHA20
1227 tristate "ChaCha20 cipher algorithm"
1228 select CRYPTO_BLKCIPHER
1229 help
1230 ChaCha20 cipher algorithm, RFC7539.
1231
1232 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1233 Bernstein and further specified in RFC7539 for use in IETF protocols.
1234 This is the portable C implementation of ChaCha20.
1235
1236 See also:
1237 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1238
Martin Willic9320b62015-07-16 19:14:01 +02001239config CRYPTO_CHACHA20_X86_64
Martin Willi3d1e93c2015-07-16 19:14:03 +02001240 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
Martin Willic9320b62015-07-16 19:14:01 +02001241 depends on X86 && 64BIT
1242 select CRYPTO_BLKCIPHER
1243 select CRYPTO_CHACHA20
1244 help
1245 ChaCha20 cipher algorithm, RFC7539.
1246
1247 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1248 Bernstein and further specified in RFC7539 for use in IETF protocols.
1249 This is the x86_64 assembler implementation using SIMD instructions.
1250
1251 See also:
1252 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1253
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001254config CRYPTO_SEED
1255 tristate "SEED cipher algorithm"
1256 select CRYPTO_ALGAPI
1257 help
1258 SEED cipher algorithm (RFC4269).
1259
1260 SEED is a 128-bit symmetric key block cipher that has been
1261 developed by KISA (Korea Information Security Agency) as a
1262 national standard encryption algorithm of the Republic of Korea.
1263 It is a 16 round block cipher with the key size of 128 bit.
1264
1265 See also:
1266 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1267
1268config CRYPTO_SERPENT
1269 tristate "Serpent cipher algorithm"
1270 select CRYPTO_ALGAPI
1271 help
1272 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1273
1274 Keys are allowed to be from 0 to 256 bits in length, in steps
1275 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1276 variant of Serpent for compatibility with old kerneli.org code.
1277
1278 See also:
1279 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1280
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001281config CRYPTO_SERPENT_SSE2_X86_64
1282 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1283 depends on X86 && 64BIT
1284 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001285 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001286 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001287 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001288 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001289 select CRYPTO_LRW
1290 select CRYPTO_XTS
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001291 help
1292 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1293
1294 Keys are allowed to be from 0 to 256 bits in length, in steps
1295 of 8 bits.
1296
Masanari Iida1e6232f2015-04-04 00:20:30 +09001297 This module provides Serpent cipher algorithm that processes eight
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001298 blocks parallel using SSE2 instruction set.
1299
1300 See also:
1301 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1302
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001303config CRYPTO_SERPENT_SSE2_586
1304 tristate "Serpent cipher algorithm (i586/SSE2)"
1305 depends on X86 && !64BIT
1306 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001307 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001308 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001309 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001310 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001311 select CRYPTO_LRW
1312 select CRYPTO_XTS
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001313 help
1314 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1315
1316 Keys are allowed to be from 0 to 256 bits in length, in steps
1317 of 8 bits.
1318
1319 This module provides Serpent cipher algorithm that processes four
1320 blocks parallel using SSE2 instruction set.
1321
1322 See also:
1323 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1324
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001325config CRYPTO_SERPENT_AVX_X86_64
1326 tristate "Serpent cipher algorithm (x86_64/AVX)"
1327 depends on X86 && 64BIT
1328 select CRYPTO_ALGAPI
1329 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001330 select CRYPTO_ABLK_HELPER
Jussi Kivilinna1d0debb2012-06-18 14:07:24 +03001331 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001332 select CRYPTO_SERPENT
1333 select CRYPTO_LRW
1334 select CRYPTO_XTS
1335 help
1336 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1337
1338 Keys are allowed to be from 0 to 256 bits in length, in steps
1339 of 8 bits.
1340
1341 This module provides the Serpent cipher algorithm that processes
1342 eight blocks parallel using the AVX instruction set.
1343
1344 See also:
1345 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1346
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001347config CRYPTO_SERPENT_AVX2_X86_64
1348 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1349 depends on X86 && 64BIT
1350 select CRYPTO_ALGAPI
1351 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001352 select CRYPTO_ABLK_HELPER
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001353 select CRYPTO_GLUE_HELPER_X86
1354 select CRYPTO_SERPENT
1355 select CRYPTO_SERPENT_AVX_X86_64
1356 select CRYPTO_LRW
1357 select CRYPTO_XTS
1358 help
1359 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1360
1361 Keys are allowed to be from 0 to 256 bits in length, in steps
1362 of 8 bits.
1363
1364 This module provides Serpent cipher algorithm that processes 16
1365 blocks parallel using AVX2 instruction set.
1366
1367 See also:
1368 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1369
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001370config CRYPTO_TEA
1371 tristate "TEA, XTEA and XETA cipher algorithms"
1372 select CRYPTO_ALGAPI
1373 help
1374 TEA cipher algorithm.
1375
1376 Tiny Encryption Algorithm is a simple cipher that uses
1377 many rounds for security. It is very fast and uses
1378 little memory.
1379
1380 Xtendend Tiny Encryption Algorithm is a modification to
1381 the TEA algorithm to address a potential key weakness
1382 in the TEA algorithm.
1383
1384 Xtendend Encryption Tiny Algorithm is a mis-implementation
1385 of the XTEA algorithm for compatibility purposes.
1386
1387config CRYPTO_TWOFISH
1388 tristate "Twofish cipher algorithm"
1389 select CRYPTO_ALGAPI
1390 select CRYPTO_TWOFISH_COMMON
1391 help
1392 Twofish cipher algorithm.
1393
1394 Twofish was submitted as an AES (Advanced Encryption Standard)
1395 candidate cipher by researchers at CounterPane Systems. It is a
1396 16 round block cipher supporting key sizes of 128, 192, and 256
1397 bits.
1398
1399 See also:
1400 <http://www.schneier.com/twofish.html>
1401
1402config CRYPTO_TWOFISH_COMMON
1403 tristate
1404 help
1405 Common parts of the Twofish cipher algorithm shared by the
1406 generic c and the assembler implementations.
1407
1408config CRYPTO_TWOFISH_586
1409 tristate "Twofish cipher algorithms (i586)"
1410 depends on (X86 || UML_X86) && !64BIT
1411 select CRYPTO_ALGAPI
1412 select CRYPTO_TWOFISH_COMMON
1413 help
1414 Twofish cipher algorithm.
1415
1416 Twofish was submitted as an AES (Advanced Encryption Standard)
1417 candidate cipher by researchers at CounterPane Systems. It is a
1418 16 round block cipher supporting key sizes of 128, 192, and 256
1419 bits.
1420
1421 See also:
1422 <http://www.schneier.com/twofish.html>
1423
1424config CRYPTO_TWOFISH_X86_64
1425 tristate "Twofish cipher algorithm (x86_64)"
1426 depends on (X86 || UML_X86) && 64BIT
1427 select CRYPTO_ALGAPI
1428 select CRYPTO_TWOFISH_COMMON
1429 help
1430 Twofish cipher algorithm (x86_64).
1431
1432 Twofish was submitted as an AES (Advanced Encryption Standard)
1433 candidate cipher by researchers at CounterPane Systems. It is a
1434 16 round block cipher supporting key sizes of 128, 192, and 256
1435 bits.
1436
1437 See also:
1438 <http://www.schneier.com/twofish.html>
1439
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001440config CRYPTO_TWOFISH_X86_64_3WAY
1441 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
Al Virof21a7c12012-04-08 20:31:22 -04001442 depends on X86 && 64BIT
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001443 select CRYPTO_ALGAPI
1444 select CRYPTO_TWOFISH_COMMON
1445 select CRYPTO_TWOFISH_X86_64
Jussi Kivilinna414cb5e2012-06-18 14:07:34 +03001446 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinnae7cda5d2011-12-13 12:53:01 +02001447 select CRYPTO_LRW
1448 select CRYPTO_XTS
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001449 help
1450 Twofish cipher algorithm (x86_64, 3-way parallel).
1451
1452 Twofish was submitted as an AES (Advanced Encryption Standard)
1453 candidate cipher by researchers at CounterPane Systems. It is a
1454 16 round block cipher supporting key sizes of 128, 192, and 256
1455 bits.
1456
1457 This module provides Twofish cipher algorithm that processes three
1458 blocks parallel, utilizing resources of out-of-order CPUs better.
1459
1460 See also:
1461 <http://www.schneier.com/twofish.html>
1462
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001463config CRYPTO_TWOFISH_AVX_X86_64
1464 tristate "Twofish cipher algorithm (x86_64/AVX)"
1465 depends on X86 && 64BIT
1466 select CRYPTO_ALGAPI
1467 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001468 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaa7378d42012-06-18 14:07:39 +03001469 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001470 select CRYPTO_TWOFISH_COMMON
1471 select CRYPTO_TWOFISH_X86_64
1472 select CRYPTO_TWOFISH_X86_64_3WAY
1473 select CRYPTO_LRW
1474 select CRYPTO_XTS
1475 help
1476 Twofish cipher algorithm (x86_64/AVX).
1477
1478 Twofish was submitted as an AES (Advanced Encryption Standard)
1479 candidate cipher by researchers at CounterPane Systems. It is a
1480 16 round block cipher supporting key sizes of 128, 192, and 256
1481 bits.
1482
1483 This module provides the Twofish cipher algorithm that processes
1484 eight blocks parallel using the AVX Instruction Set.
1485
1486 See also:
1487 <http://www.schneier.com/twofish.html>
1488
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001489comment "Compression"
1490
Linus Torvalds1da177e2005-04-16 15:20:36 -07001491config CRYPTO_DEFLATE
1492 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001493 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001494 select ZLIB_INFLATE
1495 select ZLIB_DEFLATE
1496 help
1497 This is the Deflate algorithm (RFC1951), specified for use in
1498 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001499
Linus Torvalds1da177e2005-04-16 15:20:36 -07001500 You will most probably want this if using IPSec.
1501
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001502config CRYPTO_LZO
1503 tristate "LZO compression algorithm"
1504 select CRYPTO_ALGAPI
1505 select LZO_COMPRESS
1506 select LZO_DECOMPRESS
1507 help
1508 This is the LZO algorithm.
1509
Seth Jennings35a1fc12012-07-19 09:42:41 -05001510config CRYPTO_842
1511 tristate "842 compression algorithm"
Dan Streetman2062c5b2015-05-07 13:49:15 -04001512 select CRYPTO_ALGAPI
1513 select 842_COMPRESS
1514 select 842_DECOMPRESS
Seth Jennings35a1fc12012-07-19 09:42:41 -05001515 help
1516 This is the 842 algorithm.
1517
Chanho Min0ea85302013-07-08 16:01:51 -07001518config CRYPTO_LZ4
1519 tristate "LZ4 compression algorithm"
1520 select CRYPTO_ALGAPI
1521 select LZ4_COMPRESS
1522 select LZ4_DECOMPRESS
1523 help
1524 This is the LZ4 algorithm.
1525
1526config CRYPTO_LZ4HC
1527 tristate "LZ4HC compression algorithm"
1528 select CRYPTO_ALGAPI
1529 select LZ4HC_COMPRESS
1530 select LZ4_DECOMPRESS
1531 help
1532 This is the LZ4 high compression mode algorithm.
1533
Neil Horman17f0f4a2008-08-14 22:15:52 +10001534comment "Random Number Generation"
1535
1536config CRYPTO_ANSI_CPRNG
1537 tristate "Pseudo Random Number Generation for Cryptographic modules"
1538 select CRYPTO_AES
1539 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +10001540 help
1541 This option enables the generic pseudo random number generator
1542 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +01001543 ANSI X9.31 A.2.4. Note that this option must be enabled if
1544 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +10001545
Herbert Xuf2c89a12014-07-04 22:15:08 +08001546menuconfig CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001547 tristate "NIST SP800-90A DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001548 help
1549 NIST SP800-90A compliant DRBG. In the following submenu, one or
1550 more of the DRBG types must be selected.
1551
Herbert Xuf2c89a12014-07-04 22:15:08 +08001552if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001553
1554config CRYPTO_DRBG_HMAC
Herbert Xu401e4232015-06-03 14:49:31 +08001555 bool
Stephan Mueller419090c2014-05-31 17:22:31 +02001556 default y
Stephan Mueller419090c2014-05-31 17:22:31 +02001557 select CRYPTO_HMAC
Herbert Xu826775b2015-06-11 08:55:10 +08001558 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001559
1560config CRYPTO_DRBG_HASH
1561 bool "Enable Hash DRBG"
Herbert Xu826775b2015-06-11 08:55:10 +08001562 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001563 help
1564 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1565
1566config CRYPTO_DRBG_CTR
1567 bool "Enable CTR DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001568 select CRYPTO_AES
1569 help
1570 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1571
Herbert Xuf2c89a12014-07-04 22:15:08 +08001572config CRYPTO_DRBG
1573 tristate
Herbert Xu401e4232015-06-03 14:49:31 +08001574 default CRYPTO_DRBG_MENU
Herbert Xuf2c89a12014-07-04 22:15:08 +08001575 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001576 select CRYPTO_JITTERENTROPY
Herbert Xuf2c89a12014-07-04 22:15:08 +08001577
1578endif # if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001579
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001580config CRYPTO_JITTERENTROPY
1581 tristate "Jitterentropy Non-Deterministic Random Number Generator"
Arnd Bergmann2f313e02016-01-26 14:47:10 +01001582 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001583 help
1584 The Jitterentropy RNG is a noise that is intended
1585 to provide seed to another RNG. The RNG does not
1586 perform any cryptographic whitening of the generated
1587 random numbers. This Jitterentropy RNG registers with
1588 the kernel crypto API and can be used by any caller.
1589
Herbert Xu03c8efc2010-10-19 21:12:39 +08001590config CRYPTO_USER_API
1591 tristate
1592
Herbert Xufe869cd2010-10-19 21:23:00 +08001593config CRYPTO_USER_API_HASH
1594 tristate "User-space interface for hash algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001595 depends on NET
Herbert Xufe869cd2010-10-19 21:23:00 +08001596 select CRYPTO_HASH
1597 select CRYPTO_USER_API
1598 help
1599 This option enables the user-spaces interface for hash
1600 algorithms.
1601
Herbert Xu8ff59092010-10-19 21:31:55 +08001602config CRYPTO_USER_API_SKCIPHER
1603 tristate "User-space interface for symmetric key cipher algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001604 depends on NET
Herbert Xu8ff59092010-10-19 21:31:55 +08001605 select CRYPTO_BLKCIPHER
1606 select CRYPTO_USER_API
1607 help
1608 This option enables the user-spaces interface for symmetric
1609 key cipher algorithms.
1610
Stephan Mueller2f3755382014-12-25 23:00:39 +01001611config CRYPTO_USER_API_RNG
1612 tristate "User-space interface for random number generator algorithms"
1613 depends on NET
1614 select CRYPTO_RNG
1615 select CRYPTO_USER_API
1616 help
1617 This option enables the user-spaces interface for random
1618 number generator algorithms.
1619
Herbert Xub64a2d92015-05-28 11:30:35 +08001620config CRYPTO_USER_API_AEAD
1621 tristate "User-space interface for AEAD cipher algorithms"
1622 depends on NET
1623 select CRYPTO_AEAD
1624 select CRYPTO_USER_API
1625 help
1626 This option enables the user-spaces interface for AEAD
1627 cipher algorithms.
1628
Dmitry Kasatkinee089972013-05-06 15:40:01 +03001629config CRYPTO_HASH_INFO
1630 bool
1631
Linus Torvalds1da177e2005-04-16 15:20:36 -07001632source "drivers/crypto/Kconfig"
David Howells964f3b32012-09-13 15:17:21 +01001633source crypto/asymmetric_keys/Kconfig
David Howellscfc411e2015-08-14 15:20:41 +01001634source certs/Kconfig
Linus Torvalds1da177e2005-04-16 15:20:36 -07001635
Herbert Xucce9e062006-08-21 21:08:13 +10001636endif # if CRYPTO