blob: acbcd32f7cf3e5a9437b72c8fdb0ee8658332083 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
Herbert Xuf2c89a12014-07-04 22:15:08 +080026 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
Alec Ari1f696092016-10-04 19:34:30 -030027 depends on (MODULE_SIG || !MODULES)
Neil Hormanccb778e2008-08-05 14:13:08 +080028 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
Chuck Ebberte84c5482010-09-03 19:17:49 +080032 this is.
Neil Hormanccb778e2008-08-05 14:13:08 +080033
Herbert Xucce9e062006-08-21 21:08:13 +100034config CRYPTO_ALGAPI
35 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110036 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100037 help
38 This option provides the API for cryptographic algorithms.
39
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110040config CRYPTO_ALGAPI2
41 tristate
42
Herbert Xu1ae97822007-08-30 15:36:14 +080043config CRYPTO_AEAD
44 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110045 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080046 select CRYPTO_ALGAPI
47
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110048config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
Herbert Xu149a3972015-08-13 17:28:58 +080051 select CRYPTO_NULL2
52 select CRYPTO_RNG2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110053
Herbert Xu5cde0af2006-08-22 00:07:53 +100054config CRYPTO_BLKCIPHER
55 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110056 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100057 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110058
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080063 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100064
Herbert Xu055bcee2006-08-19 22:24:23 +100065config CRYPTO_HASH
66 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110067 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100068 select CRYPTO_ALGAPI
69
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110070config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
Neil Horman17f0f4a2008-08-14 22:15:52 +100074config CRYPTO_RNG
75 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110076 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100077 select CRYPTO_ALGAPI
78
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110079config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
Herbert Xu401e4232015-06-03 14:49:31 +080083config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
Tadeusz Struk3c339ab2015-06-16 10:30:55 -070087config CRYPTO_AKCIPHER2
88 tristate
89 select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92 tristate
93 select CRYPTO_AKCIPHER2
94 select CRYPTO_ALGAPI
95
Salvatore Benedetto4e5f2c42016-06-22 17:49:13 +010096config CRYPTO_KPP2
97 tristate
98 select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101 tristate
102 select CRYPTO_ALGAPI
103 select CRYPTO_KPP2
104
Giovanni Cabiddu2ebda742016-10-21 13:19:47 +0100105config CRYPTO_ACOMP2
106 tristate
107 select CRYPTO_ALGAPI2
108
109config CRYPTO_ACOMP
110 tristate
111 select CRYPTO_ALGAPI
112 select CRYPTO_ACOMP2
113
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700114config CRYPTO_RSA
115 tristate "RSA algorithm"
Tadeusz Struk425e0172015-06-19 10:27:39 -0700116 select CRYPTO_AKCIPHER
Tadeusz Struk58446fe2016-05-04 06:38:46 -0700117 select CRYPTO_MANAGER
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700118 select MPILIB
119 select ASN1
120 help
121 Generic implementation of the RSA public key algorithm.
122
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100123config CRYPTO_DH
124 tristate "Diffie-Hellman algorithm"
125 select CRYPTO_KPP
126 select MPILIB
127 help
128 Generic implementation of the Diffie-Hellman algorithm.
129
Salvatore Benedetto3c4b2392016-06-22 17:49:15 +0100130config CRYPTO_ECDH
131 tristate "ECDH algorithm"
132 select CRYTPO_KPP
133 help
134 Generic implementation of the ECDH algorithm
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100135
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000136config CRYPTO_MANAGER
137 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100138 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000139 help
140 Create default cryptographic template instantiations such as
141 cbc(aes).
142
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100143config CRYPTO_MANAGER2
144 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
145 select CRYPTO_AEAD2
146 select CRYPTO_HASH2
147 select CRYPTO_BLKCIPHER2
Tadeusz Struk946cc462015-06-16 10:31:06 -0700148 select CRYPTO_AKCIPHER2
Salvatore Benedetto4e5f2c42016-06-22 17:49:13 +0100149 select CRYPTO_KPP2
Giovanni Cabiddu2ebda742016-10-21 13:19:47 +0100150 select CRYPTO_ACOMP2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100151
Steffen Klasserta38f7902011-09-27 07:23:50 +0200152config CRYPTO_USER
153 tristate "Userspace cryptographic algorithm configuration"
Herbert Xu5db017a2011-11-01 12:12:43 +1100154 depends on NET
Steffen Klasserta38f7902011-09-27 07:23:50 +0200155 select CRYPTO_MANAGER
156 help
Valdis.Kletnieks@vt.edud19978f2011-11-09 01:29:20 -0500157 Userspace configuration for cryptographic instantiations such as
Steffen Klasserta38f7902011-09-27 07:23:50 +0200158 cbc(aes).
159
Herbert Xu326a6342010-08-06 09:40:28 +0800160config CRYPTO_MANAGER_DISABLE_TESTS
161 bool "Disable run-time self tests"
Herbert Xu00ca28a2010-08-06 10:34:00 +0800162 default y
163 depends on CRYPTO_MANAGER2
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000164 help
Herbert Xu326a6342010-08-06 09:40:28 +0800165 Disable run-time self tests that normally take place at
166 algorithm registration.
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000167
Rik Snelc494e072006-11-29 18:59:44 +1100168config CRYPTO_GF128MUL
Jussi Kivilinna08c70fc2011-12-13 12:53:22 +0200169 tristate "GF(2^128) multiplication functions"
Rik Snelc494e072006-11-29 18:59:44 +1100170 help
171 Efficient table driven implementation of multiplications in the
172 field GF(2^128). This is needed by some cypher modes. This
173 option will be selected automatically if you select such a
174 cipher mode. Only select this option by hand if you expect to load
175 an external module that requires these functions.
176
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800177config CRYPTO_NULL
178 tristate "Null algorithms"
Herbert Xu149a3972015-08-13 17:28:58 +0800179 select CRYPTO_NULL2
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800180 help
181 These are 'Null' algorithms, used by IPsec, which do nothing.
182
Herbert Xu149a3972015-08-13 17:28:58 +0800183config CRYPTO_NULL2
Herbert Xudd43c4e2015-08-17 20:39:40 +0800184 tristate
Herbert Xu149a3972015-08-13 17:28:58 +0800185 select CRYPTO_ALGAPI2
186 select CRYPTO_BLKCIPHER2
187 select CRYPTO_HASH2
188
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100189config CRYPTO_PCRYPT
Kees Cook3b4afaf2012-10-02 11:16:49 -0700190 tristate "Parallel crypto engine"
191 depends on SMP
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100192 select PADATA
193 select CRYPTO_MANAGER
194 select CRYPTO_AEAD
195 help
196 This converts an arbitrary crypto algorithm into a parallel
197 algorithm that executes in kernel threads.
198
Huang Ying25c38d32009-02-19 14:33:40 +0800199config CRYPTO_WORKQUEUE
200 tristate
201
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800202config CRYPTO_CRYPTD
203 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000204 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800205 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000206 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800207 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000208 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800209 This is a generic software asynchronous crypto daemon that
210 converts an arbitrary synchronous software crypto algorithm
211 into an asynchronous algorithm that executes in a kernel thread.
212
Tim Chen1e65b812014-07-31 10:29:51 -0700213config CRYPTO_MCRYPTD
214 tristate "Software async multi-buffer crypto daemon"
215 select CRYPTO_BLKCIPHER
216 select CRYPTO_HASH
217 select CRYPTO_MANAGER
218 select CRYPTO_WORKQUEUE
219 help
220 This is a generic software asynchronous crypto daemon that
221 provides the kernel thread to assist multi-buffer crypto
222 algorithms for submitting jobs and flushing jobs in multi-buffer
223 crypto algorithms. Multi-buffer crypto algorithms are executed
224 in the context of this kernel thread and drivers can post
Ted Percival0e566732014-09-04 15:18:21 +0800225 their crypto request asynchronously to be processed by this daemon.
Tim Chen1e65b812014-07-31 10:29:51 -0700226
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800227config CRYPTO_AUTHENC
228 tristate "Authenc support"
229 select CRYPTO_AEAD
230 select CRYPTO_BLKCIPHER
231 select CRYPTO_MANAGER
232 select CRYPTO_HASH
Herbert Xue94c6a72015-08-04 21:23:14 +0800233 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800234 help
235 Authenc: Combined mode wrapper for IPsec.
236 This is required for IPSec.
237
238config CRYPTO_TEST
239 tristate "Testing module"
240 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800241 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800242 help
243 Quick & dirty crypto test module.
244
Ard Biesheuvela62b01c2013-09-20 09:55:40 +0200245config CRYPTO_ABLK_HELPER
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300246 tristate
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300247 select CRYPTO_CRYPTD
248
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300249config CRYPTO_GLUE_HELPER_X86
250 tristate
251 depends on X86
252 select CRYPTO_ALGAPI
253
Baolin Wang735d37b2016-01-26 20:25:39 +0800254config CRYPTO_ENGINE
255 tristate
256
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800257comment "Authenticated Encryption with Associated Data"
258
259config CRYPTO_CCM
260 tristate "CCM support"
261 select CRYPTO_CTR
262 select CRYPTO_AEAD
263 help
264 Support for Counter with CBC MAC. Required for IPsec.
265
266config CRYPTO_GCM
267 tristate "GCM/GMAC support"
268 select CRYPTO_CTR
269 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000270 select CRYPTO_GHASH
Jussi Kivilinna9489667d2013-04-07 16:43:41 +0300271 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800272 help
273 Support for Galois/Counter Mode (GCM) and Galois Message
274 Authentication Code (GMAC). Required for IPSec.
275
Martin Willi71ebc4d2015-06-01 13:44:00 +0200276config CRYPTO_CHACHA20POLY1305
277 tristate "ChaCha20-Poly1305 AEAD support"
278 select CRYPTO_CHACHA20
279 select CRYPTO_POLY1305
280 select CRYPTO_AEAD
281 help
282 ChaCha20-Poly1305 AEAD support, RFC7539.
283
284 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
285 with the Poly1305 authenticator. It is defined in RFC7539 for use in
286 IETF protocols.
287
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800288config CRYPTO_SEQIV
289 tristate "Sequence Number IV Generator"
290 select CRYPTO_AEAD
291 select CRYPTO_BLKCIPHER
Herbert Xu856e3f402015-05-21 15:11:13 +0800292 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800293 select CRYPTO_RNG_DEFAULT
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800294 help
295 This IV generator generates an IV based on a sequence number by
296 xoring it with a salt. This algorithm is mainly useful for CTR
297
Herbert Xua10f5542015-05-21 15:11:15 +0800298config CRYPTO_ECHAINIV
299 tristate "Encrypted Chain IV Generator"
300 select CRYPTO_AEAD
301 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800302 select CRYPTO_RNG_DEFAULT
Herbert Xu34912442015-06-03 14:49:29 +0800303 default m
Herbert Xua10f5542015-05-21 15:11:15 +0800304 help
305 This IV generator generates an IV based on the encryption of
306 a sequence number xored with a salt. This is the default
307 algorithm for CBC.
308
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800309comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000310
311config CRYPTO_CBC
312 tristate "CBC support"
313 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000314 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000315 help
316 CBC: Cipher Block Chaining mode
317 This block cipher algorithm is required for IPSec.
318
Joy Latten23e353c2007-10-23 08:50:32 +0800319config CRYPTO_CTR
320 tristate "CTR support"
321 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100322 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800323 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800324 help
325 CTR: Counter mode
326 This block cipher algorithm is required for IPSec.
327
Kevin Coffman76cb9522008-03-24 21:26:16 +0800328config CRYPTO_CTS
329 tristate "CTS support"
330 select CRYPTO_BLKCIPHER
331 help
332 CTS: Cipher Text Stealing
333 This is the Cipher Text Stealing mode as described by
334 Section 8 of rfc2040 and referenced by rfc3962.
335 (rfc3962 includes errata information in its Appendix A)
336 This mode is required for Kerberos gss mechanism support
337 for AES encryption.
338
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800339config CRYPTO_ECB
340 tristate "ECB support"
Herbert Xu653ebd9c2007-11-27 19:48:27 +0800341 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000342 select CRYPTO_MANAGER
343 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800344 ECB: Electronic CodeBook mode
345 This is the simplest block cipher algorithm. It simply encrypts
346 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000347
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800348config CRYPTO_LRW
Jussi Kivilinna2470a2b2011-12-13 12:52:51 +0200349 tristate "LRW support"
David Howells90831632006-12-16 12:13:14 +1100350 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800351 select CRYPTO_MANAGER
352 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100353 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800354 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
355 narrow block cipher mode for dm-crypt. Use it with cipher
356 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
357 The first 128, 192 or 256 bits in the key are used for AES and the
358 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100359
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800360config CRYPTO_PCBC
361 tristate "PCBC support"
362 select CRYPTO_BLKCIPHER
363 select CRYPTO_MANAGER
364 help
365 PCBC: Propagating Cipher Block Chaining mode
366 This block cipher algorithm is required for RxRPC.
367
368config CRYPTO_XTS
Jussi Kivilinna5bcf8e62011-12-13 12:52:56 +0200369 tristate "XTS support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800370 select CRYPTO_BLKCIPHER
371 select CRYPTO_MANAGER
372 select CRYPTO_GF128MUL
373 help
374 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
375 key size 256, 384 or 512 bits. This implementation currently
376 can't handle a sectorsize which is not a multiple of 16 bytes.
377
Stephan Mueller1c49678e2015-09-21 20:58:56 +0200378config CRYPTO_KEYWRAP
379 tristate "Key wrapping support"
380 select CRYPTO_BLKCIPHER
381 help
382 Support for key wrapping (NIST SP800-38F / RFC3394) without
383 padding.
384
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800385comment "Hash modes"
386
Jussi Kivilinna93b5e862013-04-08 10:48:44 +0300387config CRYPTO_CMAC
388 tristate "CMAC support"
389 select CRYPTO_HASH
390 select CRYPTO_MANAGER
391 help
392 Cipher-based Message Authentication Code (CMAC) specified by
393 The National Institute of Standards and Technology (NIST).
394
395 https://tools.ietf.org/html/rfc4493
396 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
397
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800398config CRYPTO_HMAC
399 tristate "HMAC support"
400 select CRYPTO_HASH
401 select CRYPTO_MANAGER
402 help
403 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
404 This is required for IPSec.
405
406config CRYPTO_XCBC
407 tristate "XCBC support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800408 select CRYPTO_HASH
409 select CRYPTO_MANAGER
410 help
411 XCBC: Keyed-Hashing with encryption algorithm
412 http://www.ietf.org/rfc/rfc3566.txt
413 http://csrc.nist.gov/encryption/modes/proposedmodes/
414 xcbc-mac/xcbc-mac-spec.pdf
415
Shane Wangf1939f72009-09-02 20:05:22 +1000416config CRYPTO_VMAC
417 tristate "VMAC support"
Shane Wangf1939f72009-09-02 20:05:22 +1000418 select CRYPTO_HASH
419 select CRYPTO_MANAGER
420 help
421 VMAC is a message authentication algorithm designed for
422 very high speed on 64-bit architectures.
423
424 See also:
425 <http://fastcrypto.org/vmac>
426
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800427comment "Digest"
428
429config CRYPTO_CRC32C
430 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800431 select CRYPTO_HASH
Darrick J. Wong6a0962b2012-03-23 15:02:25 -0700432 select CRC32
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800433 help
434 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
435 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800436 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800437
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800438config CRYPTO_CRC32C_INTEL
439 tristate "CRC32c INTEL hardware acceleration"
440 depends on X86
441 select CRYPTO_HASH
442 help
443 In Intel processor with SSE4.2 supported, the processor will
444 support CRC32C implementation using hardware accelerated CRC32
445 instruction. This option will create 'crc32c-intel' module,
446 which will enable any routine to use the CRC32 instruction to
447 gain performance compared with software implementation.
448 Module will be crc32c-intel.
449
Anton Blanchard6dd7a822016-07-01 08:19:45 +1000450config CRYPT_CRC32C_VPMSUM
451 tristate "CRC32c CRC algorithm (powerpc64)"
Michael Ellermanc12abf32016-08-09 08:46:15 +1000452 depends on PPC64 && ALTIVEC
Anton Blanchard6dd7a822016-07-01 08:19:45 +1000453 select CRYPTO_HASH
454 select CRC32
455 help
456 CRC32c algorithm implemented using vector polynomial multiply-sum
457 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
458 and newer processors for improved performance.
459
460
David S. Miller442a7c42012-08-22 20:47:36 -0700461config CRYPTO_CRC32C_SPARC64
462 tristate "CRC32c CRC algorithm (SPARC64)"
463 depends on SPARC64
464 select CRYPTO_HASH
465 select CRC32
466 help
467 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
468 when available.
469
Alexander Boyko78c37d12013-01-10 18:54:59 +0400470config CRYPTO_CRC32
471 tristate "CRC32 CRC algorithm"
472 select CRYPTO_HASH
473 select CRC32
474 help
475 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
476 Shash crypto api wrappers to crc32_le function.
477
478config CRYPTO_CRC32_PCLMUL
479 tristate "CRC32 PCLMULQDQ hardware acceleration"
480 depends on X86
481 select CRYPTO_HASH
482 select CRC32
483 help
484 From Intel Westmere and AMD Bulldozer processor with SSE4.2
485 and PCLMULQDQ supported, the processor will support
486 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
487 instruction. This option will create 'crc32-plcmul' module,
488 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
489 and gain better performance as compared with the table implementation.
490
Herbert Xu684115212013-09-07 12:56:26 +1000491config CRYPTO_CRCT10DIF
492 tristate "CRCT10DIF algorithm"
493 select CRYPTO_HASH
494 help
495 CRC T10 Data Integrity Field computation is being cast as
496 a crypto transform. This allows for faster crc t10 diff
497 transforms to be used if they are available.
498
499config CRYPTO_CRCT10DIF_PCLMUL
500 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
501 depends on X86 && 64BIT && CRC_T10DIF
502 select CRYPTO_HASH
503 help
504 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
505 CRC T10 DIF PCLMULQDQ computation can be hardware
506 accelerated PCLMULQDQ instruction. This option will create
507 'crct10dif-plcmul' module, which is faster when computing the
508 crct10dif checksum as compared with the generic table implementation.
509
Huang Ying2cdc6892009-08-06 15:32:38 +1000510config CRYPTO_GHASH
511 tristate "GHASH digest algorithm"
Huang Ying2cdc6892009-08-06 15:32:38 +1000512 select CRYPTO_GF128MUL
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100513 select CRYPTO_HASH
Huang Ying2cdc6892009-08-06 15:32:38 +1000514 help
515 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
516
Martin Willif979e012015-06-01 13:43:58 +0200517config CRYPTO_POLY1305
518 tristate "Poly1305 authenticator algorithm"
Arnd Bergmann578c60f2016-01-25 17:51:21 +0100519 select CRYPTO_HASH
Martin Willif979e012015-06-01 13:43:58 +0200520 help
521 Poly1305 authenticator algorithm, RFC7539.
522
523 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
524 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
525 in IETF protocols. This is the portable C implementation of Poly1305.
526
Martin Willic70f4ab2015-07-16 19:14:06 +0200527config CRYPTO_POLY1305_X86_64
Martin Willib1ccc8f2015-07-16 19:14:08 +0200528 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
Martin Willic70f4ab2015-07-16 19:14:06 +0200529 depends on X86 && 64BIT
530 select CRYPTO_POLY1305
531 help
532 Poly1305 authenticator algorithm, RFC7539.
533
534 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
535 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
536 in IETF protocols. This is the x86_64 assembler implementation using SIMD
537 instructions.
538
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800539config CRYPTO_MD4
540 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800541 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700542 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800543 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700544
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800545config CRYPTO_MD5
546 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800547 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700548 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800549 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700550
Aaro Koskinend69e75d2014-12-21 22:54:02 +0200551config CRYPTO_MD5_OCTEON
552 tristate "MD5 digest algorithm (OCTEON)"
553 depends on CPU_CAVIUM_OCTEON
554 select CRYPTO_MD5
555 select CRYPTO_HASH
556 help
557 MD5 message digest algorithm (RFC1321) implemented
558 using OCTEON crypto instructions, when available.
559
Markus Stockhausene8e59952015-03-01 19:30:46 +0100560config CRYPTO_MD5_PPC
561 tristate "MD5 digest algorithm (PPC)"
562 depends on PPC
563 select CRYPTO_HASH
564 help
565 MD5 message digest algorithm (RFC1321) implemented
566 in PPC assembler.
567
David S. Millerfa4dfed2012-08-19 21:51:26 -0700568config CRYPTO_MD5_SPARC64
569 tristate "MD5 digest algorithm (SPARC64)"
570 depends on SPARC64
571 select CRYPTO_MD5
572 select CRYPTO_HASH
573 help
574 MD5 message digest algorithm (RFC1321) implemented
575 using sparc64 crypto instructions, when available.
576
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800577config CRYPTO_MICHAEL_MIC
578 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800579 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800580 help
581 Michael MIC is used for message integrity protection in TKIP
582 (IEEE 802.11i). This algorithm is required for TKIP, but it
583 should not be used for other purposes because of the weakness
584 of the algorithm.
585
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800586config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800587 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800588 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800589 help
590 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800591
Adrian Bunkb6d44342008-07-16 19:28:00 +0800592 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
Michael Witten35ed4b32011-07-09 04:02:31 +0000593 be used as a secure replacement for RIPEMD. For other use cases,
Adrian Bunkb6d44342008-07-16 19:28:00 +0800594 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800595
Adrian Bunkb6d44342008-07-16 19:28:00 +0800596 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800597 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800598
599config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800600 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800601 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800602 help
603 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800604
Adrian Bunkb6d44342008-07-16 19:28:00 +0800605 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
606 to be used as a secure replacement for the 128-bit hash functions
607 MD4, MD5 and it's predecessor RIPEMD
608 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800609
Adrian Bunkb6d44342008-07-16 19:28:00 +0800610 It's speed is comparable to SHA1 and there are no known attacks
611 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800612
Adrian Bunkb6d44342008-07-16 19:28:00 +0800613 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800614 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800615
616config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800617 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800618 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800619 help
620 RIPEMD-256 is an optional extension of RIPEMD-128 with a
621 256 bit hash. It is intended for applications that require
622 longer hash-results, without needing a larger security level
623 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800624
Adrian Bunkb6d44342008-07-16 19:28:00 +0800625 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800626 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800627
628config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800629 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800630 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800631 help
632 RIPEMD-320 is an optional extension of RIPEMD-160 with a
633 320 bit hash. It is intended for applications that require
634 longer hash-results, without needing a larger security level
635 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800636
Adrian Bunkb6d44342008-07-16 19:28:00 +0800637 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800638 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800639
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800640config CRYPTO_SHA1
641 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800642 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800643 help
644 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
645
Mathias Krause66be8952011-08-04 20:19:25 +0200646config CRYPTO_SHA1_SSSE3
time38b6b7f2015-09-10 15:27:26 -0700647 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Mathias Krause66be8952011-08-04 20:19:25 +0200648 depends on X86 && 64BIT
649 select CRYPTO_SHA1
650 select CRYPTO_HASH
651 help
652 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
653 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
time38b6b7f2015-09-10 15:27:26 -0700654 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
655 when available.
Mathias Krause66be8952011-08-04 20:19:25 +0200656
Tim Chen8275d1a2013-03-26 13:59:17 -0700657config CRYPTO_SHA256_SSSE3
time38b6b7f2015-09-10 15:27:26 -0700658 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
Tim Chen8275d1a2013-03-26 13:59:17 -0700659 depends on X86 && 64BIT
660 select CRYPTO_SHA256
661 select CRYPTO_HASH
662 help
663 SHA-256 secure hash standard (DFIPS 180-2) implemented
664 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
665 Extensions version 1 (AVX1), or Advanced Vector Extensions
time38b6b7f2015-09-10 15:27:26 -0700666 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
667 Instructions) when available.
Tim Chen8275d1a2013-03-26 13:59:17 -0700668
Tim Chen87de4572013-03-26 14:00:02 -0700669config CRYPTO_SHA512_SSSE3
670 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
671 depends on X86 && 64BIT
672 select CRYPTO_SHA512
673 select CRYPTO_HASH
674 help
675 SHA-512 secure hash standard (DFIPS 180-2) implemented
676 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
677 Extensions version 1 (AVX1), or Advanced Vector Extensions
678 version 2 (AVX2) instructions, when available.
679
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200680config CRYPTO_SHA1_OCTEON
681 tristate "SHA1 digest algorithm (OCTEON)"
682 depends on CPU_CAVIUM_OCTEON
683 select CRYPTO_SHA1
684 select CRYPTO_HASH
685 help
686 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
687 using OCTEON crypto instructions, when available.
688
David S. Miller4ff28d42012-08-19 15:41:53 -0700689config CRYPTO_SHA1_SPARC64
690 tristate "SHA1 digest algorithm (SPARC64)"
691 depends on SPARC64
692 select CRYPTO_SHA1
693 select CRYPTO_HASH
694 help
695 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
696 using sparc64 crypto instructions, when available.
697
Michael Ellerman323a6bf2012-09-13 23:00:49 +0000698config CRYPTO_SHA1_PPC
699 tristate "SHA1 digest algorithm (powerpc)"
700 depends on PPC
701 help
702 This is the powerpc hardware accelerated implementation of the
703 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
704
Markus Stockhausend9850fc2015-02-24 20:36:50 +0100705config CRYPTO_SHA1_PPC_SPE
706 tristate "SHA1 digest algorithm (PPC SPE)"
707 depends on PPC && SPE
708 help
709 SHA-1 secure hash standard (DFIPS 180-4) implemented
710 using powerpc SPE SIMD instruction set.
711
Tim Chen1e65b812014-07-31 10:29:51 -0700712config CRYPTO_SHA1_MB
713 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
714 depends on X86 && 64BIT
715 select CRYPTO_SHA1
716 select CRYPTO_HASH
717 select CRYPTO_MCRYPTD
718 help
719 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
720 using multi-buffer technique. This algorithm computes on
721 multiple data lanes concurrently with SIMD instructions for
722 better throughput. It should not be enabled by default but
723 used when there is significant amount of work to keep the keep
724 the data lanes filled to get performance benefit. If the data
725 lanes remain unfilled, a flush operation will be initiated to
726 process the crypto jobs, adding a slight latency.
727
Megha Dey9be7e242016-06-23 18:40:43 -0700728config CRYPTO_SHA256_MB
729 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
730 depends on X86 && 64BIT
731 select CRYPTO_SHA256
732 select CRYPTO_HASH
733 select CRYPTO_MCRYPTD
734 help
735 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
736 using multi-buffer technique. This algorithm computes on
737 multiple data lanes concurrently with SIMD instructions for
738 better throughput. It should not be enabled by default but
739 used when there is significant amount of work to keep the keep
740 the data lanes filled to get performance benefit. If the data
741 lanes remain unfilled, a flush operation will be initiated to
742 process the crypto jobs, adding a slight latency.
743
Megha Dey026bb8a2016-06-27 10:20:05 -0700744config CRYPTO_SHA512_MB
745 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
746 depends on X86 && 64BIT
747 select CRYPTO_SHA512
748 select CRYPTO_HASH
749 select CRYPTO_MCRYPTD
750 help
751 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
752 using multi-buffer technique. This algorithm computes on
753 multiple data lanes concurrently with SIMD instructions for
754 better throughput. It should not be enabled by default but
755 used when there is significant amount of work to keep the keep
756 the data lanes filled to get performance benefit. If the data
757 lanes remain unfilled, a flush operation will be initiated to
758 process the crypto jobs, adding a slight latency.
759
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800760config CRYPTO_SHA256
761 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800762 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800763 help
764 SHA256 secure hash standard (DFIPS 180-2).
765
766 This version of SHA implements a 256 bit hash with 128 bits of
767 security against collision attacks.
768
Adrian Bunkb6d44342008-07-16 19:28:00 +0800769 This code also includes SHA-224, a 224 bit hash with 112 bits
770 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800771
Markus Stockhausen2ecc1e92015-01-30 15:39:34 +0100772config CRYPTO_SHA256_PPC_SPE
773 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
774 depends on PPC && SPE
775 select CRYPTO_SHA256
776 select CRYPTO_HASH
777 help
778 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
779 implemented using powerpc SPE SIMD instruction set.
780
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200781config CRYPTO_SHA256_OCTEON
782 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
783 depends on CPU_CAVIUM_OCTEON
784 select CRYPTO_SHA256
785 select CRYPTO_HASH
786 help
787 SHA-256 secure hash standard (DFIPS 180-2) implemented
788 using OCTEON crypto instructions, when available.
789
David S. Miller86c93b22012-08-19 17:11:37 -0700790config CRYPTO_SHA256_SPARC64
791 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
792 depends on SPARC64
793 select CRYPTO_SHA256
794 select CRYPTO_HASH
795 help
796 SHA-256 secure hash standard (DFIPS 180-2) implemented
797 using sparc64 crypto instructions, when available.
798
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800799config CRYPTO_SHA512
800 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100801 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800802 help
803 SHA512 secure hash standard (DFIPS 180-2).
804
805 This version of SHA implements a 512 bit hash with 256 bits of
806 security against collision attacks.
807
808 This code also includes SHA-384, a 384 bit hash with 192 bits
809 of security against collision attacks.
810
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200811config CRYPTO_SHA512_OCTEON
812 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
813 depends on CPU_CAVIUM_OCTEON
814 select CRYPTO_SHA512
815 select CRYPTO_HASH
816 help
817 SHA-512 secure hash standard (DFIPS 180-2) implemented
818 using OCTEON crypto instructions, when available.
819
David S. Miller775e0c62012-08-19 17:37:56 -0700820config CRYPTO_SHA512_SPARC64
821 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
822 depends on SPARC64
823 select CRYPTO_SHA512
824 select CRYPTO_HASH
825 help
826 SHA-512 secure hash standard (DFIPS 180-2) implemented
827 using sparc64 crypto instructions, when available.
828
Jeff Garzik53964b92016-06-17 10:30:35 +0530829config CRYPTO_SHA3
830 tristate "SHA3 digest algorithm"
831 select CRYPTO_HASH
832 help
833 SHA-3 secure hash standard (DFIPS 202). It's based on
834 cryptographic sponge function family called Keccak.
835
836 References:
837 http://keccak.noekeon.org/
838
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800839config CRYPTO_TGR192
840 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800841 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800842 help
843 Tiger hash algorithm 192, 160 and 128-bit hashes
844
845 Tiger is a hash function optimized for 64-bit processors while
846 still having decent performance on 32-bit processors.
847 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700848
849 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800850 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
851
852config CRYPTO_WP512
853 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800854 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800855 help
856 Whirlpool hash algorithm 512, 384 and 256-bit hashes
857
858 Whirlpool-512 is part of the NESSIE cryptographic primitives.
859 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
860
861 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800862 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800863
Huang Ying0e1227d2009-10-19 11:53:06 +0900864config CRYPTO_GHASH_CLMUL_NI_INTEL
865 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800866 depends on X86 && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +0900867 select CRYPTO_CRYPTD
868 help
869 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
870 The implementation is accelerated by CLMUL-NI of Intel.
871
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800872comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700873
874config CRYPTO_AES
875 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000876 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700877 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800878 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700879 algorithm.
880
881 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800882 both hardware and software across a wide range of computing
883 environments regardless of its use in feedback or non-feedback
884 modes. Its key setup time is excellent, and its key agility is
885 good. Rijndael's very low memory requirements make it very well
886 suited for restricted-space environments, in which it also
887 demonstrates excellent performance. Rijndael's operations are
888 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700889
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800890 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700891
892 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
893
894config CRYPTO_AES_586
895 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000896 depends on (X86 || UML_X86) && !64BIT
897 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800898 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700899 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800900 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700901 algorithm.
902
903 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800904 both hardware and software across a wide range of computing
905 environments regardless of its use in feedback or non-feedback
906 modes. Its key setup time is excellent, and its key agility is
907 good. Rijndael's very low memory requirements make it very well
908 suited for restricted-space environments, in which it also
909 demonstrates excellent performance. Rijndael's operations are
910 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700911
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800912 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700913
914 See <http://csrc.nist.gov/encryption/aes/> for more information.
915
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700916config CRYPTO_AES_X86_64
917 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000918 depends on (X86 || UML_X86) && 64BIT
919 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800920 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700921 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800922 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700923 algorithm.
924
925 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800926 both hardware and software across a wide range of computing
927 environments regardless of its use in feedback or non-feedback
928 modes. Its key setup time is excellent, and its key agility is
929 good. Rijndael's very low memory requirements make it very well
930 suited for restricted-space environments, in which it also
931 demonstrates excellent performance. Rijndael's operations are
932 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700933
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800934 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700935
936 See <http://csrc.nist.gov/encryption/aes/> for more information.
937
Huang Ying54b6a1b2009-01-18 16:28:34 +1100938config CRYPTO_AES_NI_INTEL
939 tristate "AES cipher algorithms (AES-NI)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800940 depends on X86
Mathias Krause0d258ef2010-11-27 16:34:46 +0800941 select CRYPTO_AES_X86_64 if 64BIT
942 select CRYPTO_AES_586 if !64BIT
Huang Ying54b6a1b2009-01-18 16:28:34 +1100943 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200944 select CRYPTO_ABLK_HELPER
Huang Ying54b6a1b2009-01-18 16:28:34 +1100945 select CRYPTO_ALGAPI
Jussi Kivilinna7643a112013-04-10 18:39:20 +0300946 select CRYPTO_GLUE_HELPER_X86 if 64BIT
Jussi Kivilinna023af602012-07-22 18:18:37 +0300947 select CRYPTO_LRW
948 select CRYPTO_XTS
Huang Ying54b6a1b2009-01-18 16:28:34 +1100949 help
950 Use Intel AES-NI instructions for AES algorithm.
951
952 AES cipher algorithms (FIPS-197). AES uses the Rijndael
953 algorithm.
954
955 Rijndael appears to be consistently a very good performer in
956 both hardware and software across a wide range of computing
957 environments regardless of its use in feedback or non-feedback
958 modes. Its key setup time is excellent, and its key agility is
959 good. Rijndael's very low memory requirements make it very well
960 suited for restricted-space environments, in which it also
961 demonstrates excellent performance. Rijndael's operations are
962 among the easiest to defend against power and timing attacks.
963
964 The AES specifies three key sizes: 128, 192 and 256 bits
965
966 See <http://csrc.nist.gov/encryption/aes/> for more information.
967
Mathias Krause0d258ef2010-11-27 16:34:46 +0800968 In addition to AES cipher algorithm support, the acceleration
969 for some popular block cipher mode is supported too, including
970 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
971 acceleration for CTR.
Huang Ying2cf4ac82009-03-29 15:41:20 +0800972
David S. Miller9bf48522012-08-21 03:58:13 -0700973config CRYPTO_AES_SPARC64
974 tristate "AES cipher algorithms (SPARC64)"
975 depends on SPARC64
976 select CRYPTO_CRYPTD
977 select CRYPTO_ALGAPI
978 help
979 Use SPARC64 crypto opcodes for AES algorithm.
980
981 AES cipher algorithms (FIPS-197). AES uses the Rijndael
982 algorithm.
983
984 Rijndael appears to be consistently a very good performer in
985 both hardware and software across a wide range of computing
986 environments regardless of its use in feedback or non-feedback
987 modes. Its key setup time is excellent, and its key agility is
988 good. Rijndael's very low memory requirements make it very well
989 suited for restricted-space environments, in which it also
990 demonstrates excellent performance. Rijndael's operations are
991 among the easiest to defend against power and timing attacks.
992
993 The AES specifies three key sizes: 128, 192 and 256 bits
994
995 See <http://csrc.nist.gov/encryption/aes/> for more information.
996
997 In addition to AES cipher algorithm support, the acceleration
998 for some popular block cipher mode is supported too, including
999 ECB and CBC.
1000
Markus Stockhausen504c6142015-02-22 10:00:10 +01001001config CRYPTO_AES_PPC_SPE
1002 tristate "AES cipher algorithms (PPC SPE)"
1003 depends on PPC && SPE
1004 help
1005 AES cipher algorithms (FIPS-197). Additionally the acceleration
1006 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1007 This module should only be used for low power (router) devices
1008 without hardware AES acceleration (e.g. caam crypto). It reduces the
1009 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1010 timining attacks. Nevertheless it might be not as secure as other
1011 architecture specific assembler implementations that work on 1KB
1012 tables or 256 bytes S-boxes.
1013
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001014config CRYPTO_ANUBIS
1015 tristate "Anubis cipher algorithm"
1016 select CRYPTO_ALGAPI
1017 help
1018 Anubis cipher algorithm.
1019
1020 Anubis is a variable key length cipher which can use keys from
1021 128 bits to 320 bits in length. It was evaluated as a entrant
1022 in the NESSIE competition.
1023
1024 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001025 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1026 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001027
1028config CRYPTO_ARC4
1029 tristate "ARC4 cipher algorithm"
Sebastian Andrzej Siewiorb9b0f082012-06-26 18:13:46 +02001030 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001031 help
1032 ARC4 cipher algorithm.
1033
1034 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1035 bits in length. This algorithm is required for driver-based
1036 WEP, but it should not be for other purposes because of the
1037 weakness of the algorithm.
1038
1039config CRYPTO_BLOWFISH
1040 tristate "Blowfish cipher algorithm"
1041 select CRYPTO_ALGAPI
Jussi Kivilinna52ba8672011-09-02 01:45:07 +03001042 select CRYPTO_BLOWFISH_COMMON
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001043 help
1044 Blowfish cipher algorithm, by Bruce Schneier.
1045
1046 This is a variable key length cipher which can use keys from 32
1047 bits to 448 bits in length. It's fast, simple and specifically
1048 designed for use on "large microprocessors".
1049
1050 See also:
1051 <http://www.schneier.com/blowfish.html>
1052
Jussi Kivilinna52ba8672011-09-02 01:45:07 +03001053config CRYPTO_BLOWFISH_COMMON
1054 tristate
1055 help
1056 Common parts of the Blowfish cipher algorithm shared by the
1057 generic c and the assembler implementations.
1058
1059 See also:
1060 <http://www.schneier.com/blowfish.html>
1061
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +03001062config CRYPTO_BLOWFISH_X86_64
1063 tristate "Blowfish cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001064 depends on X86 && 64BIT
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +03001065 select CRYPTO_ALGAPI
1066 select CRYPTO_BLOWFISH_COMMON
1067 help
1068 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1069
1070 This is a variable key length cipher which can use keys from 32
1071 bits to 448 bits in length. It's fast, simple and specifically
1072 designed for use on "large microprocessors".
1073
1074 See also:
1075 <http://www.schneier.com/blowfish.html>
1076
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001077config CRYPTO_CAMELLIA
1078 tristate "Camellia cipher algorithms"
1079 depends on CRYPTO
1080 select CRYPTO_ALGAPI
1081 help
1082 Camellia cipher algorithms module.
1083
1084 Camellia is a symmetric key block cipher developed jointly
1085 at NTT and Mitsubishi Electric Corporation.
1086
1087 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1088
1089 See also:
1090 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1091
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001092config CRYPTO_CAMELLIA_X86_64
1093 tristate "Camellia cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001094 depends on X86 && 64BIT
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001095 depends on CRYPTO
1096 select CRYPTO_ALGAPI
Jussi Kivilinna964263a2012-06-18 14:07:29 +03001097 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001098 select CRYPTO_LRW
1099 select CRYPTO_XTS
1100 help
1101 Camellia cipher algorithm module (x86_64).
1102
1103 Camellia is a symmetric key block cipher developed jointly
1104 at NTT and Mitsubishi Electric Corporation.
1105
1106 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1107
1108 See also:
1109 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1110
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001111config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1112 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1113 depends on X86 && 64BIT
1114 depends on CRYPTO
1115 select CRYPTO_ALGAPI
1116 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001117 select CRYPTO_ABLK_HELPER
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001118 select CRYPTO_GLUE_HELPER_X86
1119 select CRYPTO_CAMELLIA_X86_64
1120 select CRYPTO_LRW
1121 select CRYPTO_XTS
1122 help
1123 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1124
1125 Camellia is a symmetric key block cipher developed jointly
1126 at NTT and Mitsubishi Electric Corporation.
1127
1128 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1129
1130 See also:
1131 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1132
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001133config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1134 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1135 depends on X86 && 64BIT
1136 depends on CRYPTO
1137 select CRYPTO_ALGAPI
1138 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001139 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001140 select CRYPTO_GLUE_HELPER_X86
1141 select CRYPTO_CAMELLIA_X86_64
1142 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1143 select CRYPTO_LRW
1144 select CRYPTO_XTS
1145 help
1146 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1147
1148 Camellia is a symmetric key block cipher developed jointly
1149 at NTT and Mitsubishi Electric Corporation.
1150
1151 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1152
1153 See also:
1154 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1155
David S. Miller81658ad2012-08-28 12:05:54 -07001156config CRYPTO_CAMELLIA_SPARC64
1157 tristate "Camellia cipher algorithm (SPARC64)"
1158 depends on SPARC64
1159 depends on CRYPTO
1160 select CRYPTO_ALGAPI
1161 help
1162 Camellia cipher algorithm module (SPARC64).
1163
1164 Camellia is a symmetric key block cipher developed jointly
1165 at NTT and Mitsubishi Electric Corporation.
1166
1167 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1168
1169 See also:
1170 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1171
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001172config CRYPTO_CAST_COMMON
1173 tristate
1174 help
1175 Common parts of the CAST cipher algorithms shared by the
1176 generic c and the assembler implementations.
1177
Linus Torvalds1da177e2005-04-16 15:20:36 -07001178config CRYPTO_CAST5
1179 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001180 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001181 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001182 help
1183 The CAST5 encryption algorithm (synonymous with CAST-128) is
1184 described in RFC2144.
1185
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001186config CRYPTO_CAST5_AVX_X86_64
1187 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1188 depends on X86 && 64BIT
1189 select CRYPTO_ALGAPI
1190 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001191 select CRYPTO_ABLK_HELPER
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001192 select CRYPTO_CAST_COMMON
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001193 select CRYPTO_CAST5
1194 help
1195 The CAST5 encryption algorithm (synonymous with CAST-128) is
1196 described in RFC2144.
1197
1198 This module provides the Cast5 cipher algorithm that processes
1199 sixteen blocks parallel using the AVX instruction set.
1200
Linus Torvalds1da177e2005-04-16 15:20:36 -07001201config CRYPTO_CAST6
1202 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001203 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001204 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001205 help
1206 The CAST6 encryption algorithm (synonymous with CAST-256) is
1207 described in RFC2612.
1208
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001209config CRYPTO_CAST6_AVX_X86_64
1210 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1211 depends on X86 && 64BIT
1212 select CRYPTO_ALGAPI
1213 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001214 select CRYPTO_ABLK_HELPER
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001215 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001216 select CRYPTO_CAST_COMMON
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001217 select CRYPTO_CAST6
1218 select CRYPTO_LRW
1219 select CRYPTO_XTS
1220 help
1221 The CAST6 encryption algorithm (synonymous with CAST-256) is
1222 described in RFC2612.
1223
1224 This module provides the Cast6 cipher algorithm that processes
1225 eight blocks parallel using the AVX instruction set.
1226
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001227config CRYPTO_DES
1228 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001229 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001230 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001231 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -07001232
David S. Millerc5aac2d2012-08-25 22:37:23 -07001233config CRYPTO_DES_SPARC64
1234 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
Dave Jones97da37b2012-10-02 17:13:20 -04001235 depends on SPARC64
David S. Millerc5aac2d2012-08-25 22:37:23 -07001236 select CRYPTO_ALGAPI
1237 select CRYPTO_DES
1238 help
1239 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1240 optimized using SPARC64 crypto opcodes.
1241
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001242config CRYPTO_DES3_EDE_X86_64
1243 tristate "Triple DES EDE cipher algorithm (x86-64)"
1244 depends on X86 && 64BIT
1245 select CRYPTO_ALGAPI
1246 select CRYPTO_DES
1247 help
1248 Triple DES EDE (FIPS 46-3) algorithm.
1249
1250 This module provides implementation of the Triple DES EDE cipher
1251 algorithm that is optimized for x86-64 processors. Two versions of
1252 algorithm are provided; regular processing one input block and
1253 one that processes three blocks parallel.
1254
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001255config CRYPTO_FCRYPT
1256 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001257 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001258 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -07001259 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001260 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001261
1262config CRYPTO_KHAZAD
1263 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001264 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001265 help
1266 Khazad cipher algorithm.
1267
1268 Khazad was a finalist in the initial NESSIE competition. It is
1269 an algorithm optimized for 64-bit processors with good performance
1270 on 32-bit processors. Khazad uses an 128 bit key size.
1271
1272 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001273 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001274
Tan Swee Heng2407d602007-11-23 19:45:00 +08001275config CRYPTO_SALSA20
Kees Cook3b4afaf2012-10-02 11:16:49 -07001276 tristate "Salsa20 stream cipher algorithm"
Tan Swee Heng2407d602007-11-23 19:45:00 +08001277 select CRYPTO_BLKCIPHER
1278 help
1279 Salsa20 stream cipher algorithm.
1280
1281 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1282 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1283
1284 The Salsa20 stream cipher algorithm is designed by Daniel J.
1285 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001286
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001287config CRYPTO_SALSA20_586
Kees Cook3b4afaf2012-10-02 11:16:49 -07001288 tristate "Salsa20 stream cipher algorithm (i586)"
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001289 depends on (X86 || UML_X86) && !64BIT
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001290 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001291 help
1292 Salsa20 stream cipher algorithm.
1293
1294 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1295 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1296
1297 The Salsa20 stream cipher algorithm is designed by Daniel J.
1298 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1299
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001300config CRYPTO_SALSA20_X86_64
Kees Cook3b4afaf2012-10-02 11:16:49 -07001301 tristate "Salsa20 stream cipher algorithm (x86_64)"
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001302 depends on (X86 || UML_X86) && 64BIT
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001303 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001304 help
1305 Salsa20 stream cipher algorithm.
1306
1307 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1308 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1309
1310 The Salsa20 stream cipher algorithm is designed by Daniel J.
1311 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1312
Martin Willic08d0e62015-06-01 13:43:56 +02001313config CRYPTO_CHACHA20
1314 tristate "ChaCha20 cipher algorithm"
1315 select CRYPTO_BLKCIPHER
1316 help
1317 ChaCha20 cipher algorithm, RFC7539.
1318
1319 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1320 Bernstein and further specified in RFC7539 for use in IETF protocols.
1321 This is the portable C implementation of ChaCha20.
1322
1323 See also:
1324 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1325
Martin Willic9320b62015-07-16 19:14:01 +02001326config CRYPTO_CHACHA20_X86_64
Martin Willi3d1e93c2015-07-16 19:14:03 +02001327 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
Martin Willic9320b62015-07-16 19:14:01 +02001328 depends on X86 && 64BIT
1329 select CRYPTO_BLKCIPHER
1330 select CRYPTO_CHACHA20
1331 help
1332 ChaCha20 cipher algorithm, RFC7539.
1333
1334 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1335 Bernstein and further specified in RFC7539 for use in IETF protocols.
1336 This is the x86_64 assembler implementation using SIMD instructions.
1337
1338 See also:
1339 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1340
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001341config CRYPTO_SEED
1342 tristate "SEED cipher algorithm"
1343 select CRYPTO_ALGAPI
1344 help
1345 SEED cipher algorithm (RFC4269).
1346
1347 SEED is a 128-bit symmetric key block cipher that has been
1348 developed by KISA (Korea Information Security Agency) as a
1349 national standard encryption algorithm of the Republic of Korea.
1350 It is a 16 round block cipher with the key size of 128 bit.
1351
1352 See also:
1353 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1354
1355config CRYPTO_SERPENT
1356 tristate "Serpent cipher algorithm"
1357 select CRYPTO_ALGAPI
1358 help
1359 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1360
1361 Keys are allowed to be from 0 to 256 bits in length, in steps
1362 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1363 variant of Serpent for compatibility with old kerneli.org code.
1364
1365 See also:
1366 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1367
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001368config CRYPTO_SERPENT_SSE2_X86_64
1369 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1370 depends on X86 && 64BIT
1371 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001372 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001373 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001374 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001375 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001376 select CRYPTO_LRW
1377 select CRYPTO_XTS
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001378 help
1379 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1380
1381 Keys are allowed to be from 0 to 256 bits in length, in steps
1382 of 8 bits.
1383
Masanari Iida1e6232f2015-04-04 00:20:30 +09001384 This module provides Serpent cipher algorithm that processes eight
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001385 blocks parallel using SSE2 instruction set.
1386
1387 See also:
1388 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1389
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001390config CRYPTO_SERPENT_SSE2_586
1391 tristate "Serpent cipher algorithm (i586/SSE2)"
1392 depends on X86 && !64BIT
1393 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001394 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001395 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001396 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001397 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001398 select CRYPTO_LRW
1399 select CRYPTO_XTS
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001400 help
1401 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1402
1403 Keys are allowed to be from 0 to 256 bits in length, in steps
1404 of 8 bits.
1405
1406 This module provides Serpent cipher algorithm that processes four
1407 blocks parallel using SSE2 instruction set.
1408
1409 See also:
1410 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1411
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001412config CRYPTO_SERPENT_AVX_X86_64
1413 tristate "Serpent cipher algorithm (x86_64/AVX)"
1414 depends on X86 && 64BIT
1415 select CRYPTO_ALGAPI
1416 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001417 select CRYPTO_ABLK_HELPER
Jussi Kivilinna1d0debb2012-06-18 14:07:24 +03001418 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001419 select CRYPTO_SERPENT
1420 select CRYPTO_LRW
1421 select CRYPTO_XTS
1422 help
1423 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1424
1425 Keys are allowed to be from 0 to 256 bits in length, in steps
1426 of 8 bits.
1427
1428 This module provides the Serpent cipher algorithm that processes
1429 eight blocks parallel using the AVX instruction set.
1430
1431 See also:
1432 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1433
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001434config CRYPTO_SERPENT_AVX2_X86_64
1435 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1436 depends on X86 && 64BIT
1437 select CRYPTO_ALGAPI
1438 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001439 select CRYPTO_ABLK_HELPER
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001440 select CRYPTO_GLUE_HELPER_X86
1441 select CRYPTO_SERPENT
1442 select CRYPTO_SERPENT_AVX_X86_64
1443 select CRYPTO_LRW
1444 select CRYPTO_XTS
1445 help
1446 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1447
1448 Keys are allowed to be from 0 to 256 bits in length, in steps
1449 of 8 bits.
1450
1451 This module provides Serpent cipher algorithm that processes 16
1452 blocks parallel using AVX2 instruction set.
1453
1454 See also:
1455 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1456
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001457config CRYPTO_TEA
1458 tristate "TEA, XTEA and XETA cipher algorithms"
1459 select CRYPTO_ALGAPI
1460 help
1461 TEA cipher algorithm.
1462
1463 Tiny Encryption Algorithm is a simple cipher that uses
1464 many rounds for security. It is very fast and uses
1465 little memory.
1466
1467 Xtendend Tiny Encryption Algorithm is a modification to
1468 the TEA algorithm to address a potential key weakness
1469 in the TEA algorithm.
1470
1471 Xtendend Encryption Tiny Algorithm is a mis-implementation
1472 of the XTEA algorithm for compatibility purposes.
1473
1474config CRYPTO_TWOFISH
1475 tristate "Twofish cipher algorithm"
1476 select CRYPTO_ALGAPI
1477 select CRYPTO_TWOFISH_COMMON
1478 help
1479 Twofish cipher algorithm.
1480
1481 Twofish was submitted as an AES (Advanced Encryption Standard)
1482 candidate cipher by researchers at CounterPane Systems. It is a
1483 16 round block cipher supporting key sizes of 128, 192, and 256
1484 bits.
1485
1486 See also:
1487 <http://www.schneier.com/twofish.html>
1488
1489config CRYPTO_TWOFISH_COMMON
1490 tristate
1491 help
1492 Common parts of the Twofish cipher algorithm shared by the
1493 generic c and the assembler implementations.
1494
1495config CRYPTO_TWOFISH_586
1496 tristate "Twofish cipher algorithms (i586)"
1497 depends on (X86 || UML_X86) && !64BIT
1498 select CRYPTO_ALGAPI
1499 select CRYPTO_TWOFISH_COMMON
1500 help
1501 Twofish cipher algorithm.
1502
1503 Twofish was submitted as an AES (Advanced Encryption Standard)
1504 candidate cipher by researchers at CounterPane Systems. It is a
1505 16 round block cipher supporting key sizes of 128, 192, and 256
1506 bits.
1507
1508 See also:
1509 <http://www.schneier.com/twofish.html>
1510
1511config CRYPTO_TWOFISH_X86_64
1512 tristate "Twofish cipher algorithm (x86_64)"
1513 depends on (X86 || UML_X86) && 64BIT
1514 select CRYPTO_ALGAPI
1515 select CRYPTO_TWOFISH_COMMON
1516 help
1517 Twofish cipher algorithm (x86_64).
1518
1519 Twofish was submitted as an AES (Advanced Encryption Standard)
1520 candidate cipher by researchers at CounterPane Systems. It is a
1521 16 round block cipher supporting key sizes of 128, 192, and 256
1522 bits.
1523
1524 See also:
1525 <http://www.schneier.com/twofish.html>
1526
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001527config CRYPTO_TWOFISH_X86_64_3WAY
1528 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
Al Virof21a7c12012-04-08 20:31:22 -04001529 depends on X86 && 64BIT
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001530 select CRYPTO_ALGAPI
1531 select CRYPTO_TWOFISH_COMMON
1532 select CRYPTO_TWOFISH_X86_64
Jussi Kivilinna414cb5e2012-06-18 14:07:34 +03001533 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinnae7cda5d2011-12-13 12:53:01 +02001534 select CRYPTO_LRW
1535 select CRYPTO_XTS
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001536 help
1537 Twofish cipher algorithm (x86_64, 3-way parallel).
1538
1539 Twofish was submitted as an AES (Advanced Encryption Standard)
1540 candidate cipher by researchers at CounterPane Systems. It is a
1541 16 round block cipher supporting key sizes of 128, 192, and 256
1542 bits.
1543
1544 This module provides Twofish cipher algorithm that processes three
1545 blocks parallel, utilizing resources of out-of-order CPUs better.
1546
1547 See also:
1548 <http://www.schneier.com/twofish.html>
1549
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001550config CRYPTO_TWOFISH_AVX_X86_64
1551 tristate "Twofish cipher algorithm (x86_64/AVX)"
1552 depends on X86 && 64BIT
1553 select CRYPTO_ALGAPI
1554 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001555 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaa7378d42012-06-18 14:07:39 +03001556 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001557 select CRYPTO_TWOFISH_COMMON
1558 select CRYPTO_TWOFISH_X86_64
1559 select CRYPTO_TWOFISH_X86_64_3WAY
1560 select CRYPTO_LRW
1561 select CRYPTO_XTS
1562 help
1563 Twofish cipher algorithm (x86_64/AVX).
1564
1565 Twofish was submitted as an AES (Advanced Encryption Standard)
1566 candidate cipher by researchers at CounterPane Systems. It is a
1567 16 round block cipher supporting key sizes of 128, 192, and 256
1568 bits.
1569
1570 This module provides the Twofish cipher algorithm that processes
1571 eight blocks parallel using the AVX Instruction Set.
1572
1573 See also:
1574 <http://www.schneier.com/twofish.html>
1575
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001576comment "Compression"
1577
Linus Torvalds1da177e2005-04-16 15:20:36 -07001578config CRYPTO_DEFLATE
1579 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001580 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001581 select ZLIB_INFLATE
1582 select ZLIB_DEFLATE
1583 help
1584 This is the Deflate algorithm (RFC1951), specified for use in
1585 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001586
Linus Torvalds1da177e2005-04-16 15:20:36 -07001587 You will most probably want this if using IPSec.
1588
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001589config CRYPTO_LZO
1590 tristate "LZO compression algorithm"
1591 select CRYPTO_ALGAPI
Giovanni Cabidduac9d2c42016-10-21 13:19:49 +01001592 select CRYPTO_ACOMP2
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001593 select LZO_COMPRESS
1594 select LZO_DECOMPRESS
1595 help
1596 This is the LZO algorithm.
1597
Seth Jennings35a1fc12012-07-19 09:42:41 -05001598config CRYPTO_842
1599 tristate "842 compression algorithm"
Dan Streetman2062c5b2015-05-07 13:49:15 -04001600 select CRYPTO_ALGAPI
1601 select 842_COMPRESS
1602 select 842_DECOMPRESS
Seth Jennings35a1fc12012-07-19 09:42:41 -05001603 help
1604 This is the 842 algorithm.
1605
Chanho Min0ea85302013-07-08 16:01:51 -07001606config CRYPTO_LZ4
1607 tristate "LZ4 compression algorithm"
1608 select CRYPTO_ALGAPI
Giovanni Cabiddu8cd93302016-10-21 13:19:50 +01001609 select CRYPTO_ACOMP2
Chanho Min0ea85302013-07-08 16:01:51 -07001610 select LZ4_COMPRESS
1611 select LZ4_DECOMPRESS
1612 help
1613 This is the LZ4 algorithm.
1614
1615config CRYPTO_LZ4HC
1616 tristate "LZ4HC compression algorithm"
1617 select CRYPTO_ALGAPI
1618 select LZ4HC_COMPRESS
1619 select LZ4_DECOMPRESS
1620 help
1621 This is the LZ4 high compression mode algorithm.
1622
Neil Horman17f0f4a2008-08-14 22:15:52 +10001623comment "Random Number Generation"
1624
1625config CRYPTO_ANSI_CPRNG
1626 tristate "Pseudo Random Number Generation for Cryptographic modules"
1627 select CRYPTO_AES
1628 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +10001629 help
1630 This option enables the generic pseudo random number generator
1631 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +01001632 ANSI X9.31 A.2.4. Note that this option must be enabled if
1633 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +10001634
Herbert Xuf2c89a12014-07-04 22:15:08 +08001635menuconfig CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001636 tristate "NIST SP800-90A DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001637 help
1638 NIST SP800-90A compliant DRBG. In the following submenu, one or
1639 more of the DRBG types must be selected.
1640
Herbert Xuf2c89a12014-07-04 22:15:08 +08001641if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001642
1643config CRYPTO_DRBG_HMAC
Herbert Xu401e4232015-06-03 14:49:31 +08001644 bool
Stephan Mueller419090c2014-05-31 17:22:31 +02001645 default y
Stephan Mueller419090c2014-05-31 17:22:31 +02001646 select CRYPTO_HMAC
Herbert Xu826775b2015-06-11 08:55:10 +08001647 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001648
1649config CRYPTO_DRBG_HASH
1650 bool "Enable Hash DRBG"
Herbert Xu826775b2015-06-11 08:55:10 +08001651 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001652 help
1653 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1654
1655config CRYPTO_DRBG_CTR
1656 bool "Enable CTR DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001657 select CRYPTO_AES
Stephan Mueller35591282016-06-14 07:34:13 +02001658 depends on CRYPTO_CTR
Stephan Mueller419090c2014-05-31 17:22:31 +02001659 help
1660 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1661
Herbert Xuf2c89a12014-07-04 22:15:08 +08001662config CRYPTO_DRBG
1663 tristate
Herbert Xu401e4232015-06-03 14:49:31 +08001664 default CRYPTO_DRBG_MENU
Herbert Xuf2c89a12014-07-04 22:15:08 +08001665 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001666 select CRYPTO_JITTERENTROPY
Herbert Xuf2c89a12014-07-04 22:15:08 +08001667
1668endif # if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001669
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001670config CRYPTO_JITTERENTROPY
1671 tristate "Jitterentropy Non-Deterministic Random Number Generator"
Arnd Bergmann2f313e02016-01-26 14:47:10 +01001672 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001673 help
1674 The Jitterentropy RNG is a noise that is intended
1675 to provide seed to another RNG. The RNG does not
1676 perform any cryptographic whitening of the generated
1677 random numbers. This Jitterentropy RNG registers with
1678 the kernel crypto API and can be used by any caller.
1679
Herbert Xu03c8efc2010-10-19 21:12:39 +08001680config CRYPTO_USER_API
1681 tristate
1682
Herbert Xufe869cd2010-10-19 21:23:00 +08001683config CRYPTO_USER_API_HASH
1684 tristate "User-space interface for hash algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001685 depends on NET
Herbert Xufe869cd2010-10-19 21:23:00 +08001686 select CRYPTO_HASH
1687 select CRYPTO_USER_API
1688 help
1689 This option enables the user-spaces interface for hash
1690 algorithms.
1691
Herbert Xu8ff59092010-10-19 21:31:55 +08001692config CRYPTO_USER_API_SKCIPHER
1693 tristate "User-space interface for symmetric key cipher algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001694 depends on NET
Herbert Xu8ff59092010-10-19 21:31:55 +08001695 select CRYPTO_BLKCIPHER
1696 select CRYPTO_USER_API
1697 help
1698 This option enables the user-spaces interface for symmetric
1699 key cipher algorithms.
1700
Stephan Mueller2f3755382014-12-25 23:00:39 +01001701config CRYPTO_USER_API_RNG
1702 tristate "User-space interface for random number generator algorithms"
1703 depends on NET
1704 select CRYPTO_RNG
1705 select CRYPTO_USER_API
1706 help
1707 This option enables the user-spaces interface for random
1708 number generator algorithms.
1709
Herbert Xub64a2d92015-05-28 11:30:35 +08001710config CRYPTO_USER_API_AEAD
1711 tristate "User-space interface for AEAD cipher algorithms"
1712 depends on NET
1713 select CRYPTO_AEAD
1714 select CRYPTO_USER_API
1715 help
1716 This option enables the user-spaces interface for AEAD
1717 cipher algorithms.
1718
Dmitry Kasatkinee089972013-05-06 15:40:01 +03001719config CRYPTO_HASH_INFO
1720 bool
1721
Linus Torvalds1da177e2005-04-16 15:20:36 -07001722source "drivers/crypto/Kconfig"
David Howells964f3b32012-09-13 15:17:21 +01001723source crypto/asymmetric_keys/Kconfig
David Howellscfc411e2015-08-14 15:20:41 +01001724source certs/Kconfig
Linus Torvalds1da177e2005-04-16 15:20:36 -07001725
Herbert Xucce9e062006-08-21 21:08:13 +10001726endif # if CRYPTO