blob: 0e35889e1662024a924531238b619330934f559c [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
Herbert Xuf2c89a12014-07-04 22:15:08 +080026 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
Jarod Wilson002c77a2014-07-02 15:37:30 -040027 depends on MODULE_SIG
Neil Hormanccb778e2008-08-05 14:13:08 +080028 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
Chuck Ebberte84c5482010-09-03 19:17:49 +080032 this is.
Neil Hormanccb778e2008-08-05 14:13:08 +080033
Herbert Xucce9e062006-08-21 21:08:13 +100034config CRYPTO_ALGAPI
35 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110036 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100037 help
38 This option provides the API for cryptographic algorithms.
39
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110040config CRYPTO_ALGAPI2
41 tristate
42
Herbert Xu1ae97822007-08-30 15:36:14 +080043config CRYPTO_AEAD
44 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110045 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080046 select CRYPTO_ALGAPI
47
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110048config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
Herbert Xu149a3972015-08-13 17:28:58 +080051 select CRYPTO_NULL2
52 select CRYPTO_RNG2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110053
Herbert Xu5cde0af2006-08-22 00:07:53 +100054config CRYPTO_BLKCIPHER
55 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110056 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100057 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110058
59config CRYPTO_BLKCIPHER2
60 tristate
61 select CRYPTO_ALGAPI2
62 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080063 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100064
Herbert Xu055bcee2006-08-19 22:24:23 +100065config CRYPTO_HASH
66 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110067 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100068 select CRYPTO_ALGAPI
69
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110070config CRYPTO_HASH2
71 tristate
72 select CRYPTO_ALGAPI2
73
Neil Horman17f0f4a2008-08-14 22:15:52 +100074config CRYPTO_RNG
75 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110076 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100077 select CRYPTO_ALGAPI
78
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110079config CRYPTO_RNG2
80 tristate
81 select CRYPTO_ALGAPI2
82
Herbert Xu401e4232015-06-03 14:49:31 +080083config CRYPTO_RNG_DEFAULT
84 tristate
85 select CRYPTO_DRBG_MENU
86
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080087config CRYPTO_PCOMP
88 tristate
Herbert Xubc94e592010-06-03 20:33:06 +100089 select CRYPTO_PCOMP2
90 select CRYPTO_ALGAPI
91
92config CRYPTO_PCOMP2
93 tristate
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080094 select CRYPTO_ALGAPI2
95
Tadeusz Struk3c339ab2015-06-16 10:30:55 -070096config CRYPTO_AKCIPHER2
97 tristate
98 select CRYPTO_ALGAPI2
99
100config CRYPTO_AKCIPHER
101 tristate
102 select CRYPTO_AKCIPHER2
103 select CRYPTO_ALGAPI
104
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700105config CRYPTO_RSA
106 tristate "RSA algorithm"
Tadeusz Struk425e0172015-06-19 10:27:39 -0700107 select CRYPTO_AKCIPHER
Tadeusz Strukcfc2bb32015-06-16 10:31:01 -0700108 select MPILIB
109 select ASN1
110 help
111 Generic implementation of the RSA public key algorithm.
112
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000113config CRYPTO_MANAGER
114 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100115 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +1000116 help
117 Create default cryptographic template instantiations such as
118 cbc(aes).
119
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100120config CRYPTO_MANAGER2
121 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
122 select CRYPTO_AEAD2
123 select CRYPTO_HASH2
124 select CRYPTO_BLKCIPHER2
Herbert Xubc94e592010-06-03 20:33:06 +1000125 select CRYPTO_PCOMP2
Tadeusz Struk946cc462015-06-16 10:31:06 -0700126 select CRYPTO_AKCIPHER2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100127
Steffen Klasserta38f7902011-09-27 07:23:50 +0200128config CRYPTO_USER
129 tristate "Userspace cryptographic algorithm configuration"
Herbert Xu5db017a2011-11-01 12:12:43 +1100130 depends on NET
Steffen Klasserta38f7902011-09-27 07:23:50 +0200131 select CRYPTO_MANAGER
132 help
Valdis.Kletnieks@vt.edud19978f2011-11-09 01:29:20 -0500133 Userspace configuration for cryptographic instantiations such as
Steffen Klasserta38f7902011-09-27 07:23:50 +0200134 cbc(aes).
135
Herbert Xu326a6342010-08-06 09:40:28 +0800136config CRYPTO_MANAGER_DISABLE_TESTS
137 bool "Disable run-time self tests"
Herbert Xu00ca28a2010-08-06 10:34:00 +0800138 default y
139 depends on CRYPTO_MANAGER2
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000140 help
Herbert Xu326a6342010-08-06 09:40:28 +0800141 Disable run-time self tests that normally take place at
142 algorithm registration.
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000143
Rik Snelc494e072006-11-29 18:59:44 +1100144config CRYPTO_GF128MUL
Jussi Kivilinna08c70fc2011-12-13 12:53:22 +0200145 tristate "GF(2^128) multiplication functions"
Rik Snelc494e072006-11-29 18:59:44 +1100146 help
147 Efficient table driven implementation of multiplications in the
148 field GF(2^128). This is needed by some cypher modes. This
149 option will be selected automatically if you select such a
150 cipher mode. Only select this option by hand if you expect to load
151 an external module that requires these functions.
152
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800153config CRYPTO_NULL
154 tristate "Null algorithms"
Herbert Xu149a3972015-08-13 17:28:58 +0800155 select CRYPTO_NULL2
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800156 help
157 These are 'Null' algorithms, used by IPsec, which do nothing.
158
Herbert Xu149a3972015-08-13 17:28:58 +0800159config CRYPTO_NULL2
160 select CRYPTO_ALGAPI2
161 select CRYPTO_BLKCIPHER2
162 select CRYPTO_HASH2
163
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100164config CRYPTO_PCRYPT
Kees Cook3b4afaf2012-10-02 11:16:49 -0700165 tristate "Parallel crypto engine"
166 depends on SMP
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100167 select PADATA
168 select CRYPTO_MANAGER
169 select CRYPTO_AEAD
170 help
171 This converts an arbitrary crypto algorithm into a parallel
172 algorithm that executes in kernel threads.
173
Huang Ying25c38d32009-02-19 14:33:40 +0800174config CRYPTO_WORKQUEUE
175 tristate
176
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800177config CRYPTO_CRYPTD
178 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000179 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800180 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000181 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800182 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000183 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800184 This is a generic software asynchronous crypto daemon that
185 converts an arbitrary synchronous software crypto algorithm
186 into an asynchronous algorithm that executes in a kernel thread.
187
Tim Chen1e65b812014-07-31 10:29:51 -0700188config CRYPTO_MCRYPTD
189 tristate "Software async multi-buffer crypto daemon"
190 select CRYPTO_BLKCIPHER
191 select CRYPTO_HASH
192 select CRYPTO_MANAGER
193 select CRYPTO_WORKQUEUE
194 help
195 This is a generic software asynchronous crypto daemon that
196 provides the kernel thread to assist multi-buffer crypto
197 algorithms for submitting jobs and flushing jobs in multi-buffer
198 crypto algorithms. Multi-buffer crypto algorithms are executed
199 in the context of this kernel thread and drivers can post
Ted Percival0e566732014-09-04 15:18:21 +0800200 their crypto request asynchronously to be processed by this daemon.
Tim Chen1e65b812014-07-31 10:29:51 -0700201
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800202config CRYPTO_AUTHENC
203 tristate "Authenc support"
204 select CRYPTO_AEAD
205 select CRYPTO_BLKCIPHER
206 select CRYPTO_MANAGER
207 select CRYPTO_HASH
Herbert Xue94c6a72015-08-04 21:23:14 +0800208 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800209 help
210 Authenc: Combined mode wrapper for IPsec.
211 This is required for IPSec.
212
213config CRYPTO_TEST
214 tristate "Testing module"
215 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800216 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800217 help
218 Quick & dirty crypto test module.
219
Ard Biesheuvela62b01c2013-09-20 09:55:40 +0200220config CRYPTO_ABLK_HELPER
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300221 tristate
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300222 select CRYPTO_CRYPTD
223
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300224config CRYPTO_GLUE_HELPER_X86
225 tristate
226 depends on X86
227 select CRYPTO_ALGAPI
228
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800229comment "Authenticated Encryption with Associated Data"
230
231config CRYPTO_CCM
232 tristate "CCM support"
233 select CRYPTO_CTR
234 select CRYPTO_AEAD
235 help
236 Support for Counter with CBC MAC. Required for IPsec.
237
238config CRYPTO_GCM
239 tristate "GCM/GMAC support"
240 select CRYPTO_CTR
241 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000242 select CRYPTO_GHASH
Jussi Kivilinna9489667d2013-04-07 16:43:41 +0300243 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800244 help
245 Support for Galois/Counter Mode (GCM) and Galois Message
246 Authentication Code (GMAC). Required for IPSec.
247
Martin Willi71ebc4d2015-06-01 13:44:00 +0200248config CRYPTO_CHACHA20POLY1305
249 tristate "ChaCha20-Poly1305 AEAD support"
250 select CRYPTO_CHACHA20
251 select CRYPTO_POLY1305
252 select CRYPTO_AEAD
253 help
254 ChaCha20-Poly1305 AEAD support, RFC7539.
255
256 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
257 with the Poly1305 authenticator. It is defined in RFC7539 for use in
258 IETF protocols.
259
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800260config CRYPTO_SEQIV
261 tristate "Sequence Number IV Generator"
262 select CRYPTO_AEAD
263 select CRYPTO_BLKCIPHER
Herbert Xu856e3f402015-05-21 15:11:13 +0800264 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800265 select CRYPTO_RNG_DEFAULT
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800266 help
267 This IV generator generates an IV based on a sequence number by
268 xoring it with a salt. This algorithm is mainly useful for CTR
269
Herbert Xua10f5542015-05-21 15:11:15 +0800270config CRYPTO_ECHAINIV
271 tristate "Encrypted Chain IV Generator"
272 select CRYPTO_AEAD
273 select CRYPTO_NULL
Herbert Xu401e4232015-06-03 14:49:31 +0800274 select CRYPTO_RNG_DEFAULT
Herbert Xu34912442015-06-03 14:49:29 +0800275 default m
Herbert Xua10f5542015-05-21 15:11:15 +0800276 help
277 This IV generator generates an IV based on the encryption of
278 a sequence number xored with a salt. This is the default
279 algorithm for CBC.
280
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800281comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000282
283config CRYPTO_CBC
284 tristate "CBC support"
285 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000286 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000287 help
288 CBC: Cipher Block Chaining mode
289 This block cipher algorithm is required for IPSec.
290
Joy Latten23e353c2007-10-23 08:50:32 +0800291config CRYPTO_CTR
292 tristate "CTR support"
293 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100294 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800295 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800296 help
297 CTR: Counter mode
298 This block cipher algorithm is required for IPSec.
299
Kevin Coffman76cb9522008-03-24 21:26:16 +0800300config CRYPTO_CTS
301 tristate "CTS support"
302 select CRYPTO_BLKCIPHER
303 help
304 CTS: Cipher Text Stealing
305 This is the Cipher Text Stealing mode as described by
306 Section 8 of rfc2040 and referenced by rfc3962.
307 (rfc3962 includes errata information in its Appendix A)
308 This mode is required for Kerberos gss mechanism support
309 for AES encryption.
310
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800311config CRYPTO_ECB
312 tristate "ECB support"
Herbert Xu653ebd9c2007-11-27 19:48:27 +0800313 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000314 select CRYPTO_MANAGER
315 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800316 ECB: Electronic CodeBook mode
317 This is the simplest block cipher algorithm. It simply encrypts
318 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000319
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800320config CRYPTO_LRW
Jussi Kivilinna2470a2b2011-12-13 12:52:51 +0200321 tristate "LRW support"
David Howells90831632006-12-16 12:13:14 +1100322 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800323 select CRYPTO_MANAGER
324 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100325 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800326 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
327 narrow block cipher mode for dm-crypt. Use it with cipher
328 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
329 The first 128, 192 or 256 bits in the key are used for AES and the
330 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100331
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800332config CRYPTO_PCBC
333 tristate "PCBC support"
334 select CRYPTO_BLKCIPHER
335 select CRYPTO_MANAGER
336 help
337 PCBC: Propagating Cipher Block Chaining mode
338 This block cipher algorithm is required for RxRPC.
339
340config CRYPTO_XTS
Jussi Kivilinna5bcf8e62011-12-13 12:52:56 +0200341 tristate "XTS support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800342 select CRYPTO_BLKCIPHER
343 select CRYPTO_MANAGER
344 select CRYPTO_GF128MUL
345 help
346 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
347 key size 256, 384 or 512 bits. This implementation currently
348 can't handle a sectorsize which is not a multiple of 16 bytes.
349
350comment "Hash modes"
351
Jussi Kivilinna93b5e862013-04-08 10:48:44 +0300352config CRYPTO_CMAC
353 tristate "CMAC support"
354 select CRYPTO_HASH
355 select CRYPTO_MANAGER
356 help
357 Cipher-based Message Authentication Code (CMAC) specified by
358 The National Institute of Standards and Technology (NIST).
359
360 https://tools.ietf.org/html/rfc4493
361 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
362
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800363config CRYPTO_HMAC
364 tristate "HMAC support"
365 select CRYPTO_HASH
366 select CRYPTO_MANAGER
367 help
368 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
369 This is required for IPSec.
370
371config CRYPTO_XCBC
372 tristate "XCBC support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800373 select CRYPTO_HASH
374 select CRYPTO_MANAGER
375 help
376 XCBC: Keyed-Hashing with encryption algorithm
377 http://www.ietf.org/rfc/rfc3566.txt
378 http://csrc.nist.gov/encryption/modes/proposedmodes/
379 xcbc-mac/xcbc-mac-spec.pdf
380
Shane Wangf1939f72009-09-02 20:05:22 +1000381config CRYPTO_VMAC
382 tristate "VMAC support"
Shane Wangf1939f72009-09-02 20:05:22 +1000383 select CRYPTO_HASH
384 select CRYPTO_MANAGER
385 help
386 VMAC is a message authentication algorithm designed for
387 very high speed on 64-bit architectures.
388
389 See also:
390 <http://fastcrypto.org/vmac>
391
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800392comment "Digest"
393
394config CRYPTO_CRC32C
395 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800396 select CRYPTO_HASH
Darrick J. Wong6a0962b2012-03-23 15:02:25 -0700397 select CRC32
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800398 help
399 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
400 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800401 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800402
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800403config CRYPTO_CRC32C_INTEL
404 tristate "CRC32c INTEL hardware acceleration"
405 depends on X86
406 select CRYPTO_HASH
407 help
408 In Intel processor with SSE4.2 supported, the processor will
409 support CRC32C implementation using hardware accelerated CRC32
410 instruction. This option will create 'crc32c-intel' module,
411 which will enable any routine to use the CRC32 instruction to
412 gain performance compared with software implementation.
413 Module will be crc32c-intel.
414
David S. Miller442a7c42012-08-22 20:47:36 -0700415config CRYPTO_CRC32C_SPARC64
416 tristate "CRC32c CRC algorithm (SPARC64)"
417 depends on SPARC64
418 select CRYPTO_HASH
419 select CRC32
420 help
421 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
422 when available.
423
Alexander Boyko78c37d12013-01-10 18:54:59 +0400424config CRYPTO_CRC32
425 tristate "CRC32 CRC algorithm"
426 select CRYPTO_HASH
427 select CRC32
428 help
429 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
430 Shash crypto api wrappers to crc32_le function.
431
432config CRYPTO_CRC32_PCLMUL
433 tristate "CRC32 PCLMULQDQ hardware acceleration"
434 depends on X86
435 select CRYPTO_HASH
436 select CRC32
437 help
438 From Intel Westmere and AMD Bulldozer processor with SSE4.2
439 and PCLMULQDQ supported, the processor will support
440 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
441 instruction. This option will create 'crc32-plcmul' module,
442 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
443 and gain better performance as compared with the table implementation.
444
Herbert Xu684115212013-09-07 12:56:26 +1000445config CRYPTO_CRCT10DIF
446 tristate "CRCT10DIF algorithm"
447 select CRYPTO_HASH
448 help
449 CRC T10 Data Integrity Field computation is being cast as
450 a crypto transform. This allows for faster crc t10 diff
451 transforms to be used if they are available.
452
453config CRYPTO_CRCT10DIF_PCLMUL
454 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
455 depends on X86 && 64BIT && CRC_T10DIF
456 select CRYPTO_HASH
457 help
458 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
459 CRC T10 DIF PCLMULQDQ computation can be hardware
460 accelerated PCLMULQDQ instruction. This option will create
461 'crct10dif-plcmul' module, which is faster when computing the
462 crct10dif checksum as compared with the generic table implementation.
463
Huang Ying2cdc6892009-08-06 15:32:38 +1000464config CRYPTO_GHASH
465 tristate "GHASH digest algorithm"
Huang Ying2cdc6892009-08-06 15:32:38 +1000466 select CRYPTO_GF128MUL
467 help
468 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
469
Martin Willif979e012015-06-01 13:43:58 +0200470config CRYPTO_POLY1305
471 tristate "Poly1305 authenticator algorithm"
472 help
473 Poly1305 authenticator algorithm, RFC7539.
474
475 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
476 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
477 in IETF protocols. This is the portable C implementation of Poly1305.
478
Martin Willic70f4ab2015-07-16 19:14:06 +0200479config CRYPTO_POLY1305_X86_64
Martin Willib1ccc8f2015-07-16 19:14:08 +0200480 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
Martin Willic70f4ab2015-07-16 19:14:06 +0200481 depends on X86 && 64BIT
482 select CRYPTO_POLY1305
483 help
484 Poly1305 authenticator algorithm, RFC7539.
485
486 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
487 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
488 in IETF protocols. This is the x86_64 assembler implementation using SIMD
489 instructions.
490
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800491config CRYPTO_MD4
492 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800493 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700494 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800495 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700496
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800497config CRYPTO_MD5
498 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800499 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700500 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800501 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700502
Aaro Koskinend69e75d2014-12-21 22:54:02 +0200503config CRYPTO_MD5_OCTEON
504 tristate "MD5 digest algorithm (OCTEON)"
505 depends on CPU_CAVIUM_OCTEON
506 select CRYPTO_MD5
507 select CRYPTO_HASH
508 help
509 MD5 message digest algorithm (RFC1321) implemented
510 using OCTEON crypto instructions, when available.
511
Markus Stockhausene8e59952015-03-01 19:30:46 +0100512config CRYPTO_MD5_PPC
513 tristate "MD5 digest algorithm (PPC)"
514 depends on PPC
515 select CRYPTO_HASH
516 help
517 MD5 message digest algorithm (RFC1321) implemented
518 in PPC assembler.
519
David S. Millerfa4dfed2012-08-19 21:51:26 -0700520config CRYPTO_MD5_SPARC64
521 tristate "MD5 digest algorithm (SPARC64)"
522 depends on SPARC64
523 select CRYPTO_MD5
524 select CRYPTO_HASH
525 help
526 MD5 message digest algorithm (RFC1321) implemented
527 using sparc64 crypto instructions, when available.
528
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800529config CRYPTO_MICHAEL_MIC
530 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800531 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800532 help
533 Michael MIC is used for message integrity protection in TKIP
534 (IEEE 802.11i). This algorithm is required for TKIP, but it
535 should not be used for other purposes because of the weakness
536 of the algorithm.
537
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800538config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800539 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800540 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800541 help
542 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800543
Adrian Bunkb6d44342008-07-16 19:28:00 +0800544 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
Michael Witten35ed4b32011-07-09 04:02:31 +0000545 be used as a secure replacement for RIPEMD. For other use cases,
Adrian Bunkb6d44342008-07-16 19:28:00 +0800546 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800547
Adrian Bunkb6d44342008-07-16 19:28:00 +0800548 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800549 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800550
551config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800552 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800553 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800554 help
555 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800556
Adrian Bunkb6d44342008-07-16 19:28:00 +0800557 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
558 to be used as a secure replacement for the 128-bit hash functions
559 MD4, MD5 and it's predecessor RIPEMD
560 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800561
Adrian Bunkb6d44342008-07-16 19:28:00 +0800562 It's speed is comparable to SHA1 and there are no known attacks
563 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800564
Adrian Bunkb6d44342008-07-16 19:28:00 +0800565 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800566 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800567
568config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800569 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800570 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800571 help
572 RIPEMD-256 is an optional extension of RIPEMD-128 with a
573 256 bit hash. It is intended for applications that require
574 longer hash-results, without needing a larger security level
575 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800576
Adrian Bunkb6d44342008-07-16 19:28:00 +0800577 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800578 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800579
580config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800581 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800582 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800583 help
584 RIPEMD-320 is an optional extension of RIPEMD-160 with a
585 320 bit hash. It is intended for applications that require
586 longer hash-results, without needing a larger security level
587 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c12008-05-09 21:30:27 +0800588
Adrian Bunkb6d44342008-07-16 19:28:00 +0800589 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800590 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800591
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800592config CRYPTO_SHA1
593 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800594 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800595 help
596 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
597
Mathias Krause66be8952011-08-04 20:19:25 +0200598config CRYPTO_SHA1_SSSE3
chandramouli narayanan7c1da8d2014-03-20 15:14:00 -0700599 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
Mathias Krause66be8952011-08-04 20:19:25 +0200600 depends on X86 && 64BIT
601 select CRYPTO_SHA1
602 select CRYPTO_HASH
603 help
604 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
605 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
chandramouli narayanan7c1da8d2014-03-20 15:14:00 -0700606 Extensions (AVX/AVX2), when available.
Mathias Krause66be8952011-08-04 20:19:25 +0200607
Tim Chen8275d1a2013-03-26 13:59:17 -0700608config CRYPTO_SHA256_SSSE3
609 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
610 depends on X86 && 64BIT
611 select CRYPTO_SHA256
612 select CRYPTO_HASH
613 help
614 SHA-256 secure hash standard (DFIPS 180-2) implemented
615 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
616 Extensions version 1 (AVX1), or Advanced Vector Extensions
617 version 2 (AVX2) instructions, when available.
618
Tim Chen87de4572013-03-26 14:00:02 -0700619config CRYPTO_SHA512_SSSE3
620 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
621 depends on X86 && 64BIT
622 select CRYPTO_SHA512
623 select CRYPTO_HASH
624 help
625 SHA-512 secure hash standard (DFIPS 180-2) implemented
626 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
627 Extensions version 1 (AVX1), or Advanced Vector Extensions
628 version 2 (AVX2) instructions, when available.
629
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200630config CRYPTO_SHA1_OCTEON
631 tristate "SHA1 digest algorithm (OCTEON)"
632 depends on CPU_CAVIUM_OCTEON
633 select CRYPTO_SHA1
634 select CRYPTO_HASH
635 help
636 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
637 using OCTEON crypto instructions, when available.
638
David S. Miller4ff28d42012-08-19 15:41:53 -0700639config CRYPTO_SHA1_SPARC64
640 tristate "SHA1 digest algorithm (SPARC64)"
641 depends on SPARC64
642 select CRYPTO_SHA1
643 select CRYPTO_HASH
644 help
645 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
646 using sparc64 crypto instructions, when available.
647
Michael Ellerman323a6bf2012-09-13 23:00:49 +0000648config CRYPTO_SHA1_PPC
649 tristate "SHA1 digest algorithm (powerpc)"
650 depends on PPC
651 help
652 This is the powerpc hardware accelerated implementation of the
653 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
654
Markus Stockhausend9850fc2015-02-24 20:36:50 +0100655config CRYPTO_SHA1_PPC_SPE
656 tristate "SHA1 digest algorithm (PPC SPE)"
657 depends on PPC && SPE
658 help
659 SHA-1 secure hash standard (DFIPS 180-4) implemented
660 using powerpc SPE SIMD instruction set.
661
Tim Chen1e65b812014-07-31 10:29:51 -0700662config CRYPTO_SHA1_MB
663 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
664 depends on X86 && 64BIT
665 select CRYPTO_SHA1
666 select CRYPTO_HASH
667 select CRYPTO_MCRYPTD
668 help
669 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
670 using multi-buffer technique. This algorithm computes on
671 multiple data lanes concurrently with SIMD instructions for
672 better throughput. It should not be enabled by default but
673 used when there is significant amount of work to keep the keep
674 the data lanes filled to get performance benefit. If the data
675 lanes remain unfilled, a flush operation will be initiated to
676 process the crypto jobs, adding a slight latency.
677
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800678config CRYPTO_SHA256
679 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800680 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800681 help
682 SHA256 secure hash standard (DFIPS 180-2).
683
684 This version of SHA implements a 256 bit hash with 128 bits of
685 security against collision attacks.
686
Adrian Bunkb6d44342008-07-16 19:28:00 +0800687 This code also includes SHA-224, a 224 bit hash with 112 bits
688 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800689
Markus Stockhausen2ecc1e92015-01-30 15:39:34 +0100690config CRYPTO_SHA256_PPC_SPE
691 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
692 depends on PPC && SPE
693 select CRYPTO_SHA256
694 select CRYPTO_HASH
695 help
696 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
697 implemented using powerpc SPE SIMD instruction set.
698
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200699config CRYPTO_SHA256_OCTEON
700 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
701 depends on CPU_CAVIUM_OCTEON
702 select CRYPTO_SHA256
703 select CRYPTO_HASH
704 help
705 SHA-256 secure hash standard (DFIPS 180-2) implemented
706 using OCTEON crypto instructions, when available.
707
David S. Miller86c93b22012-08-19 17:11:37 -0700708config CRYPTO_SHA256_SPARC64
709 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
710 depends on SPARC64
711 select CRYPTO_SHA256
712 select CRYPTO_HASH
713 help
714 SHA-256 secure hash standard (DFIPS 180-2) implemented
715 using sparc64 crypto instructions, when available.
716
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800717config CRYPTO_SHA512
718 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100719 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800720 help
721 SHA512 secure hash standard (DFIPS 180-2).
722
723 This version of SHA implements a 512 bit hash with 256 bits of
724 security against collision attacks.
725
726 This code also includes SHA-384, a 384 bit hash with 192 bits
727 of security against collision attacks.
728
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200729config CRYPTO_SHA512_OCTEON
730 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
731 depends on CPU_CAVIUM_OCTEON
732 select CRYPTO_SHA512
733 select CRYPTO_HASH
734 help
735 SHA-512 secure hash standard (DFIPS 180-2) implemented
736 using OCTEON crypto instructions, when available.
737
David S. Miller775e0c62012-08-19 17:37:56 -0700738config CRYPTO_SHA512_SPARC64
739 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
740 depends on SPARC64
741 select CRYPTO_SHA512
742 select CRYPTO_HASH
743 help
744 SHA-512 secure hash standard (DFIPS 180-2) implemented
745 using sparc64 crypto instructions, when available.
746
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800747config CRYPTO_TGR192
748 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800749 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800750 help
751 Tiger hash algorithm 192, 160 and 128-bit hashes
752
753 Tiger is a hash function optimized for 64-bit processors while
754 still having decent performance on 32-bit processors.
755 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700756
757 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800758 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
759
760config CRYPTO_WP512
761 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800762 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800763 help
764 Whirlpool hash algorithm 512, 384 and 256-bit hashes
765
766 Whirlpool-512 is part of the NESSIE cryptographic primitives.
767 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
768
769 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800770 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800771
Huang Ying0e1227d2009-10-19 11:53:06 +0900772config CRYPTO_GHASH_CLMUL_NI_INTEL
773 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800774 depends on X86 && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +0900775 select CRYPTO_CRYPTD
776 help
777 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
778 The implementation is accelerated by CLMUL-NI of Intel.
779
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800780comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700781
782config CRYPTO_AES
783 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000784 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700785 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800786 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700787 algorithm.
788
789 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800790 both hardware and software across a wide range of computing
791 environments regardless of its use in feedback or non-feedback
792 modes. Its key setup time is excellent, and its key agility is
793 good. Rijndael's very low memory requirements make it very well
794 suited for restricted-space environments, in which it also
795 demonstrates excellent performance. Rijndael's operations are
796 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700797
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800798 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700799
800 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
801
802config CRYPTO_AES_586
803 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000804 depends on (X86 || UML_X86) && !64BIT
805 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800806 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700807 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800808 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700809 algorithm.
810
811 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800812 both hardware and software across a wide range of computing
813 environments regardless of its use in feedback or non-feedback
814 modes. Its key setup time is excellent, and its key agility is
815 good. Rijndael's very low memory requirements make it very well
816 suited for restricted-space environments, in which it also
817 demonstrates excellent performance. Rijndael's operations are
818 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700819
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800820 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700821
822 See <http://csrc.nist.gov/encryption/aes/> for more information.
823
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700824config CRYPTO_AES_X86_64
825 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000826 depends on (X86 || UML_X86) && 64BIT
827 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800828 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700829 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800830 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700831 algorithm.
832
833 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800834 both hardware and software across a wide range of computing
835 environments regardless of its use in feedback or non-feedback
836 modes. Its key setup time is excellent, and its key agility is
837 good. Rijndael's very low memory requirements make it very well
838 suited for restricted-space environments, in which it also
839 demonstrates excellent performance. Rijndael's operations are
840 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700841
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800842 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700843
844 See <http://csrc.nist.gov/encryption/aes/> for more information.
845
Huang Ying54b6a1b2009-01-18 16:28:34 +1100846config CRYPTO_AES_NI_INTEL
847 tristate "AES cipher algorithms (AES-NI)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800848 depends on X86
Mathias Krause0d258ef2010-11-27 16:34:46 +0800849 select CRYPTO_AES_X86_64 if 64BIT
850 select CRYPTO_AES_586 if !64BIT
Huang Ying54b6a1b2009-01-18 16:28:34 +1100851 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200852 select CRYPTO_ABLK_HELPER
Huang Ying54b6a1b2009-01-18 16:28:34 +1100853 select CRYPTO_ALGAPI
Jussi Kivilinna7643a112013-04-10 18:39:20 +0300854 select CRYPTO_GLUE_HELPER_X86 if 64BIT
Jussi Kivilinna023af602012-07-22 18:18:37 +0300855 select CRYPTO_LRW
856 select CRYPTO_XTS
Huang Ying54b6a1b2009-01-18 16:28:34 +1100857 help
858 Use Intel AES-NI instructions for AES algorithm.
859
860 AES cipher algorithms (FIPS-197). AES uses the Rijndael
861 algorithm.
862
863 Rijndael appears to be consistently a very good performer in
864 both hardware and software across a wide range of computing
865 environments regardless of its use in feedback or non-feedback
866 modes. Its key setup time is excellent, and its key agility is
867 good. Rijndael's very low memory requirements make it very well
868 suited for restricted-space environments, in which it also
869 demonstrates excellent performance. Rijndael's operations are
870 among the easiest to defend against power and timing attacks.
871
872 The AES specifies three key sizes: 128, 192 and 256 bits
873
874 See <http://csrc.nist.gov/encryption/aes/> for more information.
875
Mathias Krause0d258ef2010-11-27 16:34:46 +0800876 In addition to AES cipher algorithm support, the acceleration
877 for some popular block cipher mode is supported too, including
878 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
879 acceleration for CTR.
Huang Ying2cf4ac82009-03-29 15:41:20 +0800880
David S. Miller9bf48522012-08-21 03:58:13 -0700881config CRYPTO_AES_SPARC64
882 tristate "AES cipher algorithms (SPARC64)"
883 depends on SPARC64
884 select CRYPTO_CRYPTD
885 select CRYPTO_ALGAPI
886 help
887 Use SPARC64 crypto opcodes for AES algorithm.
888
889 AES cipher algorithms (FIPS-197). AES uses the Rijndael
890 algorithm.
891
892 Rijndael appears to be consistently a very good performer in
893 both hardware and software across a wide range of computing
894 environments regardless of its use in feedback or non-feedback
895 modes. Its key setup time is excellent, and its key agility is
896 good. Rijndael's very low memory requirements make it very well
897 suited for restricted-space environments, in which it also
898 demonstrates excellent performance. Rijndael's operations are
899 among the easiest to defend against power and timing attacks.
900
901 The AES specifies three key sizes: 128, 192 and 256 bits
902
903 See <http://csrc.nist.gov/encryption/aes/> for more information.
904
905 In addition to AES cipher algorithm support, the acceleration
906 for some popular block cipher mode is supported too, including
907 ECB and CBC.
908
Markus Stockhausen504c6142015-02-22 10:00:10 +0100909config CRYPTO_AES_PPC_SPE
910 tristate "AES cipher algorithms (PPC SPE)"
911 depends on PPC && SPE
912 help
913 AES cipher algorithms (FIPS-197). Additionally the acceleration
914 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
915 This module should only be used for low power (router) devices
916 without hardware AES acceleration (e.g. caam crypto). It reduces the
917 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
918 timining attacks. Nevertheless it might be not as secure as other
919 architecture specific assembler implementations that work on 1KB
920 tables or 256 bytes S-boxes.
921
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800922config CRYPTO_ANUBIS
923 tristate "Anubis cipher algorithm"
924 select CRYPTO_ALGAPI
925 help
926 Anubis cipher algorithm.
927
928 Anubis is a variable key length cipher which can use keys from
929 128 bits to 320 bits in length. It was evaluated as a entrant
930 in the NESSIE competition.
931
932 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800933 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
934 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800935
936config CRYPTO_ARC4
937 tristate "ARC4 cipher algorithm"
Sebastian Andrzej Siewiorb9b0f082012-06-26 18:13:46 +0200938 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800939 help
940 ARC4 cipher algorithm.
941
942 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
943 bits in length. This algorithm is required for driver-based
944 WEP, but it should not be for other purposes because of the
945 weakness of the algorithm.
946
947config CRYPTO_BLOWFISH
948 tristate "Blowfish cipher algorithm"
949 select CRYPTO_ALGAPI
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300950 select CRYPTO_BLOWFISH_COMMON
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800951 help
952 Blowfish cipher algorithm, by Bruce Schneier.
953
954 This is a variable key length cipher which can use keys from 32
955 bits to 448 bits in length. It's fast, simple and specifically
956 designed for use on "large microprocessors".
957
958 See also:
959 <http://www.schneier.com/blowfish.html>
960
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300961config CRYPTO_BLOWFISH_COMMON
962 tristate
963 help
964 Common parts of the Blowfish cipher algorithm shared by the
965 generic c and the assembler implementations.
966
967 See also:
968 <http://www.schneier.com/blowfish.html>
969
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300970config CRYPTO_BLOWFISH_X86_64
971 tristate "Blowfish cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -0400972 depends on X86 && 64BIT
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300973 select CRYPTO_ALGAPI
974 select CRYPTO_BLOWFISH_COMMON
975 help
976 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
977
978 This is a variable key length cipher which can use keys from 32
979 bits to 448 bits in length. It's fast, simple and specifically
980 designed for use on "large microprocessors".
981
982 See also:
983 <http://www.schneier.com/blowfish.html>
984
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800985config CRYPTO_CAMELLIA
986 tristate "Camellia cipher algorithms"
987 depends on CRYPTO
988 select CRYPTO_ALGAPI
989 help
990 Camellia cipher algorithms module.
991
992 Camellia is a symmetric key block cipher developed jointly
993 at NTT and Mitsubishi Electric Corporation.
994
995 The Camellia specifies three key sizes: 128, 192 and 256 bits.
996
997 See also:
998 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
999
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001000config CRYPTO_CAMELLIA_X86_64
1001 tristate "Camellia cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -04001002 depends on X86 && 64BIT
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001003 depends on CRYPTO
1004 select CRYPTO_ALGAPI
Jussi Kivilinna964263a2012-06-18 14:07:29 +03001005 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +02001006 select CRYPTO_LRW
1007 select CRYPTO_XTS
1008 help
1009 Camellia cipher algorithm module (x86_64).
1010
1011 Camellia is a symmetric key block cipher developed jointly
1012 at NTT and Mitsubishi Electric Corporation.
1013
1014 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1015
1016 See also:
1017 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1018
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001019config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1020 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1021 depends on X86 && 64BIT
1022 depends on CRYPTO
1023 select CRYPTO_ALGAPI
1024 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001025 select CRYPTO_ABLK_HELPER
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +03001026 select CRYPTO_GLUE_HELPER_X86
1027 select CRYPTO_CAMELLIA_X86_64
1028 select CRYPTO_LRW
1029 select CRYPTO_XTS
1030 help
1031 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1032
1033 Camellia is a symmetric key block cipher developed jointly
1034 at NTT and Mitsubishi Electric Corporation.
1035
1036 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1037
1038 See also:
1039 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1040
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001041config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1042 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1043 depends on X86 && 64BIT
1044 depends on CRYPTO
1045 select CRYPTO_ALGAPI
1046 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001047 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +03001048 select CRYPTO_GLUE_HELPER_X86
1049 select CRYPTO_CAMELLIA_X86_64
1050 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1051 select CRYPTO_LRW
1052 select CRYPTO_XTS
1053 help
1054 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1055
1056 Camellia is a symmetric key block cipher developed jointly
1057 at NTT and Mitsubishi Electric Corporation.
1058
1059 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1060
1061 See also:
1062 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1063
David S. Miller81658ad2012-08-28 12:05:54 -07001064config CRYPTO_CAMELLIA_SPARC64
1065 tristate "Camellia cipher algorithm (SPARC64)"
1066 depends on SPARC64
1067 depends on CRYPTO
1068 select CRYPTO_ALGAPI
1069 help
1070 Camellia cipher algorithm module (SPARC64).
1071
1072 Camellia is a symmetric key block cipher developed jointly
1073 at NTT and Mitsubishi Electric Corporation.
1074
1075 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1076
1077 See also:
1078 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1079
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001080config CRYPTO_CAST_COMMON
1081 tristate
1082 help
1083 Common parts of the CAST cipher algorithms shared by the
1084 generic c and the assembler implementations.
1085
Linus Torvalds1da177e2005-04-16 15:20:36 -07001086config CRYPTO_CAST5
1087 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001088 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001089 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001090 help
1091 The CAST5 encryption algorithm (synonymous with CAST-128) is
1092 described in RFC2144.
1093
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001094config CRYPTO_CAST5_AVX_X86_64
1095 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1096 depends on X86 && 64BIT
1097 select CRYPTO_ALGAPI
1098 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001099 select CRYPTO_ABLK_HELPER
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001100 select CRYPTO_CAST_COMMON
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001101 select CRYPTO_CAST5
1102 help
1103 The CAST5 encryption algorithm (synonymous with CAST-128) is
1104 described in RFC2144.
1105
1106 This module provides the Cast5 cipher algorithm that processes
1107 sixteen blocks parallel using the AVX instruction set.
1108
Linus Torvalds1da177e2005-04-16 15:20:36 -07001109config CRYPTO_CAST6
1110 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001111 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001112 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001113 help
1114 The CAST6 encryption algorithm (synonymous with CAST-256) is
1115 described in RFC2612.
1116
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001117config CRYPTO_CAST6_AVX_X86_64
1118 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1119 depends on X86 && 64BIT
1120 select CRYPTO_ALGAPI
1121 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001122 select CRYPTO_ABLK_HELPER
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001123 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001124 select CRYPTO_CAST_COMMON
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001125 select CRYPTO_CAST6
1126 select CRYPTO_LRW
1127 select CRYPTO_XTS
1128 help
1129 The CAST6 encryption algorithm (synonymous with CAST-256) is
1130 described in RFC2612.
1131
1132 This module provides the Cast6 cipher algorithm that processes
1133 eight blocks parallel using the AVX instruction set.
1134
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001135config CRYPTO_DES
1136 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001137 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001138 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001139 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -07001140
David S. Millerc5aac2d2012-08-25 22:37:23 -07001141config CRYPTO_DES_SPARC64
1142 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
Dave Jones97da37b2012-10-02 17:13:20 -04001143 depends on SPARC64
David S. Millerc5aac2d2012-08-25 22:37:23 -07001144 select CRYPTO_ALGAPI
1145 select CRYPTO_DES
1146 help
1147 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1148 optimized using SPARC64 crypto opcodes.
1149
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001150config CRYPTO_DES3_EDE_X86_64
1151 tristate "Triple DES EDE cipher algorithm (x86-64)"
1152 depends on X86 && 64BIT
1153 select CRYPTO_ALGAPI
1154 select CRYPTO_DES
1155 help
1156 Triple DES EDE (FIPS 46-3) algorithm.
1157
1158 This module provides implementation of the Triple DES EDE cipher
1159 algorithm that is optimized for x86-64 processors. Two versions of
1160 algorithm are provided; regular processing one input block and
1161 one that processes three blocks parallel.
1162
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001163config CRYPTO_FCRYPT
1164 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001165 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001166 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -07001167 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001168 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001169
1170config CRYPTO_KHAZAD
1171 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001172 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001173 help
1174 Khazad cipher algorithm.
1175
1176 Khazad was a finalist in the initial NESSIE competition. It is
1177 an algorithm optimized for 64-bit processors with good performance
1178 on 32-bit processors. Khazad uses an 128 bit key size.
1179
1180 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001181 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001182
Tan Swee Heng2407d602007-11-23 19:45:00 +08001183config CRYPTO_SALSA20
Kees Cook3b4afaf2012-10-02 11:16:49 -07001184 tristate "Salsa20 stream cipher algorithm"
Tan Swee Heng2407d602007-11-23 19:45:00 +08001185 select CRYPTO_BLKCIPHER
1186 help
1187 Salsa20 stream cipher algorithm.
1188
1189 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1190 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1191
1192 The Salsa20 stream cipher algorithm is designed by Daniel J.
1193 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001194
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001195config CRYPTO_SALSA20_586
Kees Cook3b4afaf2012-10-02 11:16:49 -07001196 tristate "Salsa20 stream cipher algorithm (i586)"
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001197 depends on (X86 || UML_X86) && !64BIT
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001198 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001199 help
1200 Salsa20 stream cipher algorithm.
1201
1202 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1203 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1204
1205 The Salsa20 stream cipher algorithm is designed by Daniel J.
1206 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1207
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001208config CRYPTO_SALSA20_X86_64
Kees Cook3b4afaf2012-10-02 11:16:49 -07001209 tristate "Salsa20 stream cipher algorithm (x86_64)"
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001210 depends on (X86 || UML_X86) && 64BIT
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001211 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001212 help
1213 Salsa20 stream cipher algorithm.
1214
1215 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1216 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1217
1218 The Salsa20 stream cipher algorithm is designed by Daniel J.
1219 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1220
Martin Willic08d0e62015-06-01 13:43:56 +02001221config CRYPTO_CHACHA20
1222 tristate "ChaCha20 cipher algorithm"
1223 select CRYPTO_BLKCIPHER
1224 help
1225 ChaCha20 cipher algorithm, RFC7539.
1226
1227 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1228 Bernstein and further specified in RFC7539 for use in IETF protocols.
1229 This is the portable C implementation of ChaCha20.
1230
1231 See also:
1232 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1233
Martin Willic9320b62015-07-16 19:14:01 +02001234config CRYPTO_CHACHA20_X86_64
Martin Willi3d1e93c2015-07-16 19:14:03 +02001235 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
Martin Willic9320b62015-07-16 19:14:01 +02001236 depends on X86 && 64BIT
1237 select CRYPTO_BLKCIPHER
1238 select CRYPTO_CHACHA20
1239 help
1240 ChaCha20 cipher algorithm, RFC7539.
1241
1242 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1243 Bernstein and further specified in RFC7539 for use in IETF protocols.
1244 This is the x86_64 assembler implementation using SIMD instructions.
1245
1246 See also:
1247 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1248
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001249config CRYPTO_SEED
1250 tristate "SEED cipher algorithm"
1251 select CRYPTO_ALGAPI
1252 help
1253 SEED cipher algorithm (RFC4269).
1254
1255 SEED is a 128-bit symmetric key block cipher that has been
1256 developed by KISA (Korea Information Security Agency) as a
1257 national standard encryption algorithm of the Republic of Korea.
1258 It is a 16 round block cipher with the key size of 128 bit.
1259
1260 See also:
1261 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1262
1263config CRYPTO_SERPENT
1264 tristate "Serpent cipher algorithm"
1265 select CRYPTO_ALGAPI
1266 help
1267 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1268
1269 Keys are allowed to be from 0 to 256 bits in length, in steps
1270 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1271 variant of Serpent for compatibility with old kerneli.org code.
1272
1273 See also:
1274 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1275
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001276config CRYPTO_SERPENT_SSE2_X86_64
1277 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1278 depends on X86 && 64BIT
1279 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001280 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001281 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001282 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001283 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001284 select CRYPTO_LRW
1285 select CRYPTO_XTS
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001286 help
1287 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1288
1289 Keys are allowed to be from 0 to 256 bits in length, in steps
1290 of 8 bits.
1291
Masanari Iida1e6232f2015-04-04 00:20:30 +09001292 This module provides Serpent cipher algorithm that processes eight
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001293 blocks parallel using SSE2 instruction set.
1294
1295 See also:
1296 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1297
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001298config CRYPTO_SERPENT_SSE2_586
1299 tristate "Serpent cipher algorithm (i586/SSE2)"
1300 depends on X86 && !64BIT
1301 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001302 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001303 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001304 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001305 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001306 select CRYPTO_LRW
1307 select CRYPTO_XTS
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001308 help
1309 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1310
1311 Keys are allowed to be from 0 to 256 bits in length, in steps
1312 of 8 bits.
1313
1314 This module provides Serpent cipher algorithm that processes four
1315 blocks parallel using SSE2 instruction set.
1316
1317 See also:
1318 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1319
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001320config CRYPTO_SERPENT_AVX_X86_64
1321 tristate "Serpent cipher algorithm (x86_64/AVX)"
1322 depends on X86 && 64BIT
1323 select CRYPTO_ALGAPI
1324 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001325 select CRYPTO_ABLK_HELPER
Jussi Kivilinna1d0debb2012-06-18 14:07:24 +03001326 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001327 select CRYPTO_SERPENT
1328 select CRYPTO_LRW
1329 select CRYPTO_XTS
1330 help
1331 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1332
1333 Keys are allowed to be from 0 to 256 bits in length, in steps
1334 of 8 bits.
1335
1336 This module provides the Serpent cipher algorithm that processes
1337 eight blocks parallel using the AVX instruction set.
1338
1339 See also:
1340 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1341
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001342config CRYPTO_SERPENT_AVX2_X86_64
1343 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1344 depends on X86 && 64BIT
1345 select CRYPTO_ALGAPI
1346 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001347 select CRYPTO_ABLK_HELPER
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001348 select CRYPTO_GLUE_HELPER_X86
1349 select CRYPTO_SERPENT
1350 select CRYPTO_SERPENT_AVX_X86_64
1351 select CRYPTO_LRW
1352 select CRYPTO_XTS
1353 help
1354 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1355
1356 Keys are allowed to be from 0 to 256 bits in length, in steps
1357 of 8 bits.
1358
1359 This module provides Serpent cipher algorithm that processes 16
1360 blocks parallel using AVX2 instruction set.
1361
1362 See also:
1363 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1364
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001365config CRYPTO_TEA
1366 tristate "TEA, XTEA and XETA cipher algorithms"
1367 select CRYPTO_ALGAPI
1368 help
1369 TEA cipher algorithm.
1370
1371 Tiny Encryption Algorithm is a simple cipher that uses
1372 many rounds for security. It is very fast and uses
1373 little memory.
1374
1375 Xtendend Tiny Encryption Algorithm is a modification to
1376 the TEA algorithm to address a potential key weakness
1377 in the TEA algorithm.
1378
1379 Xtendend Encryption Tiny Algorithm is a mis-implementation
1380 of the XTEA algorithm for compatibility purposes.
1381
1382config CRYPTO_TWOFISH
1383 tristate "Twofish cipher algorithm"
1384 select CRYPTO_ALGAPI
1385 select CRYPTO_TWOFISH_COMMON
1386 help
1387 Twofish cipher algorithm.
1388
1389 Twofish was submitted as an AES (Advanced Encryption Standard)
1390 candidate cipher by researchers at CounterPane Systems. It is a
1391 16 round block cipher supporting key sizes of 128, 192, and 256
1392 bits.
1393
1394 See also:
1395 <http://www.schneier.com/twofish.html>
1396
1397config CRYPTO_TWOFISH_COMMON
1398 tristate
1399 help
1400 Common parts of the Twofish cipher algorithm shared by the
1401 generic c and the assembler implementations.
1402
1403config CRYPTO_TWOFISH_586
1404 tristate "Twofish cipher algorithms (i586)"
1405 depends on (X86 || UML_X86) && !64BIT
1406 select CRYPTO_ALGAPI
1407 select CRYPTO_TWOFISH_COMMON
1408 help
1409 Twofish cipher algorithm.
1410
1411 Twofish was submitted as an AES (Advanced Encryption Standard)
1412 candidate cipher by researchers at CounterPane Systems. It is a
1413 16 round block cipher supporting key sizes of 128, 192, and 256
1414 bits.
1415
1416 See also:
1417 <http://www.schneier.com/twofish.html>
1418
1419config CRYPTO_TWOFISH_X86_64
1420 tristate "Twofish cipher algorithm (x86_64)"
1421 depends on (X86 || UML_X86) && 64BIT
1422 select CRYPTO_ALGAPI
1423 select CRYPTO_TWOFISH_COMMON
1424 help
1425 Twofish cipher algorithm (x86_64).
1426
1427 Twofish was submitted as an AES (Advanced Encryption Standard)
1428 candidate cipher by researchers at CounterPane Systems. It is a
1429 16 round block cipher supporting key sizes of 128, 192, and 256
1430 bits.
1431
1432 See also:
1433 <http://www.schneier.com/twofish.html>
1434
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001435config CRYPTO_TWOFISH_X86_64_3WAY
1436 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
Al Virof21a7c12012-04-08 20:31:22 -04001437 depends on X86 && 64BIT
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001438 select CRYPTO_ALGAPI
1439 select CRYPTO_TWOFISH_COMMON
1440 select CRYPTO_TWOFISH_X86_64
Jussi Kivilinna414cb5e2012-06-18 14:07:34 +03001441 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinnae7cda5d2011-12-13 12:53:01 +02001442 select CRYPTO_LRW
1443 select CRYPTO_XTS
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001444 help
1445 Twofish cipher algorithm (x86_64, 3-way parallel).
1446
1447 Twofish was submitted as an AES (Advanced Encryption Standard)
1448 candidate cipher by researchers at CounterPane Systems. It is a
1449 16 round block cipher supporting key sizes of 128, 192, and 256
1450 bits.
1451
1452 This module provides Twofish cipher algorithm that processes three
1453 blocks parallel, utilizing resources of out-of-order CPUs better.
1454
1455 See also:
1456 <http://www.schneier.com/twofish.html>
1457
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001458config CRYPTO_TWOFISH_AVX_X86_64
1459 tristate "Twofish cipher algorithm (x86_64/AVX)"
1460 depends on X86 && 64BIT
1461 select CRYPTO_ALGAPI
1462 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001463 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaa7378d42012-06-18 14:07:39 +03001464 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried107778b52012-05-28 15:54:24 +02001465 select CRYPTO_TWOFISH_COMMON
1466 select CRYPTO_TWOFISH_X86_64
1467 select CRYPTO_TWOFISH_X86_64_3WAY
1468 select CRYPTO_LRW
1469 select CRYPTO_XTS
1470 help
1471 Twofish cipher algorithm (x86_64/AVX).
1472
1473 Twofish was submitted as an AES (Advanced Encryption Standard)
1474 candidate cipher by researchers at CounterPane Systems. It is a
1475 16 round block cipher supporting key sizes of 128, 192, and 256
1476 bits.
1477
1478 This module provides the Twofish cipher algorithm that processes
1479 eight blocks parallel using the AVX Instruction Set.
1480
1481 See also:
1482 <http://www.schneier.com/twofish.html>
1483
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001484comment "Compression"
1485
Linus Torvalds1da177e2005-04-16 15:20:36 -07001486config CRYPTO_DEFLATE
1487 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001488 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001489 select ZLIB_INFLATE
1490 select ZLIB_DEFLATE
1491 help
1492 This is the Deflate algorithm (RFC1951), specified for use in
1493 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001494
Linus Torvalds1da177e2005-04-16 15:20:36 -07001495 You will most probably want this if using IPSec.
1496
Geert Uytterhoevenbf68e652009-03-04 15:15:49 +08001497config CRYPTO_ZLIB
1498 tristate "Zlib compression algorithm"
1499 select CRYPTO_PCOMP
1500 select ZLIB_INFLATE
1501 select ZLIB_DEFLATE
1502 select NLATTR
1503 help
1504 This is the zlib algorithm.
1505
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001506config CRYPTO_LZO
1507 tristate "LZO compression algorithm"
1508 select CRYPTO_ALGAPI
1509 select LZO_COMPRESS
1510 select LZO_DECOMPRESS
1511 help
1512 This is the LZO algorithm.
1513
Seth Jennings35a1fc12012-07-19 09:42:41 -05001514config CRYPTO_842
1515 tristate "842 compression algorithm"
Dan Streetman2062c5b2015-05-07 13:49:15 -04001516 select CRYPTO_ALGAPI
1517 select 842_COMPRESS
1518 select 842_DECOMPRESS
Seth Jennings35a1fc12012-07-19 09:42:41 -05001519 help
1520 This is the 842 algorithm.
1521
Chanho Min0ea85302013-07-08 16:01:51 -07001522config CRYPTO_LZ4
1523 tristate "LZ4 compression algorithm"
1524 select CRYPTO_ALGAPI
1525 select LZ4_COMPRESS
1526 select LZ4_DECOMPRESS
1527 help
1528 This is the LZ4 algorithm.
1529
1530config CRYPTO_LZ4HC
1531 tristate "LZ4HC compression algorithm"
1532 select CRYPTO_ALGAPI
1533 select LZ4HC_COMPRESS
1534 select LZ4_DECOMPRESS
1535 help
1536 This is the LZ4 high compression mode algorithm.
1537
Neil Horman17f0f4a2008-08-14 22:15:52 +10001538comment "Random Number Generation"
1539
1540config CRYPTO_ANSI_CPRNG
1541 tristate "Pseudo Random Number Generation for Cryptographic modules"
1542 select CRYPTO_AES
1543 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +10001544 help
1545 This option enables the generic pseudo random number generator
1546 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +01001547 ANSI X9.31 A.2.4. Note that this option must be enabled if
1548 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +10001549
Herbert Xuf2c89a12014-07-04 22:15:08 +08001550menuconfig CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001551 tristate "NIST SP800-90A DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001552 help
1553 NIST SP800-90A compliant DRBG. In the following submenu, one or
1554 more of the DRBG types must be selected.
1555
Herbert Xuf2c89a12014-07-04 22:15:08 +08001556if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001557
1558config CRYPTO_DRBG_HMAC
Herbert Xu401e4232015-06-03 14:49:31 +08001559 bool
Stephan Mueller419090c2014-05-31 17:22:31 +02001560 default y
Stephan Mueller419090c2014-05-31 17:22:31 +02001561 select CRYPTO_HMAC
Herbert Xu826775b2015-06-11 08:55:10 +08001562 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001563
1564config CRYPTO_DRBG_HASH
1565 bool "Enable Hash DRBG"
Herbert Xu826775b2015-06-11 08:55:10 +08001566 select CRYPTO_SHA256
Stephan Mueller419090c2014-05-31 17:22:31 +02001567 help
1568 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1569
1570config CRYPTO_DRBG_CTR
1571 bool "Enable CTR DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001572 select CRYPTO_AES
1573 help
1574 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1575
Herbert Xuf2c89a12014-07-04 22:15:08 +08001576config CRYPTO_DRBG
1577 tristate
Herbert Xu401e4232015-06-03 14:49:31 +08001578 default CRYPTO_DRBG_MENU
Herbert Xuf2c89a12014-07-04 22:15:08 +08001579 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001580 select CRYPTO_JITTERENTROPY
Herbert Xuf2c89a12014-07-04 22:15:08 +08001581
1582endif # if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001583
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001584config CRYPTO_JITTERENTROPY
1585 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1586 help
1587 The Jitterentropy RNG is a noise that is intended
1588 to provide seed to another RNG. The RNG does not
1589 perform any cryptographic whitening of the generated
1590 random numbers. This Jitterentropy RNG registers with
1591 the kernel crypto API and can be used by any caller.
1592
Herbert Xu03c8efc2010-10-19 21:12:39 +08001593config CRYPTO_USER_API
1594 tristate
1595
Herbert Xufe869cd2010-10-19 21:23:00 +08001596config CRYPTO_USER_API_HASH
1597 tristate "User-space interface for hash algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001598 depends on NET
Herbert Xufe869cd2010-10-19 21:23:00 +08001599 select CRYPTO_HASH
1600 select CRYPTO_USER_API
1601 help
1602 This option enables the user-spaces interface for hash
1603 algorithms.
1604
Herbert Xu8ff59092010-10-19 21:31:55 +08001605config CRYPTO_USER_API_SKCIPHER
1606 tristate "User-space interface for symmetric key cipher algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001607 depends on NET
Herbert Xu8ff59092010-10-19 21:31:55 +08001608 select CRYPTO_BLKCIPHER
1609 select CRYPTO_USER_API
1610 help
1611 This option enables the user-spaces interface for symmetric
1612 key cipher algorithms.
1613
Stephan Mueller2f3755382014-12-25 23:00:39 +01001614config CRYPTO_USER_API_RNG
1615 tristate "User-space interface for random number generator algorithms"
1616 depends on NET
1617 select CRYPTO_RNG
1618 select CRYPTO_USER_API
1619 help
1620 This option enables the user-spaces interface for random
1621 number generator algorithms.
1622
Herbert Xub64a2d92015-05-28 11:30:35 +08001623config CRYPTO_USER_API_AEAD
1624 tristate "User-space interface for AEAD cipher algorithms"
1625 depends on NET
1626 select CRYPTO_AEAD
1627 select CRYPTO_USER_API
1628 help
1629 This option enables the user-spaces interface for AEAD
1630 cipher algorithms.
1631
Dmitry Kasatkinee089972013-05-06 15:40:01 +03001632config CRYPTO_HASH_INFO
1633 bool
1634
Linus Torvalds1da177e2005-04-16 15:20:36 -07001635source "drivers/crypto/Kconfig"
David Howells964f3b32012-09-13 15:17:21 +01001636source crypto/asymmetric_keys/Kconfig
Linus Torvalds1da177e2005-04-16 15:20:36 -07001637
Herbert Xucce9e062006-08-21 21:08:13 +10001638endif # if CRYPTO