crypto/Kconfig at v4.16-rc7

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / crypto / Kconfig
at v4.16-rc7 1785 lines 52 kB view raw
wrap content
   1# SPDX-License-Identifier: GPL-2.0
   2#
   3# Generic algorithms support
   4#
   5config XOR_BLOCKS
   6	tristate
   7
   8#
   9# async_tx api: hardware offloaded memory transfer/transform support
  10#
  11source "crypto/async_tx/Kconfig"
  12
  13#
  14# Cryptographic API Configuration
  15#
  16menuconfig CRYPTO
  17	tristate "Cryptographic API"
  18	help
  19	  This option provides the core Cryptographic API.
  20
  21if CRYPTO
  22
  23comment "Crypto core or helper"
  24
  25config CRYPTO_FIPS
  26	bool "FIPS 200 compliance"
  27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
  28	depends on (MODULE_SIG || !MODULES)
  29	help
  30	  This options enables the fips boot option which is
  31	  required if you want to system to operate in a FIPS 200
  32	  certification.  You should say no unless you know what
  33	  this is.
  34
  35config CRYPTO_ALGAPI
  36	tristate
  37	select CRYPTO_ALGAPI2
  38	help
  39	  This option provides the API for cryptographic algorithms.
  40
  41config CRYPTO_ALGAPI2
  42	tristate
  43
  44config CRYPTO_AEAD
  45	tristate
  46	select CRYPTO_AEAD2
  47	select CRYPTO_ALGAPI
  48
  49config CRYPTO_AEAD2
  50	tristate
  51	select CRYPTO_ALGAPI2
  52	select CRYPTO_NULL2
  53	select CRYPTO_RNG2
  54
  55config CRYPTO_BLKCIPHER
  56	tristate
  57	select CRYPTO_BLKCIPHER2
  58	select CRYPTO_ALGAPI
  59
  60config CRYPTO_BLKCIPHER2
  61	tristate
  62	select CRYPTO_ALGAPI2
  63	select CRYPTO_RNG2
  64	select CRYPTO_WORKQUEUE
  65
  66config CRYPTO_HASH
  67	tristate
  68	select CRYPTO_HASH2
  69	select CRYPTO_ALGAPI
  70
  71config CRYPTO_HASH2
  72	tristate
  73	select CRYPTO_ALGAPI2
  74
  75config CRYPTO_RNG
  76	tristate
  77	select CRYPTO_RNG2
  78	select CRYPTO_ALGAPI
  79
  80config CRYPTO_RNG2
  81	tristate
  82	select CRYPTO_ALGAPI2
  83
  84config CRYPTO_RNG_DEFAULT
  85	tristate
  86	select CRYPTO_DRBG_MENU
  87
  88config CRYPTO_AKCIPHER2
  89	tristate
  90	select CRYPTO_ALGAPI2
  91
  92config CRYPTO_AKCIPHER
  93	tristate
  94	select CRYPTO_AKCIPHER2
  95	select CRYPTO_ALGAPI
  96
  97config CRYPTO_KPP2
  98	tristate
  99	select CRYPTO_ALGAPI2
 100
 101config CRYPTO_KPP
 102	tristate
 103	select CRYPTO_ALGAPI
 104	select CRYPTO_KPP2
 105
 106config CRYPTO_ACOMP2
 107	tristate
 108	select CRYPTO_ALGAPI2
 109	select SGL_ALLOC
 110
 111config CRYPTO_ACOMP
 112	tristate
 113	select CRYPTO_ALGAPI
 114	select CRYPTO_ACOMP2
 115
 116config CRYPTO_RSA
 117	tristate "RSA algorithm"
 118	select CRYPTO_AKCIPHER
 119	select CRYPTO_MANAGER
 120	select MPILIB
 121	select ASN1
 122	help
 123	  Generic implementation of the RSA public key algorithm.
 124
 125config CRYPTO_DH
 126	tristate "Diffie-Hellman algorithm"
 127	select CRYPTO_KPP
 128	select MPILIB
 129	help
 130	  Generic implementation of the Diffie-Hellman algorithm.
 131
 132config CRYPTO_ECDH
 133	tristate "ECDH algorithm"
 134	select CRYPTO_KPP
 135	select CRYPTO_RNG_DEFAULT
 136	help
 137	  Generic implementation of the ECDH algorithm
 138
 139config CRYPTO_MANAGER
 140	tristate "Cryptographic algorithm manager"
 141	select CRYPTO_MANAGER2
 142	help
 143	  Create default cryptographic template instantiations such as
 144	  cbc(aes).
 145
 146config CRYPTO_MANAGER2
 147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
 148	select CRYPTO_AEAD2
 149	select CRYPTO_HASH2
 150	select CRYPTO_BLKCIPHER2
 151	select CRYPTO_AKCIPHER2
 152	select CRYPTO_KPP2
 153	select CRYPTO_ACOMP2
 154
 155config CRYPTO_USER
 156	tristate "Userspace cryptographic algorithm configuration"
 157	depends on NET
 158	select CRYPTO_MANAGER
 159	help
 160	  Userspace configuration for cryptographic instantiations such as
 161	  cbc(aes).
 162
 163config CRYPTO_MANAGER_DISABLE_TESTS
 164	bool "Disable run-time self tests"
 165	default y
 166	depends on CRYPTO_MANAGER2
 167	help
 168	  Disable run-time self tests that normally take place at
 169	  algorithm registration.
 170
 171config CRYPTO_GF128MUL
 172	tristate "GF(2^128) multiplication functions"
 173	help
 174	  Efficient table driven implementation of multiplications in the
 175	  field GF(2^128).  This is needed by some cypher modes. This
 176	  option will be selected automatically if you select such a
 177	  cipher mode.  Only select this option by hand if you expect to load
 178	  an external module that requires these functions.
 179
 180config CRYPTO_NULL
 181	tristate "Null algorithms"
 182	select CRYPTO_NULL2
 183	help
 184	  These are 'Null' algorithms, used by IPsec, which do nothing.
 185
 186config CRYPTO_NULL2
 187	tristate
 188	select CRYPTO_ALGAPI2
 189	select CRYPTO_BLKCIPHER2
 190	select CRYPTO_HASH2
 191
 192config CRYPTO_PCRYPT
 193	tristate "Parallel crypto engine"
 194	depends on SMP
 195	select PADATA
 196	select CRYPTO_MANAGER
 197	select CRYPTO_AEAD
 198	help
 199	  This converts an arbitrary crypto algorithm into a parallel
 200	  algorithm that executes in kernel threads.
 201
 202config CRYPTO_WORKQUEUE
 203       tristate
 204
 205config CRYPTO_CRYPTD
 206	tristate "Software async crypto daemon"
 207	select CRYPTO_BLKCIPHER
 208	select CRYPTO_HASH
 209	select CRYPTO_MANAGER
 210	select CRYPTO_WORKQUEUE
 211	help
 212	  This is a generic software asynchronous crypto daemon that
 213	  converts an arbitrary synchronous software crypto algorithm
 214	  into an asynchronous algorithm that executes in a kernel thread.
 215
 216config CRYPTO_MCRYPTD
 217	tristate "Software async multi-buffer crypto daemon"
 218	select CRYPTO_BLKCIPHER
 219	select CRYPTO_HASH
 220	select CRYPTO_MANAGER
 221	select CRYPTO_WORKQUEUE
 222	help
 223	  This is a generic software asynchronous crypto daemon that
 224	  provides the kernel thread to assist multi-buffer crypto
 225	  algorithms for submitting jobs and flushing jobs in multi-buffer
 226	  crypto algorithms.  Multi-buffer crypto algorithms are executed
 227	  in the context of this kernel thread and drivers can post
 228	  their crypto request asynchronously to be processed by this daemon.
 229
 230config CRYPTO_AUTHENC
 231	tristate "Authenc support"
 232	select CRYPTO_AEAD
 233	select CRYPTO_BLKCIPHER
 234	select CRYPTO_MANAGER
 235	select CRYPTO_HASH
 236	select CRYPTO_NULL
 237	help
 238	  Authenc: Combined mode wrapper for IPsec.
 239	  This is required for IPSec.
 240
 241config CRYPTO_TEST
 242	tristate "Testing module"
 243	depends on m
 244	select CRYPTO_MANAGER
 245	help
 246	  Quick & dirty crypto test module.
 247
 248config CRYPTO_ABLK_HELPER
 249	tristate
 250	select CRYPTO_CRYPTD
 251
 252config CRYPTO_SIMD
 253	tristate
 254	select CRYPTO_CRYPTD
 255
 256config CRYPTO_GLUE_HELPER_X86
 257	tristate
 258	depends on X86
 259	select CRYPTO_BLKCIPHER
 260
 261config CRYPTO_ENGINE
 262	tristate
 263
 264comment "Authenticated Encryption with Associated Data"
 265
 266config CRYPTO_CCM
 267	tristate "CCM support"
 268	select CRYPTO_CTR
 269	select CRYPTO_HASH
 270	select CRYPTO_AEAD
 271	help
 272	  Support for Counter with CBC MAC. Required for IPsec.
 273
 274config CRYPTO_GCM
 275	tristate "GCM/GMAC support"
 276	select CRYPTO_CTR
 277	select CRYPTO_AEAD
 278	select CRYPTO_GHASH
 279	select CRYPTO_NULL
 280	help
 281	  Support for Galois/Counter Mode (GCM) and Galois Message
 282	  Authentication Code (GMAC). Required for IPSec.
 283
 284config CRYPTO_CHACHA20POLY1305
 285	tristate "ChaCha20-Poly1305 AEAD support"
 286	select CRYPTO_CHACHA20
 287	select CRYPTO_POLY1305
 288	select CRYPTO_AEAD
 289	help
 290	  ChaCha20-Poly1305 AEAD support, RFC7539.
 291
 292	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
 293	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
 294	  IETF protocols.
 295
 296config CRYPTO_SEQIV
 297	tristate "Sequence Number IV Generator"
 298	select CRYPTO_AEAD
 299	select CRYPTO_BLKCIPHER
 300	select CRYPTO_NULL
 301	select CRYPTO_RNG_DEFAULT
 302	help
 303	  This IV generator generates an IV based on a sequence number by
 304	  xoring it with a salt.  This algorithm is mainly useful for CTR
 305
 306config CRYPTO_ECHAINIV
 307	tristate "Encrypted Chain IV Generator"
 308	select CRYPTO_AEAD
 309	select CRYPTO_NULL
 310	select CRYPTO_RNG_DEFAULT
 311	default m
 312	help
 313	  This IV generator generates an IV based on the encryption of
 314	  a sequence number xored with a salt.  This is the default
 315	  algorithm for CBC.
 316
 317comment "Block modes"
 318
 319config CRYPTO_CBC
 320	tristate "CBC support"
 321	select CRYPTO_BLKCIPHER
 322	select CRYPTO_MANAGER
 323	help
 324	  CBC: Cipher Block Chaining mode
 325	  This block cipher algorithm is required for IPSec.
 326
 327config CRYPTO_CTR
 328	tristate "CTR support"
 329	select CRYPTO_BLKCIPHER
 330	select CRYPTO_SEQIV
 331	select CRYPTO_MANAGER
 332	help
 333	  CTR: Counter mode
 334	  This block cipher algorithm is required for IPSec.
 335
 336config CRYPTO_CTS
 337	tristate "CTS support"
 338	select CRYPTO_BLKCIPHER
 339	help
 340	  CTS: Cipher Text Stealing
 341	  This is the Cipher Text Stealing mode as described by
 342	  Section 8 of rfc2040 and referenced by rfc3962.
 343	  (rfc3962 includes errata information in its Appendix A)
 344	  This mode is required for Kerberos gss mechanism support
 345	  for AES encryption.
 346
 347config CRYPTO_ECB
 348	tristate "ECB support"
 349	select CRYPTO_BLKCIPHER
 350	select CRYPTO_MANAGER
 351	help
 352	  ECB: Electronic CodeBook mode
 353	  This is the simplest block cipher algorithm.  It simply encrypts
 354	  the input block by block.
 355
 356config CRYPTO_LRW
 357	tristate "LRW support"
 358	select CRYPTO_BLKCIPHER
 359	select CRYPTO_MANAGER
 360	select CRYPTO_GF128MUL
 361	help
 362	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
 363	  narrow block cipher mode for dm-crypt.  Use it with cipher
 364	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
 365	  The first 128, 192 or 256 bits in the key are used for AES and the
 366	  rest is used to tie each cipher block to its logical position.
 367
 368config CRYPTO_PCBC
 369	tristate "PCBC support"
 370	select CRYPTO_BLKCIPHER
 371	select CRYPTO_MANAGER
 372	help
 373	  PCBC: Propagating Cipher Block Chaining mode
 374	  This block cipher algorithm is required for RxRPC.
 375
 376config CRYPTO_XTS
 377	tristate "XTS support"
 378	select CRYPTO_BLKCIPHER
 379	select CRYPTO_MANAGER
 380	select CRYPTO_ECB
 381	help
 382	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
 383	  key size 256, 384 or 512 bits. This implementation currently
 384	  can't handle a sectorsize which is not a multiple of 16 bytes.
 385
 386config CRYPTO_KEYWRAP
 387	tristate "Key wrapping support"
 388	select CRYPTO_BLKCIPHER
 389	help
 390	  Support for key wrapping (NIST SP800-38F / RFC3394) without
 391	  padding.
 392
 393comment "Hash modes"
 394
 395config CRYPTO_CMAC
 396	tristate "CMAC support"
 397	select CRYPTO_HASH
 398	select CRYPTO_MANAGER
 399	help
 400	  Cipher-based Message Authentication Code (CMAC) specified by
 401	  The National Institute of Standards and Technology (NIST).
 402
 403	  https://tools.ietf.org/html/rfc4493
 404	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
 405
 406config CRYPTO_HMAC
 407	tristate "HMAC support"
 408	select CRYPTO_HASH
 409	select CRYPTO_MANAGER
 410	help
 411	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
 412	  This is required for IPSec.
 413
 414config CRYPTO_XCBC
 415	tristate "XCBC support"
 416	select CRYPTO_HASH
 417	select CRYPTO_MANAGER
 418	help
 419	  XCBC: Keyed-Hashing with encryption algorithm
 420		http://www.ietf.org/rfc/rfc3566.txt
 421		http://csrc.nist.gov/encryption/modes/proposedmodes/
 422		 xcbc-mac/xcbc-mac-spec.pdf
 423
 424config CRYPTO_VMAC
 425	tristate "VMAC support"
 426	select CRYPTO_HASH
 427	select CRYPTO_MANAGER
 428	help
 429	  VMAC is a message authentication algorithm designed for
 430	  very high speed on 64-bit architectures.
 431
 432	  See also:
 433	  <http://fastcrypto.org/vmac>
 434
 435comment "Digest"
 436
 437config CRYPTO_CRC32C
 438	tristate "CRC32c CRC algorithm"
 439	select CRYPTO_HASH
 440	select CRC32
 441	help
 442	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
 443	  by iSCSI for header and data digests and by others.
 444	  See Castagnoli93.  Module will be crc32c.
 445
 446config CRYPTO_CRC32C_INTEL
 447	tristate "CRC32c INTEL hardware acceleration"
 448	depends on X86
 449	select CRYPTO_HASH
 450	help
 451	  In Intel processor with SSE4.2 supported, the processor will
 452	  support CRC32C implementation using hardware accelerated CRC32
 453	  instruction. This option will create 'crc32c-intel' module,
 454	  which will enable any routine to use the CRC32 instruction to
 455	  gain performance compared with software implementation.
 456	  Module will be crc32c-intel.
 457
 458config CRYPTO_CRC32C_VPMSUM
 459	tristate "CRC32c CRC algorithm (powerpc64)"
 460	depends on PPC64 && ALTIVEC
 461	select CRYPTO_HASH
 462	select CRC32
 463	help
 464	  CRC32c algorithm implemented using vector polynomial multiply-sum
 465	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
 466	  and newer processors for improved performance.
 467
 468
 469config CRYPTO_CRC32C_SPARC64
 470	tristate "CRC32c CRC algorithm (SPARC64)"
 471	depends on SPARC64
 472	select CRYPTO_HASH
 473	select CRC32
 474	help
 475	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
 476	  when available.
 477
 478config CRYPTO_CRC32
 479	tristate "CRC32 CRC algorithm"
 480	select CRYPTO_HASH
 481	select CRC32
 482	help
 483	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
 484	  Shash crypto api wrappers to crc32_le function.
 485
 486config CRYPTO_CRC32_PCLMUL
 487	tristate "CRC32 PCLMULQDQ hardware acceleration"
 488	depends on X86
 489	select CRYPTO_HASH
 490	select CRC32
 491	help
 492	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
 493	  and PCLMULQDQ supported, the processor will support
 494	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
 495	  instruction. This option will create 'crc32-plcmul' module,
 496	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
 497	  and gain better performance as compared with the table implementation.
 498
 499config CRYPTO_CRCT10DIF
 500	tristate "CRCT10DIF algorithm"
 501	select CRYPTO_HASH
 502	help
 503	  CRC T10 Data Integrity Field computation is being cast as
 504	  a crypto transform.  This allows for faster crc t10 diff
 505	  transforms to be used if they are available.
 506
 507config CRYPTO_CRCT10DIF_PCLMUL
 508	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
 509	depends on X86 && 64BIT && CRC_T10DIF
 510	select CRYPTO_HASH
 511	help
 512	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
 513	  CRC T10 DIF PCLMULQDQ computation can be hardware
 514	  accelerated PCLMULQDQ instruction. This option will create
 515	  'crct10dif-plcmul' module, which is faster when computing the
 516	  crct10dif checksum as compared with the generic table implementation.
 517
 518config CRYPTO_CRCT10DIF_VPMSUM
 519	tristate "CRC32T10DIF powerpc64 hardware acceleration"
 520	depends on PPC64 && ALTIVEC && CRC_T10DIF
 521	select CRYPTO_HASH
 522	help
 523	  CRC10T10DIF algorithm implemented using vector polynomial
 524	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
 525	  POWER8 and newer processors for improved performance.
 526
 527config CRYPTO_VPMSUM_TESTER
 528	tristate "Powerpc64 vpmsum hardware acceleration tester"
 529	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
 530	help
 531	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
 532	  POWER8 vpmsum instructions.
 533	  Unless you are testing these algorithms, you don't need this.
 534
 535config CRYPTO_GHASH
 536	tristate "GHASH digest algorithm"
 537	select CRYPTO_GF128MUL
 538	select CRYPTO_HASH
 539	help
 540	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
 541
 542config CRYPTO_POLY1305
 543	tristate "Poly1305 authenticator algorithm"
 544	select CRYPTO_HASH
 545	help
 546	  Poly1305 authenticator algorithm, RFC7539.
 547
 548	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 549	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 550	  in IETF protocols. This is the portable C implementation of Poly1305.
 551
 552config CRYPTO_POLY1305_X86_64
 553	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
 554	depends on X86 && 64BIT
 555	select CRYPTO_POLY1305
 556	help
 557	  Poly1305 authenticator algorithm, RFC7539.
 558
 559	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 560	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 561	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
 562	  instructions.
 563
 564config CRYPTO_MD4
 565	tristate "MD4 digest algorithm"
 566	select CRYPTO_HASH
 567	help
 568	  MD4 message digest algorithm (RFC1320).
 569
 570config CRYPTO_MD5
 571	tristate "MD5 digest algorithm"
 572	select CRYPTO_HASH
 573	help
 574	  MD5 message digest algorithm (RFC1321).
 575
 576config CRYPTO_MD5_OCTEON
 577	tristate "MD5 digest algorithm (OCTEON)"
 578	depends on CPU_CAVIUM_OCTEON
 579	select CRYPTO_MD5
 580	select CRYPTO_HASH
 581	help
 582	  MD5 message digest algorithm (RFC1321) implemented
 583	  using OCTEON crypto instructions, when available.
 584
 585config CRYPTO_MD5_PPC
 586	tristate "MD5 digest algorithm (PPC)"
 587	depends on PPC
 588	select CRYPTO_HASH
 589	help
 590	  MD5 message digest algorithm (RFC1321) implemented
 591	  in PPC assembler.
 592
 593config CRYPTO_MD5_SPARC64
 594	tristate "MD5 digest algorithm (SPARC64)"
 595	depends on SPARC64
 596	select CRYPTO_MD5
 597	select CRYPTO_HASH
 598	help
 599	  MD5 message digest algorithm (RFC1321) implemented
 600	  using sparc64 crypto instructions, when available.
 601
 602config CRYPTO_MICHAEL_MIC
 603	tristate "Michael MIC keyed digest algorithm"
 604	select CRYPTO_HASH
 605	help
 606	  Michael MIC is used for message integrity protection in TKIP
 607	  (IEEE 802.11i). This algorithm is required for TKIP, but it
 608	  should not be used for other purposes because of the weakness
 609	  of the algorithm.
 610
 611config CRYPTO_RMD128
 612	tristate "RIPEMD-128 digest algorithm"
 613	select CRYPTO_HASH
 614	help
 615	  RIPEMD-128 (ISO/IEC 10118-3:2004).
 616
 617	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
 618	  be used as a secure replacement for RIPEMD. For other use cases,
 619	  RIPEMD-160 should be used.
 620
 621	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 622	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 623
 624config CRYPTO_RMD160
 625	tristate "RIPEMD-160 digest algorithm"
 626	select CRYPTO_HASH
 627	help
 628	  RIPEMD-160 (ISO/IEC 10118-3:2004).
 629
 630	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
 631	  to be used as a secure replacement for the 128-bit hash functions
 632	  MD4, MD5 and it's predecessor RIPEMD
 633	  (not to be confused with RIPEMD-128).
 634
 635	  It's speed is comparable to SHA1 and there are no known attacks
 636	  against RIPEMD-160.
 637
 638	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 639	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 640
 641config CRYPTO_RMD256
 642	tristate "RIPEMD-256 digest algorithm"
 643	select CRYPTO_HASH
 644	help
 645	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
 646	  256 bit hash. It is intended for applications that require
 647	  longer hash-results, without needing a larger security level
 648	  (than RIPEMD-128).
 649
 650	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 651	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 652
 653config CRYPTO_RMD320
 654	tristate "RIPEMD-320 digest algorithm"
 655	select CRYPTO_HASH
 656	help
 657	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
 658	  320 bit hash. It is intended for applications that require
 659	  longer hash-results, without needing a larger security level
 660	  (than RIPEMD-160).
 661
 662	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 663	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 664
 665config CRYPTO_SHA1
 666	tristate "SHA1 digest algorithm"
 667	select CRYPTO_HASH
 668	help
 669	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 670
 671config CRYPTO_SHA1_SSSE3
 672	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 673	depends on X86 && 64BIT
 674	select CRYPTO_SHA1
 675	select CRYPTO_HASH
 676	help
 677	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 678	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
 679	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
 680	  when available.
 681
 682config CRYPTO_SHA256_SSSE3
 683	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 684	depends on X86 && 64BIT
 685	select CRYPTO_SHA256
 686	select CRYPTO_HASH
 687	help
 688	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 689	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 690	  Extensions version 1 (AVX1), or Advanced Vector Extensions
 691	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
 692	  Instructions) when available.
 693
 694config CRYPTO_SHA512_SSSE3
 695	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
 696	depends on X86 && 64BIT
 697	select CRYPTO_SHA512
 698	select CRYPTO_HASH
 699	help
 700	  SHA-512 secure hash standard (DFIPS 180-2) implemented
 701	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 702	  Extensions version 1 (AVX1), or Advanced Vector Extensions
 703	  version 2 (AVX2) instructions, when available.
 704
 705config CRYPTO_SHA1_OCTEON
 706	tristate "SHA1 digest algorithm (OCTEON)"
 707	depends on CPU_CAVIUM_OCTEON
 708	select CRYPTO_SHA1
 709	select CRYPTO_HASH
 710	help
 711	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 712	  using OCTEON crypto instructions, when available.
 713
 714config CRYPTO_SHA1_SPARC64
 715	tristate "SHA1 digest algorithm (SPARC64)"
 716	depends on SPARC64
 717	select CRYPTO_SHA1
 718	select CRYPTO_HASH
 719	help
 720	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 721	  using sparc64 crypto instructions, when available.
 722
 723config CRYPTO_SHA1_PPC
 724	tristate "SHA1 digest algorithm (powerpc)"
 725	depends on PPC
 726	help
 727	  This is the powerpc hardware accelerated implementation of the
 728	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 729
 730config CRYPTO_SHA1_PPC_SPE
 731	tristate "SHA1 digest algorithm (PPC SPE)"
 732	depends on PPC && SPE
 733	help
 734	  SHA-1 secure hash standard (DFIPS 180-4) implemented
 735	  using powerpc SPE SIMD instruction set.
 736
 737config CRYPTO_SHA1_MB
 738	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
 739	depends on X86 && 64BIT
 740	select CRYPTO_SHA1
 741	select CRYPTO_HASH
 742	select CRYPTO_MCRYPTD
 743	help
 744	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 745	  using multi-buffer technique.  This algorithm computes on
 746	  multiple data lanes concurrently with SIMD instructions for
 747	  better throughput.  It should not be enabled by default but
 748	  used when there is significant amount of work to keep the keep
 749	  the data lanes filled to get performance benefit.  If the data
 750	  lanes remain unfilled, a flush operation will be initiated to
 751	  process the crypto jobs, adding a slight latency.
 752
 753config CRYPTO_SHA256_MB
 754	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
 755	depends on X86 && 64BIT
 756	select CRYPTO_SHA256
 757	select CRYPTO_HASH
 758	select CRYPTO_MCRYPTD
 759	help
 760	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 761	  using multi-buffer technique.  This algorithm computes on
 762	  multiple data lanes concurrently with SIMD instructions for
 763	  better throughput.  It should not be enabled by default but
 764	  used when there is significant amount of work to keep the keep
 765	  the data lanes filled to get performance benefit.  If the data
 766	  lanes remain unfilled, a flush operation will be initiated to
 767	  process the crypto jobs, adding a slight latency.
 768
 769config CRYPTO_SHA512_MB
 770        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
 771        depends on X86 && 64BIT
 772        select CRYPTO_SHA512
 773        select CRYPTO_HASH
 774        select CRYPTO_MCRYPTD
 775        help
 776          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 777          using multi-buffer technique.  This algorithm computes on
 778          multiple data lanes concurrently with SIMD instructions for
 779          better throughput.  It should not be enabled by default but
 780          used when there is significant amount of work to keep the keep
 781          the data lanes filled to get performance benefit.  If the data
 782          lanes remain unfilled, a flush operation will be initiated to
 783          process the crypto jobs, adding a slight latency.
 784
 785config CRYPTO_SHA256
 786	tristate "SHA224 and SHA256 digest algorithm"
 787	select CRYPTO_HASH
 788	help
 789	  SHA256 secure hash standard (DFIPS 180-2).
 790
 791	  This version of SHA implements a 256 bit hash with 128 bits of
 792	  security against collision attacks.
 793
 794	  This code also includes SHA-224, a 224 bit hash with 112 bits
 795	  of security against collision attacks.
 796
 797config CRYPTO_SHA256_PPC_SPE
 798	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
 799	depends on PPC && SPE
 800	select CRYPTO_SHA256
 801	select CRYPTO_HASH
 802	help
 803	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
 804	  implemented using powerpc SPE SIMD instruction set.
 805
 806config CRYPTO_SHA256_OCTEON
 807	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
 808	depends on CPU_CAVIUM_OCTEON
 809	select CRYPTO_SHA256
 810	select CRYPTO_HASH
 811	help
 812	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 813	  using OCTEON crypto instructions, when available.
 814
 815config CRYPTO_SHA256_SPARC64
 816	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
 817	depends on SPARC64
 818	select CRYPTO_SHA256
 819	select CRYPTO_HASH
 820	help
 821	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 822	  using sparc64 crypto instructions, when available.
 823
 824config CRYPTO_SHA512
 825	tristate "SHA384 and SHA512 digest algorithms"
 826	select CRYPTO_HASH
 827	help
 828	  SHA512 secure hash standard (DFIPS 180-2).
 829
 830	  This version of SHA implements a 512 bit hash with 256 bits of
 831	  security against collision attacks.
 832
 833	  This code also includes SHA-384, a 384 bit hash with 192 bits
 834	  of security against collision attacks.
 835
 836config CRYPTO_SHA512_OCTEON
 837	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
 838	depends on CPU_CAVIUM_OCTEON
 839	select CRYPTO_SHA512
 840	select CRYPTO_HASH
 841	help
 842	  SHA-512 secure hash standard (DFIPS 180-2) implemented
 843	  using OCTEON crypto instructions, when available.
 844
 845config CRYPTO_SHA512_SPARC64
 846	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
 847	depends on SPARC64
 848	select CRYPTO_SHA512
 849	select CRYPTO_HASH
 850	help
 851	  SHA-512 secure hash standard (DFIPS 180-2) implemented
 852	  using sparc64 crypto instructions, when available.
 853
 854config CRYPTO_SHA3
 855	tristate "SHA3 digest algorithm"
 856	select CRYPTO_HASH
 857	help
 858	  SHA-3 secure hash standard (DFIPS 202). It's based on
 859	  cryptographic sponge function family called Keccak.
 860
 861	  References:
 862	  http://keccak.noekeon.org/
 863
 864config CRYPTO_SM3
 865	tristate "SM3 digest algorithm"
 866	select CRYPTO_HASH
 867	help
 868	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
 869	  It is part of the Chinese Commercial Cryptography suite.
 870
 871	  References:
 872	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
 873	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
 874
 875config CRYPTO_TGR192
 876	tristate "Tiger digest algorithms"
 877	select CRYPTO_HASH
 878	help
 879	  Tiger hash algorithm 192, 160 and 128-bit hashes
 880
 881	  Tiger is a hash function optimized for 64-bit processors while
 882	  still having decent performance on 32-bit processors.
 883	  Tiger was developed by Ross Anderson and Eli Biham.
 884
 885	  See also:
 886	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
 887
 888config CRYPTO_WP512
 889	tristate "Whirlpool digest algorithms"
 890	select CRYPTO_HASH
 891	help
 892	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
 893
 894	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
 895	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
 896
 897	  See also:
 898	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
 899
 900config CRYPTO_GHASH_CLMUL_NI_INTEL
 901	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
 902	depends on X86 && 64BIT
 903	select CRYPTO_CRYPTD
 904	help
 905	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
 906	  The implementation is accelerated by CLMUL-NI of Intel.
 907
 908comment "Ciphers"
 909
 910config CRYPTO_AES
 911	tristate "AES cipher algorithms"
 912	select CRYPTO_ALGAPI
 913	help
 914	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 915	  algorithm.
 916
 917	  Rijndael appears to be consistently a very good performer in
 918	  both hardware and software across a wide range of computing
 919	  environments regardless of its use in feedback or non-feedback
 920	  modes. Its key setup time is excellent, and its key agility is
 921	  good. Rijndael's very low memory requirements make it very well
 922	  suited for restricted-space environments, in which it also
 923	  demonstrates excellent performance. Rijndael's operations are
 924	  among the easiest to defend against power and timing attacks.
 925
 926	  The AES specifies three key sizes: 128, 192 and 256 bits
 927
 928	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
 929
 930config CRYPTO_AES_TI
 931	tristate "Fixed time AES cipher"
 932	select CRYPTO_ALGAPI
 933	help
 934	  This is a generic implementation of AES that attempts to eliminate
 935	  data dependent latencies as much as possible without affecting
 936	  performance too much. It is intended for use by the generic CCM
 937	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
 938	  solely on encryption (although decryption is supported as well, but
 939	  with a more dramatic performance hit)
 940
 941	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
 942	  8 for decryption), this implementation only uses just two S-boxes of
 943	  256 bytes each, and attempts to eliminate data dependent latencies by
 944	  prefetching the entire table into the cache at the start of each
 945	  block.
 946
 947config CRYPTO_AES_586
 948	tristate "AES cipher algorithms (i586)"
 949	depends on (X86 || UML_X86) && !64BIT
 950	select CRYPTO_ALGAPI
 951	select CRYPTO_AES
 952	help
 953	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 954	  algorithm.
 955
 956	  Rijndael appears to be consistently a very good performer in
 957	  both hardware and software across a wide range of computing
 958	  environments regardless of its use in feedback or non-feedback
 959	  modes. Its key setup time is excellent, and its key agility is
 960	  good. Rijndael's very low memory requirements make it very well
 961	  suited for restricted-space environments, in which it also
 962	  demonstrates excellent performance. Rijndael's operations are
 963	  among the easiest to defend against power and timing attacks.
 964
 965	  The AES specifies three key sizes: 128, 192 and 256 bits
 966
 967	  See <http://csrc.nist.gov/encryption/aes/> for more information.
 968
 969config CRYPTO_AES_X86_64
 970	tristate "AES cipher algorithms (x86_64)"
 971	depends on (X86 || UML_X86) && 64BIT
 972	select CRYPTO_ALGAPI
 973	select CRYPTO_AES
 974	help
 975	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 976	  algorithm.
 977
 978	  Rijndael appears to be consistently a very good performer in
 979	  both hardware and software across a wide range of computing
 980	  environments regardless of its use in feedback or non-feedback
 981	  modes. Its key setup time is excellent, and its key agility is
 982	  good. Rijndael's very low memory requirements make it very well
 983	  suited for restricted-space environments, in which it also
 984	  demonstrates excellent performance. Rijndael's operations are
 985	  among the easiest to defend against power and timing attacks.
 986
 987	  The AES specifies three key sizes: 128, 192 and 256 bits
 988
 989	  See <http://csrc.nist.gov/encryption/aes/> for more information.
 990
 991config CRYPTO_AES_NI_INTEL
 992	tristate "AES cipher algorithms (AES-NI)"
 993	depends on X86
 994	select CRYPTO_AEAD
 995	select CRYPTO_AES_X86_64 if 64BIT
 996	select CRYPTO_AES_586 if !64BIT
 997	select CRYPTO_ALGAPI
 998	select CRYPTO_BLKCIPHER
 999	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1000	select CRYPTO_SIMD
1001	help
1002	  Use Intel AES-NI instructions for AES algorithm.
1003
1004	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1005	  algorithm.
1006
1007	  Rijndael appears to be consistently a very good performer in
1008	  both hardware and software across a wide range of computing
1009	  environments regardless of its use in feedback or non-feedback
1010	  modes. Its key setup time is excellent, and its key agility is
1011	  good. Rijndael's very low memory requirements make it very well
1012	  suited for restricted-space environments, in which it also
1013	  demonstrates excellent performance. Rijndael's operations are
1014	  among the easiest to defend against power and timing attacks.
1015
1016	  The AES specifies three key sizes: 128, 192 and 256 bits
1017
1018	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1019
1020	  In addition to AES cipher algorithm support, the acceleration
1021	  for some popular block cipher mode is supported too, including
1022	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1023	  acceleration for CTR.
1024
1025config CRYPTO_AES_SPARC64
1026	tristate "AES cipher algorithms (SPARC64)"
1027	depends on SPARC64
1028	select CRYPTO_CRYPTD
1029	select CRYPTO_ALGAPI
1030	help
1031	  Use SPARC64 crypto opcodes for AES algorithm.
1032
1033	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1034	  algorithm.
1035
1036	  Rijndael appears to be consistently a very good performer in
1037	  both hardware and software across a wide range of computing
1038	  environments regardless of its use in feedback or non-feedback
1039	  modes. Its key setup time is excellent, and its key agility is
1040	  good. Rijndael's very low memory requirements make it very well
1041	  suited for restricted-space environments, in which it also
1042	  demonstrates excellent performance. Rijndael's operations are
1043	  among the easiest to defend against power and timing attacks.
1044
1045	  The AES specifies three key sizes: 128, 192 and 256 bits
1046
1047	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1048
1049	  In addition to AES cipher algorithm support, the acceleration
1050	  for some popular block cipher mode is supported too, including
1051	  ECB and CBC.
1052
1053config CRYPTO_AES_PPC_SPE
1054	tristate "AES cipher algorithms (PPC SPE)"
1055	depends on PPC && SPE
1056	help
1057	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1058	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1059	  This module should only be used for low power (router) devices
1060	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1061	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1062	  timining attacks. Nevertheless it might be not as secure as other
1063	  architecture specific assembler implementations that work on 1KB
1064	  tables or 256 bytes S-boxes.
1065
1066config CRYPTO_ANUBIS
1067	tristate "Anubis cipher algorithm"
1068	select CRYPTO_ALGAPI
1069	help
1070	  Anubis cipher algorithm.
1071
1072	  Anubis is a variable key length cipher which can use keys from
1073	  128 bits to 320 bits in length.  It was evaluated as a entrant
1074	  in the NESSIE competition.
1075
1076	  See also:
1077	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1078	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1079
1080config CRYPTO_ARC4
1081	tristate "ARC4 cipher algorithm"
1082	select CRYPTO_BLKCIPHER
1083	help
1084	  ARC4 cipher algorithm.
1085
1086	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1087	  bits in length.  This algorithm is required for driver-based
1088	  WEP, but it should not be for other purposes because of the
1089	  weakness of the algorithm.
1090
1091config CRYPTO_BLOWFISH
1092	tristate "Blowfish cipher algorithm"
1093	select CRYPTO_ALGAPI
1094	select CRYPTO_BLOWFISH_COMMON
1095	help
1096	  Blowfish cipher algorithm, by Bruce Schneier.
1097
1098	  This is a variable key length cipher which can use keys from 32
1099	  bits to 448 bits in length.  It's fast, simple and specifically
1100	  designed for use on "large microprocessors".
1101
1102	  See also:
1103	  <http://www.schneier.com/blowfish.html>
1104
1105config CRYPTO_BLOWFISH_COMMON
1106	tristate
1107	help
1108	  Common parts of the Blowfish cipher algorithm shared by the
1109	  generic c and the assembler implementations.
1110
1111	  See also:
1112	  <http://www.schneier.com/blowfish.html>
1113
1114config CRYPTO_BLOWFISH_X86_64
1115	tristate "Blowfish cipher algorithm (x86_64)"
1116	depends on X86 && 64BIT
1117	select CRYPTO_ALGAPI
1118	select CRYPTO_BLOWFISH_COMMON
1119	help
1120	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1121
1122	  This is a variable key length cipher which can use keys from 32
1123	  bits to 448 bits in length.  It's fast, simple and specifically
1124	  designed for use on "large microprocessors".
1125
1126	  See also:
1127	  <http://www.schneier.com/blowfish.html>
1128
1129config CRYPTO_CAMELLIA
1130	tristate "Camellia cipher algorithms"
1131	depends on CRYPTO
1132	select CRYPTO_ALGAPI
1133	help
1134	  Camellia cipher algorithms module.
1135
1136	  Camellia is a symmetric key block cipher developed jointly
1137	  at NTT and Mitsubishi Electric Corporation.
1138
1139	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1140
1141	  See also:
1142	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1143
1144config CRYPTO_CAMELLIA_X86_64
1145	tristate "Camellia cipher algorithm (x86_64)"
1146	depends on X86 && 64BIT
1147	depends on CRYPTO
1148	select CRYPTO_ALGAPI
1149	select CRYPTO_GLUE_HELPER_X86
1150	select CRYPTO_LRW
1151	select CRYPTO_XTS
1152	help
1153	  Camellia cipher algorithm module (x86_64).
1154
1155	  Camellia is a symmetric key block cipher developed jointly
1156	  at NTT and Mitsubishi Electric Corporation.
1157
1158	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1159
1160	  See also:
1161	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1162
1163config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1164	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1165	depends on X86 && 64BIT
1166	depends on CRYPTO
1167	select CRYPTO_ALGAPI
1168	select CRYPTO_CRYPTD
1169	select CRYPTO_ABLK_HELPER
1170	select CRYPTO_GLUE_HELPER_X86
1171	select CRYPTO_CAMELLIA_X86_64
1172	select CRYPTO_LRW
1173	select CRYPTO_XTS
1174	help
1175	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1176
1177	  Camellia is a symmetric key block cipher developed jointly
1178	  at NTT and Mitsubishi Electric Corporation.
1179
1180	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1181
1182	  See also:
1183	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1184
1185config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1186	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1187	depends on X86 && 64BIT
1188	depends on CRYPTO
1189	select CRYPTO_ALGAPI
1190	select CRYPTO_CRYPTD
1191	select CRYPTO_ABLK_HELPER
1192	select CRYPTO_GLUE_HELPER_X86
1193	select CRYPTO_CAMELLIA_X86_64
1194	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1195	select CRYPTO_LRW
1196	select CRYPTO_XTS
1197	help
1198	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1199
1200	  Camellia is a symmetric key block cipher developed jointly
1201	  at NTT and Mitsubishi Electric Corporation.
1202
1203	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1204
1205	  See also:
1206	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1207
1208config CRYPTO_CAMELLIA_SPARC64
1209	tristate "Camellia cipher algorithm (SPARC64)"
1210	depends on SPARC64
1211	depends on CRYPTO
1212	select CRYPTO_ALGAPI
1213	help
1214	  Camellia cipher algorithm module (SPARC64).
1215
1216	  Camellia is a symmetric key block cipher developed jointly
1217	  at NTT and Mitsubishi Electric Corporation.
1218
1219	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1220
1221	  See also:
1222	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1223
1224config CRYPTO_CAST_COMMON
1225	tristate
1226	help
1227	  Common parts of the CAST cipher algorithms shared by the
1228	  generic c and the assembler implementations.
1229
1230config CRYPTO_CAST5
1231	tristate "CAST5 (CAST-128) cipher algorithm"
1232	select CRYPTO_ALGAPI
1233	select CRYPTO_CAST_COMMON
1234	help
1235	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1236	  described in RFC2144.
1237
1238config CRYPTO_CAST5_AVX_X86_64
1239	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1240	depends on X86 && 64BIT
1241	select CRYPTO_ALGAPI
1242	select CRYPTO_CRYPTD
1243	select CRYPTO_ABLK_HELPER
1244	select CRYPTO_CAST_COMMON
1245	select CRYPTO_CAST5
1246	help
1247	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1248	  described in RFC2144.
1249
1250	  This module provides the Cast5 cipher algorithm that processes
1251	  sixteen blocks parallel using the AVX instruction set.
1252
1253config CRYPTO_CAST6
1254	tristate "CAST6 (CAST-256) cipher algorithm"
1255	select CRYPTO_ALGAPI
1256	select CRYPTO_CAST_COMMON
1257	help
1258	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1259	  described in RFC2612.
1260
1261config CRYPTO_CAST6_AVX_X86_64
1262	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1263	depends on X86 && 64BIT
1264	select CRYPTO_ALGAPI
1265	select CRYPTO_CRYPTD
1266	select CRYPTO_ABLK_HELPER
1267	select CRYPTO_GLUE_HELPER_X86
1268	select CRYPTO_CAST_COMMON
1269	select CRYPTO_CAST6
1270	select CRYPTO_LRW
1271	select CRYPTO_XTS
1272	help
1273	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1274	  described in RFC2612.
1275
1276	  This module provides the Cast6 cipher algorithm that processes
1277	  eight blocks parallel using the AVX instruction set.
1278
1279config CRYPTO_DES
1280	tristate "DES and Triple DES EDE cipher algorithms"
1281	select CRYPTO_ALGAPI
1282	help
1283	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1284
1285config CRYPTO_DES_SPARC64
1286	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1287	depends on SPARC64
1288	select CRYPTO_ALGAPI
1289	select CRYPTO_DES
1290	help
1291	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1292	  optimized using SPARC64 crypto opcodes.
1293
1294config CRYPTO_DES3_EDE_X86_64
1295	tristate "Triple DES EDE cipher algorithm (x86-64)"
1296	depends on X86 && 64BIT
1297	select CRYPTO_ALGAPI
1298	select CRYPTO_DES
1299	help
1300	  Triple DES EDE (FIPS 46-3) algorithm.
1301
1302	  This module provides implementation of the Triple DES EDE cipher
1303	  algorithm that is optimized for x86-64 processors. Two versions of
1304	  algorithm are provided; regular processing one input block and
1305	  one that processes three blocks parallel.
1306
1307config CRYPTO_FCRYPT
1308	tristate "FCrypt cipher algorithm"
1309	select CRYPTO_ALGAPI
1310	select CRYPTO_BLKCIPHER
1311	help
1312	  FCrypt algorithm used by RxRPC.
1313
1314config CRYPTO_KHAZAD
1315	tristate "Khazad cipher algorithm"
1316	select CRYPTO_ALGAPI
1317	help
1318	  Khazad cipher algorithm.
1319
1320	  Khazad was a finalist in the initial NESSIE competition.  It is
1321	  an algorithm optimized for 64-bit processors with good performance
1322	  on 32-bit processors.  Khazad uses an 128 bit key size.
1323
1324	  See also:
1325	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1326
1327config CRYPTO_SALSA20
1328	tristate "Salsa20 stream cipher algorithm"
1329	select CRYPTO_BLKCIPHER
1330	help
1331	  Salsa20 stream cipher algorithm.
1332
1333	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1334	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1335
1336	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1337	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1338
1339config CRYPTO_SALSA20_586
1340	tristate "Salsa20 stream cipher algorithm (i586)"
1341	depends on (X86 || UML_X86) && !64BIT
1342	select CRYPTO_BLKCIPHER
1343	select CRYPTO_SALSA20
1344	help
1345	  Salsa20 stream cipher algorithm.
1346
1347	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1348	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1349
1350	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1351	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1352
1353config CRYPTO_SALSA20_X86_64
1354	tristate "Salsa20 stream cipher algorithm (x86_64)"
1355	depends on (X86 || UML_X86) && 64BIT
1356	select CRYPTO_BLKCIPHER
1357	select CRYPTO_SALSA20
1358	help
1359	  Salsa20 stream cipher algorithm.
1360
1361	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1362	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1363
1364	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1365	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1366
1367config CRYPTO_CHACHA20
1368	tristate "ChaCha20 cipher algorithm"
1369	select CRYPTO_BLKCIPHER
1370	help
1371	  ChaCha20 cipher algorithm, RFC7539.
1372
1373	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1374	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1375	  This is the portable C implementation of ChaCha20.
1376
1377	  See also:
1378	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1379
1380config CRYPTO_CHACHA20_X86_64
1381	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1382	depends on X86 && 64BIT
1383	select CRYPTO_BLKCIPHER
1384	select CRYPTO_CHACHA20
1385	help
1386	  ChaCha20 cipher algorithm, RFC7539.
1387
1388	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1389	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1390	  This is the x86_64 assembler implementation using SIMD instructions.
1391
1392	  See also:
1393	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1394
1395config CRYPTO_SEED
1396	tristate "SEED cipher algorithm"
1397	select CRYPTO_ALGAPI
1398	help
1399	  SEED cipher algorithm (RFC4269).
1400
1401	  SEED is a 128-bit symmetric key block cipher that has been
1402	  developed by KISA (Korea Information Security Agency) as a
1403	  national standard encryption algorithm of the Republic of Korea.
1404	  It is a 16 round block cipher with the key size of 128 bit.
1405
1406	  See also:
1407	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1408
1409config CRYPTO_SERPENT
1410	tristate "Serpent cipher algorithm"
1411	select CRYPTO_ALGAPI
1412	help
1413	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1414
1415	  Keys are allowed to be from 0 to 256 bits in length, in steps
1416	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1417	  variant of Serpent for compatibility with old kerneli.org code.
1418
1419	  See also:
1420	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1421
1422config CRYPTO_SERPENT_SSE2_X86_64
1423	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1424	depends on X86 && 64BIT
1425	select CRYPTO_ALGAPI
1426	select CRYPTO_CRYPTD
1427	select CRYPTO_ABLK_HELPER
1428	select CRYPTO_GLUE_HELPER_X86
1429	select CRYPTO_SERPENT
1430	select CRYPTO_LRW
1431	select CRYPTO_XTS
1432	help
1433	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1434
1435	  Keys are allowed to be from 0 to 256 bits in length, in steps
1436	  of 8 bits.
1437
1438	  This module provides Serpent cipher algorithm that processes eight
1439	  blocks parallel using SSE2 instruction set.
1440
1441	  See also:
1442	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1443
1444config CRYPTO_SERPENT_SSE2_586
1445	tristate "Serpent cipher algorithm (i586/SSE2)"
1446	depends on X86 && !64BIT
1447	select CRYPTO_ALGAPI
1448	select CRYPTO_CRYPTD
1449	select CRYPTO_ABLK_HELPER
1450	select CRYPTO_GLUE_HELPER_X86
1451	select CRYPTO_SERPENT
1452	select CRYPTO_LRW
1453	select CRYPTO_XTS
1454	help
1455	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1456
1457	  Keys are allowed to be from 0 to 256 bits in length, in steps
1458	  of 8 bits.
1459
1460	  This module provides Serpent cipher algorithm that processes four
1461	  blocks parallel using SSE2 instruction set.
1462
1463	  See also:
1464	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1465
1466config CRYPTO_SERPENT_AVX_X86_64
1467	tristate "Serpent cipher algorithm (x86_64/AVX)"
1468	depends on X86 && 64BIT
1469	select CRYPTO_ALGAPI
1470	select CRYPTO_CRYPTD
1471	select CRYPTO_ABLK_HELPER
1472	select CRYPTO_GLUE_HELPER_X86
1473	select CRYPTO_SERPENT
1474	select CRYPTO_LRW
1475	select CRYPTO_XTS
1476	help
1477	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1478
1479	  Keys are allowed to be from 0 to 256 bits in length, in steps
1480	  of 8 bits.
1481
1482	  This module provides the Serpent cipher algorithm that processes
1483	  eight blocks parallel using the AVX instruction set.
1484
1485	  See also:
1486	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1487
1488config CRYPTO_SERPENT_AVX2_X86_64
1489	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1490	depends on X86 && 64BIT
1491	select CRYPTO_ALGAPI
1492	select CRYPTO_CRYPTD
1493	select CRYPTO_ABLK_HELPER
1494	select CRYPTO_GLUE_HELPER_X86
1495	select CRYPTO_SERPENT
1496	select CRYPTO_SERPENT_AVX_X86_64
1497	select CRYPTO_LRW
1498	select CRYPTO_XTS
1499	help
1500	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1501
1502	  Keys are allowed to be from 0 to 256 bits in length, in steps
1503	  of 8 bits.
1504
1505	  This module provides Serpent cipher algorithm that processes 16
1506	  blocks parallel using AVX2 instruction set.
1507
1508	  See also:
1509	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1510
1511config CRYPTO_TEA
1512	tristate "TEA, XTEA and XETA cipher algorithms"
1513	select CRYPTO_ALGAPI
1514	help
1515	  TEA cipher algorithm.
1516
1517	  Tiny Encryption Algorithm is a simple cipher that uses
1518	  many rounds for security.  It is very fast and uses
1519	  little memory.
1520
1521	  Xtendend Tiny Encryption Algorithm is a modification to
1522	  the TEA algorithm to address a potential key weakness
1523	  in the TEA algorithm.
1524
1525	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1526	  of the XTEA algorithm for compatibility purposes.
1527
1528config CRYPTO_TWOFISH
1529	tristate "Twofish cipher algorithm"
1530	select CRYPTO_ALGAPI
1531	select CRYPTO_TWOFISH_COMMON
1532	help
1533	  Twofish cipher algorithm.
1534
1535	  Twofish was submitted as an AES (Advanced Encryption Standard)
1536	  candidate cipher by researchers at CounterPane Systems.  It is a
1537	  16 round block cipher supporting key sizes of 128, 192, and 256
1538	  bits.
1539
1540	  See also:
1541	  <http://www.schneier.com/twofish.html>
1542
1543config CRYPTO_TWOFISH_COMMON
1544	tristate
1545	help
1546	  Common parts of the Twofish cipher algorithm shared by the
1547	  generic c and the assembler implementations.
1548
1549config CRYPTO_TWOFISH_586
1550	tristate "Twofish cipher algorithms (i586)"
1551	depends on (X86 || UML_X86) && !64BIT
1552	select CRYPTO_ALGAPI
1553	select CRYPTO_TWOFISH_COMMON
1554	help
1555	  Twofish cipher algorithm.
1556
1557	  Twofish was submitted as an AES (Advanced Encryption Standard)
1558	  candidate cipher by researchers at CounterPane Systems.  It is a
1559	  16 round block cipher supporting key sizes of 128, 192, and 256
1560	  bits.
1561
1562	  See also:
1563	  <http://www.schneier.com/twofish.html>
1564
1565config CRYPTO_TWOFISH_X86_64
1566	tristate "Twofish cipher algorithm (x86_64)"
1567	depends on (X86 || UML_X86) && 64BIT
1568	select CRYPTO_ALGAPI
1569	select CRYPTO_TWOFISH_COMMON
1570	help
1571	  Twofish cipher algorithm (x86_64).
1572
1573	  Twofish was submitted as an AES (Advanced Encryption Standard)
1574	  candidate cipher by researchers at CounterPane Systems.  It is a
1575	  16 round block cipher supporting key sizes of 128, 192, and 256
1576	  bits.
1577
1578	  See also:
1579	  <http://www.schneier.com/twofish.html>
1580
1581config CRYPTO_TWOFISH_X86_64_3WAY
1582	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1583	depends on X86 && 64BIT
1584	select CRYPTO_ALGAPI
1585	select CRYPTO_TWOFISH_COMMON
1586	select CRYPTO_TWOFISH_X86_64
1587	select CRYPTO_GLUE_HELPER_X86
1588	select CRYPTO_LRW
1589	select CRYPTO_XTS
1590	help
1591	  Twofish cipher algorithm (x86_64, 3-way parallel).
1592
1593	  Twofish was submitted as an AES (Advanced Encryption Standard)
1594	  candidate cipher by researchers at CounterPane Systems.  It is a
1595	  16 round block cipher supporting key sizes of 128, 192, and 256
1596	  bits.
1597
1598	  This module provides Twofish cipher algorithm that processes three
1599	  blocks parallel, utilizing resources of out-of-order CPUs better.
1600
1601	  See also:
1602	  <http://www.schneier.com/twofish.html>
1603
1604config CRYPTO_TWOFISH_AVX_X86_64
1605	tristate "Twofish cipher algorithm (x86_64/AVX)"
1606	depends on X86 && 64BIT
1607	select CRYPTO_ALGAPI
1608	select CRYPTO_CRYPTD
1609	select CRYPTO_ABLK_HELPER
1610	select CRYPTO_GLUE_HELPER_X86
1611	select CRYPTO_TWOFISH_COMMON
1612	select CRYPTO_TWOFISH_X86_64
1613	select CRYPTO_TWOFISH_X86_64_3WAY
1614	select CRYPTO_LRW
1615	select CRYPTO_XTS
1616	help
1617	  Twofish cipher algorithm (x86_64/AVX).
1618
1619	  Twofish was submitted as an AES (Advanced Encryption Standard)
1620	  candidate cipher by researchers at CounterPane Systems.  It is a
1621	  16 round block cipher supporting key sizes of 128, 192, and 256
1622	  bits.
1623
1624	  This module provides the Twofish cipher algorithm that processes
1625	  eight blocks parallel using the AVX Instruction Set.
1626
1627	  See also:
1628	  <http://www.schneier.com/twofish.html>
1629
1630comment "Compression"
1631
1632config CRYPTO_DEFLATE
1633	tristate "Deflate compression algorithm"
1634	select CRYPTO_ALGAPI
1635	select CRYPTO_ACOMP2
1636	select ZLIB_INFLATE
1637	select ZLIB_DEFLATE
1638	help
1639	  This is the Deflate algorithm (RFC1951), specified for use in
1640	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1641
1642	  You will most probably want this if using IPSec.
1643
1644config CRYPTO_LZO
1645	tristate "LZO compression algorithm"
1646	select CRYPTO_ALGAPI
1647	select CRYPTO_ACOMP2
1648	select LZO_COMPRESS
1649	select LZO_DECOMPRESS
1650	help
1651	  This is the LZO algorithm.
1652
1653config CRYPTO_842
1654	tristate "842 compression algorithm"
1655	select CRYPTO_ALGAPI
1656	select CRYPTO_ACOMP2
1657	select 842_COMPRESS
1658	select 842_DECOMPRESS
1659	help
1660	  This is the 842 algorithm.
1661
1662config CRYPTO_LZ4
1663	tristate "LZ4 compression algorithm"
1664	select CRYPTO_ALGAPI
1665	select CRYPTO_ACOMP2
1666	select LZ4_COMPRESS
1667	select LZ4_DECOMPRESS
1668	help
1669	  This is the LZ4 algorithm.
1670
1671config CRYPTO_LZ4HC
1672	tristate "LZ4HC compression algorithm"
1673	select CRYPTO_ALGAPI
1674	select CRYPTO_ACOMP2
1675	select LZ4HC_COMPRESS
1676	select LZ4_DECOMPRESS
1677	help
1678	  This is the LZ4 high compression mode algorithm.
1679
1680comment "Random Number Generation"
1681
1682config CRYPTO_ANSI_CPRNG
1683	tristate "Pseudo Random Number Generation for Cryptographic modules"
1684	select CRYPTO_AES
1685	select CRYPTO_RNG
1686	help
1687	  This option enables the generic pseudo random number generator
1688	  for cryptographic modules.  Uses the Algorithm specified in
1689	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1690	  CRYPTO_FIPS is selected
1691
1692menuconfig CRYPTO_DRBG_MENU
1693	tristate "NIST SP800-90A DRBG"
1694	help
1695	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1696	  more of the DRBG types must be selected.
1697
1698if CRYPTO_DRBG_MENU
1699
1700config CRYPTO_DRBG_HMAC
1701	bool
1702	default y
1703	select CRYPTO_HMAC
1704	select CRYPTO_SHA256
1705
1706config CRYPTO_DRBG_HASH
1707	bool "Enable Hash DRBG"
1708	select CRYPTO_SHA256
1709	help
1710	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1711
1712config CRYPTO_DRBG_CTR
1713	bool "Enable CTR DRBG"
1714	select CRYPTO_AES
1715	depends on CRYPTO_CTR
1716	help
1717	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1718
1719config CRYPTO_DRBG
1720	tristate
1721	default CRYPTO_DRBG_MENU
1722	select CRYPTO_RNG
1723	select CRYPTO_JITTERENTROPY
1724
1725endif	# if CRYPTO_DRBG_MENU
1726
1727config CRYPTO_JITTERENTROPY
1728	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1729	select CRYPTO_RNG
1730	help
1731	  The Jitterentropy RNG is a noise that is intended
1732	  to provide seed to another RNG. The RNG does not
1733	  perform any cryptographic whitening of the generated
1734	  random numbers. This Jitterentropy RNG registers with
1735	  the kernel crypto API and can be used by any caller.
1736
1737config CRYPTO_USER_API
1738	tristate
1739
1740config CRYPTO_USER_API_HASH
1741	tristate "User-space interface for hash algorithms"
1742	depends on NET
1743	select CRYPTO_HASH
1744	select CRYPTO_USER_API
1745	help
1746	  This option enables the user-spaces interface for hash
1747	  algorithms.
1748
1749config CRYPTO_USER_API_SKCIPHER
1750	tristate "User-space interface for symmetric key cipher algorithms"
1751	depends on NET
1752	select CRYPTO_BLKCIPHER
1753	select CRYPTO_USER_API
1754	help
1755	  This option enables the user-spaces interface for symmetric
1756	  key cipher algorithms.
1757
1758config CRYPTO_USER_API_RNG
1759	tristate "User-space interface for random number generator algorithms"
1760	depends on NET
1761	select CRYPTO_RNG
1762	select CRYPTO_USER_API
1763	help
1764	  This option enables the user-spaces interface for random
1765	  number generator algorithms.
1766
1767config CRYPTO_USER_API_AEAD
1768	tristate "User-space interface for AEAD cipher algorithms"
1769	depends on NET
1770	select CRYPTO_AEAD
1771	select CRYPTO_BLKCIPHER
1772	select CRYPTO_NULL
1773	select CRYPTO_USER_API
1774	help
1775	  This option enables the user-spaces interface for AEAD
1776	  cipher algorithms.
1777
1778config CRYPTO_HASH_INFO
1779	bool
1780
1781source "drivers/crypto/Kconfig"
1782source crypto/asymmetric_keys/Kconfig
1783source certs/Kconfig
1784
1785endif	# if CRYPTO
Configure Feed

Configure Feed
