xref: /openbmc/linux/crypto/Kconfig (revision 54cbac81)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
27	help
28	  This options enables the fips boot option which is
29	  required if you want to system to operate in a FIPS 200
30	  certification.  You should say no unless you know what
31	  this is.
32
33config CRYPTO_ALGAPI
34	tristate
35	select CRYPTO_ALGAPI2
36	help
37	  This option provides the API for cryptographic algorithms.
38
39config CRYPTO_ALGAPI2
40	tristate
41
42config CRYPTO_AEAD
43	tristate
44	select CRYPTO_AEAD2
45	select CRYPTO_ALGAPI
46
47config CRYPTO_AEAD2
48	tristate
49	select CRYPTO_ALGAPI2
50
51config CRYPTO_BLKCIPHER
52	tristate
53	select CRYPTO_BLKCIPHER2
54	select CRYPTO_ALGAPI
55
56config CRYPTO_BLKCIPHER2
57	tristate
58	select CRYPTO_ALGAPI2
59	select CRYPTO_RNG2
60	select CRYPTO_WORKQUEUE
61
62config CRYPTO_HASH
63	tristate
64	select CRYPTO_HASH2
65	select CRYPTO_ALGAPI
66
67config CRYPTO_HASH2
68	tristate
69	select CRYPTO_ALGAPI2
70
71config CRYPTO_RNG
72	tristate
73	select CRYPTO_RNG2
74	select CRYPTO_ALGAPI
75
76config CRYPTO_RNG2
77	tristate
78	select CRYPTO_ALGAPI2
79
80config CRYPTO_PCOMP
81	tristate
82	select CRYPTO_PCOMP2
83	select CRYPTO_ALGAPI
84
85config CRYPTO_PCOMP2
86	tristate
87	select CRYPTO_ALGAPI2
88
89config CRYPTO_MANAGER
90	tristate "Cryptographic algorithm manager"
91	select CRYPTO_MANAGER2
92	help
93	  Create default cryptographic template instantiations such as
94	  cbc(aes).
95
96config CRYPTO_MANAGER2
97	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
98	select CRYPTO_AEAD2
99	select CRYPTO_HASH2
100	select CRYPTO_BLKCIPHER2
101	select CRYPTO_PCOMP2
102
103config CRYPTO_USER
104	tristate "Userspace cryptographic algorithm configuration"
105	depends on NET
106	select CRYPTO_MANAGER
107	help
108	  Userspace configuration for cryptographic instantiations such as
109	  cbc(aes).
110
111config CRYPTO_MANAGER_DISABLE_TESTS
112	bool "Disable run-time self tests"
113	default y
114	depends on CRYPTO_MANAGER2
115	help
116	  Disable run-time self tests that normally take place at
117	  algorithm registration.
118
119config CRYPTO_GF128MUL
120	tristate "GF(2^128) multiplication functions"
121	help
122	  Efficient table driven implementation of multiplications in the
123	  field GF(2^128).  This is needed by some cypher modes. This
124	  option will be selected automatically if you select such a
125	  cipher mode.  Only select this option by hand if you expect to load
126	  an external module that requires these functions.
127
128config CRYPTO_NULL
129	tristate "Null algorithms"
130	select CRYPTO_ALGAPI
131	select CRYPTO_BLKCIPHER
132	select CRYPTO_HASH
133	help
134	  These are 'Null' algorithms, used by IPsec, which do nothing.
135
136config CRYPTO_PCRYPT
137	tristate "Parallel crypto engine (EXPERIMENTAL)"
138	depends on SMP && EXPERIMENTAL
139	select PADATA
140	select CRYPTO_MANAGER
141	select CRYPTO_AEAD
142	help
143	  This converts an arbitrary crypto algorithm into a parallel
144	  algorithm that executes in kernel threads.
145
146config CRYPTO_WORKQUEUE
147       tristate
148
149config CRYPTO_CRYPTD
150	tristate "Software async crypto daemon"
151	select CRYPTO_BLKCIPHER
152	select CRYPTO_HASH
153	select CRYPTO_MANAGER
154	select CRYPTO_WORKQUEUE
155	help
156	  This is a generic software asynchronous crypto daemon that
157	  converts an arbitrary synchronous software crypto algorithm
158	  into an asynchronous algorithm that executes in a kernel thread.
159
160config CRYPTO_AUTHENC
161	tristate "Authenc support"
162	select CRYPTO_AEAD
163	select CRYPTO_BLKCIPHER
164	select CRYPTO_MANAGER
165	select CRYPTO_HASH
166	help
167	  Authenc: Combined mode wrapper for IPsec.
168	  This is required for IPSec.
169
170config CRYPTO_TEST
171	tristate "Testing module"
172	depends on m
173	select CRYPTO_MANAGER
174	help
175	  Quick & dirty crypto test module.
176
177config CRYPTO_ABLK_HELPER_X86
178	tristate
179	depends on X86
180	select CRYPTO_CRYPTD
181
182config CRYPTO_GLUE_HELPER_X86
183	tristate
184	depends on X86
185	select CRYPTO_ALGAPI
186
187comment "Authenticated Encryption with Associated Data"
188
189config CRYPTO_CCM
190	tristate "CCM support"
191	select CRYPTO_CTR
192	select CRYPTO_AEAD
193	help
194	  Support for Counter with CBC MAC. Required for IPsec.
195
196config CRYPTO_GCM
197	tristate "GCM/GMAC support"
198	select CRYPTO_CTR
199	select CRYPTO_AEAD
200	select CRYPTO_GHASH
201	help
202	  Support for Galois/Counter Mode (GCM) and Galois Message
203	  Authentication Code (GMAC). Required for IPSec.
204
205config CRYPTO_SEQIV
206	tristate "Sequence Number IV Generator"
207	select CRYPTO_AEAD
208	select CRYPTO_BLKCIPHER
209	select CRYPTO_RNG
210	help
211	  This IV generator generates an IV based on a sequence number by
212	  xoring it with a salt.  This algorithm is mainly useful for CTR
213
214comment "Block modes"
215
216config CRYPTO_CBC
217	tristate "CBC support"
218	select CRYPTO_BLKCIPHER
219	select CRYPTO_MANAGER
220	help
221	  CBC: Cipher Block Chaining mode
222	  This block cipher algorithm is required for IPSec.
223
224config CRYPTO_CTR
225	tristate "CTR support"
226	select CRYPTO_BLKCIPHER
227	select CRYPTO_SEQIV
228	select CRYPTO_MANAGER
229	help
230	  CTR: Counter mode
231	  This block cipher algorithm is required for IPSec.
232
233config CRYPTO_CTS
234	tristate "CTS support"
235	select CRYPTO_BLKCIPHER
236	help
237	  CTS: Cipher Text Stealing
238	  This is the Cipher Text Stealing mode as described by
239	  Section 8 of rfc2040 and referenced by rfc3962.
240	  (rfc3962 includes errata information in its Appendix A)
241	  This mode is required for Kerberos gss mechanism support
242	  for AES encryption.
243
244config CRYPTO_ECB
245	tristate "ECB support"
246	select CRYPTO_BLKCIPHER
247	select CRYPTO_MANAGER
248	help
249	  ECB: Electronic CodeBook mode
250	  This is the simplest block cipher algorithm.  It simply encrypts
251	  the input block by block.
252
253config CRYPTO_LRW
254	tristate "LRW support"
255	select CRYPTO_BLKCIPHER
256	select CRYPTO_MANAGER
257	select CRYPTO_GF128MUL
258	help
259	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
260	  narrow block cipher mode for dm-crypt.  Use it with cipher
261	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
262	  The first 128, 192 or 256 bits in the key are used for AES and the
263	  rest is used to tie each cipher block to its logical position.
264
265config CRYPTO_PCBC
266	tristate "PCBC support"
267	select CRYPTO_BLKCIPHER
268	select CRYPTO_MANAGER
269	help
270	  PCBC: Propagating Cipher Block Chaining mode
271	  This block cipher algorithm is required for RxRPC.
272
273config CRYPTO_XTS
274	tristate "XTS support"
275	select CRYPTO_BLKCIPHER
276	select CRYPTO_MANAGER
277	select CRYPTO_GF128MUL
278	help
279	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
280	  key size 256, 384 or 512 bits. This implementation currently
281	  can't handle a sectorsize which is not a multiple of 16 bytes.
282
283comment "Hash modes"
284
285config CRYPTO_HMAC
286	tristate "HMAC support"
287	select CRYPTO_HASH
288	select CRYPTO_MANAGER
289	help
290	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
291	  This is required for IPSec.
292
293config CRYPTO_XCBC
294	tristate "XCBC support"
295	depends on EXPERIMENTAL
296	select CRYPTO_HASH
297	select CRYPTO_MANAGER
298	help
299	  XCBC: Keyed-Hashing with encryption algorithm
300		http://www.ietf.org/rfc/rfc3566.txt
301		http://csrc.nist.gov/encryption/modes/proposedmodes/
302		 xcbc-mac/xcbc-mac-spec.pdf
303
304config CRYPTO_VMAC
305	tristate "VMAC support"
306	depends on EXPERIMENTAL
307	select CRYPTO_HASH
308	select CRYPTO_MANAGER
309	help
310	  VMAC is a message authentication algorithm designed for
311	  very high speed on 64-bit architectures.
312
313	  See also:
314	  <http://fastcrypto.org/vmac>
315
316comment "Digest"
317
318config CRYPTO_CRC32C
319	tristate "CRC32c CRC algorithm"
320	select CRYPTO_HASH
321	select CRC32
322	help
323	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
324	  by iSCSI for header and data digests and by others.
325	  See Castagnoli93.  Module will be crc32c.
326
327config CRYPTO_CRC32C_X86_64
328	bool
329	depends on X86 && 64BIT
330	select CRYPTO_HASH
331	help
332	  In Intel processor with SSE4.2 supported, the processor will
333	  support CRC32C calculation using hardware accelerated CRC32
334	  instruction optimized with PCLMULQDQ instruction when available.
335
336config CRYPTO_CRC32C_INTEL
337	tristate "CRC32c INTEL hardware acceleration"
338	depends on X86
339	select CRYPTO_CRC32C_X86_64 if 64BIT
340	select CRYPTO_HASH
341	help
342	  In Intel processor with SSE4.2 supported, the processor will
343	  support CRC32C implementation using hardware accelerated CRC32
344	  instruction. This option will create 'crc32c-intel' module,
345	  which will enable any routine to use the CRC32 instruction to
346	  gain performance compared with software implementation.
347	  Module will be crc32c-intel.
348
349config CRYPTO_CRC32C_SPARC64
350	tristate "CRC32c CRC algorithm (SPARC64)"
351	depends on SPARC64
352	select CRYPTO_HASH
353	select CRC32
354	help
355	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
356	  when available.
357
358config CRYPTO_GHASH
359	tristate "GHASH digest algorithm"
360	select CRYPTO_GF128MUL
361	help
362	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
363
364config CRYPTO_MD4
365	tristate "MD4 digest algorithm"
366	select CRYPTO_HASH
367	help
368	  MD4 message digest algorithm (RFC1320).
369
370config CRYPTO_MD5
371	tristate "MD5 digest algorithm"
372	select CRYPTO_HASH
373	help
374	  MD5 message digest algorithm (RFC1321).
375
376config CRYPTO_MD5_SPARC64
377	tristate "MD5 digest algorithm (SPARC64)"
378	depends on SPARC64
379	select CRYPTO_MD5
380	select CRYPTO_HASH
381	help
382	  MD5 message digest algorithm (RFC1321) implemented
383	  using sparc64 crypto instructions, when available.
384
385config CRYPTO_MICHAEL_MIC
386	tristate "Michael MIC keyed digest algorithm"
387	select CRYPTO_HASH
388	help
389	  Michael MIC is used for message integrity protection in TKIP
390	  (IEEE 802.11i). This algorithm is required for TKIP, but it
391	  should not be used for other purposes because of the weakness
392	  of the algorithm.
393
394config CRYPTO_RMD128
395	tristate "RIPEMD-128 digest algorithm"
396	select CRYPTO_HASH
397	help
398	  RIPEMD-128 (ISO/IEC 10118-3:2004).
399
400	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
401	  be used as a secure replacement for RIPEMD. For other use cases,
402	  RIPEMD-160 should be used.
403
404	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
405	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
406
407config CRYPTO_RMD160
408	tristate "RIPEMD-160 digest algorithm"
409	select CRYPTO_HASH
410	help
411	  RIPEMD-160 (ISO/IEC 10118-3:2004).
412
413	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
414	  to be used as a secure replacement for the 128-bit hash functions
415	  MD4, MD5 and it's predecessor RIPEMD
416	  (not to be confused with RIPEMD-128).
417
418	  It's speed is comparable to SHA1 and there are no known attacks
419	  against RIPEMD-160.
420
421	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
422	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
423
424config CRYPTO_RMD256
425	tristate "RIPEMD-256 digest algorithm"
426	select CRYPTO_HASH
427	help
428	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
429	  256 bit hash. It is intended for applications that require
430	  longer hash-results, without needing a larger security level
431	  (than RIPEMD-128).
432
433	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
434	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
435
436config CRYPTO_RMD320
437	tristate "RIPEMD-320 digest algorithm"
438	select CRYPTO_HASH
439	help
440	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
441	  320 bit hash. It is intended for applications that require
442	  longer hash-results, without needing a larger security level
443	  (than RIPEMD-160).
444
445	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
446	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
447
448config CRYPTO_SHA1
449	tristate "SHA1 digest algorithm"
450	select CRYPTO_HASH
451	help
452	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
453
454config CRYPTO_SHA1_SSSE3
455	tristate "SHA1 digest algorithm (SSSE3/AVX)"
456	depends on X86 && 64BIT
457	select CRYPTO_SHA1
458	select CRYPTO_HASH
459	help
460	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
461	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
462	  Extensions (AVX), when available.
463
464config CRYPTO_SHA1_SPARC64
465	tristate "SHA1 digest algorithm (SPARC64)"
466	depends on SPARC64
467	select CRYPTO_SHA1
468	select CRYPTO_HASH
469	help
470	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
471	  using sparc64 crypto instructions, when available.
472
473config CRYPTO_SHA1_ARM
474	tristate "SHA1 digest algorithm (ARM-asm)"
475	depends on ARM
476	select CRYPTO_SHA1
477	select CRYPTO_HASH
478	help
479	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
480	  using optimized ARM assembler.
481
482config CRYPTO_SHA256
483	tristate "SHA224 and SHA256 digest algorithm"
484	select CRYPTO_HASH
485	help
486	  SHA256 secure hash standard (DFIPS 180-2).
487
488	  This version of SHA implements a 256 bit hash with 128 bits of
489	  security against collision attacks.
490
491	  This code also includes SHA-224, a 224 bit hash with 112 bits
492	  of security against collision attacks.
493
494config CRYPTO_SHA256_SPARC64
495	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
496	depends on SPARC64
497	select CRYPTO_SHA256
498	select CRYPTO_HASH
499	help
500	  SHA-256 secure hash standard (DFIPS 180-2) implemented
501	  using sparc64 crypto instructions, when available.
502
503config CRYPTO_SHA512
504	tristate "SHA384 and SHA512 digest algorithms"
505	select CRYPTO_HASH
506	help
507	  SHA512 secure hash standard (DFIPS 180-2).
508
509	  This version of SHA implements a 512 bit hash with 256 bits of
510	  security against collision attacks.
511
512	  This code also includes SHA-384, a 384 bit hash with 192 bits
513	  of security against collision attacks.
514
515config CRYPTO_SHA512_SPARC64
516	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
517	depends on SPARC64
518	select CRYPTO_SHA512
519	select CRYPTO_HASH
520	help
521	  SHA-512 secure hash standard (DFIPS 180-2) implemented
522	  using sparc64 crypto instructions, when available.
523
524config CRYPTO_TGR192
525	tristate "Tiger digest algorithms"
526	select CRYPTO_HASH
527	help
528	  Tiger hash algorithm 192, 160 and 128-bit hashes
529
530	  Tiger is a hash function optimized for 64-bit processors while
531	  still having decent performance on 32-bit processors.
532	  Tiger was developed by Ross Anderson and Eli Biham.
533
534	  See also:
535	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
536
537config CRYPTO_WP512
538	tristate "Whirlpool digest algorithms"
539	select CRYPTO_HASH
540	help
541	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
542
543	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
544	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
545
546	  See also:
547	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
548
549config CRYPTO_GHASH_CLMUL_NI_INTEL
550	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
551	depends on X86 && 64BIT
552	select CRYPTO_CRYPTD
553	help
554	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
555	  The implementation is accelerated by CLMUL-NI of Intel.
556
557comment "Ciphers"
558
559config CRYPTO_AES
560	tristate "AES cipher algorithms"
561	select CRYPTO_ALGAPI
562	help
563	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
564	  algorithm.
565
566	  Rijndael appears to be consistently a very good performer in
567	  both hardware and software across a wide range of computing
568	  environments regardless of its use in feedback or non-feedback
569	  modes. Its key setup time is excellent, and its key agility is
570	  good. Rijndael's very low memory requirements make it very well
571	  suited for restricted-space environments, in which it also
572	  demonstrates excellent performance. Rijndael's operations are
573	  among the easiest to defend against power and timing attacks.
574
575	  The AES specifies three key sizes: 128, 192 and 256 bits
576
577	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
578
579config CRYPTO_AES_586
580	tristate "AES cipher algorithms (i586)"
581	depends on (X86 || UML_X86) && !64BIT
582	select CRYPTO_ALGAPI
583	select CRYPTO_AES
584	help
585	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
586	  algorithm.
587
588	  Rijndael appears to be consistently a very good performer in
589	  both hardware and software across a wide range of computing
590	  environments regardless of its use in feedback or non-feedback
591	  modes. Its key setup time is excellent, and its key agility is
592	  good. Rijndael's very low memory requirements make it very well
593	  suited for restricted-space environments, in which it also
594	  demonstrates excellent performance. Rijndael's operations are
595	  among the easiest to defend against power and timing attacks.
596
597	  The AES specifies three key sizes: 128, 192 and 256 bits
598
599	  See <http://csrc.nist.gov/encryption/aes/> for more information.
600
601config CRYPTO_AES_X86_64
602	tristate "AES cipher algorithms (x86_64)"
603	depends on (X86 || UML_X86) && 64BIT
604	select CRYPTO_ALGAPI
605	select CRYPTO_AES
606	help
607	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
608	  algorithm.
609
610	  Rijndael appears to be consistently a very good performer in
611	  both hardware and software across a wide range of computing
612	  environments regardless of its use in feedback or non-feedback
613	  modes. Its key setup time is excellent, and its key agility is
614	  good. Rijndael's very low memory requirements make it very well
615	  suited for restricted-space environments, in which it also
616	  demonstrates excellent performance. Rijndael's operations are
617	  among the easiest to defend against power and timing attacks.
618
619	  The AES specifies three key sizes: 128, 192 and 256 bits
620
621	  See <http://csrc.nist.gov/encryption/aes/> for more information.
622
623config CRYPTO_AES_NI_INTEL
624	tristate "AES cipher algorithms (AES-NI)"
625	depends on X86
626	select CRYPTO_AES_X86_64 if 64BIT
627	select CRYPTO_AES_586 if !64BIT
628	select CRYPTO_CRYPTD
629	select CRYPTO_ABLK_HELPER_X86
630	select CRYPTO_ALGAPI
631	select CRYPTO_LRW
632	select CRYPTO_XTS
633	help
634	  Use Intel AES-NI instructions for AES algorithm.
635
636	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
637	  algorithm.
638
639	  Rijndael appears to be consistently a very good performer in
640	  both hardware and software across a wide range of computing
641	  environments regardless of its use in feedback or non-feedback
642	  modes. Its key setup time is excellent, and its key agility is
643	  good. Rijndael's very low memory requirements make it very well
644	  suited for restricted-space environments, in which it also
645	  demonstrates excellent performance. Rijndael's operations are
646	  among the easiest to defend against power and timing attacks.
647
648	  The AES specifies three key sizes: 128, 192 and 256 bits
649
650	  See <http://csrc.nist.gov/encryption/aes/> for more information.
651
652	  In addition to AES cipher algorithm support, the acceleration
653	  for some popular block cipher mode is supported too, including
654	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
655	  acceleration for CTR.
656
657config CRYPTO_AES_SPARC64
658	tristate "AES cipher algorithms (SPARC64)"
659	depends on SPARC64
660	select CRYPTO_CRYPTD
661	select CRYPTO_ALGAPI
662	help
663	  Use SPARC64 crypto opcodes for AES algorithm.
664
665	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
666	  algorithm.
667
668	  Rijndael appears to be consistently a very good performer in
669	  both hardware and software across a wide range of computing
670	  environments regardless of its use in feedback or non-feedback
671	  modes. Its key setup time is excellent, and its key agility is
672	  good. Rijndael's very low memory requirements make it very well
673	  suited for restricted-space environments, in which it also
674	  demonstrates excellent performance. Rijndael's operations are
675	  among the easiest to defend against power and timing attacks.
676
677	  The AES specifies three key sizes: 128, 192 and 256 bits
678
679	  See <http://csrc.nist.gov/encryption/aes/> for more information.
680
681	  In addition to AES cipher algorithm support, the acceleration
682	  for some popular block cipher mode is supported too, including
683	  ECB and CBC.
684
685config CRYPTO_AES_ARM
686	tristate "AES cipher algorithms (ARM-asm)"
687	depends on ARM
688	select CRYPTO_ALGAPI
689	select CRYPTO_AES
690	help
691	  Use optimized AES assembler routines for ARM platforms.
692
693	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
694	  algorithm.
695
696	  Rijndael appears to be consistently a very good performer in
697	  both hardware and software across a wide range of computing
698	  environments regardless of its use in feedback or non-feedback
699	  modes. Its key setup time is excellent, and its key agility is
700	  good. Rijndael's very low memory requirements make it very well
701	  suited for restricted-space environments, in which it also
702	  demonstrates excellent performance. Rijndael's operations are
703	  among the easiest to defend against power and timing attacks.
704
705	  The AES specifies three key sizes: 128, 192 and 256 bits
706
707	  See <http://csrc.nist.gov/encryption/aes/> for more information.
708
709config CRYPTO_ANUBIS
710	tristate "Anubis cipher algorithm"
711	select CRYPTO_ALGAPI
712	help
713	  Anubis cipher algorithm.
714
715	  Anubis is a variable key length cipher which can use keys from
716	  128 bits to 320 bits in length.  It was evaluated as a entrant
717	  in the NESSIE competition.
718
719	  See also:
720	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
721	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
722
723config CRYPTO_ARC4
724	tristate "ARC4 cipher algorithm"
725	select CRYPTO_BLKCIPHER
726	help
727	  ARC4 cipher algorithm.
728
729	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
730	  bits in length.  This algorithm is required for driver-based
731	  WEP, but it should not be for other purposes because of the
732	  weakness of the algorithm.
733
734config CRYPTO_BLOWFISH
735	tristate "Blowfish cipher algorithm"
736	select CRYPTO_ALGAPI
737	select CRYPTO_BLOWFISH_COMMON
738	help
739	  Blowfish cipher algorithm, by Bruce Schneier.
740
741	  This is a variable key length cipher which can use keys from 32
742	  bits to 448 bits in length.  It's fast, simple and specifically
743	  designed for use on "large microprocessors".
744
745	  See also:
746	  <http://www.schneier.com/blowfish.html>
747
748config CRYPTO_BLOWFISH_COMMON
749	tristate
750	help
751	  Common parts of the Blowfish cipher algorithm shared by the
752	  generic c and the assembler implementations.
753
754	  See also:
755	  <http://www.schneier.com/blowfish.html>
756
757config CRYPTO_BLOWFISH_X86_64
758	tristate "Blowfish cipher algorithm (x86_64)"
759	depends on X86 && 64BIT
760	select CRYPTO_ALGAPI
761	select CRYPTO_BLOWFISH_COMMON
762	help
763	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
764
765	  This is a variable key length cipher which can use keys from 32
766	  bits to 448 bits in length.  It's fast, simple and specifically
767	  designed for use on "large microprocessors".
768
769	  See also:
770	  <http://www.schneier.com/blowfish.html>
771
772config CRYPTO_CAMELLIA
773	tristate "Camellia cipher algorithms"
774	depends on CRYPTO
775	select CRYPTO_ALGAPI
776	help
777	  Camellia cipher algorithms module.
778
779	  Camellia is a symmetric key block cipher developed jointly
780	  at NTT and Mitsubishi Electric Corporation.
781
782	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
783
784	  See also:
785	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
786
787config CRYPTO_CAMELLIA_X86_64
788	tristate "Camellia cipher algorithm (x86_64)"
789	depends on X86 && 64BIT
790	depends on CRYPTO
791	select CRYPTO_ALGAPI
792	select CRYPTO_GLUE_HELPER_X86
793	select CRYPTO_LRW
794	select CRYPTO_XTS
795	help
796	  Camellia cipher algorithm module (x86_64).
797
798	  Camellia is a symmetric key block cipher developed jointly
799	  at NTT and Mitsubishi Electric Corporation.
800
801	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
802
803	  See also:
804	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
805
806config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
807	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
808	depends on X86 && 64BIT
809	depends on CRYPTO
810	select CRYPTO_ALGAPI
811	select CRYPTO_CRYPTD
812	select CRYPTO_ABLK_HELPER_X86
813	select CRYPTO_GLUE_HELPER_X86
814	select CRYPTO_CAMELLIA_X86_64
815	select CRYPTO_LRW
816	select CRYPTO_XTS
817	help
818	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
819
820	  Camellia is a symmetric key block cipher developed jointly
821	  at NTT and Mitsubishi Electric Corporation.
822
823	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
824
825	  See also:
826	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
827
828config CRYPTO_CAMELLIA_SPARC64
829	tristate "Camellia cipher algorithm (SPARC64)"
830	depends on SPARC64
831	depends on CRYPTO
832	select CRYPTO_ALGAPI
833	help
834	  Camellia cipher algorithm module (SPARC64).
835
836	  Camellia is a symmetric key block cipher developed jointly
837	  at NTT and Mitsubishi Electric Corporation.
838
839	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
840
841	  See also:
842	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
843
844config CRYPTO_CAST_COMMON
845	tristate
846	help
847	  Common parts of the CAST cipher algorithms shared by the
848	  generic c and the assembler implementations.
849
850config CRYPTO_CAST5
851	tristate "CAST5 (CAST-128) cipher algorithm"
852	select CRYPTO_ALGAPI
853	select CRYPTO_CAST_COMMON
854	help
855	  The CAST5 encryption algorithm (synonymous with CAST-128) is
856	  described in RFC2144.
857
858config CRYPTO_CAST5_AVX_X86_64
859	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
860	depends on X86 && 64BIT
861	select CRYPTO_ALGAPI
862	select CRYPTO_CRYPTD
863	select CRYPTO_ABLK_HELPER_X86
864	select CRYPTO_CAST_COMMON
865	select CRYPTO_CAST5
866	help
867	  The CAST5 encryption algorithm (synonymous with CAST-128) is
868	  described in RFC2144.
869
870	  This module provides the Cast5 cipher algorithm that processes
871	  sixteen blocks parallel using the AVX instruction set.
872
873config CRYPTO_CAST6
874	tristate "CAST6 (CAST-256) cipher algorithm"
875	select CRYPTO_ALGAPI
876	select CRYPTO_CAST_COMMON
877	help
878	  The CAST6 encryption algorithm (synonymous with CAST-256) is
879	  described in RFC2612.
880
881config CRYPTO_CAST6_AVX_X86_64
882	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
883	depends on X86 && 64BIT
884	select CRYPTO_ALGAPI
885	select CRYPTO_CRYPTD
886	select CRYPTO_ABLK_HELPER_X86
887	select CRYPTO_GLUE_HELPER_X86
888	select CRYPTO_CAST_COMMON
889	select CRYPTO_CAST6
890	select CRYPTO_LRW
891	select CRYPTO_XTS
892	help
893	  The CAST6 encryption algorithm (synonymous with CAST-256) is
894	  described in RFC2612.
895
896	  This module provides the Cast6 cipher algorithm that processes
897	  eight blocks parallel using the AVX instruction set.
898
899config CRYPTO_DES
900	tristate "DES and Triple DES EDE cipher algorithms"
901	select CRYPTO_ALGAPI
902	help
903	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
904
905config CRYPTO_DES_SPARC64
906	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
907	depends on SPARC64
908	select CRYPTO_ALGAPI
909	select CRYPTO_DES
910	help
911	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
912	  optimized using SPARC64 crypto opcodes.
913
914config CRYPTO_FCRYPT
915	tristate "FCrypt cipher algorithm"
916	select CRYPTO_ALGAPI
917	select CRYPTO_BLKCIPHER
918	help
919	  FCrypt algorithm used by RxRPC.
920
921config CRYPTO_KHAZAD
922	tristate "Khazad cipher algorithm"
923	select CRYPTO_ALGAPI
924	help
925	  Khazad cipher algorithm.
926
927	  Khazad was a finalist in the initial NESSIE competition.  It is
928	  an algorithm optimized for 64-bit processors with good performance
929	  on 32-bit processors.  Khazad uses an 128 bit key size.
930
931	  See also:
932	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
933
934config CRYPTO_SALSA20
935	tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
936	depends on EXPERIMENTAL
937	select CRYPTO_BLKCIPHER
938	help
939	  Salsa20 stream cipher algorithm.
940
941	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
942	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
943
944	  The Salsa20 stream cipher algorithm is designed by Daniel J.
945	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
946
947config CRYPTO_SALSA20_586
948	tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
949	depends on (X86 || UML_X86) && !64BIT
950	depends on EXPERIMENTAL
951	select CRYPTO_BLKCIPHER
952	help
953	  Salsa20 stream cipher algorithm.
954
955	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
956	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
957
958	  The Salsa20 stream cipher algorithm is designed by Daniel J.
959	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
960
961config CRYPTO_SALSA20_X86_64
962	tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
963	depends on (X86 || UML_X86) && 64BIT
964	depends on EXPERIMENTAL
965	select CRYPTO_BLKCIPHER
966	help
967	  Salsa20 stream cipher algorithm.
968
969	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
970	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
971
972	  The Salsa20 stream cipher algorithm is designed by Daniel J.
973	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
974
975config CRYPTO_SEED
976	tristate "SEED cipher algorithm"
977	select CRYPTO_ALGAPI
978	help
979	  SEED cipher algorithm (RFC4269).
980
981	  SEED is a 128-bit symmetric key block cipher that has been
982	  developed by KISA (Korea Information Security Agency) as a
983	  national standard encryption algorithm of the Republic of Korea.
984	  It is a 16 round block cipher with the key size of 128 bit.
985
986	  See also:
987	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
988
989config CRYPTO_SERPENT
990	tristate "Serpent cipher algorithm"
991	select CRYPTO_ALGAPI
992	help
993	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
994
995	  Keys are allowed to be from 0 to 256 bits in length, in steps
996	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
997	  variant of Serpent for compatibility with old kerneli.org code.
998
999	  See also:
1000	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1001
1002config CRYPTO_SERPENT_SSE2_X86_64
1003	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1004	depends on X86 && 64BIT
1005	select CRYPTO_ALGAPI
1006	select CRYPTO_CRYPTD
1007	select CRYPTO_ABLK_HELPER_X86
1008	select CRYPTO_GLUE_HELPER_X86
1009	select CRYPTO_SERPENT
1010	select CRYPTO_LRW
1011	select CRYPTO_XTS
1012	help
1013	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1014
1015	  Keys are allowed to be from 0 to 256 bits in length, in steps
1016	  of 8 bits.
1017
1018	  This module provides Serpent cipher algorithm that processes eigth
1019	  blocks parallel using SSE2 instruction set.
1020
1021	  See also:
1022	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1023
1024config CRYPTO_SERPENT_SSE2_586
1025	tristate "Serpent cipher algorithm (i586/SSE2)"
1026	depends on X86 && !64BIT
1027	select CRYPTO_ALGAPI
1028	select CRYPTO_CRYPTD
1029	select CRYPTO_ABLK_HELPER_X86
1030	select CRYPTO_GLUE_HELPER_X86
1031	select CRYPTO_SERPENT
1032	select CRYPTO_LRW
1033	select CRYPTO_XTS
1034	help
1035	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1036
1037	  Keys are allowed to be from 0 to 256 bits in length, in steps
1038	  of 8 bits.
1039
1040	  This module provides Serpent cipher algorithm that processes four
1041	  blocks parallel using SSE2 instruction set.
1042
1043	  See also:
1044	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1045
1046config CRYPTO_SERPENT_AVX_X86_64
1047	tristate "Serpent cipher algorithm (x86_64/AVX)"
1048	depends on X86 && 64BIT
1049	select CRYPTO_ALGAPI
1050	select CRYPTO_CRYPTD
1051	select CRYPTO_ABLK_HELPER_X86
1052	select CRYPTO_GLUE_HELPER_X86
1053	select CRYPTO_SERPENT
1054	select CRYPTO_LRW
1055	select CRYPTO_XTS
1056	help
1057	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1058
1059	  Keys are allowed to be from 0 to 256 bits in length, in steps
1060	  of 8 bits.
1061
1062	  This module provides the Serpent cipher algorithm that processes
1063	  eight blocks parallel using the AVX instruction set.
1064
1065	  See also:
1066	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1067
1068config CRYPTO_TEA
1069	tristate "TEA, XTEA and XETA cipher algorithms"
1070	select CRYPTO_ALGAPI
1071	help
1072	  TEA cipher algorithm.
1073
1074	  Tiny Encryption Algorithm is a simple cipher that uses
1075	  many rounds for security.  It is very fast and uses
1076	  little memory.
1077
1078	  Xtendend Tiny Encryption Algorithm is a modification to
1079	  the TEA algorithm to address a potential key weakness
1080	  in the TEA algorithm.
1081
1082	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1083	  of the XTEA algorithm for compatibility purposes.
1084
1085config CRYPTO_TWOFISH
1086	tristate "Twofish cipher algorithm"
1087	select CRYPTO_ALGAPI
1088	select CRYPTO_TWOFISH_COMMON
1089	help
1090	  Twofish cipher algorithm.
1091
1092	  Twofish was submitted as an AES (Advanced Encryption Standard)
1093	  candidate cipher by researchers at CounterPane Systems.  It is a
1094	  16 round block cipher supporting key sizes of 128, 192, and 256
1095	  bits.
1096
1097	  See also:
1098	  <http://www.schneier.com/twofish.html>
1099
1100config CRYPTO_TWOFISH_COMMON
1101	tristate
1102	help
1103	  Common parts of the Twofish cipher algorithm shared by the
1104	  generic c and the assembler implementations.
1105
1106config CRYPTO_TWOFISH_586
1107	tristate "Twofish cipher algorithms (i586)"
1108	depends on (X86 || UML_X86) && !64BIT
1109	select CRYPTO_ALGAPI
1110	select CRYPTO_TWOFISH_COMMON
1111	help
1112	  Twofish cipher algorithm.
1113
1114	  Twofish was submitted as an AES (Advanced Encryption Standard)
1115	  candidate cipher by researchers at CounterPane Systems.  It is a
1116	  16 round block cipher supporting key sizes of 128, 192, and 256
1117	  bits.
1118
1119	  See also:
1120	  <http://www.schneier.com/twofish.html>
1121
1122config CRYPTO_TWOFISH_X86_64
1123	tristate "Twofish cipher algorithm (x86_64)"
1124	depends on (X86 || UML_X86) && 64BIT
1125	select CRYPTO_ALGAPI
1126	select CRYPTO_TWOFISH_COMMON
1127	help
1128	  Twofish cipher algorithm (x86_64).
1129
1130	  Twofish was submitted as an AES (Advanced Encryption Standard)
1131	  candidate cipher by researchers at CounterPane Systems.  It is a
1132	  16 round block cipher supporting key sizes of 128, 192, and 256
1133	  bits.
1134
1135	  See also:
1136	  <http://www.schneier.com/twofish.html>
1137
1138config CRYPTO_TWOFISH_X86_64_3WAY
1139	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1140	depends on X86 && 64BIT
1141	select CRYPTO_ALGAPI
1142	select CRYPTO_TWOFISH_COMMON
1143	select CRYPTO_TWOFISH_X86_64
1144	select CRYPTO_GLUE_HELPER_X86
1145	select CRYPTO_LRW
1146	select CRYPTO_XTS
1147	help
1148	  Twofish cipher algorithm (x86_64, 3-way parallel).
1149
1150	  Twofish was submitted as an AES (Advanced Encryption Standard)
1151	  candidate cipher by researchers at CounterPane Systems.  It is a
1152	  16 round block cipher supporting key sizes of 128, 192, and 256
1153	  bits.
1154
1155	  This module provides Twofish cipher algorithm that processes three
1156	  blocks parallel, utilizing resources of out-of-order CPUs better.
1157
1158	  See also:
1159	  <http://www.schneier.com/twofish.html>
1160
1161config CRYPTO_TWOFISH_AVX_X86_64
1162	tristate "Twofish cipher algorithm (x86_64/AVX)"
1163	depends on X86 && 64BIT
1164	select CRYPTO_ALGAPI
1165	select CRYPTO_CRYPTD
1166	select CRYPTO_ABLK_HELPER_X86
1167	select CRYPTO_GLUE_HELPER_X86
1168	select CRYPTO_TWOFISH_COMMON
1169	select CRYPTO_TWOFISH_X86_64
1170	select CRYPTO_TWOFISH_X86_64_3WAY
1171	select CRYPTO_LRW
1172	select CRYPTO_XTS
1173	help
1174	  Twofish cipher algorithm (x86_64/AVX).
1175
1176	  Twofish was submitted as an AES (Advanced Encryption Standard)
1177	  candidate cipher by researchers at CounterPane Systems.  It is a
1178	  16 round block cipher supporting key sizes of 128, 192, and 256
1179	  bits.
1180
1181	  This module provides the Twofish cipher algorithm that processes
1182	  eight blocks parallel using the AVX Instruction Set.
1183
1184	  See also:
1185	  <http://www.schneier.com/twofish.html>
1186
1187comment "Compression"
1188
1189config CRYPTO_DEFLATE
1190	tristate "Deflate compression algorithm"
1191	select CRYPTO_ALGAPI
1192	select ZLIB_INFLATE
1193	select ZLIB_DEFLATE
1194	help
1195	  This is the Deflate algorithm (RFC1951), specified for use in
1196	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1197
1198	  You will most probably want this if using IPSec.
1199
1200config CRYPTO_ZLIB
1201	tristate "Zlib compression algorithm"
1202	select CRYPTO_PCOMP
1203	select ZLIB_INFLATE
1204	select ZLIB_DEFLATE
1205	select NLATTR
1206	help
1207	  This is the zlib algorithm.
1208
1209config CRYPTO_LZO
1210	tristate "LZO compression algorithm"
1211	select CRYPTO_ALGAPI
1212	select LZO_COMPRESS
1213	select LZO_DECOMPRESS
1214	help
1215	  This is the LZO algorithm.
1216
1217config CRYPTO_842
1218	tristate "842 compression algorithm"
1219	depends on CRYPTO_DEV_NX_COMPRESS
1220	# 842 uses lzo if the hardware becomes unavailable
1221	select LZO_COMPRESS
1222	select LZO_DECOMPRESS
1223	help
1224	  This is the 842 algorithm.
1225
1226comment "Random Number Generation"
1227
1228config CRYPTO_ANSI_CPRNG
1229	tristate "Pseudo Random Number Generation for Cryptographic modules"
1230	default m
1231	select CRYPTO_AES
1232	select CRYPTO_RNG
1233	help
1234	  This option enables the generic pseudo random number generator
1235	  for cryptographic modules.  Uses the Algorithm specified in
1236	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1237	  CRYPTO_FIPS is selected
1238
1239config CRYPTO_USER_API
1240	tristate
1241
1242config CRYPTO_USER_API_HASH
1243	tristate "User-space interface for hash algorithms"
1244	depends on NET
1245	select CRYPTO_HASH
1246	select CRYPTO_USER_API
1247	help
1248	  This option enables the user-spaces interface for hash
1249	  algorithms.
1250
1251config CRYPTO_USER_API_SKCIPHER
1252	tristate "User-space interface for symmetric key cipher algorithms"
1253	depends on NET
1254	select CRYPTO_BLKCIPHER
1255	select CRYPTO_USER_API
1256	help
1257	  This option enables the user-spaces interface for symmetric
1258	  key cipher algorithms.
1259
1260source "drivers/crypto/Kconfig"
1261source crypto/asymmetric_keys/Kconfig
1262
1263endif	# if CRYPTO
1264