1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 27 depends on (MODULE_SIG || !MODULES) 28 help 29 This options enables the fips boot option which is 30 required if you want to system to operate in a FIPS 200 31 certification. You should say no unless you know what 32 this is. 33 34config CRYPTO_ALGAPI 35 tristate 36 select CRYPTO_ALGAPI2 37 help 38 This option provides the API for cryptographic algorithms. 39 40config CRYPTO_ALGAPI2 41 tristate 42 43config CRYPTO_AEAD 44 tristate 45 select CRYPTO_AEAD2 46 select CRYPTO_ALGAPI 47 48config CRYPTO_AEAD2 49 tristate 50 select CRYPTO_ALGAPI2 51 select CRYPTO_NULL2 52 select CRYPTO_RNG2 53 54config CRYPTO_BLKCIPHER 55 tristate 56 select CRYPTO_BLKCIPHER2 57 select CRYPTO_ALGAPI 58 59config CRYPTO_BLKCIPHER2 60 tristate 61 select CRYPTO_ALGAPI2 62 select CRYPTO_RNG2 63 select CRYPTO_WORKQUEUE 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 109config CRYPTO_ACOMP 110 tristate 111 select CRYPTO_ALGAPI 112 select CRYPTO_ACOMP2 113 114config CRYPTO_RSA 115 tristate "RSA algorithm" 116 select CRYPTO_AKCIPHER 117 select CRYPTO_MANAGER 118 select MPILIB 119 select ASN1 120 help 121 Generic implementation of the RSA public key algorithm. 122 123config CRYPTO_DH 124 tristate "Diffie-Hellman algorithm" 125 select CRYPTO_KPP 126 select MPILIB 127 help 128 Generic implementation of the Diffie-Hellman algorithm. 129 130config CRYPTO_ECDH 131 tristate "ECDH algorithm" 132 select CRYTPO_KPP 133 select CRYPTO_RNG_DEFAULT 134 help 135 Generic implementation of the ECDH algorithm 136 137config CRYPTO_MANAGER 138 tristate "Cryptographic algorithm manager" 139 select CRYPTO_MANAGER2 140 help 141 Create default cryptographic template instantiations such as 142 cbc(aes). 143 144config CRYPTO_MANAGER2 145 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 146 select CRYPTO_AEAD2 147 select CRYPTO_HASH2 148 select CRYPTO_BLKCIPHER2 149 select CRYPTO_AKCIPHER2 150 select CRYPTO_KPP2 151 select CRYPTO_ACOMP2 152 153config CRYPTO_USER 154 tristate "Userspace cryptographic algorithm configuration" 155 depends on NET 156 select CRYPTO_MANAGER 157 help 158 Userspace configuration for cryptographic instantiations such as 159 cbc(aes). 160 161config CRYPTO_MANAGER_DISABLE_TESTS 162 bool "Disable run-time self tests" 163 default y 164 depends on CRYPTO_MANAGER2 165 help 166 Disable run-time self tests that normally take place at 167 algorithm registration. 168 169config CRYPTO_GF128MUL 170 tristate "GF(2^128) multiplication functions" 171 help 172 Efficient table driven implementation of multiplications in the 173 field GF(2^128). This is needed by some cypher modes. This 174 option will be selected automatically if you select such a 175 cipher mode. Only select this option by hand if you expect to load 176 an external module that requires these functions. 177 178config CRYPTO_NULL 179 tristate "Null algorithms" 180 select CRYPTO_NULL2 181 help 182 These are 'Null' algorithms, used by IPsec, which do nothing. 183 184config CRYPTO_NULL2 185 tristate 186 select CRYPTO_ALGAPI2 187 select CRYPTO_BLKCIPHER2 188 select CRYPTO_HASH2 189 190config CRYPTO_PCRYPT 191 tristate "Parallel crypto engine" 192 depends on SMP 193 select PADATA 194 select CRYPTO_MANAGER 195 select CRYPTO_AEAD 196 help 197 This converts an arbitrary crypto algorithm into a parallel 198 algorithm that executes in kernel threads. 199 200config CRYPTO_WORKQUEUE 201 tristate 202 203config CRYPTO_CRYPTD 204 tristate "Software async crypto daemon" 205 select CRYPTO_BLKCIPHER 206 select CRYPTO_HASH 207 select CRYPTO_MANAGER 208 select CRYPTO_WORKQUEUE 209 help 210 This is a generic software asynchronous crypto daemon that 211 converts an arbitrary synchronous software crypto algorithm 212 into an asynchronous algorithm that executes in a kernel thread. 213 214config CRYPTO_MCRYPTD 215 tristate "Software async multi-buffer crypto daemon" 216 select CRYPTO_BLKCIPHER 217 select CRYPTO_HASH 218 select CRYPTO_MANAGER 219 select CRYPTO_WORKQUEUE 220 help 221 This is a generic software asynchronous crypto daemon that 222 provides the kernel thread to assist multi-buffer crypto 223 algorithms for submitting jobs and flushing jobs in multi-buffer 224 crypto algorithms. Multi-buffer crypto algorithms are executed 225 in the context of this kernel thread and drivers can post 226 their crypto request asynchronously to be processed by this daemon. 227 228config CRYPTO_AUTHENC 229 tristate "Authenc support" 230 select CRYPTO_AEAD 231 select CRYPTO_BLKCIPHER 232 select CRYPTO_MANAGER 233 select CRYPTO_HASH 234 select CRYPTO_NULL 235 help 236 Authenc: Combined mode wrapper for IPsec. 237 This is required for IPSec. 238 239config CRYPTO_TEST 240 tristate "Testing module" 241 depends on m 242 select CRYPTO_MANAGER 243 help 244 Quick & dirty crypto test module. 245 246config CRYPTO_ABLK_HELPER 247 tristate 248 select CRYPTO_CRYPTD 249 250config CRYPTO_SIMD 251 tristate 252 select CRYPTO_CRYPTD 253 254config CRYPTO_GLUE_HELPER_X86 255 tristate 256 depends on X86 257 select CRYPTO_BLKCIPHER 258 259config CRYPTO_ENGINE 260 tristate 261 262comment "Authenticated Encryption with Associated Data" 263 264config CRYPTO_CCM 265 tristate "CCM support" 266 select CRYPTO_CTR 267 select CRYPTO_HASH 268 select CRYPTO_AEAD 269 help 270 Support for Counter with CBC MAC. Required for IPsec. 271 272config CRYPTO_GCM 273 tristate "GCM/GMAC support" 274 select CRYPTO_CTR 275 select CRYPTO_AEAD 276 select CRYPTO_GHASH 277 select CRYPTO_NULL 278 help 279 Support for Galois/Counter Mode (GCM) and Galois Message 280 Authentication Code (GMAC). Required for IPSec. 281 282config CRYPTO_CHACHA20POLY1305 283 tristate "ChaCha20-Poly1305 AEAD support" 284 select CRYPTO_CHACHA20 285 select CRYPTO_POLY1305 286 select CRYPTO_AEAD 287 help 288 ChaCha20-Poly1305 AEAD support, RFC7539. 289 290 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 291 with the Poly1305 authenticator. It is defined in RFC7539 for use in 292 IETF protocols. 293 294config CRYPTO_SEQIV 295 tristate "Sequence Number IV Generator" 296 select CRYPTO_AEAD 297 select CRYPTO_BLKCIPHER 298 select CRYPTO_NULL 299 select CRYPTO_RNG_DEFAULT 300 help 301 This IV generator generates an IV based on a sequence number by 302 xoring it with a salt. This algorithm is mainly useful for CTR 303 304config CRYPTO_ECHAINIV 305 tristate "Encrypted Chain IV Generator" 306 select CRYPTO_AEAD 307 select CRYPTO_NULL 308 select CRYPTO_RNG_DEFAULT 309 default m 310 help 311 This IV generator generates an IV based on the encryption of 312 a sequence number xored with a salt. This is the default 313 algorithm for CBC. 314 315comment "Block modes" 316 317config CRYPTO_CBC 318 tristate "CBC support" 319 select CRYPTO_BLKCIPHER 320 select CRYPTO_MANAGER 321 help 322 CBC: Cipher Block Chaining mode 323 This block cipher algorithm is required for IPSec. 324 325config CRYPTO_CTR 326 tristate "CTR support" 327 select CRYPTO_BLKCIPHER 328 select CRYPTO_SEQIV 329 select CRYPTO_MANAGER 330 help 331 CTR: Counter mode 332 This block cipher algorithm is required for IPSec. 333 334config CRYPTO_CTS 335 tristate "CTS support" 336 select CRYPTO_BLKCIPHER 337 help 338 CTS: Cipher Text Stealing 339 This is the Cipher Text Stealing mode as described by 340 Section 8 of rfc2040 and referenced by rfc3962. 341 (rfc3962 includes errata information in its Appendix A) 342 This mode is required for Kerberos gss mechanism support 343 for AES encryption. 344 345config CRYPTO_ECB 346 tristate "ECB support" 347 select CRYPTO_BLKCIPHER 348 select CRYPTO_MANAGER 349 help 350 ECB: Electronic CodeBook mode 351 This is the simplest block cipher algorithm. It simply encrypts 352 the input block by block. 353 354config CRYPTO_LRW 355 tristate "LRW support" 356 select CRYPTO_BLKCIPHER 357 select CRYPTO_MANAGER 358 select CRYPTO_GF128MUL 359 help 360 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 361 narrow block cipher mode for dm-crypt. Use it with cipher 362 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 363 The first 128, 192 or 256 bits in the key are used for AES and the 364 rest is used to tie each cipher block to its logical position. 365 366config CRYPTO_PCBC 367 tristate "PCBC support" 368 select CRYPTO_BLKCIPHER 369 select CRYPTO_MANAGER 370 help 371 PCBC: Propagating Cipher Block Chaining mode 372 This block cipher algorithm is required for RxRPC. 373 374config CRYPTO_XTS 375 tristate "XTS support" 376 select CRYPTO_BLKCIPHER 377 select CRYPTO_MANAGER 378 select CRYPTO_ECB 379 help 380 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 381 key size 256, 384 or 512 bits. This implementation currently 382 can't handle a sectorsize which is not a multiple of 16 bytes. 383 384config CRYPTO_KEYWRAP 385 tristate "Key wrapping support" 386 select CRYPTO_BLKCIPHER 387 help 388 Support for key wrapping (NIST SP800-38F / RFC3394) without 389 padding. 390 391comment "Hash modes" 392 393config CRYPTO_CMAC 394 tristate "CMAC support" 395 select CRYPTO_HASH 396 select CRYPTO_MANAGER 397 help 398 Cipher-based Message Authentication Code (CMAC) specified by 399 The National Institute of Standards and Technology (NIST). 400 401 https://tools.ietf.org/html/rfc4493 402 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 403 404config CRYPTO_HMAC 405 tristate "HMAC support" 406 select CRYPTO_HASH 407 select CRYPTO_MANAGER 408 help 409 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 410 This is required for IPSec. 411 412config CRYPTO_XCBC 413 tristate "XCBC support" 414 select CRYPTO_HASH 415 select CRYPTO_MANAGER 416 help 417 XCBC: Keyed-Hashing with encryption algorithm 418 http://www.ietf.org/rfc/rfc3566.txt 419 http://csrc.nist.gov/encryption/modes/proposedmodes/ 420 xcbc-mac/xcbc-mac-spec.pdf 421 422config CRYPTO_VMAC 423 tristate "VMAC support" 424 select CRYPTO_HASH 425 select CRYPTO_MANAGER 426 help 427 VMAC is a message authentication algorithm designed for 428 very high speed on 64-bit architectures. 429 430 See also: 431 <http://fastcrypto.org/vmac> 432 433comment "Digest" 434 435config CRYPTO_CRC32C 436 tristate "CRC32c CRC algorithm" 437 select CRYPTO_HASH 438 select CRC32 439 help 440 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 441 by iSCSI for header and data digests and by others. 442 See Castagnoli93. Module will be crc32c. 443 444config CRYPTO_CRC32C_INTEL 445 tristate "CRC32c INTEL hardware acceleration" 446 depends on X86 447 select CRYPTO_HASH 448 help 449 In Intel processor with SSE4.2 supported, the processor will 450 support CRC32C implementation using hardware accelerated CRC32 451 instruction. This option will create 'crc32c-intel' module, 452 which will enable any routine to use the CRC32 instruction to 453 gain performance compared with software implementation. 454 Module will be crc32c-intel. 455 456config CRYPTO_CRC32C_VPMSUM 457 tristate "CRC32c CRC algorithm (powerpc64)" 458 depends on PPC64 && ALTIVEC 459 select CRYPTO_HASH 460 select CRC32 461 help 462 CRC32c algorithm implemented using vector polynomial multiply-sum 463 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 464 and newer processors for improved performance. 465 466 467config CRYPTO_CRC32C_SPARC64 468 tristate "CRC32c CRC algorithm (SPARC64)" 469 depends on SPARC64 470 select CRYPTO_HASH 471 select CRC32 472 help 473 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 474 when available. 475 476config CRYPTO_CRC32 477 tristate "CRC32 CRC algorithm" 478 select CRYPTO_HASH 479 select CRC32 480 help 481 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 482 Shash crypto api wrappers to crc32_le function. 483 484config CRYPTO_CRC32_PCLMUL 485 tristate "CRC32 PCLMULQDQ hardware acceleration" 486 depends on X86 487 select CRYPTO_HASH 488 select CRC32 489 help 490 From Intel Westmere and AMD Bulldozer processor with SSE4.2 491 and PCLMULQDQ supported, the processor will support 492 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 493 instruction. This option will create 'crc32-plcmul' module, 494 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 495 and gain better performance as compared with the table implementation. 496 497config CRYPTO_CRCT10DIF 498 tristate "CRCT10DIF algorithm" 499 select CRYPTO_HASH 500 help 501 CRC T10 Data Integrity Field computation is being cast as 502 a crypto transform. This allows for faster crc t10 diff 503 transforms to be used if they are available. 504 505config CRYPTO_CRCT10DIF_PCLMUL 506 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 507 depends on X86 && 64BIT && CRC_T10DIF 508 select CRYPTO_HASH 509 help 510 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 511 CRC T10 DIF PCLMULQDQ computation can be hardware 512 accelerated PCLMULQDQ instruction. This option will create 513 'crct10dif-plcmul' module, which is faster when computing the 514 crct10dif checksum as compared with the generic table implementation. 515 516config CRYPTO_CRCT10DIF_VPMSUM 517 tristate "CRC32T10DIF powerpc64 hardware acceleration" 518 depends on PPC64 && ALTIVEC && CRC_T10DIF 519 select CRYPTO_HASH 520 help 521 CRC10T10DIF algorithm implemented using vector polynomial 522 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 523 POWER8 and newer processors for improved performance. 524 525config CRYPTO_VPMSUM_TESTER 526 tristate "Powerpc64 vpmsum hardware acceleration tester" 527 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 528 help 529 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 530 POWER8 vpmsum instructions. 531 Unless you are testing these algorithms, you don't need this. 532 533config CRYPTO_GHASH 534 tristate "GHASH digest algorithm" 535 select CRYPTO_GF128MUL 536 select CRYPTO_HASH 537 help 538 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 539 540config CRYPTO_POLY1305 541 tristate "Poly1305 authenticator algorithm" 542 select CRYPTO_HASH 543 help 544 Poly1305 authenticator algorithm, RFC7539. 545 546 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 547 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 548 in IETF protocols. This is the portable C implementation of Poly1305. 549 550config CRYPTO_POLY1305_X86_64 551 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 552 depends on X86 && 64BIT 553 select CRYPTO_POLY1305 554 help 555 Poly1305 authenticator algorithm, RFC7539. 556 557 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 558 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 559 in IETF protocols. This is the x86_64 assembler implementation using SIMD 560 instructions. 561 562config CRYPTO_MD4 563 tristate "MD4 digest algorithm" 564 select CRYPTO_HASH 565 help 566 MD4 message digest algorithm (RFC1320). 567 568config CRYPTO_MD5 569 tristate "MD5 digest algorithm" 570 select CRYPTO_HASH 571 help 572 MD5 message digest algorithm (RFC1321). 573 574config CRYPTO_MD5_OCTEON 575 tristate "MD5 digest algorithm (OCTEON)" 576 depends on CPU_CAVIUM_OCTEON 577 select CRYPTO_MD5 578 select CRYPTO_HASH 579 help 580 MD5 message digest algorithm (RFC1321) implemented 581 using OCTEON crypto instructions, when available. 582 583config CRYPTO_MD5_PPC 584 tristate "MD5 digest algorithm (PPC)" 585 depends on PPC 586 select CRYPTO_HASH 587 help 588 MD5 message digest algorithm (RFC1321) implemented 589 in PPC assembler. 590 591config CRYPTO_MD5_SPARC64 592 tristate "MD5 digest algorithm (SPARC64)" 593 depends on SPARC64 594 select CRYPTO_MD5 595 select CRYPTO_HASH 596 help 597 MD5 message digest algorithm (RFC1321) implemented 598 using sparc64 crypto instructions, when available. 599 600config CRYPTO_MICHAEL_MIC 601 tristate "Michael MIC keyed digest algorithm" 602 select CRYPTO_HASH 603 help 604 Michael MIC is used for message integrity protection in TKIP 605 (IEEE 802.11i). This algorithm is required for TKIP, but it 606 should not be used for other purposes because of the weakness 607 of the algorithm. 608 609config CRYPTO_RMD128 610 tristate "RIPEMD-128 digest algorithm" 611 select CRYPTO_HASH 612 help 613 RIPEMD-128 (ISO/IEC 10118-3:2004). 614 615 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 616 be used as a secure replacement for RIPEMD. For other use cases, 617 RIPEMD-160 should be used. 618 619 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 620 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 621 622config CRYPTO_RMD160 623 tristate "RIPEMD-160 digest algorithm" 624 select CRYPTO_HASH 625 help 626 RIPEMD-160 (ISO/IEC 10118-3:2004). 627 628 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 629 to be used as a secure replacement for the 128-bit hash functions 630 MD4, MD5 and it's predecessor RIPEMD 631 (not to be confused with RIPEMD-128). 632 633 It's speed is comparable to SHA1 and there are no known attacks 634 against RIPEMD-160. 635 636 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 637 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 638 639config CRYPTO_RMD256 640 tristate "RIPEMD-256 digest algorithm" 641 select CRYPTO_HASH 642 help 643 RIPEMD-256 is an optional extension of RIPEMD-128 with a 644 256 bit hash. It is intended for applications that require 645 longer hash-results, without needing a larger security level 646 (than RIPEMD-128). 647 648 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 649 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 650 651config CRYPTO_RMD320 652 tristate "RIPEMD-320 digest algorithm" 653 select CRYPTO_HASH 654 help 655 RIPEMD-320 is an optional extension of RIPEMD-160 with a 656 320 bit hash. It is intended for applications that require 657 longer hash-results, without needing a larger security level 658 (than RIPEMD-160). 659 660 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 661 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 662 663config CRYPTO_SHA1 664 tristate "SHA1 digest algorithm" 665 select CRYPTO_HASH 666 help 667 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 668 669config CRYPTO_SHA1_SSSE3 670 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 671 depends on X86 && 64BIT 672 select CRYPTO_SHA1 673 select CRYPTO_HASH 674 help 675 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 676 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 677 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 678 when available. 679 680config CRYPTO_SHA256_SSSE3 681 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 682 depends on X86 && 64BIT 683 select CRYPTO_SHA256 684 select CRYPTO_HASH 685 help 686 SHA-256 secure hash standard (DFIPS 180-2) implemented 687 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 688 Extensions version 1 (AVX1), or Advanced Vector Extensions 689 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 690 Instructions) when available. 691 692config CRYPTO_SHA512_SSSE3 693 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 694 depends on X86 && 64BIT 695 select CRYPTO_SHA512 696 select CRYPTO_HASH 697 help 698 SHA-512 secure hash standard (DFIPS 180-2) implemented 699 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 700 Extensions version 1 (AVX1), or Advanced Vector Extensions 701 version 2 (AVX2) instructions, when available. 702 703config CRYPTO_SHA1_OCTEON 704 tristate "SHA1 digest algorithm (OCTEON)" 705 depends on CPU_CAVIUM_OCTEON 706 select CRYPTO_SHA1 707 select CRYPTO_HASH 708 help 709 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 710 using OCTEON crypto instructions, when available. 711 712config CRYPTO_SHA1_SPARC64 713 tristate "SHA1 digest algorithm (SPARC64)" 714 depends on SPARC64 715 select CRYPTO_SHA1 716 select CRYPTO_HASH 717 help 718 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 719 using sparc64 crypto instructions, when available. 720 721config CRYPTO_SHA1_PPC 722 tristate "SHA1 digest algorithm (powerpc)" 723 depends on PPC 724 help 725 This is the powerpc hardware accelerated implementation of the 726 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 727 728config CRYPTO_SHA1_PPC_SPE 729 tristate "SHA1 digest algorithm (PPC SPE)" 730 depends on PPC && SPE 731 help 732 SHA-1 secure hash standard (DFIPS 180-4) implemented 733 using powerpc SPE SIMD instruction set. 734 735config CRYPTO_SHA1_MB 736 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 737 depends on X86 && 64BIT 738 select CRYPTO_SHA1 739 select CRYPTO_HASH 740 select CRYPTO_MCRYPTD 741 help 742 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 743 using multi-buffer technique. This algorithm computes on 744 multiple data lanes concurrently with SIMD instructions for 745 better throughput. It should not be enabled by default but 746 used when there is significant amount of work to keep the keep 747 the data lanes filled to get performance benefit. If the data 748 lanes remain unfilled, a flush operation will be initiated to 749 process the crypto jobs, adding a slight latency. 750 751config CRYPTO_SHA256_MB 752 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)" 753 depends on X86 && 64BIT 754 select CRYPTO_SHA256 755 select CRYPTO_HASH 756 select CRYPTO_MCRYPTD 757 help 758 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 759 using multi-buffer technique. This algorithm computes on 760 multiple data lanes concurrently with SIMD instructions for 761 better throughput. It should not be enabled by default but 762 used when there is significant amount of work to keep the keep 763 the data lanes filled to get performance benefit. If the data 764 lanes remain unfilled, a flush operation will be initiated to 765 process the crypto jobs, adding a slight latency. 766 767config CRYPTO_SHA512_MB 768 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)" 769 depends on X86 && 64BIT 770 select CRYPTO_SHA512 771 select CRYPTO_HASH 772 select CRYPTO_MCRYPTD 773 help 774 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 775 using multi-buffer technique. This algorithm computes on 776 multiple data lanes concurrently with SIMD instructions for 777 better throughput. It should not be enabled by default but 778 used when there is significant amount of work to keep the keep 779 the data lanes filled to get performance benefit. If the data 780 lanes remain unfilled, a flush operation will be initiated to 781 process the crypto jobs, adding a slight latency. 782 783config CRYPTO_SHA256 784 tristate "SHA224 and SHA256 digest algorithm" 785 select CRYPTO_HASH 786 help 787 SHA256 secure hash standard (DFIPS 180-2). 788 789 This version of SHA implements a 256 bit hash with 128 bits of 790 security against collision attacks. 791 792 This code also includes SHA-224, a 224 bit hash with 112 bits 793 of security against collision attacks. 794 795config CRYPTO_SHA256_PPC_SPE 796 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 797 depends on PPC && SPE 798 select CRYPTO_SHA256 799 select CRYPTO_HASH 800 help 801 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 802 implemented using powerpc SPE SIMD instruction set. 803 804config CRYPTO_SHA256_OCTEON 805 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 806 depends on CPU_CAVIUM_OCTEON 807 select CRYPTO_SHA256 808 select CRYPTO_HASH 809 help 810 SHA-256 secure hash standard (DFIPS 180-2) implemented 811 using OCTEON crypto instructions, when available. 812 813config CRYPTO_SHA256_SPARC64 814 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 815 depends on SPARC64 816 select CRYPTO_SHA256 817 select CRYPTO_HASH 818 help 819 SHA-256 secure hash standard (DFIPS 180-2) implemented 820 using sparc64 crypto instructions, when available. 821 822config CRYPTO_SHA512 823 tristate "SHA384 and SHA512 digest algorithms" 824 select CRYPTO_HASH 825 help 826 SHA512 secure hash standard (DFIPS 180-2). 827 828 This version of SHA implements a 512 bit hash with 256 bits of 829 security against collision attacks. 830 831 This code also includes SHA-384, a 384 bit hash with 192 bits 832 of security against collision attacks. 833 834config CRYPTO_SHA512_OCTEON 835 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 836 depends on CPU_CAVIUM_OCTEON 837 select CRYPTO_SHA512 838 select CRYPTO_HASH 839 help 840 SHA-512 secure hash standard (DFIPS 180-2) implemented 841 using OCTEON crypto instructions, when available. 842 843config CRYPTO_SHA512_SPARC64 844 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 845 depends on SPARC64 846 select CRYPTO_SHA512 847 select CRYPTO_HASH 848 help 849 SHA-512 secure hash standard (DFIPS 180-2) implemented 850 using sparc64 crypto instructions, when available. 851 852config CRYPTO_SHA3 853 tristate "SHA3 digest algorithm" 854 select CRYPTO_HASH 855 help 856 SHA-3 secure hash standard (DFIPS 202). It's based on 857 cryptographic sponge function family called Keccak. 858 859 References: 860 http://keccak.noekeon.org/ 861 862config CRYPTO_TGR192 863 tristate "Tiger digest algorithms" 864 select CRYPTO_HASH 865 help 866 Tiger hash algorithm 192, 160 and 128-bit hashes 867 868 Tiger is a hash function optimized for 64-bit processors while 869 still having decent performance on 32-bit processors. 870 Tiger was developed by Ross Anderson and Eli Biham. 871 872 See also: 873 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 874 875config CRYPTO_WP512 876 tristate "Whirlpool digest algorithms" 877 select CRYPTO_HASH 878 help 879 Whirlpool hash algorithm 512, 384 and 256-bit hashes 880 881 Whirlpool-512 is part of the NESSIE cryptographic primitives. 882 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 883 884 See also: 885 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 886 887config CRYPTO_GHASH_CLMUL_NI_INTEL 888 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 889 depends on X86 && 64BIT 890 select CRYPTO_CRYPTD 891 help 892 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 893 The implementation is accelerated by CLMUL-NI of Intel. 894 895comment "Ciphers" 896 897config CRYPTO_AES 898 tristate "AES cipher algorithms" 899 select CRYPTO_ALGAPI 900 help 901 AES cipher algorithms (FIPS-197). AES uses the Rijndael 902 algorithm. 903 904 Rijndael appears to be consistently a very good performer in 905 both hardware and software across a wide range of computing 906 environments regardless of its use in feedback or non-feedback 907 modes. Its key setup time is excellent, and its key agility is 908 good. Rijndael's very low memory requirements make it very well 909 suited for restricted-space environments, in which it also 910 demonstrates excellent performance. Rijndael's operations are 911 among the easiest to defend against power and timing attacks. 912 913 The AES specifies three key sizes: 128, 192 and 256 bits 914 915 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 916 917config CRYPTO_AES_TI 918 tristate "Fixed time AES cipher" 919 select CRYPTO_ALGAPI 920 help 921 This is a generic implementation of AES that attempts to eliminate 922 data dependent latencies as much as possible without affecting 923 performance too much. It is intended for use by the generic CCM 924 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 925 solely on encryption (although decryption is supported as well, but 926 with a more dramatic performance hit) 927 928 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 929 8 for decryption), this implementation only uses just two S-boxes of 930 256 bytes each, and attempts to eliminate data dependent latencies by 931 prefetching the entire table into the cache at the start of each 932 block. 933 934config CRYPTO_AES_586 935 tristate "AES cipher algorithms (i586)" 936 depends on (X86 || UML_X86) && !64BIT 937 select CRYPTO_ALGAPI 938 select CRYPTO_AES 939 help 940 AES cipher algorithms (FIPS-197). AES uses the Rijndael 941 algorithm. 942 943 Rijndael appears to be consistently a very good performer in 944 both hardware and software across a wide range of computing 945 environments regardless of its use in feedback or non-feedback 946 modes. Its key setup time is excellent, and its key agility is 947 good. Rijndael's very low memory requirements make it very well 948 suited for restricted-space environments, in which it also 949 demonstrates excellent performance. Rijndael's operations are 950 among the easiest to defend against power and timing attacks. 951 952 The AES specifies three key sizes: 128, 192 and 256 bits 953 954 See <http://csrc.nist.gov/encryption/aes/> for more information. 955 956config CRYPTO_AES_X86_64 957 tristate "AES cipher algorithms (x86_64)" 958 depends on (X86 || UML_X86) && 64BIT 959 select CRYPTO_ALGAPI 960 select CRYPTO_AES 961 help 962 AES cipher algorithms (FIPS-197). AES uses the Rijndael 963 algorithm. 964 965 Rijndael appears to be consistently a very good performer in 966 both hardware and software across a wide range of computing 967 environments regardless of its use in feedback or non-feedback 968 modes. Its key setup time is excellent, and its key agility is 969 good. Rijndael's very low memory requirements make it very well 970 suited for restricted-space environments, in which it also 971 demonstrates excellent performance. Rijndael's operations are 972 among the easiest to defend against power and timing attacks. 973 974 The AES specifies three key sizes: 128, 192 and 256 bits 975 976 See <http://csrc.nist.gov/encryption/aes/> for more information. 977 978config CRYPTO_AES_NI_INTEL 979 tristate "AES cipher algorithms (AES-NI)" 980 depends on X86 981 select CRYPTO_AEAD 982 select CRYPTO_AES_X86_64 if 64BIT 983 select CRYPTO_AES_586 if !64BIT 984 select CRYPTO_ALGAPI 985 select CRYPTO_BLKCIPHER 986 select CRYPTO_GLUE_HELPER_X86 if 64BIT 987 select CRYPTO_SIMD 988 help 989 Use Intel AES-NI instructions for AES algorithm. 990 991 AES cipher algorithms (FIPS-197). AES uses the Rijndael 992 algorithm. 993 994 Rijndael appears to be consistently a very good performer in 995 both hardware and software across a wide range of computing 996 environments regardless of its use in feedback or non-feedback 997 modes. Its key setup time is excellent, and its key agility is 998 good. Rijndael's very low memory requirements make it very well 999 suited for restricted-space environments, in which it also 1000 demonstrates excellent performance. Rijndael's operations are 1001 among the easiest to defend against power and timing attacks. 1002 1003 The AES specifies three key sizes: 128, 192 and 256 bits 1004 1005 See <http://csrc.nist.gov/encryption/aes/> for more information. 1006 1007 In addition to AES cipher algorithm support, the acceleration 1008 for some popular block cipher mode is supported too, including 1009 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1010 acceleration for CTR. 1011 1012config CRYPTO_AES_SPARC64 1013 tristate "AES cipher algorithms (SPARC64)" 1014 depends on SPARC64 1015 select CRYPTO_CRYPTD 1016 select CRYPTO_ALGAPI 1017 help 1018 Use SPARC64 crypto opcodes for AES algorithm. 1019 1020 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1021 algorithm. 1022 1023 Rijndael appears to be consistently a very good performer in 1024 both hardware and software across a wide range of computing 1025 environments regardless of its use in feedback or non-feedback 1026 modes. Its key setup time is excellent, and its key agility is 1027 good. Rijndael's very low memory requirements make it very well 1028 suited for restricted-space environments, in which it also 1029 demonstrates excellent performance. Rijndael's operations are 1030 among the easiest to defend against power and timing attacks. 1031 1032 The AES specifies three key sizes: 128, 192 and 256 bits 1033 1034 See <http://csrc.nist.gov/encryption/aes/> for more information. 1035 1036 In addition to AES cipher algorithm support, the acceleration 1037 for some popular block cipher mode is supported too, including 1038 ECB and CBC. 1039 1040config CRYPTO_AES_PPC_SPE 1041 tristate "AES cipher algorithms (PPC SPE)" 1042 depends on PPC && SPE 1043 help 1044 AES cipher algorithms (FIPS-197). Additionally the acceleration 1045 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1046 This module should only be used for low power (router) devices 1047 without hardware AES acceleration (e.g. caam crypto). It reduces the 1048 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1049 timining attacks. Nevertheless it might be not as secure as other 1050 architecture specific assembler implementations that work on 1KB 1051 tables or 256 bytes S-boxes. 1052 1053config CRYPTO_ANUBIS 1054 tristate "Anubis cipher algorithm" 1055 select CRYPTO_ALGAPI 1056 help 1057 Anubis cipher algorithm. 1058 1059 Anubis is a variable key length cipher which can use keys from 1060 128 bits to 320 bits in length. It was evaluated as a entrant 1061 in the NESSIE competition. 1062 1063 See also: 1064 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1065 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1066 1067config CRYPTO_ARC4 1068 tristate "ARC4 cipher algorithm" 1069 select CRYPTO_BLKCIPHER 1070 help 1071 ARC4 cipher algorithm. 1072 1073 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1074 bits in length. This algorithm is required for driver-based 1075 WEP, but it should not be for other purposes because of the 1076 weakness of the algorithm. 1077 1078config CRYPTO_BLOWFISH 1079 tristate "Blowfish cipher algorithm" 1080 select CRYPTO_ALGAPI 1081 select CRYPTO_BLOWFISH_COMMON 1082 help 1083 Blowfish cipher algorithm, by Bruce Schneier. 1084 1085 This is a variable key length cipher which can use keys from 32 1086 bits to 448 bits in length. It's fast, simple and specifically 1087 designed for use on "large microprocessors". 1088 1089 See also: 1090 <http://www.schneier.com/blowfish.html> 1091 1092config CRYPTO_BLOWFISH_COMMON 1093 tristate 1094 help 1095 Common parts of the Blowfish cipher algorithm shared by the 1096 generic c and the assembler implementations. 1097 1098 See also: 1099 <http://www.schneier.com/blowfish.html> 1100 1101config CRYPTO_BLOWFISH_X86_64 1102 tristate "Blowfish cipher algorithm (x86_64)" 1103 depends on X86 && 64BIT 1104 select CRYPTO_ALGAPI 1105 select CRYPTO_BLOWFISH_COMMON 1106 help 1107 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1108 1109 This is a variable key length cipher which can use keys from 32 1110 bits to 448 bits in length. It's fast, simple and specifically 1111 designed for use on "large microprocessors". 1112 1113 See also: 1114 <http://www.schneier.com/blowfish.html> 1115 1116config CRYPTO_CAMELLIA 1117 tristate "Camellia cipher algorithms" 1118 depends on CRYPTO 1119 select CRYPTO_ALGAPI 1120 help 1121 Camellia cipher algorithms module. 1122 1123 Camellia is a symmetric key block cipher developed jointly 1124 at NTT and Mitsubishi Electric Corporation. 1125 1126 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1127 1128 See also: 1129 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1130 1131config CRYPTO_CAMELLIA_X86_64 1132 tristate "Camellia cipher algorithm (x86_64)" 1133 depends on X86 && 64BIT 1134 depends on CRYPTO 1135 select CRYPTO_ALGAPI 1136 select CRYPTO_GLUE_HELPER_X86 1137 select CRYPTO_LRW 1138 select CRYPTO_XTS 1139 help 1140 Camellia cipher algorithm module (x86_64). 1141 1142 Camellia is a symmetric key block cipher developed jointly 1143 at NTT and Mitsubishi Electric Corporation. 1144 1145 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1146 1147 See also: 1148 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1149 1150config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1151 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1152 depends on X86 && 64BIT 1153 depends on CRYPTO 1154 select CRYPTO_ALGAPI 1155 select CRYPTO_CRYPTD 1156 select CRYPTO_ABLK_HELPER 1157 select CRYPTO_GLUE_HELPER_X86 1158 select CRYPTO_CAMELLIA_X86_64 1159 select CRYPTO_LRW 1160 select CRYPTO_XTS 1161 help 1162 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1163 1164 Camellia is a symmetric key block cipher developed jointly 1165 at NTT and Mitsubishi Electric Corporation. 1166 1167 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1168 1169 See also: 1170 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1171 1172config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1173 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1174 depends on X86 && 64BIT 1175 depends on CRYPTO 1176 select CRYPTO_ALGAPI 1177 select CRYPTO_CRYPTD 1178 select CRYPTO_ABLK_HELPER 1179 select CRYPTO_GLUE_HELPER_X86 1180 select CRYPTO_CAMELLIA_X86_64 1181 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1182 select CRYPTO_LRW 1183 select CRYPTO_XTS 1184 help 1185 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1186 1187 Camellia is a symmetric key block cipher developed jointly 1188 at NTT and Mitsubishi Electric Corporation. 1189 1190 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1191 1192 See also: 1193 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1194 1195config CRYPTO_CAMELLIA_SPARC64 1196 tristate "Camellia cipher algorithm (SPARC64)" 1197 depends on SPARC64 1198 depends on CRYPTO 1199 select CRYPTO_ALGAPI 1200 help 1201 Camellia cipher algorithm module (SPARC64). 1202 1203 Camellia is a symmetric key block cipher developed jointly 1204 at NTT and Mitsubishi Electric Corporation. 1205 1206 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1207 1208 See also: 1209 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1210 1211config CRYPTO_CAST_COMMON 1212 tristate 1213 help 1214 Common parts of the CAST cipher algorithms shared by the 1215 generic c and the assembler implementations. 1216 1217config CRYPTO_CAST5 1218 tristate "CAST5 (CAST-128) cipher algorithm" 1219 select CRYPTO_ALGAPI 1220 select CRYPTO_CAST_COMMON 1221 help 1222 The CAST5 encryption algorithm (synonymous with CAST-128) is 1223 described in RFC2144. 1224 1225config CRYPTO_CAST5_AVX_X86_64 1226 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1227 depends on X86 && 64BIT 1228 select CRYPTO_ALGAPI 1229 select CRYPTO_CRYPTD 1230 select CRYPTO_ABLK_HELPER 1231 select CRYPTO_CAST_COMMON 1232 select CRYPTO_CAST5 1233 help 1234 The CAST5 encryption algorithm (synonymous with CAST-128) is 1235 described in RFC2144. 1236 1237 This module provides the Cast5 cipher algorithm that processes 1238 sixteen blocks parallel using the AVX instruction set. 1239 1240config CRYPTO_CAST6 1241 tristate "CAST6 (CAST-256) cipher algorithm" 1242 select CRYPTO_ALGAPI 1243 select CRYPTO_CAST_COMMON 1244 help 1245 The CAST6 encryption algorithm (synonymous with CAST-256) is 1246 described in RFC2612. 1247 1248config CRYPTO_CAST6_AVX_X86_64 1249 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1250 depends on X86 && 64BIT 1251 select CRYPTO_ALGAPI 1252 select CRYPTO_CRYPTD 1253 select CRYPTO_ABLK_HELPER 1254 select CRYPTO_GLUE_HELPER_X86 1255 select CRYPTO_CAST_COMMON 1256 select CRYPTO_CAST6 1257 select CRYPTO_LRW 1258 select CRYPTO_XTS 1259 help 1260 The CAST6 encryption algorithm (synonymous with CAST-256) is 1261 described in RFC2612. 1262 1263 This module provides the Cast6 cipher algorithm that processes 1264 eight blocks parallel using the AVX instruction set. 1265 1266config CRYPTO_DES 1267 tristate "DES and Triple DES EDE cipher algorithms" 1268 select CRYPTO_ALGAPI 1269 help 1270 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1271 1272config CRYPTO_DES_SPARC64 1273 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1274 depends on SPARC64 1275 select CRYPTO_ALGAPI 1276 select CRYPTO_DES 1277 help 1278 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1279 optimized using SPARC64 crypto opcodes. 1280 1281config CRYPTO_DES3_EDE_X86_64 1282 tristate "Triple DES EDE cipher algorithm (x86-64)" 1283 depends on X86 && 64BIT 1284 select CRYPTO_ALGAPI 1285 select CRYPTO_DES 1286 help 1287 Triple DES EDE (FIPS 46-3) algorithm. 1288 1289 This module provides implementation of the Triple DES EDE cipher 1290 algorithm that is optimized for x86-64 processors. Two versions of 1291 algorithm are provided; regular processing one input block and 1292 one that processes three blocks parallel. 1293 1294config CRYPTO_FCRYPT 1295 tristate "FCrypt cipher algorithm" 1296 select CRYPTO_ALGAPI 1297 select CRYPTO_BLKCIPHER 1298 help 1299 FCrypt algorithm used by RxRPC. 1300 1301config CRYPTO_KHAZAD 1302 tristate "Khazad cipher algorithm" 1303 select CRYPTO_ALGAPI 1304 help 1305 Khazad cipher algorithm. 1306 1307 Khazad was a finalist in the initial NESSIE competition. It is 1308 an algorithm optimized for 64-bit processors with good performance 1309 on 32-bit processors. Khazad uses an 128 bit key size. 1310 1311 See also: 1312 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1313 1314config CRYPTO_SALSA20 1315 tristate "Salsa20 stream cipher algorithm" 1316 select CRYPTO_BLKCIPHER 1317 help 1318 Salsa20 stream cipher algorithm. 1319 1320 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1321 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1322 1323 The Salsa20 stream cipher algorithm is designed by Daniel J. 1324 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1325 1326config CRYPTO_SALSA20_586 1327 tristate "Salsa20 stream cipher algorithm (i586)" 1328 depends on (X86 || UML_X86) && !64BIT 1329 select CRYPTO_BLKCIPHER 1330 help 1331 Salsa20 stream cipher algorithm. 1332 1333 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1334 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1335 1336 The Salsa20 stream cipher algorithm is designed by Daniel J. 1337 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1338 1339config CRYPTO_SALSA20_X86_64 1340 tristate "Salsa20 stream cipher algorithm (x86_64)" 1341 depends on (X86 || UML_X86) && 64BIT 1342 select CRYPTO_BLKCIPHER 1343 help 1344 Salsa20 stream cipher algorithm. 1345 1346 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1347 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1348 1349 The Salsa20 stream cipher algorithm is designed by Daniel J. 1350 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1351 1352config CRYPTO_CHACHA20 1353 tristate "ChaCha20 cipher algorithm" 1354 select CRYPTO_BLKCIPHER 1355 help 1356 ChaCha20 cipher algorithm, RFC7539. 1357 1358 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1359 Bernstein and further specified in RFC7539 for use in IETF protocols. 1360 This is the portable C implementation of ChaCha20. 1361 1362 See also: 1363 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1364 1365config CRYPTO_CHACHA20_X86_64 1366 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1367 depends on X86 && 64BIT 1368 select CRYPTO_BLKCIPHER 1369 select CRYPTO_CHACHA20 1370 help 1371 ChaCha20 cipher algorithm, RFC7539. 1372 1373 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1374 Bernstein and further specified in RFC7539 for use in IETF protocols. 1375 This is the x86_64 assembler implementation using SIMD instructions. 1376 1377 See also: 1378 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1379 1380config CRYPTO_SEED 1381 tristate "SEED cipher algorithm" 1382 select CRYPTO_ALGAPI 1383 help 1384 SEED cipher algorithm (RFC4269). 1385 1386 SEED is a 128-bit symmetric key block cipher that has been 1387 developed by KISA (Korea Information Security Agency) as a 1388 national standard encryption algorithm of the Republic of Korea. 1389 It is a 16 round block cipher with the key size of 128 bit. 1390 1391 See also: 1392 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1393 1394config CRYPTO_SERPENT 1395 tristate "Serpent cipher algorithm" 1396 select CRYPTO_ALGAPI 1397 help 1398 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1399 1400 Keys are allowed to be from 0 to 256 bits in length, in steps 1401 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1402 variant of Serpent for compatibility with old kerneli.org code. 1403 1404 See also: 1405 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1406 1407config CRYPTO_SERPENT_SSE2_X86_64 1408 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1409 depends on X86 && 64BIT 1410 select CRYPTO_ALGAPI 1411 select CRYPTO_CRYPTD 1412 select CRYPTO_ABLK_HELPER 1413 select CRYPTO_GLUE_HELPER_X86 1414 select CRYPTO_SERPENT 1415 select CRYPTO_LRW 1416 select CRYPTO_XTS 1417 help 1418 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1419 1420 Keys are allowed to be from 0 to 256 bits in length, in steps 1421 of 8 bits. 1422 1423 This module provides Serpent cipher algorithm that processes eight 1424 blocks parallel using SSE2 instruction set. 1425 1426 See also: 1427 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1428 1429config CRYPTO_SERPENT_SSE2_586 1430 tristate "Serpent cipher algorithm (i586/SSE2)" 1431 depends on X86 && !64BIT 1432 select CRYPTO_ALGAPI 1433 select CRYPTO_CRYPTD 1434 select CRYPTO_ABLK_HELPER 1435 select CRYPTO_GLUE_HELPER_X86 1436 select CRYPTO_SERPENT 1437 select CRYPTO_LRW 1438 select CRYPTO_XTS 1439 help 1440 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1441 1442 Keys are allowed to be from 0 to 256 bits in length, in steps 1443 of 8 bits. 1444 1445 This module provides Serpent cipher algorithm that processes four 1446 blocks parallel using SSE2 instruction set. 1447 1448 See also: 1449 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1450 1451config CRYPTO_SERPENT_AVX_X86_64 1452 tristate "Serpent cipher algorithm (x86_64/AVX)" 1453 depends on X86 && 64BIT 1454 select CRYPTO_ALGAPI 1455 select CRYPTO_CRYPTD 1456 select CRYPTO_ABLK_HELPER 1457 select CRYPTO_GLUE_HELPER_X86 1458 select CRYPTO_SERPENT 1459 select CRYPTO_LRW 1460 select CRYPTO_XTS 1461 help 1462 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1463 1464 Keys are allowed to be from 0 to 256 bits in length, in steps 1465 of 8 bits. 1466 1467 This module provides the Serpent cipher algorithm that processes 1468 eight blocks parallel using the AVX instruction set. 1469 1470 See also: 1471 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1472 1473config CRYPTO_SERPENT_AVX2_X86_64 1474 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1475 depends on X86 && 64BIT 1476 select CRYPTO_ALGAPI 1477 select CRYPTO_CRYPTD 1478 select CRYPTO_ABLK_HELPER 1479 select CRYPTO_GLUE_HELPER_X86 1480 select CRYPTO_SERPENT 1481 select CRYPTO_SERPENT_AVX_X86_64 1482 select CRYPTO_LRW 1483 select CRYPTO_XTS 1484 help 1485 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1486 1487 Keys are allowed to be from 0 to 256 bits in length, in steps 1488 of 8 bits. 1489 1490 This module provides Serpent cipher algorithm that processes 16 1491 blocks parallel using AVX2 instruction set. 1492 1493 See also: 1494 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1495 1496config CRYPTO_TEA 1497 tristate "TEA, XTEA and XETA cipher algorithms" 1498 select CRYPTO_ALGAPI 1499 help 1500 TEA cipher algorithm. 1501 1502 Tiny Encryption Algorithm is a simple cipher that uses 1503 many rounds for security. It is very fast and uses 1504 little memory. 1505 1506 Xtendend Tiny Encryption Algorithm is a modification to 1507 the TEA algorithm to address a potential key weakness 1508 in the TEA algorithm. 1509 1510 Xtendend Encryption Tiny Algorithm is a mis-implementation 1511 of the XTEA algorithm for compatibility purposes. 1512 1513config CRYPTO_TWOFISH 1514 tristate "Twofish cipher algorithm" 1515 select CRYPTO_ALGAPI 1516 select CRYPTO_TWOFISH_COMMON 1517 help 1518 Twofish cipher algorithm. 1519 1520 Twofish was submitted as an AES (Advanced Encryption Standard) 1521 candidate cipher by researchers at CounterPane Systems. It is a 1522 16 round block cipher supporting key sizes of 128, 192, and 256 1523 bits. 1524 1525 See also: 1526 <http://www.schneier.com/twofish.html> 1527 1528config CRYPTO_TWOFISH_COMMON 1529 tristate 1530 help 1531 Common parts of the Twofish cipher algorithm shared by the 1532 generic c and the assembler implementations. 1533 1534config CRYPTO_TWOFISH_586 1535 tristate "Twofish cipher algorithms (i586)" 1536 depends on (X86 || UML_X86) && !64BIT 1537 select CRYPTO_ALGAPI 1538 select CRYPTO_TWOFISH_COMMON 1539 help 1540 Twofish cipher algorithm. 1541 1542 Twofish was submitted as an AES (Advanced Encryption Standard) 1543 candidate cipher by researchers at CounterPane Systems. It is a 1544 16 round block cipher supporting key sizes of 128, 192, and 256 1545 bits. 1546 1547 See also: 1548 <http://www.schneier.com/twofish.html> 1549 1550config CRYPTO_TWOFISH_X86_64 1551 tristate "Twofish cipher algorithm (x86_64)" 1552 depends on (X86 || UML_X86) && 64BIT 1553 select CRYPTO_ALGAPI 1554 select CRYPTO_TWOFISH_COMMON 1555 help 1556 Twofish cipher algorithm (x86_64). 1557 1558 Twofish was submitted as an AES (Advanced Encryption Standard) 1559 candidate cipher by researchers at CounterPane Systems. It is a 1560 16 round block cipher supporting key sizes of 128, 192, and 256 1561 bits. 1562 1563 See also: 1564 <http://www.schneier.com/twofish.html> 1565 1566config CRYPTO_TWOFISH_X86_64_3WAY 1567 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1568 depends on X86 && 64BIT 1569 select CRYPTO_ALGAPI 1570 select CRYPTO_TWOFISH_COMMON 1571 select CRYPTO_TWOFISH_X86_64 1572 select CRYPTO_GLUE_HELPER_X86 1573 select CRYPTO_LRW 1574 select CRYPTO_XTS 1575 help 1576 Twofish cipher algorithm (x86_64, 3-way parallel). 1577 1578 Twofish was submitted as an AES (Advanced Encryption Standard) 1579 candidate cipher by researchers at CounterPane Systems. It is a 1580 16 round block cipher supporting key sizes of 128, 192, and 256 1581 bits. 1582 1583 This module provides Twofish cipher algorithm that processes three 1584 blocks parallel, utilizing resources of out-of-order CPUs better. 1585 1586 See also: 1587 <http://www.schneier.com/twofish.html> 1588 1589config CRYPTO_TWOFISH_AVX_X86_64 1590 tristate "Twofish cipher algorithm (x86_64/AVX)" 1591 depends on X86 && 64BIT 1592 select CRYPTO_ALGAPI 1593 select CRYPTO_CRYPTD 1594 select CRYPTO_ABLK_HELPER 1595 select CRYPTO_GLUE_HELPER_X86 1596 select CRYPTO_TWOFISH_COMMON 1597 select CRYPTO_TWOFISH_X86_64 1598 select CRYPTO_TWOFISH_X86_64_3WAY 1599 select CRYPTO_LRW 1600 select CRYPTO_XTS 1601 help 1602 Twofish cipher algorithm (x86_64/AVX). 1603 1604 Twofish was submitted as an AES (Advanced Encryption Standard) 1605 candidate cipher by researchers at CounterPane Systems. It is a 1606 16 round block cipher supporting key sizes of 128, 192, and 256 1607 bits. 1608 1609 This module provides the Twofish cipher algorithm that processes 1610 eight blocks parallel using the AVX Instruction Set. 1611 1612 See also: 1613 <http://www.schneier.com/twofish.html> 1614 1615comment "Compression" 1616 1617config CRYPTO_DEFLATE 1618 tristate "Deflate compression algorithm" 1619 select CRYPTO_ALGAPI 1620 select CRYPTO_ACOMP2 1621 select ZLIB_INFLATE 1622 select ZLIB_DEFLATE 1623 help 1624 This is the Deflate algorithm (RFC1951), specified for use in 1625 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1626 1627 You will most probably want this if using IPSec. 1628 1629config CRYPTO_LZO 1630 tristate "LZO compression algorithm" 1631 select CRYPTO_ALGAPI 1632 select CRYPTO_ACOMP2 1633 select LZO_COMPRESS 1634 select LZO_DECOMPRESS 1635 help 1636 This is the LZO algorithm. 1637 1638config CRYPTO_842 1639 tristate "842 compression algorithm" 1640 select CRYPTO_ALGAPI 1641 select CRYPTO_ACOMP2 1642 select 842_COMPRESS 1643 select 842_DECOMPRESS 1644 help 1645 This is the 842 algorithm. 1646 1647config CRYPTO_LZ4 1648 tristate "LZ4 compression algorithm" 1649 select CRYPTO_ALGAPI 1650 select CRYPTO_ACOMP2 1651 select LZ4_COMPRESS 1652 select LZ4_DECOMPRESS 1653 help 1654 This is the LZ4 algorithm. 1655 1656config CRYPTO_LZ4HC 1657 tristate "LZ4HC compression algorithm" 1658 select CRYPTO_ALGAPI 1659 select CRYPTO_ACOMP2 1660 select LZ4HC_COMPRESS 1661 select LZ4_DECOMPRESS 1662 help 1663 This is the LZ4 high compression mode algorithm. 1664 1665comment "Random Number Generation" 1666 1667config CRYPTO_ANSI_CPRNG 1668 tristate "Pseudo Random Number Generation for Cryptographic modules" 1669 select CRYPTO_AES 1670 select CRYPTO_RNG 1671 help 1672 This option enables the generic pseudo random number generator 1673 for cryptographic modules. Uses the Algorithm specified in 1674 ANSI X9.31 A.2.4. Note that this option must be enabled if 1675 CRYPTO_FIPS is selected 1676 1677menuconfig CRYPTO_DRBG_MENU 1678 tristate "NIST SP800-90A DRBG" 1679 help 1680 NIST SP800-90A compliant DRBG. In the following submenu, one or 1681 more of the DRBG types must be selected. 1682 1683if CRYPTO_DRBG_MENU 1684 1685config CRYPTO_DRBG_HMAC 1686 bool 1687 default y 1688 select CRYPTO_HMAC 1689 select CRYPTO_SHA256 1690 1691config CRYPTO_DRBG_HASH 1692 bool "Enable Hash DRBG" 1693 select CRYPTO_SHA256 1694 help 1695 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1696 1697config CRYPTO_DRBG_CTR 1698 bool "Enable CTR DRBG" 1699 select CRYPTO_AES 1700 depends on CRYPTO_CTR 1701 help 1702 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1703 1704config CRYPTO_DRBG 1705 tristate 1706 default CRYPTO_DRBG_MENU 1707 select CRYPTO_RNG 1708 select CRYPTO_JITTERENTROPY 1709 1710endif # if CRYPTO_DRBG_MENU 1711 1712config CRYPTO_JITTERENTROPY 1713 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1714 select CRYPTO_RNG 1715 help 1716 The Jitterentropy RNG is a noise that is intended 1717 to provide seed to another RNG. The RNG does not 1718 perform any cryptographic whitening of the generated 1719 random numbers. This Jitterentropy RNG registers with 1720 the kernel crypto API and can be used by any caller. 1721 1722config CRYPTO_USER_API 1723 tristate 1724 1725config CRYPTO_USER_API_HASH 1726 tristate "User-space interface for hash algorithms" 1727 depends on NET 1728 select CRYPTO_HASH 1729 select CRYPTO_USER_API 1730 help 1731 This option enables the user-spaces interface for hash 1732 algorithms. 1733 1734config CRYPTO_USER_API_SKCIPHER 1735 tristate "User-space interface for symmetric key cipher algorithms" 1736 depends on NET 1737 select CRYPTO_BLKCIPHER 1738 select CRYPTO_USER_API 1739 help 1740 This option enables the user-spaces interface for symmetric 1741 key cipher algorithms. 1742 1743config CRYPTO_USER_API_RNG 1744 tristate "User-space interface for random number generator algorithms" 1745 depends on NET 1746 select CRYPTO_RNG 1747 select CRYPTO_USER_API 1748 help 1749 This option enables the user-spaces interface for random 1750 number generator algorithms. 1751 1752config CRYPTO_USER_API_AEAD 1753 tristate "User-space interface for AEAD cipher algorithms" 1754 depends on NET 1755 select CRYPTO_AEAD 1756 select CRYPTO_USER_API 1757 help 1758 This option enables the user-spaces interface for AEAD 1759 cipher algorithms. 1760 1761config CRYPTO_HASH_INFO 1762 bool 1763 1764source "drivers/crypto/Kconfig" 1765source crypto/asymmetric_keys/Kconfig 1766source certs/Kconfig 1767 1768endif # if CRYPTO 1769