xref: /openbmc/linux/crypto/Kconfig (revision 5d0e4d78)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on (MODULE_SIG || !MODULES)
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51	select CRYPTO_NULL2
52	select CRYPTO_RNG2
53
54config CRYPTO_BLKCIPHER
55	tristate
56	select CRYPTO_BLKCIPHER2
57	select CRYPTO_ALGAPI
58
59config CRYPTO_BLKCIPHER2
60	tristate
61	select CRYPTO_ALGAPI2
62	select CRYPTO_RNG2
63	select CRYPTO_WORKQUEUE
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108
109config CRYPTO_ACOMP
110	tristate
111	select CRYPTO_ALGAPI
112	select CRYPTO_ACOMP2
113
114config CRYPTO_RSA
115	tristate "RSA algorithm"
116	select CRYPTO_AKCIPHER
117	select CRYPTO_MANAGER
118	select MPILIB
119	select ASN1
120	help
121	  Generic implementation of the RSA public key algorithm.
122
123config CRYPTO_DH
124	tristate "Diffie-Hellman algorithm"
125	select CRYPTO_KPP
126	select MPILIB
127	help
128	  Generic implementation of the Diffie-Hellman algorithm.
129
130config CRYPTO_ECDH
131	tristate "ECDH algorithm"
132	select CRYTPO_KPP
133	select CRYPTO_RNG_DEFAULT
134	help
135	  Generic implementation of the ECDH algorithm
136
137config CRYPTO_MANAGER
138	tristate "Cryptographic algorithm manager"
139	select CRYPTO_MANAGER2
140	help
141	  Create default cryptographic template instantiations such as
142	  cbc(aes).
143
144config CRYPTO_MANAGER2
145	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
146	select CRYPTO_AEAD2
147	select CRYPTO_HASH2
148	select CRYPTO_BLKCIPHER2
149	select CRYPTO_AKCIPHER2
150	select CRYPTO_KPP2
151	select CRYPTO_ACOMP2
152
153config CRYPTO_USER
154	tristate "Userspace cryptographic algorithm configuration"
155	depends on NET
156	select CRYPTO_MANAGER
157	help
158	  Userspace configuration for cryptographic instantiations such as
159	  cbc(aes).
160
161config CRYPTO_MANAGER_DISABLE_TESTS
162	bool "Disable run-time self tests"
163	default y
164	depends on CRYPTO_MANAGER2
165	help
166	  Disable run-time self tests that normally take place at
167	  algorithm registration.
168
169config CRYPTO_GF128MUL
170	tristate "GF(2^128) multiplication functions"
171	help
172	  Efficient table driven implementation of multiplications in the
173	  field GF(2^128).  This is needed by some cypher modes. This
174	  option will be selected automatically if you select such a
175	  cipher mode.  Only select this option by hand if you expect to load
176	  an external module that requires these functions.
177
178config CRYPTO_NULL
179	tristate "Null algorithms"
180	select CRYPTO_NULL2
181	help
182	  These are 'Null' algorithms, used by IPsec, which do nothing.
183
184config CRYPTO_NULL2
185	tristate
186	select CRYPTO_ALGAPI2
187	select CRYPTO_BLKCIPHER2
188	select CRYPTO_HASH2
189
190config CRYPTO_PCRYPT
191	tristate "Parallel crypto engine"
192	depends on SMP
193	select PADATA
194	select CRYPTO_MANAGER
195	select CRYPTO_AEAD
196	help
197	  This converts an arbitrary crypto algorithm into a parallel
198	  algorithm that executes in kernel threads.
199
200config CRYPTO_WORKQUEUE
201       tristate
202
203config CRYPTO_CRYPTD
204	tristate "Software async crypto daemon"
205	select CRYPTO_BLKCIPHER
206	select CRYPTO_HASH
207	select CRYPTO_MANAGER
208	select CRYPTO_WORKQUEUE
209	help
210	  This is a generic software asynchronous crypto daemon that
211	  converts an arbitrary synchronous software crypto algorithm
212	  into an asynchronous algorithm that executes in a kernel thread.
213
214config CRYPTO_MCRYPTD
215	tristate "Software async multi-buffer crypto daemon"
216	select CRYPTO_BLKCIPHER
217	select CRYPTO_HASH
218	select CRYPTO_MANAGER
219	select CRYPTO_WORKQUEUE
220	help
221	  This is a generic software asynchronous crypto daemon that
222	  provides the kernel thread to assist multi-buffer crypto
223	  algorithms for submitting jobs and flushing jobs in multi-buffer
224	  crypto algorithms.  Multi-buffer crypto algorithms are executed
225	  in the context of this kernel thread and drivers can post
226	  their crypto request asynchronously to be processed by this daemon.
227
228config CRYPTO_AUTHENC
229	tristate "Authenc support"
230	select CRYPTO_AEAD
231	select CRYPTO_BLKCIPHER
232	select CRYPTO_MANAGER
233	select CRYPTO_HASH
234	select CRYPTO_NULL
235	help
236	  Authenc: Combined mode wrapper for IPsec.
237	  This is required for IPSec.
238
239config CRYPTO_TEST
240	tristate "Testing module"
241	depends on m
242	select CRYPTO_MANAGER
243	help
244	  Quick & dirty crypto test module.
245
246config CRYPTO_ABLK_HELPER
247	tristate
248	select CRYPTO_CRYPTD
249
250config CRYPTO_SIMD
251	tristate
252	select CRYPTO_CRYPTD
253
254config CRYPTO_GLUE_HELPER_X86
255	tristate
256	depends on X86
257	select CRYPTO_BLKCIPHER
258
259config CRYPTO_ENGINE
260	tristate
261
262comment "Authenticated Encryption with Associated Data"
263
264config CRYPTO_CCM
265	tristate "CCM support"
266	select CRYPTO_CTR
267	select CRYPTO_HASH
268	select CRYPTO_AEAD
269	help
270	  Support for Counter with CBC MAC. Required for IPsec.
271
272config CRYPTO_GCM
273	tristate "GCM/GMAC support"
274	select CRYPTO_CTR
275	select CRYPTO_AEAD
276	select CRYPTO_GHASH
277	select CRYPTO_NULL
278	help
279	  Support for Galois/Counter Mode (GCM) and Galois Message
280	  Authentication Code (GMAC). Required for IPSec.
281
282config CRYPTO_CHACHA20POLY1305
283	tristate "ChaCha20-Poly1305 AEAD support"
284	select CRYPTO_CHACHA20
285	select CRYPTO_POLY1305
286	select CRYPTO_AEAD
287	help
288	  ChaCha20-Poly1305 AEAD support, RFC7539.
289
290	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
291	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
292	  IETF protocols.
293
294config CRYPTO_SEQIV
295	tristate "Sequence Number IV Generator"
296	select CRYPTO_AEAD
297	select CRYPTO_BLKCIPHER
298	select CRYPTO_NULL
299	select CRYPTO_RNG_DEFAULT
300	help
301	  This IV generator generates an IV based on a sequence number by
302	  xoring it with a salt.  This algorithm is mainly useful for CTR
303
304config CRYPTO_ECHAINIV
305	tristate "Encrypted Chain IV Generator"
306	select CRYPTO_AEAD
307	select CRYPTO_NULL
308	select CRYPTO_RNG_DEFAULT
309	default m
310	help
311	  This IV generator generates an IV based on the encryption of
312	  a sequence number xored with a salt.  This is the default
313	  algorithm for CBC.
314
315comment "Block modes"
316
317config CRYPTO_CBC
318	tristate "CBC support"
319	select CRYPTO_BLKCIPHER
320	select CRYPTO_MANAGER
321	help
322	  CBC: Cipher Block Chaining mode
323	  This block cipher algorithm is required for IPSec.
324
325config CRYPTO_CTR
326	tristate "CTR support"
327	select CRYPTO_BLKCIPHER
328	select CRYPTO_SEQIV
329	select CRYPTO_MANAGER
330	help
331	  CTR: Counter mode
332	  This block cipher algorithm is required for IPSec.
333
334config CRYPTO_CTS
335	tristate "CTS support"
336	select CRYPTO_BLKCIPHER
337	help
338	  CTS: Cipher Text Stealing
339	  This is the Cipher Text Stealing mode as described by
340	  Section 8 of rfc2040 and referenced by rfc3962.
341	  (rfc3962 includes errata information in its Appendix A)
342	  This mode is required for Kerberos gss mechanism support
343	  for AES encryption.
344
345config CRYPTO_ECB
346	tristate "ECB support"
347	select CRYPTO_BLKCIPHER
348	select CRYPTO_MANAGER
349	help
350	  ECB: Electronic CodeBook mode
351	  This is the simplest block cipher algorithm.  It simply encrypts
352	  the input block by block.
353
354config CRYPTO_LRW
355	tristate "LRW support"
356	select CRYPTO_BLKCIPHER
357	select CRYPTO_MANAGER
358	select CRYPTO_GF128MUL
359	help
360	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
361	  narrow block cipher mode for dm-crypt.  Use it with cipher
362	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
363	  The first 128, 192 or 256 bits in the key are used for AES and the
364	  rest is used to tie each cipher block to its logical position.
365
366config CRYPTO_PCBC
367	tristate "PCBC support"
368	select CRYPTO_BLKCIPHER
369	select CRYPTO_MANAGER
370	help
371	  PCBC: Propagating Cipher Block Chaining mode
372	  This block cipher algorithm is required for RxRPC.
373
374config CRYPTO_XTS
375	tristate "XTS support"
376	select CRYPTO_BLKCIPHER
377	select CRYPTO_MANAGER
378	select CRYPTO_ECB
379	help
380	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
381	  key size 256, 384 or 512 bits. This implementation currently
382	  can't handle a sectorsize which is not a multiple of 16 bytes.
383
384config CRYPTO_KEYWRAP
385	tristate "Key wrapping support"
386	select CRYPTO_BLKCIPHER
387	help
388	  Support for key wrapping (NIST SP800-38F / RFC3394) without
389	  padding.
390
391comment "Hash modes"
392
393config CRYPTO_CMAC
394	tristate "CMAC support"
395	select CRYPTO_HASH
396	select CRYPTO_MANAGER
397	help
398	  Cipher-based Message Authentication Code (CMAC) specified by
399	  The National Institute of Standards and Technology (NIST).
400
401	  https://tools.ietf.org/html/rfc4493
402	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
403
404config CRYPTO_HMAC
405	tristate "HMAC support"
406	select CRYPTO_HASH
407	select CRYPTO_MANAGER
408	help
409	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
410	  This is required for IPSec.
411
412config CRYPTO_XCBC
413	tristate "XCBC support"
414	select CRYPTO_HASH
415	select CRYPTO_MANAGER
416	help
417	  XCBC: Keyed-Hashing with encryption algorithm
418		http://www.ietf.org/rfc/rfc3566.txt
419		http://csrc.nist.gov/encryption/modes/proposedmodes/
420		 xcbc-mac/xcbc-mac-spec.pdf
421
422config CRYPTO_VMAC
423	tristate "VMAC support"
424	select CRYPTO_HASH
425	select CRYPTO_MANAGER
426	help
427	  VMAC is a message authentication algorithm designed for
428	  very high speed on 64-bit architectures.
429
430	  See also:
431	  <http://fastcrypto.org/vmac>
432
433comment "Digest"
434
435config CRYPTO_CRC32C
436	tristate "CRC32c CRC algorithm"
437	select CRYPTO_HASH
438	select CRC32
439	help
440	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
441	  by iSCSI for header and data digests and by others.
442	  See Castagnoli93.  Module will be crc32c.
443
444config CRYPTO_CRC32C_INTEL
445	tristate "CRC32c INTEL hardware acceleration"
446	depends on X86
447	select CRYPTO_HASH
448	help
449	  In Intel processor with SSE4.2 supported, the processor will
450	  support CRC32C implementation using hardware accelerated CRC32
451	  instruction. This option will create 'crc32c-intel' module,
452	  which will enable any routine to use the CRC32 instruction to
453	  gain performance compared with software implementation.
454	  Module will be crc32c-intel.
455
456config CRYPTO_CRC32C_VPMSUM
457	tristate "CRC32c CRC algorithm (powerpc64)"
458	depends on PPC64 && ALTIVEC
459	select CRYPTO_HASH
460	select CRC32
461	help
462	  CRC32c algorithm implemented using vector polynomial multiply-sum
463	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
464	  and newer processors for improved performance.
465
466
467config CRYPTO_CRC32C_SPARC64
468	tristate "CRC32c CRC algorithm (SPARC64)"
469	depends on SPARC64
470	select CRYPTO_HASH
471	select CRC32
472	help
473	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
474	  when available.
475
476config CRYPTO_CRC32
477	tristate "CRC32 CRC algorithm"
478	select CRYPTO_HASH
479	select CRC32
480	help
481	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
482	  Shash crypto api wrappers to crc32_le function.
483
484config CRYPTO_CRC32_PCLMUL
485	tristate "CRC32 PCLMULQDQ hardware acceleration"
486	depends on X86
487	select CRYPTO_HASH
488	select CRC32
489	help
490	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
491	  and PCLMULQDQ supported, the processor will support
492	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
493	  instruction. This option will create 'crc32-plcmul' module,
494	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
495	  and gain better performance as compared with the table implementation.
496
497config CRYPTO_CRCT10DIF
498	tristate "CRCT10DIF algorithm"
499	select CRYPTO_HASH
500	help
501	  CRC T10 Data Integrity Field computation is being cast as
502	  a crypto transform.  This allows for faster crc t10 diff
503	  transforms to be used if they are available.
504
505config CRYPTO_CRCT10DIF_PCLMUL
506	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
507	depends on X86 && 64BIT && CRC_T10DIF
508	select CRYPTO_HASH
509	help
510	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
511	  CRC T10 DIF PCLMULQDQ computation can be hardware
512	  accelerated PCLMULQDQ instruction. This option will create
513	  'crct10dif-plcmul' module, which is faster when computing the
514	  crct10dif checksum as compared with the generic table implementation.
515
516config CRYPTO_CRCT10DIF_VPMSUM
517	tristate "CRC32T10DIF powerpc64 hardware acceleration"
518	depends on PPC64 && ALTIVEC && CRC_T10DIF
519	select CRYPTO_HASH
520	help
521	  CRC10T10DIF algorithm implemented using vector polynomial
522	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
523	  POWER8 and newer processors for improved performance.
524
525config CRYPTO_VPMSUM_TESTER
526	tristate "Powerpc64 vpmsum hardware acceleration tester"
527	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
528	help
529	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
530	  POWER8 vpmsum instructions.
531	  Unless you are testing these algorithms, you don't need this.
532
533config CRYPTO_GHASH
534	tristate "GHASH digest algorithm"
535	select CRYPTO_GF128MUL
536	select CRYPTO_HASH
537	help
538	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
539
540config CRYPTO_POLY1305
541	tristate "Poly1305 authenticator algorithm"
542	select CRYPTO_HASH
543	help
544	  Poly1305 authenticator algorithm, RFC7539.
545
546	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
547	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
548	  in IETF protocols. This is the portable C implementation of Poly1305.
549
550config CRYPTO_POLY1305_X86_64
551	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
552	depends on X86 && 64BIT
553	select CRYPTO_POLY1305
554	help
555	  Poly1305 authenticator algorithm, RFC7539.
556
557	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
558	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
559	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
560	  instructions.
561
562config CRYPTO_MD4
563	tristate "MD4 digest algorithm"
564	select CRYPTO_HASH
565	help
566	  MD4 message digest algorithm (RFC1320).
567
568config CRYPTO_MD5
569	tristate "MD5 digest algorithm"
570	select CRYPTO_HASH
571	help
572	  MD5 message digest algorithm (RFC1321).
573
574config CRYPTO_MD5_OCTEON
575	tristate "MD5 digest algorithm (OCTEON)"
576	depends on CPU_CAVIUM_OCTEON
577	select CRYPTO_MD5
578	select CRYPTO_HASH
579	help
580	  MD5 message digest algorithm (RFC1321) implemented
581	  using OCTEON crypto instructions, when available.
582
583config CRYPTO_MD5_PPC
584	tristate "MD5 digest algorithm (PPC)"
585	depends on PPC
586	select CRYPTO_HASH
587	help
588	  MD5 message digest algorithm (RFC1321) implemented
589	  in PPC assembler.
590
591config CRYPTO_MD5_SPARC64
592	tristate "MD5 digest algorithm (SPARC64)"
593	depends on SPARC64
594	select CRYPTO_MD5
595	select CRYPTO_HASH
596	help
597	  MD5 message digest algorithm (RFC1321) implemented
598	  using sparc64 crypto instructions, when available.
599
600config CRYPTO_MICHAEL_MIC
601	tristate "Michael MIC keyed digest algorithm"
602	select CRYPTO_HASH
603	help
604	  Michael MIC is used for message integrity protection in TKIP
605	  (IEEE 802.11i). This algorithm is required for TKIP, but it
606	  should not be used for other purposes because of the weakness
607	  of the algorithm.
608
609config CRYPTO_RMD128
610	tristate "RIPEMD-128 digest algorithm"
611	select CRYPTO_HASH
612	help
613	  RIPEMD-128 (ISO/IEC 10118-3:2004).
614
615	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
616	  be used as a secure replacement for RIPEMD. For other use cases,
617	  RIPEMD-160 should be used.
618
619	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
620	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
621
622config CRYPTO_RMD160
623	tristate "RIPEMD-160 digest algorithm"
624	select CRYPTO_HASH
625	help
626	  RIPEMD-160 (ISO/IEC 10118-3:2004).
627
628	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
629	  to be used as a secure replacement for the 128-bit hash functions
630	  MD4, MD5 and it's predecessor RIPEMD
631	  (not to be confused with RIPEMD-128).
632
633	  It's speed is comparable to SHA1 and there are no known attacks
634	  against RIPEMD-160.
635
636	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
637	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
638
639config CRYPTO_RMD256
640	tristate "RIPEMD-256 digest algorithm"
641	select CRYPTO_HASH
642	help
643	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
644	  256 bit hash. It is intended for applications that require
645	  longer hash-results, without needing a larger security level
646	  (than RIPEMD-128).
647
648	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
649	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
650
651config CRYPTO_RMD320
652	tristate "RIPEMD-320 digest algorithm"
653	select CRYPTO_HASH
654	help
655	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
656	  320 bit hash. It is intended for applications that require
657	  longer hash-results, without needing a larger security level
658	  (than RIPEMD-160).
659
660	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
661	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
662
663config CRYPTO_SHA1
664	tristate "SHA1 digest algorithm"
665	select CRYPTO_HASH
666	help
667	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
668
669config CRYPTO_SHA1_SSSE3
670	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
671	depends on X86 && 64BIT
672	select CRYPTO_SHA1
673	select CRYPTO_HASH
674	help
675	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
676	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
677	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
678	  when available.
679
680config CRYPTO_SHA256_SSSE3
681	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
682	depends on X86 && 64BIT
683	select CRYPTO_SHA256
684	select CRYPTO_HASH
685	help
686	  SHA-256 secure hash standard (DFIPS 180-2) implemented
687	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
688	  Extensions version 1 (AVX1), or Advanced Vector Extensions
689	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
690	  Instructions) when available.
691
692config CRYPTO_SHA512_SSSE3
693	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
694	depends on X86 && 64BIT
695	select CRYPTO_SHA512
696	select CRYPTO_HASH
697	help
698	  SHA-512 secure hash standard (DFIPS 180-2) implemented
699	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
700	  Extensions version 1 (AVX1), or Advanced Vector Extensions
701	  version 2 (AVX2) instructions, when available.
702
703config CRYPTO_SHA1_OCTEON
704	tristate "SHA1 digest algorithm (OCTEON)"
705	depends on CPU_CAVIUM_OCTEON
706	select CRYPTO_SHA1
707	select CRYPTO_HASH
708	help
709	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
710	  using OCTEON crypto instructions, when available.
711
712config CRYPTO_SHA1_SPARC64
713	tristate "SHA1 digest algorithm (SPARC64)"
714	depends on SPARC64
715	select CRYPTO_SHA1
716	select CRYPTO_HASH
717	help
718	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
719	  using sparc64 crypto instructions, when available.
720
721config CRYPTO_SHA1_PPC
722	tristate "SHA1 digest algorithm (powerpc)"
723	depends on PPC
724	help
725	  This is the powerpc hardware accelerated implementation of the
726	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
727
728config CRYPTO_SHA1_PPC_SPE
729	tristate "SHA1 digest algorithm (PPC SPE)"
730	depends on PPC && SPE
731	help
732	  SHA-1 secure hash standard (DFIPS 180-4) implemented
733	  using powerpc SPE SIMD instruction set.
734
735config CRYPTO_SHA1_MB
736	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
737	depends on X86 && 64BIT
738	select CRYPTO_SHA1
739	select CRYPTO_HASH
740	select CRYPTO_MCRYPTD
741	help
742	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
743	  using multi-buffer technique.  This algorithm computes on
744	  multiple data lanes concurrently with SIMD instructions for
745	  better throughput.  It should not be enabled by default but
746	  used when there is significant amount of work to keep the keep
747	  the data lanes filled to get performance benefit.  If the data
748	  lanes remain unfilled, a flush operation will be initiated to
749	  process the crypto jobs, adding a slight latency.
750
751config CRYPTO_SHA256_MB
752	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
753	depends on X86 && 64BIT
754	select CRYPTO_SHA256
755	select CRYPTO_HASH
756	select CRYPTO_MCRYPTD
757	help
758	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
759	  using multi-buffer technique.  This algorithm computes on
760	  multiple data lanes concurrently with SIMD instructions for
761	  better throughput.  It should not be enabled by default but
762	  used when there is significant amount of work to keep the keep
763	  the data lanes filled to get performance benefit.  If the data
764	  lanes remain unfilled, a flush operation will be initiated to
765	  process the crypto jobs, adding a slight latency.
766
767config CRYPTO_SHA512_MB
768        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
769        depends on X86 && 64BIT
770        select CRYPTO_SHA512
771        select CRYPTO_HASH
772        select CRYPTO_MCRYPTD
773        help
774          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
775          using multi-buffer technique.  This algorithm computes on
776          multiple data lanes concurrently with SIMD instructions for
777          better throughput.  It should not be enabled by default but
778          used when there is significant amount of work to keep the keep
779          the data lanes filled to get performance benefit.  If the data
780          lanes remain unfilled, a flush operation will be initiated to
781          process the crypto jobs, adding a slight latency.
782
783config CRYPTO_SHA256
784	tristate "SHA224 and SHA256 digest algorithm"
785	select CRYPTO_HASH
786	help
787	  SHA256 secure hash standard (DFIPS 180-2).
788
789	  This version of SHA implements a 256 bit hash with 128 bits of
790	  security against collision attacks.
791
792	  This code also includes SHA-224, a 224 bit hash with 112 bits
793	  of security against collision attacks.
794
795config CRYPTO_SHA256_PPC_SPE
796	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
797	depends on PPC && SPE
798	select CRYPTO_SHA256
799	select CRYPTO_HASH
800	help
801	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
802	  implemented using powerpc SPE SIMD instruction set.
803
804config CRYPTO_SHA256_OCTEON
805	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
806	depends on CPU_CAVIUM_OCTEON
807	select CRYPTO_SHA256
808	select CRYPTO_HASH
809	help
810	  SHA-256 secure hash standard (DFIPS 180-2) implemented
811	  using OCTEON crypto instructions, when available.
812
813config CRYPTO_SHA256_SPARC64
814	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
815	depends on SPARC64
816	select CRYPTO_SHA256
817	select CRYPTO_HASH
818	help
819	  SHA-256 secure hash standard (DFIPS 180-2) implemented
820	  using sparc64 crypto instructions, when available.
821
822config CRYPTO_SHA512
823	tristate "SHA384 and SHA512 digest algorithms"
824	select CRYPTO_HASH
825	help
826	  SHA512 secure hash standard (DFIPS 180-2).
827
828	  This version of SHA implements a 512 bit hash with 256 bits of
829	  security against collision attacks.
830
831	  This code also includes SHA-384, a 384 bit hash with 192 bits
832	  of security against collision attacks.
833
834config CRYPTO_SHA512_OCTEON
835	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
836	depends on CPU_CAVIUM_OCTEON
837	select CRYPTO_SHA512
838	select CRYPTO_HASH
839	help
840	  SHA-512 secure hash standard (DFIPS 180-2) implemented
841	  using OCTEON crypto instructions, when available.
842
843config CRYPTO_SHA512_SPARC64
844	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
845	depends on SPARC64
846	select CRYPTO_SHA512
847	select CRYPTO_HASH
848	help
849	  SHA-512 secure hash standard (DFIPS 180-2) implemented
850	  using sparc64 crypto instructions, when available.
851
852config CRYPTO_SHA3
853	tristate "SHA3 digest algorithm"
854	select CRYPTO_HASH
855	help
856	  SHA-3 secure hash standard (DFIPS 202). It's based on
857	  cryptographic sponge function family called Keccak.
858
859	  References:
860	  http://keccak.noekeon.org/
861
862config CRYPTO_TGR192
863	tristate "Tiger digest algorithms"
864	select CRYPTO_HASH
865	help
866	  Tiger hash algorithm 192, 160 and 128-bit hashes
867
868	  Tiger is a hash function optimized for 64-bit processors while
869	  still having decent performance on 32-bit processors.
870	  Tiger was developed by Ross Anderson and Eli Biham.
871
872	  See also:
873	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
874
875config CRYPTO_WP512
876	tristate "Whirlpool digest algorithms"
877	select CRYPTO_HASH
878	help
879	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
880
881	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
882	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
883
884	  See also:
885	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
886
887config CRYPTO_GHASH_CLMUL_NI_INTEL
888	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
889	depends on X86 && 64BIT
890	select CRYPTO_CRYPTD
891	help
892	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
893	  The implementation is accelerated by CLMUL-NI of Intel.
894
895comment "Ciphers"
896
897config CRYPTO_AES
898	tristate "AES cipher algorithms"
899	select CRYPTO_ALGAPI
900	help
901	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
902	  algorithm.
903
904	  Rijndael appears to be consistently a very good performer in
905	  both hardware and software across a wide range of computing
906	  environments regardless of its use in feedback or non-feedback
907	  modes. Its key setup time is excellent, and its key agility is
908	  good. Rijndael's very low memory requirements make it very well
909	  suited for restricted-space environments, in which it also
910	  demonstrates excellent performance. Rijndael's operations are
911	  among the easiest to defend against power and timing attacks.
912
913	  The AES specifies three key sizes: 128, 192 and 256 bits
914
915	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
916
917config CRYPTO_AES_TI
918	tristate "Fixed time AES cipher"
919	select CRYPTO_ALGAPI
920	help
921	  This is a generic implementation of AES that attempts to eliminate
922	  data dependent latencies as much as possible without affecting
923	  performance too much. It is intended for use by the generic CCM
924	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
925	  solely on encryption (although decryption is supported as well, but
926	  with a more dramatic performance hit)
927
928	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
929	  8 for decryption), this implementation only uses just two S-boxes of
930	  256 bytes each, and attempts to eliminate data dependent latencies by
931	  prefetching the entire table into the cache at the start of each
932	  block.
933
934config CRYPTO_AES_586
935	tristate "AES cipher algorithms (i586)"
936	depends on (X86 || UML_X86) && !64BIT
937	select CRYPTO_ALGAPI
938	select CRYPTO_AES
939	help
940	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
941	  algorithm.
942
943	  Rijndael appears to be consistently a very good performer in
944	  both hardware and software across a wide range of computing
945	  environments regardless of its use in feedback or non-feedback
946	  modes. Its key setup time is excellent, and its key agility is
947	  good. Rijndael's very low memory requirements make it very well
948	  suited for restricted-space environments, in which it also
949	  demonstrates excellent performance. Rijndael's operations are
950	  among the easiest to defend against power and timing attacks.
951
952	  The AES specifies three key sizes: 128, 192 and 256 bits
953
954	  See <http://csrc.nist.gov/encryption/aes/> for more information.
955
956config CRYPTO_AES_X86_64
957	tristate "AES cipher algorithms (x86_64)"
958	depends on (X86 || UML_X86) && 64BIT
959	select CRYPTO_ALGAPI
960	select CRYPTO_AES
961	help
962	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
963	  algorithm.
964
965	  Rijndael appears to be consistently a very good performer in
966	  both hardware and software across a wide range of computing
967	  environments regardless of its use in feedback or non-feedback
968	  modes. Its key setup time is excellent, and its key agility is
969	  good. Rijndael's very low memory requirements make it very well
970	  suited for restricted-space environments, in which it also
971	  demonstrates excellent performance. Rijndael's operations are
972	  among the easiest to defend against power and timing attacks.
973
974	  The AES specifies three key sizes: 128, 192 and 256 bits
975
976	  See <http://csrc.nist.gov/encryption/aes/> for more information.
977
978config CRYPTO_AES_NI_INTEL
979	tristate "AES cipher algorithms (AES-NI)"
980	depends on X86
981	select CRYPTO_AEAD
982	select CRYPTO_AES_X86_64 if 64BIT
983	select CRYPTO_AES_586 if !64BIT
984	select CRYPTO_ALGAPI
985	select CRYPTO_BLKCIPHER
986	select CRYPTO_GLUE_HELPER_X86 if 64BIT
987	select CRYPTO_SIMD
988	help
989	  Use Intel AES-NI instructions for AES algorithm.
990
991	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
992	  algorithm.
993
994	  Rijndael appears to be consistently a very good performer in
995	  both hardware and software across a wide range of computing
996	  environments regardless of its use in feedback or non-feedback
997	  modes. Its key setup time is excellent, and its key agility is
998	  good. Rijndael's very low memory requirements make it very well
999	  suited for restricted-space environments, in which it also
1000	  demonstrates excellent performance. Rijndael's operations are
1001	  among the easiest to defend against power and timing attacks.
1002
1003	  The AES specifies three key sizes: 128, 192 and 256 bits
1004
1005	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1006
1007	  In addition to AES cipher algorithm support, the acceleration
1008	  for some popular block cipher mode is supported too, including
1009	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1010	  acceleration for CTR.
1011
1012config CRYPTO_AES_SPARC64
1013	tristate "AES cipher algorithms (SPARC64)"
1014	depends on SPARC64
1015	select CRYPTO_CRYPTD
1016	select CRYPTO_ALGAPI
1017	help
1018	  Use SPARC64 crypto opcodes for AES algorithm.
1019
1020	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1021	  algorithm.
1022
1023	  Rijndael appears to be consistently a very good performer in
1024	  both hardware and software across a wide range of computing
1025	  environments regardless of its use in feedback or non-feedback
1026	  modes. Its key setup time is excellent, and its key agility is
1027	  good. Rijndael's very low memory requirements make it very well
1028	  suited for restricted-space environments, in which it also
1029	  demonstrates excellent performance. Rijndael's operations are
1030	  among the easiest to defend against power and timing attacks.
1031
1032	  The AES specifies three key sizes: 128, 192 and 256 bits
1033
1034	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1035
1036	  In addition to AES cipher algorithm support, the acceleration
1037	  for some popular block cipher mode is supported too, including
1038	  ECB and CBC.
1039
1040config CRYPTO_AES_PPC_SPE
1041	tristate "AES cipher algorithms (PPC SPE)"
1042	depends on PPC && SPE
1043	help
1044	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1045	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1046	  This module should only be used for low power (router) devices
1047	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1048	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1049	  timining attacks. Nevertheless it might be not as secure as other
1050	  architecture specific assembler implementations that work on 1KB
1051	  tables or 256 bytes S-boxes.
1052
1053config CRYPTO_ANUBIS
1054	tristate "Anubis cipher algorithm"
1055	select CRYPTO_ALGAPI
1056	help
1057	  Anubis cipher algorithm.
1058
1059	  Anubis is a variable key length cipher which can use keys from
1060	  128 bits to 320 bits in length.  It was evaluated as a entrant
1061	  in the NESSIE competition.
1062
1063	  See also:
1064	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1065	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1066
1067config CRYPTO_ARC4
1068	tristate "ARC4 cipher algorithm"
1069	select CRYPTO_BLKCIPHER
1070	help
1071	  ARC4 cipher algorithm.
1072
1073	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1074	  bits in length.  This algorithm is required for driver-based
1075	  WEP, but it should not be for other purposes because of the
1076	  weakness of the algorithm.
1077
1078config CRYPTO_BLOWFISH
1079	tristate "Blowfish cipher algorithm"
1080	select CRYPTO_ALGAPI
1081	select CRYPTO_BLOWFISH_COMMON
1082	help
1083	  Blowfish cipher algorithm, by Bruce Schneier.
1084
1085	  This is a variable key length cipher which can use keys from 32
1086	  bits to 448 bits in length.  It's fast, simple and specifically
1087	  designed for use on "large microprocessors".
1088
1089	  See also:
1090	  <http://www.schneier.com/blowfish.html>
1091
1092config CRYPTO_BLOWFISH_COMMON
1093	tristate
1094	help
1095	  Common parts of the Blowfish cipher algorithm shared by the
1096	  generic c and the assembler implementations.
1097
1098	  See also:
1099	  <http://www.schneier.com/blowfish.html>
1100
1101config CRYPTO_BLOWFISH_X86_64
1102	tristate "Blowfish cipher algorithm (x86_64)"
1103	depends on X86 && 64BIT
1104	select CRYPTO_ALGAPI
1105	select CRYPTO_BLOWFISH_COMMON
1106	help
1107	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1108
1109	  This is a variable key length cipher which can use keys from 32
1110	  bits to 448 bits in length.  It's fast, simple and specifically
1111	  designed for use on "large microprocessors".
1112
1113	  See also:
1114	  <http://www.schneier.com/blowfish.html>
1115
1116config CRYPTO_CAMELLIA
1117	tristate "Camellia cipher algorithms"
1118	depends on CRYPTO
1119	select CRYPTO_ALGAPI
1120	help
1121	  Camellia cipher algorithms module.
1122
1123	  Camellia is a symmetric key block cipher developed jointly
1124	  at NTT and Mitsubishi Electric Corporation.
1125
1126	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1127
1128	  See also:
1129	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1130
1131config CRYPTO_CAMELLIA_X86_64
1132	tristate "Camellia cipher algorithm (x86_64)"
1133	depends on X86 && 64BIT
1134	depends on CRYPTO
1135	select CRYPTO_ALGAPI
1136	select CRYPTO_GLUE_HELPER_X86
1137	select CRYPTO_LRW
1138	select CRYPTO_XTS
1139	help
1140	  Camellia cipher algorithm module (x86_64).
1141
1142	  Camellia is a symmetric key block cipher developed jointly
1143	  at NTT and Mitsubishi Electric Corporation.
1144
1145	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1146
1147	  See also:
1148	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1149
1150config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1151	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1152	depends on X86 && 64BIT
1153	depends on CRYPTO
1154	select CRYPTO_ALGAPI
1155	select CRYPTO_CRYPTD
1156	select CRYPTO_ABLK_HELPER
1157	select CRYPTO_GLUE_HELPER_X86
1158	select CRYPTO_CAMELLIA_X86_64
1159	select CRYPTO_LRW
1160	select CRYPTO_XTS
1161	help
1162	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1163
1164	  Camellia is a symmetric key block cipher developed jointly
1165	  at NTT and Mitsubishi Electric Corporation.
1166
1167	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1168
1169	  See also:
1170	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1171
1172config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1173	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1174	depends on X86 && 64BIT
1175	depends on CRYPTO
1176	select CRYPTO_ALGAPI
1177	select CRYPTO_CRYPTD
1178	select CRYPTO_ABLK_HELPER
1179	select CRYPTO_GLUE_HELPER_X86
1180	select CRYPTO_CAMELLIA_X86_64
1181	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1182	select CRYPTO_LRW
1183	select CRYPTO_XTS
1184	help
1185	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1186
1187	  Camellia is a symmetric key block cipher developed jointly
1188	  at NTT and Mitsubishi Electric Corporation.
1189
1190	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1191
1192	  See also:
1193	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1194
1195config CRYPTO_CAMELLIA_SPARC64
1196	tristate "Camellia cipher algorithm (SPARC64)"
1197	depends on SPARC64
1198	depends on CRYPTO
1199	select CRYPTO_ALGAPI
1200	help
1201	  Camellia cipher algorithm module (SPARC64).
1202
1203	  Camellia is a symmetric key block cipher developed jointly
1204	  at NTT and Mitsubishi Electric Corporation.
1205
1206	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1207
1208	  See also:
1209	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1210
1211config CRYPTO_CAST_COMMON
1212	tristate
1213	help
1214	  Common parts of the CAST cipher algorithms shared by the
1215	  generic c and the assembler implementations.
1216
1217config CRYPTO_CAST5
1218	tristate "CAST5 (CAST-128) cipher algorithm"
1219	select CRYPTO_ALGAPI
1220	select CRYPTO_CAST_COMMON
1221	help
1222	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1223	  described in RFC2144.
1224
1225config CRYPTO_CAST5_AVX_X86_64
1226	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1227	depends on X86 && 64BIT
1228	select CRYPTO_ALGAPI
1229	select CRYPTO_CRYPTD
1230	select CRYPTO_ABLK_HELPER
1231	select CRYPTO_CAST_COMMON
1232	select CRYPTO_CAST5
1233	help
1234	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1235	  described in RFC2144.
1236
1237	  This module provides the Cast5 cipher algorithm that processes
1238	  sixteen blocks parallel using the AVX instruction set.
1239
1240config CRYPTO_CAST6
1241	tristate "CAST6 (CAST-256) cipher algorithm"
1242	select CRYPTO_ALGAPI
1243	select CRYPTO_CAST_COMMON
1244	help
1245	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1246	  described in RFC2612.
1247
1248config CRYPTO_CAST6_AVX_X86_64
1249	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1250	depends on X86 && 64BIT
1251	select CRYPTO_ALGAPI
1252	select CRYPTO_CRYPTD
1253	select CRYPTO_ABLK_HELPER
1254	select CRYPTO_GLUE_HELPER_X86
1255	select CRYPTO_CAST_COMMON
1256	select CRYPTO_CAST6
1257	select CRYPTO_LRW
1258	select CRYPTO_XTS
1259	help
1260	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1261	  described in RFC2612.
1262
1263	  This module provides the Cast6 cipher algorithm that processes
1264	  eight blocks parallel using the AVX instruction set.
1265
1266config CRYPTO_DES
1267	tristate "DES and Triple DES EDE cipher algorithms"
1268	select CRYPTO_ALGAPI
1269	help
1270	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1271
1272config CRYPTO_DES_SPARC64
1273	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1274	depends on SPARC64
1275	select CRYPTO_ALGAPI
1276	select CRYPTO_DES
1277	help
1278	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1279	  optimized using SPARC64 crypto opcodes.
1280
1281config CRYPTO_DES3_EDE_X86_64
1282	tristate "Triple DES EDE cipher algorithm (x86-64)"
1283	depends on X86 && 64BIT
1284	select CRYPTO_ALGAPI
1285	select CRYPTO_DES
1286	help
1287	  Triple DES EDE (FIPS 46-3) algorithm.
1288
1289	  This module provides implementation of the Triple DES EDE cipher
1290	  algorithm that is optimized for x86-64 processors. Two versions of
1291	  algorithm are provided; regular processing one input block and
1292	  one that processes three blocks parallel.
1293
1294config CRYPTO_FCRYPT
1295	tristate "FCrypt cipher algorithm"
1296	select CRYPTO_ALGAPI
1297	select CRYPTO_BLKCIPHER
1298	help
1299	  FCrypt algorithm used by RxRPC.
1300
1301config CRYPTO_KHAZAD
1302	tristate "Khazad cipher algorithm"
1303	select CRYPTO_ALGAPI
1304	help
1305	  Khazad cipher algorithm.
1306
1307	  Khazad was a finalist in the initial NESSIE competition.  It is
1308	  an algorithm optimized for 64-bit processors with good performance
1309	  on 32-bit processors.  Khazad uses an 128 bit key size.
1310
1311	  See also:
1312	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1313
1314config CRYPTO_SALSA20
1315	tristate "Salsa20 stream cipher algorithm"
1316	select CRYPTO_BLKCIPHER
1317	help
1318	  Salsa20 stream cipher algorithm.
1319
1320	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1321	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1322
1323	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1324	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1325
1326config CRYPTO_SALSA20_586
1327	tristate "Salsa20 stream cipher algorithm (i586)"
1328	depends on (X86 || UML_X86) && !64BIT
1329	select CRYPTO_BLKCIPHER
1330	help
1331	  Salsa20 stream cipher algorithm.
1332
1333	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1334	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1335
1336	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1337	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1338
1339config CRYPTO_SALSA20_X86_64
1340	tristate "Salsa20 stream cipher algorithm (x86_64)"
1341	depends on (X86 || UML_X86) && 64BIT
1342	select CRYPTO_BLKCIPHER
1343	help
1344	  Salsa20 stream cipher algorithm.
1345
1346	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1347	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1348
1349	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1350	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1351
1352config CRYPTO_CHACHA20
1353	tristate "ChaCha20 cipher algorithm"
1354	select CRYPTO_BLKCIPHER
1355	help
1356	  ChaCha20 cipher algorithm, RFC7539.
1357
1358	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1359	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1360	  This is the portable C implementation of ChaCha20.
1361
1362	  See also:
1363	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1364
1365config CRYPTO_CHACHA20_X86_64
1366	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1367	depends on X86 && 64BIT
1368	select CRYPTO_BLKCIPHER
1369	select CRYPTO_CHACHA20
1370	help
1371	  ChaCha20 cipher algorithm, RFC7539.
1372
1373	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1374	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1375	  This is the x86_64 assembler implementation using SIMD instructions.
1376
1377	  See also:
1378	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1379
1380config CRYPTO_SEED
1381	tristate "SEED cipher algorithm"
1382	select CRYPTO_ALGAPI
1383	help
1384	  SEED cipher algorithm (RFC4269).
1385
1386	  SEED is a 128-bit symmetric key block cipher that has been
1387	  developed by KISA (Korea Information Security Agency) as a
1388	  national standard encryption algorithm of the Republic of Korea.
1389	  It is a 16 round block cipher with the key size of 128 bit.
1390
1391	  See also:
1392	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1393
1394config CRYPTO_SERPENT
1395	tristate "Serpent cipher algorithm"
1396	select CRYPTO_ALGAPI
1397	help
1398	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1399
1400	  Keys are allowed to be from 0 to 256 bits in length, in steps
1401	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1402	  variant of Serpent for compatibility with old kerneli.org code.
1403
1404	  See also:
1405	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1406
1407config CRYPTO_SERPENT_SSE2_X86_64
1408	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1409	depends on X86 && 64BIT
1410	select CRYPTO_ALGAPI
1411	select CRYPTO_CRYPTD
1412	select CRYPTO_ABLK_HELPER
1413	select CRYPTO_GLUE_HELPER_X86
1414	select CRYPTO_SERPENT
1415	select CRYPTO_LRW
1416	select CRYPTO_XTS
1417	help
1418	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1419
1420	  Keys are allowed to be from 0 to 256 bits in length, in steps
1421	  of 8 bits.
1422
1423	  This module provides Serpent cipher algorithm that processes eight
1424	  blocks parallel using SSE2 instruction set.
1425
1426	  See also:
1427	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1428
1429config CRYPTO_SERPENT_SSE2_586
1430	tristate "Serpent cipher algorithm (i586/SSE2)"
1431	depends on X86 && !64BIT
1432	select CRYPTO_ALGAPI
1433	select CRYPTO_CRYPTD
1434	select CRYPTO_ABLK_HELPER
1435	select CRYPTO_GLUE_HELPER_X86
1436	select CRYPTO_SERPENT
1437	select CRYPTO_LRW
1438	select CRYPTO_XTS
1439	help
1440	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1441
1442	  Keys are allowed to be from 0 to 256 bits in length, in steps
1443	  of 8 bits.
1444
1445	  This module provides Serpent cipher algorithm that processes four
1446	  blocks parallel using SSE2 instruction set.
1447
1448	  See also:
1449	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1450
1451config CRYPTO_SERPENT_AVX_X86_64
1452	tristate "Serpent cipher algorithm (x86_64/AVX)"
1453	depends on X86 && 64BIT
1454	select CRYPTO_ALGAPI
1455	select CRYPTO_CRYPTD
1456	select CRYPTO_ABLK_HELPER
1457	select CRYPTO_GLUE_HELPER_X86
1458	select CRYPTO_SERPENT
1459	select CRYPTO_LRW
1460	select CRYPTO_XTS
1461	help
1462	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1463
1464	  Keys are allowed to be from 0 to 256 bits in length, in steps
1465	  of 8 bits.
1466
1467	  This module provides the Serpent cipher algorithm that processes
1468	  eight blocks parallel using the AVX instruction set.
1469
1470	  See also:
1471	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1472
1473config CRYPTO_SERPENT_AVX2_X86_64
1474	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1475	depends on X86 && 64BIT
1476	select CRYPTO_ALGAPI
1477	select CRYPTO_CRYPTD
1478	select CRYPTO_ABLK_HELPER
1479	select CRYPTO_GLUE_HELPER_X86
1480	select CRYPTO_SERPENT
1481	select CRYPTO_SERPENT_AVX_X86_64
1482	select CRYPTO_LRW
1483	select CRYPTO_XTS
1484	help
1485	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1486
1487	  Keys are allowed to be from 0 to 256 bits in length, in steps
1488	  of 8 bits.
1489
1490	  This module provides Serpent cipher algorithm that processes 16
1491	  blocks parallel using AVX2 instruction set.
1492
1493	  See also:
1494	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1495
1496config CRYPTO_TEA
1497	tristate "TEA, XTEA and XETA cipher algorithms"
1498	select CRYPTO_ALGAPI
1499	help
1500	  TEA cipher algorithm.
1501
1502	  Tiny Encryption Algorithm is a simple cipher that uses
1503	  many rounds for security.  It is very fast and uses
1504	  little memory.
1505
1506	  Xtendend Tiny Encryption Algorithm is a modification to
1507	  the TEA algorithm to address a potential key weakness
1508	  in the TEA algorithm.
1509
1510	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1511	  of the XTEA algorithm for compatibility purposes.
1512
1513config CRYPTO_TWOFISH
1514	tristate "Twofish cipher algorithm"
1515	select CRYPTO_ALGAPI
1516	select CRYPTO_TWOFISH_COMMON
1517	help
1518	  Twofish cipher algorithm.
1519
1520	  Twofish was submitted as an AES (Advanced Encryption Standard)
1521	  candidate cipher by researchers at CounterPane Systems.  It is a
1522	  16 round block cipher supporting key sizes of 128, 192, and 256
1523	  bits.
1524
1525	  See also:
1526	  <http://www.schneier.com/twofish.html>
1527
1528config CRYPTO_TWOFISH_COMMON
1529	tristate
1530	help
1531	  Common parts of the Twofish cipher algorithm shared by the
1532	  generic c and the assembler implementations.
1533
1534config CRYPTO_TWOFISH_586
1535	tristate "Twofish cipher algorithms (i586)"
1536	depends on (X86 || UML_X86) && !64BIT
1537	select CRYPTO_ALGAPI
1538	select CRYPTO_TWOFISH_COMMON
1539	help
1540	  Twofish cipher algorithm.
1541
1542	  Twofish was submitted as an AES (Advanced Encryption Standard)
1543	  candidate cipher by researchers at CounterPane Systems.  It is a
1544	  16 round block cipher supporting key sizes of 128, 192, and 256
1545	  bits.
1546
1547	  See also:
1548	  <http://www.schneier.com/twofish.html>
1549
1550config CRYPTO_TWOFISH_X86_64
1551	tristate "Twofish cipher algorithm (x86_64)"
1552	depends on (X86 || UML_X86) && 64BIT
1553	select CRYPTO_ALGAPI
1554	select CRYPTO_TWOFISH_COMMON
1555	help
1556	  Twofish cipher algorithm (x86_64).
1557
1558	  Twofish was submitted as an AES (Advanced Encryption Standard)
1559	  candidate cipher by researchers at CounterPane Systems.  It is a
1560	  16 round block cipher supporting key sizes of 128, 192, and 256
1561	  bits.
1562
1563	  See also:
1564	  <http://www.schneier.com/twofish.html>
1565
1566config CRYPTO_TWOFISH_X86_64_3WAY
1567	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1568	depends on X86 && 64BIT
1569	select CRYPTO_ALGAPI
1570	select CRYPTO_TWOFISH_COMMON
1571	select CRYPTO_TWOFISH_X86_64
1572	select CRYPTO_GLUE_HELPER_X86
1573	select CRYPTO_LRW
1574	select CRYPTO_XTS
1575	help
1576	  Twofish cipher algorithm (x86_64, 3-way parallel).
1577
1578	  Twofish was submitted as an AES (Advanced Encryption Standard)
1579	  candidate cipher by researchers at CounterPane Systems.  It is a
1580	  16 round block cipher supporting key sizes of 128, 192, and 256
1581	  bits.
1582
1583	  This module provides Twofish cipher algorithm that processes three
1584	  blocks parallel, utilizing resources of out-of-order CPUs better.
1585
1586	  See also:
1587	  <http://www.schneier.com/twofish.html>
1588
1589config CRYPTO_TWOFISH_AVX_X86_64
1590	tristate "Twofish cipher algorithm (x86_64/AVX)"
1591	depends on X86 && 64BIT
1592	select CRYPTO_ALGAPI
1593	select CRYPTO_CRYPTD
1594	select CRYPTO_ABLK_HELPER
1595	select CRYPTO_GLUE_HELPER_X86
1596	select CRYPTO_TWOFISH_COMMON
1597	select CRYPTO_TWOFISH_X86_64
1598	select CRYPTO_TWOFISH_X86_64_3WAY
1599	select CRYPTO_LRW
1600	select CRYPTO_XTS
1601	help
1602	  Twofish cipher algorithm (x86_64/AVX).
1603
1604	  Twofish was submitted as an AES (Advanced Encryption Standard)
1605	  candidate cipher by researchers at CounterPane Systems.  It is a
1606	  16 round block cipher supporting key sizes of 128, 192, and 256
1607	  bits.
1608
1609	  This module provides the Twofish cipher algorithm that processes
1610	  eight blocks parallel using the AVX Instruction Set.
1611
1612	  See also:
1613	  <http://www.schneier.com/twofish.html>
1614
1615comment "Compression"
1616
1617config CRYPTO_DEFLATE
1618	tristate "Deflate compression algorithm"
1619	select CRYPTO_ALGAPI
1620	select CRYPTO_ACOMP2
1621	select ZLIB_INFLATE
1622	select ZLIB_DEFLATE
1623	help
1624	  This is the Deflate algorithm (RFC1951), specified for use in
1625	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1626
1627	  You will most probably want this if using IPSec.
1628
1629config CRYPTO_LZO
1630	tristate "LZO compression algorithm"
1631	select CRYPTO_ALGAPI
1632	select CRYPTO_ACOMP2
1633	select LZO_COMPRESS
1634	select LZO_DECOMPRESS
1635	help
1636	  This is the LZO algorithm.
1637
1638config CRYPTO_842
1639	tristate "842 compression algorithm"
1640	select CRYPTO_ALGAPI
1641	select CRYPTO_ACOMP2
1642	select 842_COMPRESS
1643	select 842_DECOMPRESS
1644	help
1645	  This is the 842 algorithm.
1646
1647config CRYPTO_LZ4
1648	tristate "LZ4 compression algorithm"
1649	select CRYPTO_ALGAPI
1650	select CRYPTO_ACOMP2
1651	select LZ4_COMPRESS
1652	select LZ4_DECOMPRESS
1653	help
1654	  This is the LZ4 algorithm.
1655
1656config CRYPTO_LZ4HC
1657	tristate "LZ4HC compression algorithm"
1658	select CRYPTO_ALGAPI
1659	select CRYPTO_ACOMP2
1660	select LZ4HC_COMPRESS
1661	select LZ4_DECOMPRESS
1662	help
1663	  This is the LZ4 high compression mode algorithm.
1664
1665comment "Random Number Generation"
1666
1667config CRYPTO_ANSI_CPRNG
1668	tristate "Pseudo Random Number Generation for Cryptographic modules"
1669	select CRYPTO_AES
1670	select CRYPTO_RNG
1671	help
1672	  This option enables the generic pseudo random number generator
1673	  for cryptographic modules.  Uses the Algorithm specified in
1674	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1675	  CRYPTO_FIPS is selected
1676
1677menuconfig CRYPTO_DRBG_MENU
1678	tristate "NIST SP800-90A DRBG"
1679	help
1680	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1681	  more of the DRBG types must be selected.
1682
1683if CRYPTO_DRBG_MENU
1684
1685config CRYPTO_DRBG_HMAC
1686	bool
1687	default y
1688	select CRYPTO_HMAC
1689	select CRYPTO_SHA256
1690
1691config CRYPTO_DRBG_HASH
1692	bool "Enable Hash DRBG"
1693	select CRYPTO_SHA256
1694	help
1695	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1696
1697config CRYPTO_DRBG_CTR
1698	bool "Enable CTR DRBG"
1699	select CRYPTO_AES
1700	depends on CRYPTO_CTR
1701	help
1702	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1703
1704config CRYPTO_DRBG
1705	tristate
1706	default CRYPTO_DRBG_MENU
1707	select CRYPTO_RNG
1708	select CRYPTO_JITTERENTROPY
1709
1710endif	# if CRYPTO_DRBG_MENU
1711
1712config CRYPTO_JITTERENTROPY
1713	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1714	select CRYPTO_RNG
1715	help
1716	  The Jitterentropy RNG is a noise that is intended
1717	  to provide seed to another RNG. The RNG does not
1718	  perform any cryptographic whitening of the generated
1719	  random numbers. This Jitterentropy RNG registers with
1720	  the kernel crypto API and can be used by any caller.
1721
1722config CRYPTO_USER_API
1723	tristate
1724
1725config CRYPTO_USER_API_HASH
1726	tristate "User-space interface for hash algorithms"
1727	depends on NET
1728	select CRYPTO_HASH
1729	select CRYPTO_USER_API
1730	help
1731	  This option enables the user-spaces interface for hash
1732	  algorithms.
1733
1734config CRYPTO_USER_API_SKCIPHER
1735	tristate "User-space interface for symmetric key cipher algorithms"
1736	depends on NET
1737	select CRYPTO_BLKCIPHER
1738	select CRYPTO_USER_API
1739	help
1740	  This option enables the user-spaces interface for symmetric
1741	  key cipher algorithms.
1742
1743config CRYPTO_USER_API_RNG
1744	tristate "User-space interface for random number generator algorithms"
1745	depends on NET
1746	select CRYPTO_RNG
1747	select CRYPTO_USER_API
1748	help
1749	  This option enables the user-spaces interface for random
1750	  number generator algorithms.
1751
1752config CRYPTO_USER_API_AEAD
1753	tristate "User-space interface for AEAD cipher algorithms"
1754	depends on NET
1755	select CRYPTO_AEAD
1756	select CRYPTO_USER_API
1757	help
1758	  This option enables the user-spaces interface for AEAD
1759	  cipher algorithms.
1760
1761config CRYPTO_HASH_INFO
1762	bool
1763
1764source "drivers/crypto/Kconfig"
1765source crypto/asymmetric_keys/Kconfig
1766source certs/Kconfig
1767
1768endif	# if CRYPTO
1769