xref: /openbmc/linux/crypto/Kconfig (revision 7587eb18)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51	select CRYPTO_NULL2
52	select CRYPTO_RNG2
53
54config CRYPTO_BLKCIPHER
55	tristate
56	select CRYPTO_BLKCIPHER2
57	select CRYPTO_ALGAPI
58
59config CRYPTO_BLKCIPHER2
60	tristate
61	select CRYPTO_ALGAPI2
62	select CRYPTO_RNG2
63	select CRYPTO_WORKQUEUE
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_RSA
97	tristate "RSA algorithm"
98	select CRYPTO_AKCIPHER
99	select CRYPTO_MANAGER
100	select MPILIB
101	select ASN1
102	help
103	  Generic implementation of the RSA public key algorithm.
104
105config CRYPTO_MANAGER
106	tristate "Cryptographic algorithm manager"
107	select CRYPTO_MANAGER2
108	help
109	  Create default cryptographic template instantiations such as
110	  cbc(aes).
111
112config CRYPTO_MANAGER2
113	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
114	select CRYPTO_AEAD2
115	select CRYPTO_HASH2
116	select CRYPTO_BLKCIPHER2
117	select CRYPTO_AKCIPHER2
118
119config CRYPTO_USER
120	tristate "Userspace cryptographic algorithm configuration"
121	depends on NET
122	select CRYPTO_MANAGER
123	help
124	  Userspace configuration for cryptographic instantiations such as
125	  cbc(aes).
126
127config CRYPTO_MANAGER_DISABLE_TESTS
128	bool "Disable run-time self tests"
129	default y
130	depends on CRYPTO_MANAGER2
131	help
132	  Disable run-time self tests that normally take place at
133	  algorithm registration.
134
135config CRYPTO_GF128MUL
136	tristate "GF(2^128) multiplication functions"
137	help
138	  Efficient table driven implementation of multiplications in the
139	  field GF(2^128).  This is needed by some cypher modes. This
140	  option will be selected automatically if you select such a
141	  cipher mode.  Only select this option by hand if you expect to load
142	  an external module that requires these functions.
143
144config CRYPTO_NULL
145	tristate "Null algorithms"
146	select CRYPTO_NULL2
147	help
148	  These are 'Null' algorithms, used by IPsec, which do nothing.
149
150config CRYPTO_NULL2
151	tristate
152	select CRYPTO_ALGAPI2
153	select CRYPTO_BLKCIPHER2
154	select CRYPTO_HASH2
155
156config CRYPTO_PCRYPT
157	tristate "Parallel crypto engine"
158	depends on SMP
159	select PADATA
160	select CRYPTO_MANAGER
161	select CRYPTO_AEAD
162	help
163	  This converts an arbitrary crypto algorithm into a parallel
164	  algorithm that executes in kernel threads.
165
166config CRYPTO_WORKQUEUE
167       tristate
168
169config CRYPTO_CRYPTD
170	tristate "Software async crypto daemon"
171	select CRYPTO_BLKCIPHER
172	select CRYPTO_HASH
173	select CRYPTO_MANAGER
174	select CRYPTO_WORKQUEUE
175	help
176	  This is a generic software asynchronous crypto daemon that
177	  converts an arbitrary synchronous software crypto algorithm
178	  into an asynchronous algorithm that executes in a kernel thread.
179
180config CRYPTO_MCRYPTD
181	tristate "Software async multi-buffer crypto daemon"
182	select CRYPTO_BLKCIPHER
183	select CRYPTO_HASH
184	select CRYPTO_MANAGER
185	select CRYPTO_WORKQUEUE
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  provides the kernel thread to assist multi-buffer crypto
189	  algorithms for submitting jobs and flushing jobs in multi-buffer
190	  crypto algorithms.  Multi-buffer crypto algorithms are executed
191	  in the context of this kernel thread and drivers can post
192	  their crypto request asynchronously to be processed by this daemon.
193
194config CRYPTO_AUTHENC
195	tristate "Authenc support"
196	select CRYPTO_AEAD
197	select CRYPTO_BLKCIPHER
198	select CRYPTO_MANAGER
199	select CRYPTO_HASH
200	select CRYPTO_NULL
201	help
202	  Authenc: Combined mode wrapper for IPsec.
203	  This is required for IPSec.
204
205config CRYPTO_TEST
206	tristate "Testing module"
207	depends on m
208	select CRYPTO_MANAGER
209	help
210	  Quick & dirty crypto test module.
211
212config CRYPTO_ABLK_HELPER
213	tristate
214	select CRYPTO_CRYPTD
215
216config CRYPTO_GLUE_HELPER_X86
217	tristate
218	depends on X86
219	select CRYPTO_ALGAPI
220
221config CRYPTO_ENGINE
222	tristate
223
224comment "Authenticated Encryption with Associated Data"
225
226config CRYPTO_CCM
227	tristate "CCM support"
228	select CRYPTO_CTR
229	select CRYPTO_AEAD
230	help
231	  Support for Counter with CBC MAC. Required for IPsec.
232
233config CRYPTO_GCM
234	tristate "GCM/GMAC support"
235	select CRYPTO_CTR
236	select CRYPTO_AEAD
237	select CRYPTO_GHASH
238	select CRYPTO_NULL
239	help
240	  Support for Galois/Counter Mode (GCM) and Galois Message
241	  Authentication Code (GMAC). Required for IPSec.
242
243config CRYPTO_CHACHA20POLY1305
244	tristate "ChaCha20-Poly1305 AEAD support"
245	select CRYPTO_CHACHA20
246	select CRYPTO_POLY1305
247	select CRYPTO_AEAD
248	help
249	  ChaCha20-Poly1305 AEAD support, RFC7539.
250
251	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
252	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
253	  IETF protocols.
254
255config CRYPTO_SEQIV
256	tristate "Sequence Number IV Generator"
257	select CRYPTO_AEAD
258	select CRYPTO_BLKCIPHER
259	select CRYPTO_NULL
260	select CRYPTO_RNG_DEFAULT
261	help
262	  This IV generator generates an IV based on a sequence number by
263	  xoring it with a salt.  This algorithm is mainly useful for CTR
264
265config CRYPTO_ECHAINIV
266	tristate "Encrypted Chain IV Generator"
267	select CRYPTO_AEAD
268	select CRYPTO_NULL
269	select CRYPTO_RNG_DEFAULT
270	default m
271	help
272	  This IV generator generates an IV based on the encryption of
273	  a sequence number xored with a salt.  This is the default
274	  algorithm for CBC.
275
276comment "Block modes"
277
278config CRYPTO_CBC
279	tristate "CBC support"
280	select CRYPTO_BLKCIPHER
281	select CRYPTO_MANAGER
282	help
283	  CBC: Cipher Block Chaining mode
284	  This block cipher algorithm is required for IPSec.
285
286config CRYPTO_CTR
287	tristate "CTR support"
288	select CRYPTO_BLKCIPHER
289	select CRYPTO_SEQIV
290	select CRYPTO_MANAGER
291	help
292	  CTR: Counter mode
293	  This block cipher algorithm is required for IPSec.
294
295config CRYPTO_CTS
296	tristate "CTS support"
297	select CRYPTO_BLKCIPHER
298	help
299	  CTS: Cipher Text Stealing
300	  This is the Cipher Text Stealing mode as described by
301	  Section 8 of rfc2040 and referenced by rfc3962.
302	  (rfc3962 includes errata information in its Appendix A)
303	  This mode is required for Kerberos gss mechanism support
304	  for AES encryption.
305
306config CRYPTO_ECB
307	tristate "ECB support"
308	select CRYPTO_BLKCIPHER
309	select CRYPTO_MANAGER
310	help
311	  ECB: Electronic CodeBook mode
312	  This is the simplest block cipher algorithm.  It simply encrypts
313	  the input block by block.
314
315config CRYPTO_LRW
316	tristate "LRW support"
317	select CRYPTO_BLKCIPHER
318	select CRYPTO_MANAGER
319	select CRYPTO_GF128MUL
320	help
321	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
322	  narrow block cipher mode for dm-crypt.  Use it with cipher
323	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
324	  The first 128, 192 or 256 bits in the key are used for AES and the
325	  rest is used to tie each cipher block to its logical position.
326
327config CRYPTO_PCBC
328	tristate "PCBC support"
329	select CRYPTO_BLKCIPHER
330	select CRYPTO_MANAGER
331	help
332	  PCBC: Propagating Cipher Block Chaining mode
333	  This block cipher algorithm is required for RxRPC.
334
335config CRYPTO_XTS
336	tristate "XTS support"
337	select CRYPTO_BLKCIPHER
338	select CRYPTO_MANAGER
339	select CRYPTO_GF128MUL
340	help
341	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
342	  key size 256, 384 or 512 bits. This implementation currently
343	  can't handle a sectorsize which is not a multiple of 16 bytes.
344
345config CRYPTO_KEYWRAP
346	tristate "Key wrapping support"
347	select CRYPTO_BLKCIPHER
348	help
349	  Support for key wrapping (NIST SP800-38F / RFC3394) without
350	  padding.
351
352comment "Hash modes"
353
354config CRYPTO_CMAC
355	tristate "CMAC support"
356	select CRYPTO_HASH
357	select CRYPTO_MANAGER
358	help
359	  Cipher-based Message Authentication Code (CMAC) specified by
360	  The National Institute of Standards and Technology (NIST).
361
362	  https://tools.ietf.org/html/rfc4493
363	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
364
365config CRYPTO_HMAC
366	tristate "HMAC support"
367	select CRYPTO_HASH
368	select CRYPTO_MANAGER
369	help
370	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
371	  This is required for IPSec.
372
373config CRYPTO_XCBC
374	tristate "XCBC support"
375	select CRYPTO_HASH
376	select CRYPTO_MANAGER
377	help
378	  XCBC: Keyed-Hashing with encryption algorithm
379		http://www.ietf.org/rfc/rfc3566.txt
380		http://csrc.nist.gov/encryption/modes/proposedmodes/
381		 xcbc-mac/xcbc-mac-spec.pdf
382
383config CRYPTO_VMAC
384	tristate "VMAC support"
385	select CRYPTO_HASH
386	select CRYPTO_MANAGER
387	help
388	  VMAC is a message authentication algorithm designed for
389	  very high speed on 64-bit architectures.
390
391	  See also:
392	  <http://fastcrypto.org/vmac>
393
394comment "Digest"
395
396config CRYPTO_CRC32C
397	tristate "CRC32c CRC algorithm"
398	select CRYPTO_HASH
399	select CRC32
400	help
401	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
402	  by iSCSI for header and data digests and by others.
403	  See Castagnoli93.  Module will be crc32c.
404
405config CRYPTO_CRC32C_INTEL
406	tristate "CRC32c INTEL hardware acceleration"
407	depends on X86
408	select CRYPTO_HASH
409	help
410	  In Intel processor with SSE4.2 supported, the processor will
411	  support CRC32C implementation using hardware accelerated CRC32
412	  instruction. This option will create 'crc32c-intel' module,
413	  which will enable any routine to use the CRC32 instruction to
414	  gain performance compared with software implementation.
415	  Module will be crc32c-intel.
416
417config CRYPTO_CRC32C_SPARC64
418	tristate "CRC32c CRC algorithm (SPARC64)"
419	depends on SPARC64
420	select CRYPTO_HASH
421	select CRC32
422	help
423	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
424	  when available.
425
426config CRYPTO_CRC32
427	tristate "CRC32 CRC algorithm"
428	select CRYPTO_HASH
429	select CRC32
430	help
431	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
432	  Shash crypto api wrappers to crc32_le function.
433
434config CRYPTO_CRC32_PCLMUL
435	tristate "CRC32 PCLMULQDQ hardware acceleration"
436	depends on X86
437	select CRYPTO_HASH
438	select CRC32
439	help
440	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
441	  and PCLMULQDQ supported, the processor will support
442	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
443	  instruction. This option will create 'crc32-plcmul' module,
444	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
445	  and gain better performance as compared with the table implementation.
446
447config CRYPTO_CRCT10DIF
448	tristate "CRCT10DIF algorithm"
449	select CRYPTO_HASH
450	help
451	  CRC T10 Data Integrity Field computation is being cast as
452	  a crypto transform.  This allows for faster crc t10 diff
453	  transforms to be used if they are available.
454
455config CRYPTO_CRCT10DIF_PCLMUL
456	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
457	depends on X86 && 64BIT && CRC_T10DIF
458	select CRYPTO_HASH
459	help
460	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
461	  CRC T10 DIF PCLMULQDQ computation can be hardware
462	  accelerated PCLMULQDQ instruction. This option will create
463	  'crct10dif-plcmul' module, which is faster when computing the
464	  crct10dif checksum as compared with the generic table implementation.
465
466config CRYPTO_GHASH
467	tristate "GHASH digest algorithm"
468	select CRYPTO_GF128MUL
469	select CRYPTO_HASH
470	help
471	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
472
473config CRYPTO_POLY1305
474	tristate "Poly1305 authenticator algorithm"
475	select CRYPTO_HASH
476	help
477	  Poly1305 authenticator algorithm, RFC7539.
478
479	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
480	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
481	  in IETF protocols. This is the portable C implementation of Poly1305.
482
483config CRYPTO_POLY1305_X86_64
484	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
485	depends on X86 && 64BIT
486	select CRYPTO_POLY1305
487	help
488	  Poly1305 authenticator algorithm, RFC7539.
489
490	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
491	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
492	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
493	  instructions.
494
495config CRYPTO_MD4
496	tristate "MD4 digest algorithm"
497	select CRYPTO_HASH
498	help
499	  MD4 message digest algorithm (RFC1320).
500
501config CRYPTO_MD5
502	tristate "MD5 digest algorithm"
503	select CRYPTO_HASH
504	help
505	  MD5 message digest algorithm (RFC1321).
506
507config CRYPTO_MD5_OCTEON
508	tristate "MD5 digest algorithm (OCTEON)"
509	depends on CPU_CAVIUM_OCTEON
510	select CRYPTO_MD5
511	select CRYPTO_HASH
512	help
513	  MD5 message digest algorithm (RFC1321) implemented
514	  using OCTEON crypto instructions, when available.
515
516config CRYPTO_MD5_PPC
517	tristate "MD5 digest algorithm (PPC)"
518	depends on PPC
519	select CRYPTO_HASH
520	help
521	  MD5 message digest algorithm (RFC1321) implemented
522	  in PPC assembler.
523
524config CRYPTO_MD5_SPARC64
525	tristate "MD5 digest algorithm (SPARC64)"
526	depends on SPARC64
527	select CRYPTO_MD5
528	select CRYPTO_HASH
529	help
530	  MD5 message digest algorithm (RFC1321) implemented
531	  using sparc64 crypto instructions, when available.
532
533config CRYPTO_MICHAEL_MIC
534	tristate "Michael MIC keyed digest algorithm"
535	select CRYPTO_HASH
536	help
537	  Michael MIC is used for message integrity protection in TKIP
538	  (IEEE 802.11i). This algorithm is required for TKIP, but it
539	  should not be used for other purposes because of the weakness
540	  of the algorithm.
541
542config CRYPTO_RMD128
543	tristate "RIPEMD-128 digest algorithm"
544	select CRYPTO_HASH
545	help
546	  RIPEMD-128 (ISO/IEC 10118-3:2004).
547
548	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
549	  be used as a secure replacement for RIPEMD. For other use cases,
550	  RIPEMD-160 should be used.
551
552	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
553	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
554
555config CRYPTO_RMD160
556	tristate "RIPEMD-160 digest algorithm"
557	select CRYPTO_HASH
558	help
559	  RIPEMD-160 (ISO/IEC 10118-3:2004).
560
561	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
562	  to be used as a secure replacement for the 128-bit hash functions
563	  MD4, MD5 and it's predecessor RIPEMD
564	  (not to be confused with RIPEMD-128).
565
566	  It's speed is comparable to SHA1 and there are no known attacks
567	  against RIPEMD-160.
568
569	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
570	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
571
572config CRYPTO_RMD256
573	tristate "RIPEMD-256 digest algorithm"
574	select CRYPTO_HASH
575	help
576	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
577	  256 bit hash. It is intended for applications that require
578	  longer hash-results, without needing a larger security level
579	  (than RIPEMD-128).
580
581	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
582	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
583
584config CRYPTO_RMD320
585	tristate "RIPEMD-320 digest algorithm"
586	select CRYPTO_HASH
587	help
588	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
589	  320 bit hash. It is intended for applications that require
590	  longer hash-results, without needing a larger security level
591	  (than RIPEMD-160).
592
593	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
594	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
595
596config CRYPTO_SHA1
597	tristate "SHA1 digest algorithm"
598	select CRYPTO_HASH
599	help
600	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
601
602config CRYPTO_SHA1_SSSE3
603	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
604	depends on X86 && 64BIT
605	select CRYPTO_SHA1
606	select CRYPTO_HASH
607	help
608	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
609	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
610	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
611	  when available.
612
613config CRYPTO_SHA256_SSSE3
614	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
615	depends on X86 && 64BIT
616	select CRYPTO_SHA256
617	select CRYPTO_HASH
618	help
619	  SHA-256 secure hash standard (DFIPS 180-2) implemented
620	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
621	  Extensions version 1 (AVX1), or Advanced Vector Extensions
622	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
623	  Instructions) when available.
624
625config CRYPTO_SHA512_SSSE3
626	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
627	depends on X86 && 64BIT
628	select CRYPTO_SHA512
629	select CRYPTO_HASH
630	help
631	  SHA-512 secure hash standard (DFIPS 180-2) implemented
632	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
633	  Extensions version 1 (AVX1), or Advanced Vector Extensions
634	  version 2 (AVX2) instructions, when available.
635
636config CRYPTO_SHA1_OCTEON
637	tristate "SHA1 digest algorithm (OCTEON)"
638	depends on CPU_CAVIUM_OCTEON
639	select CRYPTO_SHA1
640	select CRYPTO_HASH
641	help
642	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
643	  using OCTEON crypto instructions, when available.
644
645config CRYPTO_SHA1_SPARC64
646	tristate "SHA1 digest algorithm (SPARC64)"
647	depends on SPARC64
648	select CRYPTO_SHA1
649	select CRYPTO_HASH
650	help
651	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
652	  using sparc64 crypto instructions, when available.
653
654config CRYPTO_SHA1_PPC
655	tristate "SHA1 digest algorithm (powerpc)"
656	depends on PPC
657	help
658	  This is the powerpc hardware accelerated implementation of the
659	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
660
661config CRYPTO_SHA1_PPC_SPE
662	tristate "SHA1 digest algorithm (PPC SPE)"
663	depends on PPC && SPE
664	help
665	  SHA-1 secure hash standard (DFIPS 180-4) implemented
666	  using powerpc SPE SIMD instruction set.
667
668config CRYPTO_SHA1_MB
669	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
670	depends on X86 && 64BIT
671	select CRYPTO_SHA1
672	select CRYPTO_HASH
673	select CRYPTO_MCRYPTD
674	help
675	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
676	  using multi-buffer technique.  This algorithm computes on
677	  multiple data lanes concurrently with SIMD instructions for
678	  better throughput.  It should not be enabled by default but
679	  used when there is significant amount of work to keep the keep
680	  the data lanes filled to get performance benefit.  If the data
681	  lanes remain unfilled, a flush operation will be initiated to
682	  process the crypto jobs, adding a slight latency.
683
684config CRYPTO_SHA256
685	tristate "SHA224 and SHA256 digest algorithm"
686	select CRYPTO_HASH
687	help
688	  SHA256 secure hash standard (DFIPS 180-2).
689
690	  This version of SHA implements a 256 bit hash with 128 bits of
691	  security against collision attacks.
692
693	  This code also includes SHA-224, a 224 bit hash with 112 bits
694	  of security against collision attacks.
695
696config CRYPTO_SHA256_PPC_SPE
697	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
698	depends on PPC && SPE
699	select CRYPTO_SHA256
700	select CRYPTO_HASH
701	help
702	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
703	  implemented using powerpc SPE SIMD instruction set.
704
705config CRYPTO_SHA256_OCTEON
706	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
707	depends on CPU_CAVIUM_OCTEON
708	select CRYPTO_SHA256
709	select CRYPTO_HASH
710	help
711	  SHA-256 secure hash standard (DFIPS 180-2) implemented
712	  using OCTEON crypto instructions, when available.
713
714config CRYPTO_SHA256_SPARC64
715	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
716	depends on SPARC64
717	select CRYPTO_SHA256
718	select CRYPTO_HASH
719	help
720	  SHA-256 secure hash standard (DFIPS 180-2) implemented
721	  using sparc64 crypto instructions, when available.
722
723config CRYPTO_SHA512
724	tristate "SHA384 and SHA512 digest algorithms"
725	select CRYPTO_HASH
726	help
727	  SHA512 secure hash standard (DFIPS 180-2).
728
729	  This version of SHA implements a 512 bit hash with 256 bits of
730	  security against collision attacks.
731
732	  This code also includes SHA-384, a 384 bit hash with 192 bits
733	  of security against collision attacks.
734
735config CRYPTO_SHA512_OCTEON
736	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
737	depends on CPU_CAVIUM_OCTEON
738	select CRYPTO_SHA512
739	select CRYPTO_HASH
740	help
741	  SHA-512 secure hash standard (DFIPS 180-2) implemented
742	  using OCTEON crypto instructions, when available.
743
744config CRYPTO_SHA512_SPARC64
745	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
746	depends on SPARC64
747	select CRYPTO_SHA512
748	select CRYPTO_HASH
749	help
750	  SHA-512 secure hash standard (DFIPS 180-2) implemented
751	  using sparc64 crypto instructions, when available.
752
753config CRYPTO_TGR192
754	tristate "Tiger digest algorithms"
755	select CRYPTO_HASH
756	help
757	  Tiger hash algorithm 192, 160 and 128-bit hashes
758
759	  Tiger is a hash function optimized for 64-bit processors while
760	  still having decent performance on 32-bit processors.
761	  Tiger was developed by Ross Anderson and Eli Biham.
762
763	  See also:
764	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
765
766config CRYPTO_WP512
767	tristate "Whirlpool digest algorithms"
768	select CRYPTO_HASH
769	help
770	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
771
772	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
773	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
774
775	  See also:
776	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
777
778config CRYPTO_GHASH_CLMUL_NI_INTEL
779	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
780	depends on X86 && 64BIT
781	select CRYPTO_CRYPTD
782	help
783	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
784	  The implementation is accelerated by CLMUL-NI of Intel.
785
786comment "Ciphers"
787
788config CRYPTO_AES
789	tristate "AES cipher algorithms"
790	select CRYPTO_ALGAPI
791	help
792	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
793	  algorithm.
794
795	  Rijndael appears to be consistently a very good performer in
796	  both hardware and software across a wide range of computing
797	  environments regardless of its use in feedback or non-feedback
798	  modes. Its key setup time is excellent, and its key agility is
799	  good. Rijndael's very low memory requirements make it very well
800	  suited for restricted-space environments, in which it also
801	  demonstrates excellent performance. Rijndael's operations are
802	  among the easiest to defend against power and timing attacks.
803
804	  The AES specifies three key sizes: 128, 192 and 256 bits
805
806	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
807
808config CRYPTO_AES_586
809	tristate "AES cipher algorithms (i586)"
810	depends on (X86 || UML_X86) && !64BIT
811	select CRYPTO_ALGAPI
812	select CRYPTO_AES
813	help
814	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
815	  algorithm.
816
817	  Rijndael appears to be consistently a very good performer in
818	  both hardware and software across a wide range of computing
819	  environments regardless of its use in feedback or non-feedback
820	  modes. Its key setup time is excellent, and its key agility is
821	  good. Rijndael's very low memory requirements make it very well
822	  suited for restricted-space environments, in which it also
823	  demonstrates excellent performance. Rijndael's operations are
824	  among the easiest to defend against power and timing attacks.
825
826	  The AES specifies three key sizes: 128, 192 and 256 bits
827
828	  See <http://csrc.nist.gov/encryption/aes/> for more information.
829
830config CRYPTO_AES_X86_64
831	tristate "AES cipher algorithms (x86_64)"
832	depends on (X86 || UML_X86) && 64BIT
833	select CRYPTO_ALGAPI
834	select CRYPTO_AES
835	help
836	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
837	  algorithm.
838
839	  Rijndael appears to be consistently a very good performer in
840	  both hardware and software across a wide range of computing
841	  environments regardless of its use in feedback or non-feedback
842	  modes. Its key setup time is excellent, and its key agility is
843	  good. Rijndael's very low memory requirements make it very well
844	  suited for restricted-space environments, in which it also
845	  demonstrates excellent performance. Rijndael's operations are
846	  among the easiest to defend against power and timing attacks.
847
848	  The AES specifies three key sizes: 128, 192 and 256 bits
849
850	  See <http://csrc.nist.gov/encryption/aes/> for more information.
851
852config CRYPTO_AES_NI_INTEL
853	tristate "AES cipher algorithms (AES-NI)"
854	depends on X86
855	select CRYPTO_AES_X86_64 if 64BIT
856	select CRYPTO_AES_586 if !64BIT
857	select CRYPTO_CRYPTD
858	select CRYPTO_ABLK_HELPER
859	select CRYPTO_ALGAPI
860	select CRYPTO_GLUE_HELPER_X86 if 64BIT
861	select CRYPTO_LRW
862	select CRYPTO_XTS
863	help
864	  Use Intel AES-NI instructions for AES algorithm.
865
866	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
867	  algorithm.
868
869	  Rijndael appears to be consistently a very good performer in
870	  both hardware and software across a wide range of computing
871	  environments regardless of its use in feedback or non-feedback
872	  modes. Its key setup time is excellent, and its key agility is
873	  good. Rijndael's very low memory requirements make it very well
874	  suited for restricted-space environments, in which it also
875	  demonstrates excellent performance. Rijndael's operations are
876	  among the easiest to defend against power and timing attacks.
877
878	  The AES specifies three key sizes: 128, 192 and 256 bits
879
880	  See <http://csrc.nist.gov/encryption/aes/> for more information.
881
882	  In addition to AES cipher algorithm support, the acceleration
883	  for some popular block cipher mode is supported too, including
884	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
885	  acceleration for CTR.
886
887config CRYPTO_AES_SPARC64
888	tristate "AES cipher algorithms (SPARC64)"
889	depends on SPARC64
890	select CRYPTO_CRYPTD
891	select CRYPTO_ALGAPI
892	help
893	  Use SPARC64 crypto opcodes for AES algorithm.
894
895	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
896	  algorithm.
897
898	  Rijndael appears to be consistently a very good performer in
899	  both hardware and software across a wide range of computing
900	  environments regardless of its use in feedback or non-feedback
901	  modes. Its key setup time is excellent, and its key agility is
902	  good. Rijndael's very low memory requirements make it very well
903	  suited for restricted-space environments, in which it also
904	  demonstrates excellent performance. Rijndael's operations are
905	  among the easiest to defend against power and timing attacks.
906
907	  The AES specifies three key sizes: 128, 192 and 256 bits
908
909	  See <http://csrc.nist.gov/encryption/aes/> for more information.
910
911	  In addition to AES cipher algorithm support, the acceleration
912	  for some popular block cipher mode is supported too, including
913	  ECB and CBC.
914
915config CRYPTO_AES_PPC_SPE
916	tristate "AES cipher algorithms (PPC SPE)"
917	depends on PPC && SPE
918	help
919	  AES cipher algorithms (FIPS-197). Additionally the acceleration
920	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
921	  This module should only be used for low power (router) devices
922	  without hardware AES acceleration (e.g. caam crypto). It reduces the
923	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
924	  timining attacks. Nevertheless it might be not as secure as other
925	  architecture specific assembler implementations that work on 1KB
926	  tables or 256 bytes S-boxes.
927
928config CRYPTO_ANUBIS
929	tristate "Anubis cipher algorithm"
930	select CRYPTO_ALGAPI
931	help
932	  Anubis cipher algorithm.
933
934	  Anubis is a variable key length cipher which can use keys from
935	  128 bits to 320 bits in length.  It was evaluated as a entrant
936	  in the NESSIE competition.
937
938	  See also:
939	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
940	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
941
942config CRYPTO_ARC4
943	tristate "ARC4 cipher algorithm"
944	select CRYPTO_BLKCIPHER
945	help
946	  ARC4 cipher algorithm.
947
948	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
949	  bits in length.  This algorithm is required for driver-based
950	  WEP, but it should not be for other purposes because of the
951	  weakness of the algorithm.
952
953config CRYPTO_BLOWFISH
954	tristate "Blowfish cipher algorithm"
955	select CRYPTO_ALGAPI
956	select CRYPTO_BLOWFISH_COMMON
957	help
958	  Blowfish cipher algorithm, by Bruce Schneier.
959
960	  This is a variable key length cipher which can use keys from 32
961	  bits to 448 bits in length.  It's fast, simple and specifically
962	  designed for use on "large microprocessors".
963
964	  See also:
965	  <http://www.schneier.com/blowfish.html>
966
967config CRYPTO_BLOWFISH_COMMON
968	tristate
969	help
970	  Common parts of the Blowfish cipher algorithm shared by the
971	  generic c and the assembler implementations.
972
973	  See also:
974	  <http://www.schneier.com/blowfish.html>
975
976config CRYPTO_BLOWFISH_X86_64
977	tristate "Blowfish cipher algorithm (x86_64)"
978	depends on X86 && 64BIT
979	select CRYPTO_ALGAPI
980	select CRYPTO_BLOWFISH_COMMON
981	help
982	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
983
984	  This is a variable key length cipher which can use keys from 32
985	  bits to 448 bits in length.  It's fast, simple and specifically
986	  designed for use on "large microprocessors".
987
988	  See also:
989	  <http://www.schneier.com/blowfish.html>
990
991config CRYPTO_CAMELLIA
992	tristate "Camellia cipher algorithms"
993	depends on CRYPTO
994	select CRYPTO_ALGAPI
995	help
996	  Camellia cipher algorithms module.
997
998	  Camellia is a symmetric key block cipher developed jointly
999	  at NTT and Mitsubishi Electric Corporation.
1000
1001	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1002
1003	  See also:
1004	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1005
1006config CRYPTO_CAMELLIA_X86_64
1007	tristate "Camellia cipher algorithm (x86_64)"
1008	depends on X86 && 64BIT
1009	depends on CRYPTO
1010	select CRYPTO_ALGAPI
1011	select CRYPTO_GLUE_HELPER_X86
1012	select CRYPTO_LRW
1013	select CRYPTO_XTS
1014	help
1015	  Camellia cipher algorithm module (x86_64).
1016
1017	  Camellia is a symmetric key block cipher developed jointly
1018	  at NTT and Mitsubishi Electric Corporation.
1019
1020	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1021
1022	  See also:
1023	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1024
1025config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1026	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1027	depends on X86 && 64BIT
1028	depends on CRYPTO
1029	select CRYPTO_ALGAPI
1030	select CRYPTO_CRYPTD
1031	select CRYPTO_ABLK_HELPER
1032	select CRYPTO_GLUE_HELPER_X86
1033	select CRYPTO_CAMELLIA_X86_64
1034	select CRYPTO_LRW
1035	select CRYPTO_XTS
1036	help
1037	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1038
1039	  Camellia is a symmetric key block cipher developed jointly
1040	  at NTT and Mitsubishi Electric Corporation.
1041
1042	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1043
1044	  See also:
1045	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1046
1047config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1048	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1049	depends on X86 && 64BIT
1050	depends on CRYPTO
1051	select CRYPTO_ALGAPI
1052	select CRYPTO_CRYPTD
1053	select CRYPTO_ABLK_HELPER
1054	select CRYPTO_GLUE_HELPER_X86
1055	select CRYPTO_CAMELLIA_X86_64
1056	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1057	select CRYPTO_LRW
1058	select CRYPTO_XTS
1059	help
1060	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1061
1062	  Camellia is a symmetric key block cipher developed jointly
1063	  at NTT and Mitsubishi Electric Corporation.
1064
1065	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1066
1067	  See also:
1068	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1069
1070config CRYPTO_CAMELLIA_SPARC64
1071	tristate "Camellia cipher algorithm (SPARC64)"
1072	depends on SPARC64
1073	depends on CRYPTO
1074	select CRYPTO_ALGAPI
1075	help
1076	  Camellia cipher algorithm module (SPARC64).
1077
1078	  Camellia is a symmetric key block cipher developed jointly
1079	  at NTT and Mitsubishi Electric Corporation.
1080
1081	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1082
1083	  See also:
1084	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1085
1086config CRYPTO_CAST_COMMON
1087	tristate
1088	help
1089	  Common parts of the CAST cipher algorithms shared by the
1090	  generic c and the assembler implementations.
1091
1092config CRYPTO_CAST5
1093	tristate "CAST5 (CAST-128) cipher algorithm"
1094	select CRYPTO_ALGAPI
1095	select CRYPTO_CAST_COMMON
1096	help
1097	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1098	  described in RFC2144.
1099
1100config CRYPTO_CAST5_AVX_X86_64
1101	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1102	depends on X86 && 64BIT
1103	select CRYPTO_ALGAPI
1104	select CRYPTO_CRYPTD
1105	select CRYPTO_ABLK_HELPER
1106	select CRYPTO_CAST_COMMON
1107	select CRYPTO_CAST5
1108	help
1109	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1110	  described in RFC2144.
1111
1112	  This module provides the Cast5 cipher algorithm that processes
1113	  sixteen blocks parallel using the AVX instruction set.
1114
1115config CRYPTO_CAST6
1116	tristate "CAST6 (CAST-256) cipher algorithm"
1117	select CRYPTO_ALGAPI
1118	select CRYPTO_CAST_COMMON
1119	help
1120	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1121	  described in RFC2612.
1122
1123config CRYPTO_CAST6_AVX_X86_64
1124	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1125	depends on X86 && 64BIT
1126	select CRYPTO_ALGAPI
1127	select CRYPTO_CRYPTD
1128	select CRYPTO_ABLK_HELPER
1129	select CRYPTO_GLUE_HELPER_X86
1130	select CRYPTO_CAST_COMMON
1131	select CRYPTO_CAST6
1132	select CRYPTO_LRW
1133	select CRYPTO_XTS
1134	help
1135	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1136	  described in RFC2612.
1137
1138	  This module provides the Cast6 cipher algorithm that processes
1139	  eight blocks parallel using the AVX instruction set.
1140
1141config CRYPTO_DES
1142	tristate "DES and Triple DES EDE cipher algorithms"
1143	select CRYPTO_ALGAPI
1144	help
1145	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1146
1147config CRYPTO_DES_SPARC64
1148	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1149	depends on SPARC64
1150	select CRYPTO_ALGAPI
1151	select CRYPTO_DES
1152	help
1153	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1154	  optimized using SPARC64 crypto opcodes.
1155
1156config CRYPTO_DES3_EDE_X86_64
1157	tristate "Triple DES EDE cipher algorithm (x86-64)"
1158	depends on X86 && 64BIT
1159	select CRYPTO_ALGAPI
1160	select CRYPTO_DES
1161	help
1162	  Triple DES EDE (FIPS 46-3) algorithm.
1163
1164	  This module provides implementation of the Triple DES EDE cipher
1165	  algorithm that is optimized for x86-64 processors. Two versions of
1166	  algorithm are provided; regular processing one input block and
1167	  one that processes three blocks parallel.
1168
1169config CRYPTO_FCRYPT
1170	tristate "FCrypt cipher algorithm"
1171	select CRYPTO_ALGAPI
1172	select CRYPTO_BLKCIPHER
1173	help
1174	  FCrypt algorithm used by RxRPC.
1175
1176config CRYPTO_KHAZAD
1177	tristate "Khazad cipher algorithm"
1178	select CRYPTO_ALGAPI
1179	help
1180	  Khazad cipher algorithm.
1181
1182	  Khazad was a finalist in the initial NESSIE competition.  It is
1183	  an algorithm optimized for 64-bit processors with good performance
1184	  on 32-bit processors.  Khazad uses an 128 bit key size.
1185
1186	  See also:
1187	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1188
1189config CRYPTO_SALSA20
1190	tristate "Salsa20 stream cipher algorithm"
1191	select CRYPTO_BLKCIPHER
1192	help
1193	  Salsa20 stream cipher algorithm.
1194
1195	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1196	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1197
1198	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1199	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1200
1201config CRYPTO_SALSA20_586
1202	tristate "Salsa20 stream cipher algorithm (i586)"
1203	depends on (X86 || UML_X86) && !64BIT
1204	select CRYPTO_BLKCIPHER
1205	help
1206	  Salsa20 stream cipher algorithm.
1207
1208	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1209	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1210
1211	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1212	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1213
1214config CRYPTO_SALSA20_X86_64
1215	tristate "Salsa20 stream cipher algorithm (x86_64)"
1216	depends on (X86 || UML_X86) && 64BIT
1217	select CRYPTO_BLKCIPHER
1218	help
1219	  Salsa20 stream cipher algorithm.
1220
1221	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1222	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1223
1224	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1225	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1226
1227config CRYPTO_CHACHA20
1228	tristate "ChaCha20 cipher algorithm"
1229	select CRYPTO_BLKCIPHER
1230	help
1231	  ChaCha20 cipher algorithm, RFC7539.
1232
1233	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1234	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1235	  This is the portable C implementation of ChaCha20.
1236
1237	  See also:
1238	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1239
1240config CRYPTO_CHACHA20_X86_64
1241	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1242	depends on X86 && 64BIT
1243	select CRYPTO_BLKCIPHER
1244	select CRYPTO_CHACHA20
1245	help
1246	  ChaCha20 cipher algorithm, RFC7539.
1247
1248	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1249	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1250	  This is the x86_64 assembler implementation using SIMD instructions.
1251
1252	  See also:
1253	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1254
1255config CRYPTO_SEED
1256	tristate "SEED cipher algorithm"
1257	select CRYPTO_ALGAPI
1258	help
1259	  SEED cipher algorithm (RFC4269).
1260
1261	  SEED is a 128-bit symmetric key block cipher that has been
1262	  developed by KISA (Korea Information Security Agency) as a
1263	  national standard encryption algorithm of the Republic of Korea.
1264	  It is a 16 round block cipher with the key size of 128 bit.
1265
1266	  See also:
1267	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1268
1269config CRYPTO_SERPENT
1270	tristate "Serpent cipher algorithm"
1271	select CRYPTO_ALGAPI
1272	help
1273	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1274
1275	  Keys are allowed to be from 0 to 256 bits in length, in steps
1276	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1277	  variant of Serpent for compatibility with old kerneli.org code.
1278
1279	  See also:
1280	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1281
1282config CRYPTO_SERPENT_SSE2_X86_64
1283	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1284	depends on X86 && 64BIT
1285	select CRYPTO_ALGAPI
1286	select CRYPTO_CRYPTD
1287	select CRYPTO_ABLK_HELPER
1288	select CRYPTO_GLUE_HELPER_X86
1289	select CRYPTO_SERPENT
1290	select CRYPTO_LRW
1291	select CRYPTO_XTS
1292	help
1293	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1294
1295	  Keys are allowed to be from 0 to 256 bits in length, in steps
1296	  of 8 bits.
1297
1298	  This module provides Serpent cipher algorithm that processes eight
1299	  blocks parallel using SSE2 instruction set.
1300
1301	  See also:
1302	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1303
1304config CRYPTO_SERPENT_SSE2_586
1305	tristate "Serpent cipher algorithm (i586/SSE2)"
1306	depends on X86 && !64BIT
1307	select CRYPTO_ALGAPI
1308	select CRYPTO_CRYPTD
1309	select CRYPTO_ABLK_HELPER
1310	select CRYPTO_GLUE_HELPER_X86
1311	select CRYPTO_SERPENT
1312	select CRYPTO_LRW
1313	select CRYPTO_XTS
1314	help
1315	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1316
1317	  Keys are allowed to be from 0 to 256 bits in length, in steps
1318	  of 8 bits.
1319
1320	  This module provides Serpent cipher algorithm that processes four
1321	  blocks parallel using SSE2 instruction set.
1322
1323	  See also:
1324	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1325
1326config CRYPTO_SERPENT_AVX_X86_64
1327	tristate "Serpent cipher algorithm (x86_64/AVX)"
1328	depends on X86 && 64BIT
1329	select CRYPTO_ALGAPI
1330	select CRYPTO_CRYPTD
1331	select CRYPTO_ABLK_HELPER
1332	select CRYPTO_GLUE_HELPER_X86
1333	select CRYPTO_SERPENT
1334	select CRYPTO_LRW
1335	select CRYPTO_XTS
1336	help
1337	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1338
1339	  Keys are allowed to be from 0 to 256 bits in length, in steps
1340	  of 8 bits.
1341
1342	  This module provides the Serpent cipher algorithm that processes
1343	  eight blocks parallel using the AVX instruction set.
1344
1345	  See also:
1346	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1347
1348config CRYPTO_SERPENT_AVX2_X86_64
1349	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1350	depends on X86 && 64BIT
1351	select CRYPTO_ALGAPI
1352	select CRYPTO_CRYPTD
1353	select CRYPTO_ABLK_HELPER
1354	select CRYPTO_GLUE_HELPER_X86
1355	select CRYPTO_SERPENT
1356	select CRYPTO_SERPENT_AVX_X86_64
1357	select CRYPTO_LRW
1358	select CRYPTO_XTS
1359	help
1360	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1361
1362	  Keys are allowed to be from 0 to 256 bits in length, in steps
1363	  of 8 bits.
1364
1365	  This module provides Serpent cipher algorithm that processes 16
1366	  blocks parallel using AVX2 instruction set.
1367
1368	  See also:
1369	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1370
1371config CRYPTO_TEA
1372	tristate "TEA, XTEA and XETA cipher algorithms"
1373	select CRYPTO_ALGAPI
1374	help
1375	  TEA cipher algorithm.
1376
1377	  Tiny Encryption Algorithm is a simple cipher that uses
1378	  many rounds for security.  It is very fast and uses
1379	  little memory.
1380
1381	  Xtendend Tiny Encryption Algorithm is a modification to
1382	  the TEA algorithm to address a potential key weakness
1383	  in the TEA algorithm.
1384
1385	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1386	  of the XTEA algorithm for compatibility purposes.
1387
1388config CRYPTO_TWOFISH
1389	tristate "Twofish cipher algorithm"
1390	select CRYPTO_ALGAPI
1391	select CRYPTO_TWOFISH_COMMON
1392	help
1393	  Twofish cipher algorithm.
1394
1395	  Twofish was submitted as an AES (Advanced Encryption Standard)
1396	  candidate cipher by researchers at CounterPane Systems.  It is a
1397	  16 round block cipher supporting key sizes of 128, 192, and 256
1398	  bits.
1399
1400	  See also:
1401	  <http://www.schneier.com/twofish.html>
1402
1403config CRYPTO_TWOFISH_COMMON
1404	tristate
1405	help
1406	  Common parts of the Twofish cipher algorithm shared by the
1407	  generic c and the assembler implementations.
1408
1409config CRYPTO_TWOFISH_586
1410	tristate "Twofish cipher algorithms (i586)"
1411	depends on (X86 || UML_X86) && !64BIT
1412	select CRYPTO_ALGAPI
1413	select CRYPTO_TWOFISH_COMMON
1414	help
1415	  Twofish cipher algorithm.
1416
1417	  Twofish was submitted as an AES (Advanced Encryption Standard)
1418	  candidate cipher by researchers at CounterPane Systems.  It is a
1419	  16 round block cipher supporting key sizes of 128, 192, and 256
1420	  bits.
1421
1422	  See also:
1423	  <http://www.schneier.com/twofish.html>
1424
1425config CRYPTO_TWOFISH_X86_64
1426	tristate "Twofish cipher algorithm (x86_64)"
1427	depends on (X86 || UML_X86) && 64BIT
1428	select CRYPTO_ALGAPI
1429	select CRYPTO_TWOFISH_COMMON
1430	help
1431	  Twofish cipher algorithm (x86_64).
1432
1433	  Twofish was submitted as an AES (Advanced Encryption Standard)
1434	  candidate cipher by researchers at CounterPane Systems.  It is a
1435	  16 round block cipher supporting key sizes of 128, 192, and 256
1436	  bits.
1437
1438	  See also:
1439	  <http://www.schneier.com/twofish.html>
1440
1441config CRYPTO_TWOFISH_X86_64_3WAY
1442	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1443	depends on X86 && 64BIT
1444	select CRYPTO_ALGAPI
1445	select CRYPTO_TWOFISH_COMMON
1446	select CRYPTO_TWOFISH_X86_64
1447	select CRYPTO_GLUE_HELPER_X86
1448	select CRYPTO_LRW
1449	select CRYPTO_XTS
1450	help
1451	  Twofish cipher algorithm (x86_64, 3-way parallel).
1452
1453	  Twofish was submitted as an AES (Advanced Encryption Standard)
1454	  candidate cipher by researchers at CounterPane Systems.  It is a
1455	  16 round block cipher supporting key sizes of 128, 192, and 256
1456	  bits.
1457
1458	  This module provides Twofish cipher algorithm that processes three
1459	  blocks parallel, utilizing resources of out-of-order CPUs better.
1460
1461	  See also:
1462	  <http://www.schneier.com/twofish.html>
1463
1464config CRYPTO_TWOFISH_AVX_X86_64
1465	tristate "Twofish cipher algorithm (x86_64/AVX)"
1466	depends on X86 && 64BIT
1467	select CRYPTO_ALGAPI
1468	select CRYPTO_CRYPTD
1469	select CRYPTO_ABLK_HELPER
1470	select CRYPTO_GLUE_HELPER_X86
1471	select CRYPTO_TWOFISH_COMMON
1472	select CRYPTO_TWOFISH_X86_64
1473	select CRYPTO_TWOFISH_X86_64_3WAY
1474	select CRYPTO_LRW
1475	select CRYPTO_XTS
1476	help
1477	  Twofish cipher algorithm (x86_64/AVX).
1478
1479	  Twofish was submitted as an AES (Advanced Encryption Standard)
1480	  candidate cipher by researchers at CounterPane Systems.  It is a
1481	  16 round block cipher supporting key sizes of 128, 192, and 256
1482	  bits.
1483
1484	  This module provides the Twofish cipher algorithm that processes
1485	  eight blocks parallel using the AVX Instruction Set.
1486
1487	  See also:
1488	  <http://www.schneier.com/twofish.html>
1489
1490comment "Compression"
1491
1492config CRYPTO_DEFLATE
1493	tristate "Deflate compression algorithm"
1494	select CRYPTO_ALGAPI
1495	select ZLIB_INFLATE
1496	select ZLIB_DEFLATE
1497	help
1498	  This is the Deflate algorithm (RFC1951), specified for use in
1499	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1500
1501	  You will most probably want this if using IPSec.
1502
1503config CRYPTO_LZO
1504	tristate "LZO compression algorithm"
1505	select CRYPTO_ALGAPI
1506	select LZO_COMPRESS
1507	select LZO_DECOMPRESS
1508	help
1509	  This is the LZO algorithm.
1510
1511config CRYPTO_842
1512	tristate "842 compression algorithm"
1513	select CRYPTO_ALGAPI
1514	select 842_COMPRESS
1515	select 842_DECOMPRESS
1516	help
1517	  This is the 842 algorithm.
1518
1519config CRYPTO_LZ4
1520	tristate "LZ4 compression algorithm"
1521	select CRYPTO_ALGAPI
1522	select LZ4_COMPRESS
1523	select LZ4_DECOMPRESS
1524	help
1525	  This is the LZ4 algorithm.
1526
1527config CRYPTO_LZ4HC
1528	tristate "LZ4HC compression algorithm"
1529	select CRYPTO_ALGAPI
1530	select LZ4HC_COMPRESS
1531	select LZ4_DECOMPRESS
1532	help
1533	  This is the LZ4 high compression mode algorithm.
1534
1535comment "Random Number Generation"
1536
1537config CRYPTO_ANSI_CPRNG
1538	tristate "Pseudo Random Number Generation for Cryptographic modules"
1539	select CRYPTO_AES
1540	select CRYPTO_RNG
1541	help
1542	  This option enables the generic pseudo random number generator
1543	  for cryptographic modules.  Uses the Algorithm specified in
1544	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1545	  CRYPTO_FIPS is selected
1546
1547menuconfig CRYPTO_DRBG_MENU
1548	tristate "NIST SP800-90A DRBG"
1549	help
1550	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1551	  more of the DRBG types must be selected.
1552
1553if CRYPTO_DRBG_MENU
1554
1555config CRYPTO_DRBG_HMAC
1556	bool
1557	default y
1558	select CRYPTO_HMAC
1559	select CRYPTO_SHA256
1560
1561config CRYPTO_DRBG_HASH
1562	bool "Enable Hash DRBG"
1563	select CRYPTO_SHA256
1564	help
1565	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1566
1567config CRYPTO_DRBG_CTR
1568	bool "Enable CTR DRBG"
1569	select CRYPTO_AES
1570	help
1571	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1572
1573config CRYPTO_DRBG
1574	tristate
1575	default CRYPTO_DRBG_MENU
1576	select CRYPTO_RNG
1577	select CRYPTO_JITTERENTROPY
1578
1579endif	# if CRYPTO_DRBG_MENU
1580
1581config CRYPTO_JITTERENTROPY
1582	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1583	select CRYPTO_RNG
1584	help
1585	  The Jitterentropy RNG is a noise that is intended
1586	  to provide seed to another RNG. The RNG does not
1587	  perform any cryptographic whitening of the generated
1588	  random numbers. This Jitterentropy RNG registers with
1589	  the kernel crypto API and can be used by any caller.
1590
1591config CRYPTO_USER_API
1592	tristate
1593
1594config CRYPTO_USER_API_HASH
1595	tristate "User-space interface for hash algorithms"
1596	depends on NET
1597	select CRYPTO_HASH
1598	select CRYPTO_USER_API
1599	help
1600	  This option enables the user-spaces interface for hash
1601	  algorithms.
1602
1603config CRYPTO_USER_API_SKCIPHER
1604	tristate "User-space interface for symmetric key cipher algorithms"
1605	depends on NET
1606	select CRYPTO_BLKCIPHER
1607	select CRYPTO_USER_API
1608	help
1609	  This option enables the user-spaces interface for symmetric
1610	  key cipher algorithms.
1611
1612config CRYPTO_USER_API_RNG
1613	tristate "User-space interface for random number generator algorithms"
1614	depends on NET
1615	select CRYPTO_RNG
1616	select CRYPTO_USER_API
1617	help
1618	  This option enables the user-spaces interface for random
1619	  number generator algorithms.
1620
1621config CRYPTO_USER_API_AEAD
1622	tristate "User-space interface for AEAD cipher algorithms"
1623	depends on NET
1624	select CRYPTO_AEAD
1625	select CRYPTO_USER_API
1626	help
1627	  This option enables the user-spaces interface for AEAD
1628	  cipher algorithms.
1629
1630config CRYPTO_HASH_INFO
1631	bool
1632
1633source "drivers/crypto/Kconfig"
1634source crypto/asymmetric_keys/Kconfig
1635source certs/Kconfig
1636
1637endif	# if CRYPTO
1638