xref: /openbmc/linux/crypto/Kconfig (revision 8c0b9ee8)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51
52config CRYPTO_BLKCIPHER
53	tristate
54	select CRYPTO_BLKCIPHER2
55	select CRYPTO_ALGAPI
56
57config CRYPTO_BLKCIPHER2
58	tristate
59	select CRYPTO_ALGAPI2
60	select CRYPTO_RNG2
61	select CRYPTO_WORKQUEUE
62
63config CRYPTO_HASH
64	tristate
65	select CRYPTO_HASH2
66	select CRYPTO_ALGAPI
67
68config CRYPTO_HASH2
69	tristate
70	select CRYPTO_ALGAPI2
71
72config CRYPTO_RNG
73	tristate
74	select CRYPTO_RNG2
75	select CRYPTO_ALGAPI
76
77config CRYPTO_RNG2
78	tristate
79	select CRYPTO_ALGAPI2
80
81config CRYPTO_PCOMP
82	tristate
83	select CRYPTO_PCOMP2
84	select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
87	tristate
88	select CRYPTO_ALGAPI2
89
90config CRYPTO_MANAGER
91	tristate "Cryptographic algorithm manager"
92	select CRYPTO_MANAGER2
93	help
94	  Create default cryptographic template instantiations such as
95	  cbc(aes).
96
97config CRYPTO_MANAGER2
98	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99	select CRYPTO_AEAD2
100	select CRYPTO_HASH2
101	select CRYPTO_BLKCIPHER2
102	select CRYPTO_PCOMP2
103
104config CRYPTO_USER
105	tristate "Userspace cryptographic algorithm configuration"
106	depends on NET
107	select CRYPTO_MANAGER
108	help
109	  Userspace configuration for cryptographic instantiations such as
110	  cbc(aes).
111
112config CRYPTO_MANAGER_DISABLE_TESTS
113	bool "Disable run-time self tests"
114	default y
115	depends on CRYPTO_MANAGER2
116	help
117	  Disable run-time self tests that normally take place at
118	  algorithm registration.
119
120config CRYPTO_GF128MUL
121	tristate "GF(2^128) multiplication functions"
122	help
123	  Efficient table driven implementation of multiplications in the
124	  field GF(2^128).  This is needed by some cypher modes. This
125	  option will be selected automatically if you select such a
126	  cipher mode.  Only select this option by hand if you expect to load
127	  an external module that requires these functions.
128
129config CRYPTO_NULL
130	tristate "Null algorithms"
131	select CRYPTO_ALGAPI
132	select CRYPTO_BLKCIPHER
133	select CRYPTO_HASH
134	help
135	  These are 'Null' algorithms, used by IPsec, which do nothing.
136
137config CRYPTO_PCRYPT
138	tristate "Parallel crypto engine"
139	depends on SMP
140	select PADATA
141	select CRYPTO_MANAGER
142	select CRYPTO_AEAD
143	help
144	  This converts an arbitrary crypto algorithm into a parallel
145	  algorithm that executes in kernel threads.
146
147config CRYPTO_WORKQUEUE
148       tristate
149
150config CRYPTO_CRYPTD
151	tristate "Software async crypto daemon"
152	select CRYPTO_BLKCIPHER
153	select CRYPTO_HASH
154	select CRYPTO_MANAGER
155	select CRYPTO_WORKQUEUE
156	help
157	  This is a generic software asynchronous crypto daemon that
158	  converts an arbitrary synchronous software crypto algorithm
159	  into an asynchronous algorithm that executes in a kernel thread.
160
161config CRYPTO_MCRYPTD
162	tristate "Software async multi-buffer crypto daemon"
163	select CRYPTO_BLKCIPHER
164	select CRYPTO_HASH
165	select CRYPTO_MANAGER
166	select CRYPTO_WORKQUEUE
167	help
168	  This is a generic software asynchronous crypto daemon that
169	  provides the kernel thread to assist multi-buffer crypto
170	  algorithms for submitting jobs and flushing jobs in multi-buffer
171	  crypto algorithms.  Multi-buffer crypto algorithms are executed
172	  in the context of this kernel thread and drivers can post
173	  their crypto request asynchronously to be processed by this daemon.
174
175config CRYPTO_AUTHENC
176	tristate "Authenc support"
177	select CRYPTO_AEAD
178	select CRYPTO_BLKCIPHER
179	select CRYPTO_MANAGER
180	select CRYPTO_HASH
181	help
182	  Authenc: Combined mode wrapper for IPsec.
183	  This is required for IPSec.
184
185config CRYPTO_TEST
186	tristate "Testing module"
187	depends on m
188	select CRYPTO_MANAGER
189	help
190	  Quick & dirty crypto test module.
191
192config CRYPTO_ABLK_HELPER
193	tristate
194	select CRYPTO_CRYPTD
195
196config CRYPTO_GLUE_HELPER_X86
197	tristate
198	depends on X86
199	select CRYPTO_ALGAPI
200
201comment "Authenticated Encryption with Associated Data"
202
203config CRYPTO_CCM
204	tristate "CCM support"
205	select CRYPTO_CTR
206	select CRYPTO_AEAD
207	help
208	  Support for Counter with CBC MAC. Required for IPsec.
209
210config CRYPTO_GCM
211	tristate "GCM/GMAC support"
212	select CRYPTO_CTR
213	select CRYPTO_AEAD
214	select CRYPTO_GHASH
215	select CRYPTO_NULL
216	help
217	  Support for Galois/Counter Mode (GCM) and Galois Message
218	  Authentication Code (GMAC). Required for IPSec.
219
220config CRYPTO_SEQIV
221	tristate "Sequence Number IV Generator"
222	select CRYPTO_AEAD
223	select CRYPTO_BLKCIPHER
224	select CRYPTO_RNG
225	help
226	  This IV generator generates an IV based on a sequence number by
227	  xoring it with a salt.  This algorithm is mainly useful for CTR
228
229comment "Block modes"
230
231config CRYPTO_CBC
232	tristate "CBC support"
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	help
236	  CBC: Cipher Block Chaining mode
237	  This block cipher algorithm is required for IPSec.
238
239config CRYPTO_CTR
240	tristate "CTR support"
241	select CRYPTO_BLKCIPHER
242	select CRYPTO_SEQIV
243	select CRYPTO_MANAGER
244	help
245	  CTR: Counter mode
246	  This block cipher algorithm is required for IPSec.
247
248config CRYPTO_CTS
249	tristate "CTS support"
250	select CRYPTO_BLKCIPHER
251	help
252	  CTS: Cipher Text Stealing
253	  This is the Cipher Text Stealing mode as described by
254	  Section 8 of rfc2040 and referenced by rfc3962.
255	  (rfc3962 includes errata information in its Appendix A)
256	  This mode is required for Kerberos gss mechanism support
257	  for AES encryption.
258
259config CRYPTO_ECB
260	tristate "ECB support"
261	select CRYPTO_BLKCIPHER
262	select CRYPTO_MANAGER
263	help
264	  ECB: Electronic CodeBook mode
265	  This is the simplest block cipher algorithm.  It simply encrypts
266	  the input block by block.
267
268config CRYPTO_LRW
269	tristate "LRW support"
270	select CRYPTO_BLKCIPHER
271	select CRYPTO_MANAGER
272	select CRYPTO_GF128MUL
273	help
274	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
275	  narrow block cipher mode for dm-crypt.  Use it with cipher
276	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
277	  The first 128, 192 or 256 bits in the key are used for AES and the
278	  rest is used to tie each cipher block to its logical position.
279
280config CRYPTO_PCBC
281	tristate "PCBC support"
282	select CRYPTO_BLKCIPHER
283	select CRYPTO_MANAGER
284	help
285	  PCBC: Propagating Cipher Block Chaining mode
286	  This block cipher algorithm is required for RxRPC.
287
288config CRYPTO_XTS
289	tristate "XTS support"
290	select CRYPTO_BLKCIPHER
291	select CRYPTO_MANAGER
292	select CRYPTO_GF128MUL
293	help
294	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
295	  key size 256, 384 or 512 bits. This implementation currently
296	  can't handle a sectorsize which is not a multiple of 16 bytes.
297
298comment "Hash modes"
299
300config CRYPTO_CMAC
301	tristate "CMAC support"
302	select CRYPTO_HASH
303	select CRYPTO_MANAGER
304	help
305	  Cipher-based Message Authentication Code (CMAC) specified by
306	  The National Institute of Standards and Technology (NIST).
307
308	  https://tools.ietf.org/html/rfc4493
309	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
310
311config CRYPTO_HMAC
312	tristate "HMAC support"
313	select CRYPTO_HASH
314	select CRYPTO_MANAGER
315	help
316	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
317	  This is required for IPSec.
318
319config CRYPTO_XCBC
320	tristate "XCBC support"
321	select CRYPTO_HASH
322	select CRYPTO_MANAGER
323	help
324	  XCBC: Keyed-Hashing with encryption algorithm
325		http://www.ietf.org/rfc/rfc3566.txt
326		http://csrc.nist.gov/encryption/modes/proposedmodes/
327		 xcbc-mac/xcbc-mac-spec.pdf
328
329config CRYPTO_VMAC
330	tristate "VMAC support"
331	select CRYPTO_HASH
332	select CRYPTO_MANAGER
333	help
334	  VMAC is a message authentication algorithm designed for
335	  very high speed on 64-bit architectures.
336
337	  See also:
338	  <http://fastcrypto.org/vmac>
339
340comment "Digest"
341
342config CRYPTO_CRC32C
343	tristate "CRC32c CRC algorithm"
344	select CRYPTO_HASH
345	select CRC32
346	help
347	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
348	  by iSCSI for header and data digests and by others.
349	  See Castagnoli93.  Module will be crc32c.
350
351config CRYPTO_CRC32C_INTEL
352	tristate "CRC32c INTEL hardware acceleration"
353	depends on X86
354	select CRYPTO_HASH
355	help
356	  In Intel processor with SSE4.2 supported, the processor will
357	  support CRC32C implementation using hardware accelerated CRC32
358	  instruction. This option will create 'crc32c-intel' module,
359	  which will enable any routine to use the CRC32 instruction to
360	  gain performance compared with software implementation.
361	  Module will be crc32c-intel.
362
363config CRYPTO_CRC32C_SPARC64
364	tristate "CRC32c CRC algorithm (SPARC64)"
365	depends on SPARC64
366	select CRYPTO_HASH
367	select CRC32
368	help
369	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
370	  when available.
371
372config CRYPTO_CRC32
373	tristate "CRC32 CRC algorithm"
374	select CRYPTO_HASH
375	select CRC32
376	help
377	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
378	  Shash crypto api wrappers to crc32_le function.
379
380config CRYPTO_CRC32_PCLMUL
381	tristate "CRC32 PCLMULQDQ hardware acceleration"
382	depends on X86
383	select CRYPTO_HASH
384	select CRC32
385	help
386	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
387	  and PCLMULQDQ supported, the processor will support
388	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
389	  instruction. This option will create 'crc32-plcmul' module,
390	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
391	  and gain better performance as compared with the table implementation.
392
393config CRYPTO_CRCT10DIF
394	tristate "CRCT10DIF algorithm"
395	select CRYPTO_HASH
396	help
397	  CRC T10 Data Integrity Field computation is being cast as
398	  a crypto transform.  This allows for faster crc t10 diff
399	  transforms to be used if they are available.
400
401config CRYPTO_CRCT10DIF_PCLMUL
402	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
403	depends on X86 && 64BIT && CRC_T10DIF
404	select CRYPTO_HASH
405	help
406	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
407	  CRC T10 DIF PCLMULQDQ computation can be hardware
408	  accelerated PCLMULQDQ instruction. This option will create
409	  'crct10dif-plcmul' module, which is faster when computing the
410	  crct10dif checksum as compared with the generic table implementation.
411
412config CRYPTO_GHASH
413	tristate "GHASH digest algorithm"
414	select CRYPTO_GF128MUL
415	help
416	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
417
418config CRYPTO_MD4
419	tristate "MD4 digest algorithm"
420	select CRYPTO_HASH
421	help
422	  MD4 message digest algorithm (RFC1320).
423
424config CRYPTO_MD5
425	tristate "MD5 digest algorithm"
426	select CRYPTO_HASH
427	help
428	  MD5 message digest algorithm (RFC1321).
429
430config CRYPTO_MD5_OCTEON
431	tristate "MD5 digest algorithm (OCTEON)"
432	depends on CPU_CAVIUM_OCTEON
433	select CRYPTO_MD5
434	select CRYPTO_HASH
435	help
436	  MD5 message digest algorithm (RFC1321) implemented
437	  using OCTEON crypto instructions, when available.
438
439config CRYPTO_MD5_SPARC64
440	tristate "MD5 digest algorithm (SPARC64)"
441	depends on SPARC64
442	select CRYPTO_MD5
443	select CRYPTO_HASH
444	help
445	  MD5 message digest algorithm (RFC1321) implemented
446	  using sparc64 crypto instructions, when available.
447
448config CRYPTO_MICHAEL_MIC
449	tristate "Michael MIC keyed digest algorithm"
450	select CRYPTO_HASH
451	help
452	  Michael MIC is used for message integrity protection in TKIP
453	  (IEEE 802.11i). This algorithm is required for TKIP, but it
454	  should not be used for other purposes because of the weakness
455	  of the algorithm.
456
457config CRYPTO_RMD128
458	tristate "RIPEMD-128 digest algorithm"
459	select CRYPTO_HASH
460	help
461	  RIPEMD-128 (ISO/IEC 10118-3:2004).
462
463	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
464	  be used as a secure replacement for RIPEMD. For other use cases,
465	  RIPEMD-160 should be used.
466
467	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
468	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
469
470config CRYPTO_RMD160
471	tristate "RIPEMD-160 digest algorithm"
472	select CRYPTO_HASH
473	help
474	  RIPEMD-160 (ISO/IEC 10118-3:2004).
475
476	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
477	  to be used as a secure replacement for the 128-bit hash functions
478	  MD4, MD5 and it's predecessor RIPEMD
479	  (not to be confused with RIPEMD-128).
480
481	  It's speed is comparable to SHA1 and there are no known attacks
482	  against RIPEMD-160.
483
484	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
485	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
486
487config CRYPTO_RMD256
488	tristate "RIPEMD-256 digest algorithm"
489	select CRYPTO_HASH
490	help
491	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
492	  256 bit hash. It is intended for applications that require
493	  longer hash-results, without needing a larger security level
494	  (than RIPEMD-128).
495
496	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
497	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
498
499config CRYPTO_RMD320
500	tristate "RIPEMD-320 digest algorithm"
501	select CRYPTO_HASH
502	help
503	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
504	  320 bit hash. It is intended for applications that require
505	  longer hash-results, without needing a larger security level
506	  (than RIPEMD-160).
507
508	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
509	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
510
511config CRYPTO_SHA1
512	tristate "SHA1 digest algorithm"
513	select CRYPTO_HASH
514	help
515	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
516
517config CRYPTO_SHA1_SSSE3
518	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
519	depends on X86 && 64BIT
520	select CRYPTO_SHA1
521	select CRYPTO_HASH
522	help
523	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
524	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
525	  Extensions (AVX/AVX2), when available.
526
527config CRYPTO_SHA256_SSSE3
528	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
529	depends on X86 && 64BIT
530	select CRYPTO_SHA256
531	select CRYPTO_HASH
532	help
533	  SHA-256 secure hash standard (DFIPS 180-2) implemented
534	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
535	  Extensions version 1 (AVX1), or Advanced Vector Extensions
536	  version 2 (AVX2) instructions, when available.
537
538config CRYPTO_SHA512_SSSE3
539	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
540	depends on X86 && 64BIT
541	select CRYPTO_SHA512
542	select CRYPTO_HASH
543	help
544	  SHA-512 secure hash standard (DFIPS 180-2) implemented
545	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
546	  Extensions version 1 (AVX1), or Advanced Vector Extensions
547	  version 2 (AVX2) instructions, when available.
548
549config CRYPTO_SHA1_OCTEON
550	tristate "SHA1 digest algorithm (OCTEON)"
551	depends on CPU_CAVIUM_OCTEON
552	select CRYPTO_SHA1
553	select CRYPTO_HASH
554	help
555	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
556	  using OCTEON crypto instructions, when available.
557
558config CRYPTO_SHA1_SPARC64
559	tristate "SHA1 digest algorithm (SPARC64)"
560	depends on SPARC64
561	select CRYPTO_SHA1
562	select CRYPTO_HASH
563	help
564	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
565	  using sparc64 crypto instructions, when available.
566
567config CRYPTO_SHA1_ARM
568	tristate "SHA1 digest algorithm (ARM-asm)"
569	depends on ARM
570	select CRYPTO_SHA1
571	select CRYPTO_HASH
572	help
573	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
574	  using optimized ARM assembler.
575
576config CRYPTO_SHA1_ARM_NEON
577	tristate "SHA1 digest algorithm (ARM NEON)"
578	depends on ARM && KERNEL_MODE_NEON
579	select CRYPTO_SHA1_ARM
580	select CRYPTO_SHA1
581	select CRYPTO_HASH
582	help
583	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
584	  using optimized ARM NEON assembly, when NEON instructions are
585	  available.
586
587config CRYPTO_SHA1_PPC
588	tristate "SHA1 digest algorithm (powerpc)"
589	depends on PPC
590	help
591	  This is the powerpc hardware accelerated implementation of the
592	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
593
594config CRYPTO_SHA1_MB
595	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
596	depends on X86 && 64BIT
597	select CRYPTO_SHA1
598	select CRYPTO_HASH
599	select CRYPTO_MCRYPTD
600	help
601	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
602	  using multi-buffer technique.  This algorithm computes on
603	  multiple data lanes concurrently with SIMD instructions for
604	  better throughput.  It should not be enabled by default but
605	  used when there is significant amount of work to keep the keep
606	  the data lanes filled to get performance benefit.  If the data
607	  lanes remain unfilled, a flush operation will be initiated to
608	  process the crypto jobs, adding a slight latency.
609
610config CRYPTO_SHA256
611	tristate "SHA224 and SHA256 digest algorithm"
612	select CRYPTO_HASH
613	help
614	  SHA256 secure hash standard (DFIPS 180-2).
615
616	  This version of SHA implements a 256 bit hash with 128 bits of
617	  security against collision attacks.
618
619	  This code also includes SHA-224, a 224 bit hash with 112 bits
620	  of security against collision attacks.
621
622config CRYPTO_SHA256_OCTEON
623	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
624	depends on CPU_CAVIUM_OCTEON
625	select CRYPTO_SHA256
626	select CRYPTO_HASH
627	help
628	  SHA-256 secure hash standard (DFIPS 180-2) implemented
629	  using OCTEON crypto instructions, when available.
630
631config CRYPTO_SHA256_SPARC64
632	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
633	depends on SPARC64
634	select CRYPTO_SHA256
635	select CRYPTO_HASH
636	help
637	  SHA-256 secure hash standard (DFIPS 180-2) implemented
638	  using sparc64 crypto instructions, when available.
639
640config CRYPTO_SHA512
641	tristate "SHA384 and SHA512 digest algorithms"
642	select CRYPTO_HASH
643	help
644	  SHA512 secure hash standard (DFIPS 180-2).
645
646	  This version of SHA implements a 512 bit hash with 256 bits of
647	  security against collision attacks.
648
649	  This code also includes SHA-384, a 384 bit hash with 192 bits
650	  of security against collision attacks.
651
652config CRYPTO_SHA512_OCTEON
653	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
654	depends on CPU_CAVIUM_OCTEON
655	select CRYPTO_SHA512
656	select CRYPTO_HASH
657	help
658	  SHA-512 secure hash standard (DFIPS 180-2) implemented
659	  using OCTEON crypto instructions, when available.
660
661config CRYPTO_SHA512_SPARC64
662	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
663	depends on SPARC64
664	select CRYPTO_SHA512
665	select CRYPTO_HASH
666	help
667	  SHA-512 secure hash standard (DFIPS 180-2) implemented
668	  using sparc64 crypto instructions, when available.
669
670config CRYPTO_SHA512_ARM_NEON
671	tristate "SHA384 and SHA512 digest algorithm (ARM NEON)"
672	depends on ARM && KERNEL_MODE_NEON
673	select CRYPTO_SHA512
674	select CRYPTO_HASH
675	help
676	  SHA-512 secure hash standard (DFIPS 180-2) implemented
677	  using ARM NEON instructions, when available.
678
679	  This version of SHA implements a 512 bit hash with 256 bits of
680	  security against collision attacks.
681
682	  This code also includes SHA-384, a 384 bit hash with 192 bits
683	  of security against collision attacks.
684
685config CRYPTO_TGR192
686	tristate "Tiger digest algorithms"
687	select CRYPTO_HASH
688	help
689	  Tiger hash algorithm 192, 160 and 128-bit hashes
690
691	  Tiger is a hash function optimized for 64-bit processors while
692	  still having decent performance on 32-bit processors.
693	  Tiger was developed by Ross Anderson and Eli Biham.
694
695	  See also:
696	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
697
698config CRYPTO_WP512
699	tristate "Whirlpool digest algorithms"
700	select CRYPTO_HASH
701	help
702	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
703
704	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
705	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
706
707	  See also:
708	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
709
710config CRYPTO_GHASH_CLMUL_NI_INTEL
711	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
712	depends on X86 && 64BIT
713	select CRYPTO_CRYPTD
714	help
715	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
716	  The implementation is accelerated by CLMUL-NI of Intel.
717
718comment "Ciphers"
719
720config CRYPTO_AES
721	tristate "AES cipher algorithms"
722	select CRYPTO_ALGAPI
723	help
724	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
725	  algorithm.
726
727	  Rijndael appears to be consistently a very good performer in
728	  both hardware and software across a wide range of computing
729	  environments regardless of its use in feedback or non-feedback
730	  modes. Its key setup time is excellent, and its key agility is
731	  good. Rijndael's very low memory requirements make it very well
732	  suited for restricted-space environments, in which it also
733	  demonstrates excellent performance. Rijndael's operations are
734	  among the easiest to defend against power and timing attacks.
735
736	  The AES specifies three key sizes: 128, 192 and 256 bits
737
738	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
739
740config CRYPTO_AES_586
741	tristate "AES cipher algorithms (i586)"
742	depends on (X86 || UML_X86) && !64BIT
743	select CRYPTO_ALGAPI
744	select CRYPTO_AES
745	help
746	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
747	  algorithm.
748
749	  Rijndael appears to be consistently a very good performer in
750	  both hardware and software across a wide range of computing
751	  environments regardless of its use in feedback or non-feedback
752	  modes. Its key setup time is excellent, and its key agility is
753	  good. Rijndael's very low memory requirements make it very well
754	  suited for restricted-space environments, in which it also
755	  demonstrates excellent performance. Rijndael's operations are
756	  among the easiest to defend against power and timing attacks.
757
758	  The AES specifies three key sizes: 128, 192 and 256 bits
759
760	  See <http://csrc.nist.gov/encryption/aes/> for more information.
761
762config CRYPTO_AES_X86_64
763	tristate "AES cipher algorithms (x86_64)"
764	depends on (X86 || UML_X86) && 64BIT
765	select CRYPTO_ALGAPI
766	select CRYPTO_AES
767	help
768	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
769	  algorithm.
770
771	  Rijndael appears to be consistently a very good performer in
772	  both hardware and software across a wide range of computing
773	  environments regardless of its use in feedback or non-feedback
774	  modes. Its key setup time is excellent, and its key agility is
775	  good. Rijndael's very low memory requirements make it very well
776	  suited for restricted-space environments, in which it also
777	  demonstrates excellent performance. Rijndael's operations are
778	  among the easiest to defend against power and timing attacks.
779
780	  The AES specifies three key sizes: 128, 192 and 256 bits
781
782	  See <http://csrc.nist.gov/encryption/aes/> for more information.
783
784config CRYPTO_AES_NI_INTEL
785	tristate "AES cipher algorithms (AES-NI)"
786	depends on X86
787	select CRYPTO_AES_X86_64 if 64BIT
788	select CRYPTO_AES_586 if !64BIT
789	select CRYPTO_CRYPTD
790	select CRYPTO_ABLK_HELPER
791	select CRYPTO_ALGAPI
792	select CRYPTO_GLUE_HELPER_X86 if 64BIT
793	select CRYPTO_LRW
794	select CRYPTO_XTS
795	help
796	  Use Intel AES-NI instructions for AES algorithm.
797
798	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
799	  algorithm.
800
801	  Rijndael appears to be consistently a very good performer in
802	  both hardware and software across a wide range of computing
803	  environments regardless of its use in feedback or non-feedback
804	  modes. Its key setup time is excellent, and its key agility is
805	  good. Rijndael's very low memory requirements make it very well
806	  suited for restricted-space environments, in which it also
807	  demonstrates excellent performance. Rijndael's operations are
808	  among the easiest to defend against power and timing attacks.
809
810	  The AES specifies three key sizes: 128, 192 and 256 bits
811
812	  See <http://csrc.nist.gov/encryption/aes/> for more information.
813
814	  In addition to AES cipher algorithm support, the acceleration
815	  for some popular block cipher mode is supported too, including
816	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
817	  acceleration for CTR.
818
819config CRYPTO_AES_SPARC64
820	tristate "AES cipher algorithms (SPARC64)"
821	depends on SPARC64
822	select CRYPTO_CRYPTD
823	select CRYPTO_ALGAPI
824	help
825	  Use SPARC64 crypto opcodes for AES algorithm.
826
827	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
828	  algorithm.
829
830	  Rijndael appears to be consistently a very good performer in
831	  both hardware and software across a wide range of computing
832	  environments regardless of its use in feedback or non-feedback
833	  modes. Its key setup time is excellent, and its key agility is
834	  good. Rijndael's very low memory requirements make it very well
835	  suited for restricted-space environments, in which it also
836	  demonstrates excellent performance. Rijndael's operations are
837	  among the easiest to defend against power and timing attacks.
838
839	  The AES specifies three key sizes: 128, 192 and 256 bits
840
841	  See <http://csrc.nist.gov/encryption/aes/> for more information.
842
843	  In addition to AES cipher algorithm support, the acceleration
844	  for some popular block cipher mode is supported too, including
845	  ECB and CBC.
846
847config CRYPTO_AES_ARM
848	tristate "AES cipher algorithms (ARM-asm)"
849	depends on ARM
850	select CRYPTO_ALGAPI
851	select CRYPTO_AES
852	help
853	  Use optimized AES assembler routines for ARM platforms.
854
855	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
856	  algorithm.
857
858	  Rijndael appears to be consistently a very good performer in
859	  both hardware and software across a wide range of computing
860	  environments regardless of its use in feedback or non-feedback
861	  modes. Its key setup time is excellent, and its key agility is
862	  good. Rijndael's very low memory requirements make it very well
863	  suited for restricted-space environments, in which it also
864	  demonstrates excellent performance. Rijndael's operations are
865	  among the easiest to defend against power and timing attacks.
866
867	  The AES specifies three key sizes: 128, 192 and 256 bits
868
869	  See <http://csrc.nist.gov/encryption/aes/> for more information.
870
871config CRYPTO_AES_ARM_BS
872	tristate "Bit sliced AES using NEON instructions"
873	depends on ARM && KERNEL_MODE_NEON
874	select CRYPTO_ALGAPI
875	select CRYPTO_AES_ARM
876	select CRYPTO_ABLK_HELPER
877	help
878	  Use a faster and more secure NEON based implementation of AES in CBC,
879	  CTR and XTS modes
880
881	  Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
882	  and for XTS mode encryption, CBC and XTS mode decryption speedup is
883	  around 25%. (CBC encryption speed is not affected by this driver.)
884	  This implementation does not rely on any lookup tables so it is
885	  believed to be invulnerable to cache timing attacks.
886
887config CRYPTO_ANUBIS
888	tristate "Anubis cipher algorithm"
889	select CRYPTO_ALGAPI
890	help
891	  Anubis cipher algorithm.
892
893	  Anubis is a variable key length cipher which can use keys from
894	  128 bits to 320 bits in length.  It was evaluated as a entrant
895	  in the NESSIE competition.
896
897	  See also:
898	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
899	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
900
901config CRYPTO_ARC4
902	tristate "ARC4 cipher algorithm"
903	select CRYPTO_BLKCIPHER
904	help
905	  ARC4 cipher algorithm.
906
907	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
908	  bits in length.  This algorithm is required for driver-based
909	  WEP, but it should not be for other purposes because of the
910	  weakness of the algorithm.
911
912config CRYPTO_BLOWFISH
913	tristate "Blowfish cipher algorithm"
914	select CRYPTO_ALGAPI
915	select CRYPTO_BLOWFISH_COMMON
916	help
917	  Blowfish cipher algorithm, by Bruce Schneier.
918
919	  This is a variable key length cipher which can use keys from 32
920	  bits to 448 bits in length.  It's fast, simple and specifically
921	  designed for use on "large microprocessors".
922
923	  See also:
924	  <http://www.schneier.com/blowfish.html>
925
926config CRYPTO_BLOWFISH_COMMON
927	tristate
928	help
929	  Common parts of the Blowfish cipher algorithm shared by the
930	  generic c and the assembler implementations.
931
932	  See also:
933	  <http://www.schneier.com/blowfish.html>
934
935config CRYPTO_BLOWFISH_X86_64
936	tristate "Blowfish cipher algorithm (x86_64)"
937	depends on X86 && 64BIT
938	select CRYPTO_ALGAPI
939	select CRYPTO_BLOWFISH_COMMON
940	help
941	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
942
943	  This is a variable key length cipher which can use keys from 32
944	  bits to 448 bits in length.  It's fast, simple and specifically
945	  designed for use on "large microprocessors".
946
947	  See also:
948	  <http://www.schneier.com/blowfish.html>
949
950config CRYPTO_CAMELLIA
951	tristate "Camellia cipher algorithms"
952	depends on CRYPTO
953	select CRYPTO_ALGAPI
954	help
955	  Camellia cipher algorithms module.
956
957	  Camellia is a symmetric key block cipher developed jointly
958	  at NTT and Mitsubishi Electric Corporation.
959
960	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
961
962	  See also:
963	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
964
965config CRYPTO_CAMELLIA_X86_64
966	tristate "Camellia cipher algorithm (x86_64)"
967	depends on X86 && 64BIT
968	depends on CRYPTO
969	select CRYPTO_ALGAPI
970	select CRYPTO_GLUE_HELPER_X86
971	select CRYPTO_LRW
972	select CRYPTO_XTS
973	help
974	  Camellia cipher algorithm module (x86_64).
975
976	  Camellia is a symmetric key block cipher developed jointly
977	  at NTT and Mitsubishi Electric Corporation.
978
979	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
980
981	  See also:
982	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
983
984config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
985	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
986	depends on X86 && 64BIT
987	depends on CRYPTO
988	select CRYPTO_ALGAPI
989	select CRYPTO_CRYPTD
990	select CRYPTO_ABLK_HELPER
991	select CRYPTO_GLUE_HELPER_X86
992	select CRYPTO_CAMELLIA_X86_64
993	select CRYPTO_LRW
994	select CRYPTO_XTS
995	help
996	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
997
998	  Camellia is a symmetric key block cipher developed jointly
999	  at NTT and Mitsubishi Electric Corporation.
1000
1001	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1002
1003	  See also:
1004	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1005
1006config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1007	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1008	depends on X86 && 64BIT
1009	depends on CRYPTO
1010	select CRYPTO_ALGAPI
1011	select CRYPTO_CRYPTD
1012	select CRYPTO_ABLK_HELPER
1013	select CRYPTO_GLUE_HELPER_X86
1014	select CRYPTO_CAMELLIA_X86_64
1015	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1016	select CRYPTO_LRW
1017	select CRYPTO_XTS
1018	help
1019	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1020
1021	  Camellia is a symmetric key block cipher developed jointly
1022	  at NTT and Mitsubishi Electric Corporation.
1023
1024	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1025
1026	  See also:
1027	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1028
1029config CRYPTO_CAMELLIA_SPARC64
1030	tristate "Camellia cipher algorithm (SPARC64)"
1031	depends on SPARC64
1032	depends on CRYPTO
1033	select CRYPTO_ALGAPI
1034	help
1035	  Camellia cipher algorithm module (SPARC64).
1036
1037	  Camellia is a symmetric key block cipher developed jointly
1038	  at NTT and Mitsubishi Electric Corporation.
1039
1040	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1041
1042	  See also:
1043	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1044
1045config CRYPTO_CAST_COMMON
1046	tristate
1047	help
1048	  Common parts of the CAST cipher algorithms shared by the
1049	  generic c and the assembler implementations.
1050
1051config CRYPTO_CAST5
1052	tristate "CAST5 (CAST-128) cipher algorithm"
1053	select CRYPTO_ALGAPI
1054	select CRYPTO_CAST_COMMON
1055	help
1056	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1057	  described in RFC2144.
1058
1059config CRYPTO_CAST5_AVX_X86_64
1060	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1061	depends on X86 && 64BIT
1062	select CRYPTO_ALGAPI
1063	select CRYPTO_CRYPTD
1064	select CRYPTO_ABLK_HELPER
1065	select CRYPTO_CAST_COMMON
1066	select CRYPTO_CAST5
1067	help
1068	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1069	  described in RFC2144.
1070
1071	  This module provides the Cast5 cipher algorithm that processes
1072	  sixteen blocks parallel using the AVX instruction set.
1073
1074config CRYPTO_CAST6
1075	tristate "CAST6 (CAST-256) cipher algorithm"
1076	select CRYPTO_ALGAPI
1077	select CRYPTO_CAST_COMMON
1078	help
1079	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1080	  described in RFC2612.
1081
1082config CRYPTO_CAST6_AVX_X86_64
1083	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1084	depends on X86 && 64BIT
1085	select CRYPTO_ALGAPI
1086	select CRYPTO_CRYPTD
1087	select CRYPTO_ABLK_HELPER
1088	select CRYPTO_GLUE_HELPER_X86
1089	select CRYPTO_CAST_COMMON
1090	select CRYPTO_CAST6
1091	select CRYPTO_LRW
1092	select CRYPTO_XTS
1093	help
1094	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1095	  described in RFC2612.
1096
1097	  This module provides the Cast6 cipher algorithm that processes
1098	  eight blocks parallel using the AVX instruction set.
1099
1100config CRYPTO_DES
1101	tristate "DES and Triple DES EDE cipher algorithms"
1102	select CRYPTO_ALGAPI
1103	help
1104	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1105
1106config CRYPTO_DES_SPARC64
1107	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1108	depends on SPARC64
1109	select CRYPTO_ALGAPI
1110	select CRYPTO_DES
1111	help
1112	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1113	  optimized using SPARC64 crypto opcodes.
1114
1115config CRYPTO_DES3_EDE_X86_64
1116	tristate "Triple DES EDE cipher algorithm (x86-64)"
1117	depends on X86 && 64BIT
1118	select CRYPTO_ALGAPI
1119	select CRYPTO_DES
1120	help
1121	  Triple DES EDE (FIPS 46-3) algorithm.
1122
1123	  This module provides implementation of the Triple DES EDE cipher
1124	  algorithm that is optimized for x86-64 processors. Two versions of
1125	  algorithm are provided; regular processing one input block and
1126	  one that processes three blocks parallel.
1127
1128config CRYPTO_FCRYPT
1129	tristate "FCrypt cipher algorithm"
1130	select CRYPTO_ALGAPI
1131	select CRYPTO_BLKCIPHER
1132	help
1133	  FCrypt algorithm used by RxRPC.
1134
1135config CRYPTO_KHAZAD
1136	tristate "Khazad cipher algorithm"
1137	select CRYPTO_ALGAPI
1138	help
1139	  Khazad cipher algorithm.
1140
1141	  Khazad was a finalist in the initial NESSIE competition.  It is
1142	  an algorithm optimized for 64-bit processors with good performance
1143	  on 32-bit processors.  Khazad uses an 128 bit key size.
1144
1145	  See also:
1146	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1147
1148config CRYPTO_SALSA20
1149	tristate "Salsa20 stream cipher algorithm"
1150	select CRYPTO_BLKCIPHER
1151	help
1152	  Salsa20 stream cipher algorithm.
1153
1154	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1155	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1156
1157	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1158	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1159
1160config CRYPTO_SALSA20_586
1161	tristate "Salsa20 stream cipher algorithm (i586)"
1162	depends on (X86 || UML_X86) && !64BIT
1163	select CRYPTO_BLKCIPHER
1164	help
1165	  Salsa20 stream cipher algorithm.
1166
1167	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1168	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1169
1170	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1171	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1172
1173config CRYPTO_SALSA20_X86_64
1174	tristate "Salsa20 stream cipher algorithm (x86_64)"
1175	depends on (X86 || UML_X86) && 64BIT
1176	select CRYPTO_BLKCIPHER
1177	help
1178	  Salsa20 stream cipher algorithm.
1179
1180	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1181	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1182
1183	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1184	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1185
1186config CRYPTO_SEED
1187	tristate "SEED cipher algorithm"
1188	select CRYPTO_ALGAPI
1189	help
1190	  SEED cipher algorithm (RFC4269).
1191
1192	  SEED is a 128-bit symmetric key block cipher that has been
1193	  developed by KISA (Korea Information Security Agency) as a
1194	  national standard encryption algorithm of the Republic of Korea.
1195	  It is a 16 round block cipher with the key size of 128 bit.
1196
1197	  See also:
1198	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1199
1200config CRYPTO_SERPENT
1201	tristate "Serpent cipher algorithm"
1202	select CRYPTO_ALGAPI
1203	help
1204	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1205
1206	  Keys are allowed to be from 0 to 256 bits in length, in steps
1207	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1208	  variant of Serpent for compatibility with old kerneli.org code.
1209
1210	  See also:
1211	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1212
1213config CRYPTO_SERPENT_SSE2_X86_64
1214	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1215	depends on X86 && 64BIT
1216	select CRYPTO_ALGAPI
1217	select CRYPTO_CRYPTD
1218	select CRYPTO_ABLK_HELPER
1219	select CRYPTO_GLUE_HELPER_X86
1220	select CRYPTO_SERPENT
1221	select CRYPTO_LRW
1222	select CRYPTO_XTS
1223	help
1224	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1225
1226	  Keys are allowed to be from 0 to 256 bits in length, in steps
1227	  of 8 bits.
1228
1229	  This module provides Serpent cipher algorithm that processes eigth
1230	  blocks parallel using SSE2 instruction set.
1231
1232	  See also:
1233	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1234
1235config CRYPTO_SERPENT_SSE2_586
1236	tristate "Serpent cipher algorithm (i586/SSE2)"
1237	depends on X86 && !64BIT
1238	select CRYPTO_ALGAPI
1239	select CRYPTO_CRYPTD
1240	select CRYPTO_ABLK_HELPER
1241	select CRYPTO_GLUE_HELPER_X86
1242	select CRYPTO_SERPENT
1243	select CRYPTO_LRW
1244	select CRYPTO_XTS
1245	help
1246	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1247
1248	  Keys are allowed to be from 0 to 256 bits in length, in steps
1249	  of 8 bits.
1250
1251	  This module provides Serpent cipher algorithm that processes four
1252	  blocks parallel using SSE2 instruction set.
1253
1254	  See also:
1255	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1256
1257config CRYPTO_SERPENT_AVX_X86_64
1258	tristate "Serpent cipher algorithm (x86_64/AVX)"
1259	depends on X86 && 64BIT
1260	select CRYPTO_ALGAPI
1261	select CRYPTO_CRYPTD
1262	select CRYPTO_ABLK_HELPER
1263	select CRYPTO_GLUE_HELPER_X86
1264	select CRYPTO_SERPENT
1265	select CRYPTO_LRW
1266	select CRYPTO_XTS
1267	help
1268	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1269
1270	  Keys are allowed to be from 0 to 256 bits in length, in steps
1271	  of 8 bits.
1272
1273	  This module provides the Serpent cipher algorithm that processes
1274	  eight blocks parallel using the AVX instruction set.
1275
1276	  See also:
1277	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1278
1279config CRYPTO_SERPENT_AVX2_X86_64
1280	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1281	depends on X86 && 64BIT
1282	select CRYPTO_ALGAPI
1283	select CRYPTO_CRYPTD
1284	select CRYPTO_ABLK_HELPER
1285	select CRYPTO_GLUE_HELPER_X86
1286	select CRYPTO_SERPENT
1287	select CRYPTO_SERPENT_AVX_X86_64
1288	select CRYPTO_LRW
1289	select CRYPTO_XTS
1290	help
1291	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1292
1293	  Keys are allowed to be from 0 to 256 bits in length, in steps
1294	  of 8 bits.
1295
1296	  This module provides Serpent cipher algorithm that processes 16
1297	  blocks parallel using AVX2 instruction set.
1298
1299	  See also:
1300	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1301
1302config CRYPTO_TEA
1303	tristate "TEA, XTEA and XETA cipher algorithms"
1304	select CRYPTO_ALGAPI
1305	help
1306	  TEA cipher algorithm.
1307
1308	  Tiny Encryption Algorithm is a simple cipher that uses
1309	  many rounds for security.  It is very fast and uses
1310	  little memory.
1311
1312	  Xtendend Tiny Encryption Algorithm is a modification to
1313	  the TEA algorithm to address a potential key weakness
1314	  in the TEA algorithm.
1315
1316	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1317	  of the XTEA algorithm for compatibility purposes.
1318
1319config CRYPTO_TWOFISH
1320	tristate "Twofish cipher algorithm"
1321	select CRYPTO_ALGAPI
1322	select CRYPTO_TWOFISH_COMMON
1323	help
1324	  Twofish cipher algorithm.
1325
1326	  Twofish was submitted as an AES (Advanced Encryption Standard)
1327	  candidate cipher by researchers at CounterPane Systems.  It is a
1328	  16 round block cipher supporting key sizes of 128, 192, and 256
1329	  bits.
1330
1331	  See also:
1332	  <http://www.schneier.com/twofish.html>
1333
1334config CRYPTO_TWOFISH_COMMON
1335	tristate
1336	help
1337	  Common parts of the Twofish cipher algorithm shared by the
1338	  generic c and the assembler implementations.
1339
1340config CRYPTO_TWOFISH_586
1341	tristate "Twofish cipher algorithms (i586)"
1342	depends on (X86 || UML_X86) && !64BIT
1343	select CRYPTO_ALGAPI
1344	select CRYPTO_TWOFISH_COMMON
1345	help
1346	  Twofish cipher algorithm.
1347
1348	  Twofish was submitted as an AES (Advanced Encryption Standard)
1349	  candidate cipher by researchers at CounterPane Systems.  It is a
1350	  16 round block cipher supporting key sizes of 128, 192, and 256
1351	  bits.
1352
1353	  See also:
1354	  <http://www.schneier.com/twofish.html>
1355
1356config CRYPTO_TWOFISH_X86_64
1357	tristate "Twofish cipher algorithm (x86_64)"
1358	depends on (X86 || UML_X86) && 64BIT
1359	select CRYPTO_ALGAPI
1360	select CRYPTO_TWOFISH_COMMON
1361	help
1362	  Twofish cipher algorithm (x86_64).
1363
1364	  Twofish was submitted as an AES (Advanced Encryption Standard)
1365	  candidate cipher by researchers at CounterPane Systems.  It is a
1366	  16 round block cipher supporting key sizes of 128, 192, and 256
1367	  bits.
1368
1369	  See also:
1370	  <http://www.schneier.com/twofish.html>
1371
1372config CRYPTO_TWOFISH_X86_64_3WAY
1373	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1374	depends on X86 && 64BIT
1375	select CRYPTO_ALGAPI
1376	select CRYPTO_TWOFISH_COMMON
1377	select CRYPTO_TWOFISH_X86_64
1378	select CRYPTO_GLUE_HELPER_X86
1379	select CRYPTO_LRW
1380	select CRYPTO_XTS
1381	help
1382	  Twofish cipher algorithm (x86_64, 3-way parallel).
1383
1384	  Twofish was submitted as an AES (Advanced Encryption Standard)
1385	  candidate cipher by researchers at CounterPane Systems.  It is a
1386	  16 round block cipher supporting key sizes of 128, 192, and 256
1387	  bits.
1388
1389	  This module provides Twofish cipher algorithm that processes three
1390	  blocks parallel, utilizing resources of out-of-order CPUs better.
1391
1392	  See also:
1393	  <http://www.schneier.com/twofish.html>
1394
1395config CRYPTO_TWOFISH_AVX_X86_64
1396	tristate "Twofish cipher algorithm (x86_64/AVX)"
1397	depends on X86 && 64BIT
1398	select CRYPTO_ALGAPI
1399	select CRYPTO_CRYPTD
1400	select CRYPTO_ABLK_HELPER
1401	select CRYPTO_GLUE_HELPER_X86
1402	select CRYPTO_TWOFISH_COMMON
1403	select CRYPTO_TWOFISH_X86_64
1404	select CRYPTO_TWOFISH_X86_64_3WAY
1405	select CRYPTO_LRW
1406	select CRYPTO_XTS
1407	help
1408	  Twofish cipher algorithm (x86_64/AVX).
1409
1410	  Twofish was submitted as an AES (Advanced Encryption Standard)
1411	  candidate cipher by researchers at CounterPane Systems.  It is a
1412	  16 round block cipher supporting key sizes of 128, 192, and 256
1413	  bits.
1414
1415	  This module provides the Twofish cipher algorithm that processes
1416	  eight blocks parallel using the AVX Instruction Set.
1417
1418	  See also:
1419	  <http://www.schneier.com/twofish.html>
1420
1421comment "Compression"
1422
1423config CRYPTO_DEFLATE
1424	tristate "Deflate compression algorithm"
1425	select CRYPTO_ALGAPI
1426	select ZLIB_INFLATE
1427	select ZLIB_DEFLATE
1428	help
1429	  This is the Deflate algorithm (RFC1951), specified for use in
1430	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1431
1432	  You will most probably want this if using IPSec.
1433
1434config CRYPTO_ZLIB
1435	tristate "Zlib compression algorithm"
1436	select CRYPTO_PCOMP
1437	select ZLIB_INFLATE
1438	select ZLIB_DEFLATE
1439	select NLATTR
1440	help
1441	  This is the zlib algorithm.
1442
1443config CRYPTO_LZO
1444	tristate "LZO compression algorithm"
1445	select CRYPTO_ALGAPI
1446	select LZO_COMPRESS
1447	select LZO_DECOMPRESS
1448	help
1449	  This is the LZO algorithm.
1450
1451config CRYPTO_842
1452	tristate "842 compression algorithm"
1453	depends on CRYPTO_DEV_NX_COMPRESS
1454	# 842 uses lzo if the hardware becomes unavailable
1455	select LZO_COMPRESS
1456	select LZO_DECOMPRESS
1457	help
1458	  This is the 842 algorithm.
1459
1460config CRYPTO_LZ4
1461	tristate "LZ4 compression algorithm"
1462	select CRYPTO_ALGAPI
1463	select LZ4_COMPRESS
1464	select LZ4_DECOMPRESS
1465	help
1466	  This is the LZ4 algorithm.
1467
1468config CRYPTO_LZ4HC
1469	tristate "LZ4HC compression algorithm"
1470	select CRYPTO_ALGAPI
1471	select LZ4HC_COMPRESS
1472	select LZ4_DECOMPRESS
1473	help
1474	  This is the LZ4 high compression mode algorithm.
1475
1476comment "Random Number Generation"
1477
1478config CRYPTO_ANSI_CPRNG
1479	tristate "Pseudo Random Number Generation for Cryptographic modules"
1480	default m
1481	select CRYPTO_AES
1482	select CRYPTO_RNG
1483	help
1484	  This option enables the generic pseudo random number generator
1485	  for cryptographic modules.  Uses the Algorithm specified in
1486	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1487	  CRYPTO_FIPS is selected
1488
1489menuconfig CRYPTO_DRBG_MENU
1490	tristate "NIST SP800-90A DRBG"
1491	help
1492	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1493	  more of the DRBG types must be selected.
1494
1495if CRYPTO_DRBG_MENU
1496
1497config CRYPTO_DRBG_HMAC
1498	bool "Enable HMAC DRBG"
1499	default y
1500	select CRYPTO_HMAC
1501	help
1502	  Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1503
1504config CRYPTO_DRBG_HASH
1505	bool "Enable Hash DRBG"
1506	select CRYPTO_HASH
1507	help
1508	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1509
1510config CRYPTO_DRBG_CTR
1511	bool "Enable CTR DRBG"
1512	select CRYPTO_AES
1513	help
1514	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1515
1516config CRYPTO_DRBG
1517	tristate
1518	default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1519	select CRYPTO_RNG
1520
1521endif	# if CRYPTO_DRBG_MENU
1522
1523config CRYPTO_USER_API
1524	tristate
1525
1526config CRYPTO_USER_API_HASH
1527	tristate "User-space interface for hash algorithms"
1528	depends on NET
1529	select CRYPTO_HASH
1530	select CRYPTO_USER_API
1531	help
1532	  This option enables the user-spaces interface for hash
1533	  algorithms.
1534
1535config CRYPTO_USER_API_SKCIPHER
1536	tristate "User-space interface for symmetric key cipher algorithms"
1537	depends on NET
1538	select CRYPTO_BLKCIPHER
1539	select CRYPTO_USER_API
1540	help
1541	  This option enables the user-spaces interface for symmetric
1542	  key cipher algorithms.
1543
1544config CRYPTO_USER_API_RNG
1545	tristate "User-space interface for random number generator algorithms"
1546	depends on NET
1547	select CRYPTO_RNG
1548	select CRYPTO_USER_API
1549	help
1550	  This option enables the user-spaces interface for random
1551	  number generator algorithms.
1552
1553config CRYPTO_HASH_INFO
1554	bool
1555
1556source "drivers/crypto/Kconfig"
1557source crypto/asymmetric_keys/Kconfig
1558
1559endif	# if CRYPTO
1560