xref: /openbmc/linux/crypto/Kconfig (revision 8c749ce9)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51	select CRYPTO_NULL2
52	select CRYPTO_RNG2
53
54config CRYPTO_BLKCIPHER
55	tristate
56	select CRYPTO_BLKCIPHER2
57	select CRYPTO_ALGAPI
58
59config CRYPTO_BLKCIPHER2
60	tristate
61	select CRYPTO_ALGAPI2
62	select CRYPTO_RNG2
63	select CRYPTO_WORKQUEUE
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_PCOMP
88	tristate
89	select CRYPTO_PCOMP2
90	select CRYPTO_ALGAPI
91
92config CRYPTO_PCOMP2
93	tristate
94	select CRYPTO_ALGAPI2
95
96config CRYPTO_AKCIPHER2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_AKCIPHER
101	tristate
102	select CRYPTO_AKCIPHER2
103	select CRYPTO_ALGAPI
104
105config CRYPTO_RSA
106	tristate "RSA algorithm"
107	select CRYPTO_AKCIPHER
108	select MPILIB
109	select ASN1
110	help
111	  Generic implementation of the RSA public key algorithm.
112
113config CRYPTO_MANAGER
114	tristate "Cryptographic algorithm manager"
115	select CRYPTO_MANAGER2
116	help
117	  Create default cryptographic template instantiations such as
118	  cbc(aes).
119
120config CRYPTO_MANAGER2
121	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
122	select CRYPTO_AEAD2
123	select CRYPTO_HASH2
124	select CRYPTO_BLKCIPHER2
125	select CRYPTO_PCOMP2
126	select CRYPTO_AKCIPHER2
127
128config CRYPTO_USER
129	tristate "Userspace cryptographic algorithm configuration"
130	depends on NET
131	select CRYPTO_MANAGER
132	help
133	  Userspace configuration for cryptographic instantiations such as
134	  cbc(aes).
135
136config CRYPTO_MANAGER_DISABLE_TESTS
137	bool "Disable run-time self tests"
138	default y
139	depends on CRYPTO_MANAGER2
140	help
141	  Disable run-time self tests that normally take place at
142	  algorithm registration.
143
144config CRYPTO_GF128MUL
145	tristate "GF(2^128) multiplication functions"
146	help
147	  Efficient table driven implementation of multiplications in the
148	  field GF(2^128).  This is needed by some cypher modes. This
149	  option will be selected automatically if you select such a
150	  cipher mode.  Only select this option by hand if you expect to load
151	  an external module that requires these functions.
152
153config CRYPTO_NULL
154	tristate "Null algorithms"
155	select CRYPTO_NULL2
156	help
157	  These are 'Null' algorithms, used by IPsec, which do nothing.
158
159config CRYPTO_NULL2
160	tristate
161	select CRYPTO_ALGAPI2
162	select CRYPTO_BLKCIPHER2
163	select CRYPTO_HASH2
164
165config CRYPTO_PCRYPT
166	tristate "Parallel crypto engine"
167	depends on SMP
168	select PADATA
169	select CRYPTO_MANAGER
170	select CRYPTO_AEAD
171	help
172	  This converts an arbitrary crypto algorithm into a parallel
173	  algorithm that executes in kernel threads.
174
175config CRYPTO_WORKQUEUE
176       tristate
177
178config CRYPTO_CRYPTD
179	tristate "Software async crypto daemon"
180	select CRYPTO_BLKCIPHER
181	select CRYPTO_HASH
182	select CRYPTO_MANAGER
183	select CRYPTO_WORKQUEUE
184	help
185	  This is a generic software asynchronous crypto daemon that
186	  converts an arbitrary synchronous software crypto algorithm
187	  into an asynchronous algorithm that executes in a kernel thread.
188
189config CRYPTO_MCRYPTD
190	tristate "Software async multi-buffer crypto daemon"
191	select CRYPTO_BLKCIPHER
192	select CRYPTO_HASH
193	select CRYPTO_MANAGER
194	select CRYPTO_WORKQUEUE
195	help
196	  This is a generic software asynchronous crypto daemon that
197	  provides the kernel thread to assist multi-buffer crypto
198	  algorithms for submitting jobs and flushing jobs in multi-buffer
199	  crypto algorithms.  Multi-buffer crypto algorithms are executed
200	  in the context of this kernel thread and drivers can post
201	  their crypto request asynchronously to be processed by this daemon.
202
203config CRYPTO_AUTHENC
204	tristate "Authenc support"
205	select CRYPTO_AEAD
206	select CRYPTO_BLKCIPHER
207	select CRYPTO_MANAGER
208	select CRYPTO_HASH
209	select CRYPTO_NULL
210	help
211	  Authenc: Combined mode wrapper for IPsec.
212	  This is required for IPSec.
213
214config CRYPTO_TEST
215	tristate "Testing module"
216	depends on m
217	select CRYPTO_MANAGER
218	help
219	  Quick & dirty crypto test module.
220
221config CRYPTO_ABLK_HELPER
222	tristate
223	select CRYPTO_CRYPTD
224
225config CRYPTO_GLUE_HELPER_X86
226	tristate
227	depends on X86
228	select CRYPTO_ALGAPI
229
230comment "Authenticated Encryption with Associated Data"
231
232config CRYPTO_CCM
233	tristate "CCM support"
234	select CRYPTO_CTR
235	select CRYPTO_AEAD
236	help
237	  Support for Counter with CBC MAC. Required for IPsec.
238
239config CRYPTO_GCM
240	tristate "GCM/GMAC support"
241	select CRYPTO_CTR
242	select CRYPTO_AEAD
243	select CRYPTO_GHASH
244	select CRYPTO_NULL
245	help
246	  Support for Galois/Counter Mode (GCM) and Galois Message
247	  Authentication Code (GMAC). Required for IPSec.
248
249config CRYPTO_CHACHA20POLY1305
250	tristate "ChaCha20-Poly1305 AEAD support"
251	select CRYPTO_CHACHA20
252	select CRYPTO_POLY1305
253	select CRYPTO_AEAD
254	help
255	  ChaCha20-Poly1305 AEAD support, RFC7539.
256
257	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
258	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
259	  IETF protocols.
260
261config CRYPTO_SEQIV
262	tristate "Sequence Number IV Generator"
263	select CRYPTO_AEAD
264	select CRYPTO_BLKCIPHER
265	select CRYPTO_NULL
266	select CRYPTO_RNG_DEFAULT
267	help
268	  This IV generator generates an IV based on a sequence number by
269	  xoring it with a salt.  This algorithm is mainly useful for CTR
270
271config CRYPTO_ECHAINIV
272	tristate "Encrypted Chain IV Generator"
273	select CRYPTO_AEAD
274	select CRYPTO_NULL
275	select CRYPTO_RNG_DEFAULT
276	default m
277	help
278	  This IV generator generates an IV based on the encryption of
279	  a sequence number xored with a salt.  This is the default
280	  algorithm for CBC.
281
282comment "Block modes"
283
284config CRYPTO_CBC
285	tristate "CBC support"
286	select CRYPTO_BLKCIPHER
287	select CRYPTO_MANAGER
288	help
289	  CBC: Cipher Block Chaining mode
290	  This block cipher algorithm is required for IPSec.
291
292config CRYPTO_CTR
293	tristate "CTR support"
294	select CRYPTO_BLKCIPHER
295	select CRYPTO_SEQIV
296	select CRYPTO_MANAGER
297	help
298	  CTR: Counter mode
299	  This block cipher algorithm is required for IPSec.
300
301config CRYPTO_CTS
302	tristate "CTS support"
303	select CRYPTO_BLKCIPHER
304	help
305	  CTS: Cipher Text Stealing
306	  This is the Cipher Text Stealing mode as described by
307	  Section 8 of rfc2040 and referenced by rfc3962.
308	  (rfc3962 includes errata information in its Appendix A)
309	  This mode is required for Kerberos gss mechanism support
310	  for AES encryption.
311
312config CRYPTO_ECB
313	tristate "ECB support"
314	select CRYPTO_BLKCIPHER
315	select CRYPTO_MANAGER
316	help
317	  ECB: Electronic CodeBook mode
318	  This is the simplest block cipher algorithm.  It simply encrypts
319	  the input block by block.
320
321config CRYPTO_LRW
322	tristate "LRW support"
323	select CRYPTO_BLKCIPHER
324	select CRYPTO_MANAGER
325	select CRYPTO_GF128MUL
326	help
327	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
328	  narrow block cipher mode for dm-crypt.  Use it with cipher
329	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
330	  The first 128, 192 or 256 bits in the key are used for AES and the
331	  rest is used to tie each cipher block to its logical position.
332
333config CRYPTO_PCBC
334	tristate "PCBC support"
335	select CRYPTO_BLKCIPHER
336	select CRYPTO_MANAGER
337	help
338	  PCBC: Propagating Cipher Block Chaining mode
339	  This block cipher algorithm is required for RxRPC.
340
341config CRYPTO_XTS
342	tristate "XTS support"
343	select CRYPTO_BLKCIPHER
344	select CRYPTO_MANAGER
345	select CRYPTO_GF128MUL
346	help
347	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
348	  key size 256, 384 or 512 bits. This implementation currently
349	  can't handle a sectorsize which is not a multiple of 16 bytes.
350
351config CRYPTO_KEYWRAP
352	tristate "Key wrapping support"
353	select CRYPTO_BLKCIPHER
354	help
355	  Support for key wrapping (NIST SP800-38F / RFC3394) without
356	  padding.
357
358comment "Hash modes"
359
360config CRYPTO_CMAC
361	tristate "CMAC support"
362	select CRYPTO_HASH
363	select CRYPTO_MANAGER
364	help
365	  Cipher-based Message Authentication Code (CMAC) specified by
366	  The National Institute of Standards and Technology (NIST).
367
368	  https://tools.ietf.org/html/rfc4493
369	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
370
371config CRYPTO_HMAC
372	tristate "HMAC support"
373	select CRYPTO_HASH
374	select CRYPTO_MANAGER
375	help
376	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
377	  This is required for IPSec.
378
379config CRYPTO_XCBC
380	tristate "XCBC support"
381	select CRYPTO_HASH
382	select CRYPTO_MANAGER
383	help
384	  XCBC: Keyed-Hashing with encryption algorithm
385		http://www.ietf.org/rfc/rfc3566.txt
386		http://csrc.nist.gov/encryption/modes/proposedmodes/
387		 xcbc-mac/xcbc-mac-spec.pdf
388
389config CRYPTO_VMAC
390	tristate "VMAC support"
391	select CRYPTO_HASH
392	select CRYPTO_MANAGER
393	help
394	  VMAC is a message authentication algorithm designed for
395	  very high speed on 64-bit architectures.
396
397	  See also:
398	  <http://fastcrypto.org/vmac>
399
400comment "Digest"
401
402config CRYPTO_CRC32C
403	tristate "CRC32c CRC algorithm"
404	select CRYPTO_HASH
405	select CRC32
406	help
407	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
408	  by iSCSI for header and data digests and by others.
409	  See Castagnoli93.  Module will be crc32c.
410
411config CRYPTO_CRC32C_INTEL
412	tristate "CRC32c INTEL hardware acceleration"
413	depends on X86
414	select CRYPTO_HASH
415	help
416	  In Intel processor with SSE4.2 supported, the processor will
417	  support CRC32C implementation using hardware accelerated CRC32
418	  instruction. This option will create 'crc32c-intel' module,
419	  which will enable any routine to use the CRC32 instruction to
420	  gain performance compared with software implementation.
421	  Module will be crc32c-intel.
422
423config CRYPTO_CRC32C_SPARC64
424	tristate "CRC32c CRC algorithm (SPARC64)"
425	depends on SPARC64
426	select CRYPTO_HASH
427	select CRC32
428	help
429	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
430	  when available.
431
432config CRYPTO_CRC32
433	tristate "CRC32 CRC algorithm"
434	select CRYPTO_HASH
435	select CRC32
436	help
437	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
438	  Shash crypto api wrappers to crc32_le function.
439
440config CRYPTO_CRC32_PCLMUL
441	tristate "CRC32 PCLMULQDQ hardware acceleration"
442	depends on X86
443	select CRYPTO_HASH
444	select CRC32
445	help
446	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
447	  and PCLMULQDQ supported, the processor will support
448	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
449	  instruction. This option will create 'crc32-plcmul' module,
450	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
451	  and gain better performance as compared with the table implementation.
452
453config CRYPTO_CRCT10DIF
454	tristate "CRCT10DIF algorithm"
455	select CRYPTO_HASH
456	help
457	  CRC T10 Data Integrity Field computation is being cast as
458	  a crypto transform.  This allows for faster crc t10 diff
459	  transforms to be used if they are available.
460
461config CRYPTO_CRCT10DIF_PCLMUL
462	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
463	depends on X86 && 64BIT && CRC_T10DIF
464	select CRYPTO_HASH
465	help
466	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
467	  CRC T10 DIF PCLMULQDQ computation can be hardware
468	  accelerated PCLMULQDQ instruction. This option will create
469	  'crct10dif-plcmul' module, which is faster when computing the
470	  crct10dif checksum as compared with the generic table implementation.
471
472config CRYPTO_GHASH
473	tristate "GHASH digest algorithm"
474	select CRYPTO_GF128MUL
475	help
476	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
477
478config CRYPTO_POLY1305
479	tristate "Poly1305 authenticator algorithm"
480	help
481	  Poly1305 authenticator algorithm, RFC7539.
482
483	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
484	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
485	  in IETF protocols. This is the portable C implementation of Poly1305.
486
487config CRYPTO_POLY1305_X86_64
488	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
489	depends on X86 && 64BIT
490	select CRYPTO_POLY1305
491	help
492	  Poly1305 authenticator algorithm, RFC7539.
493
494	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
495	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
496	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
497	  instructions.
498
499config CRYPTO_MD4
500	tristate "MD4 digest algorithm"
501	select CRYPTO_HASH
502	help
503	  MD4 message digest algorithm (RFC1320).
504
505config CRYPTO_MD5
506	tristate "MD5 digest algorithm"
507	select CRYPTO_HASH
508	help
509	  MD5 message digest algorithm (RFC1321).
510
511config CRYPTO_MD5_OCTEON
512	tristate "MD5 digest algorithm (OCTEON)"
513	depends on CPU_CAVIUM_OCTEON
514	select CRYPTO_MD5
515	select CRYPTO_HASH
516	help
517	  MD5 message digest algorithm (RFC1321) implemented
518	  using OCTEON crypto instructions, when available.
519
520config CRYPTO_MD5_PPC
521	tristate "MD5 digest algorithm (PPC)"
522	depends on PPC
523	select CRYPTO_HASH
524	help
525	  MD5 message digest algorithm (RFC1321) implemented
526	  in PPC assembler.
527
528config CRYPTO_MD5_SPARC64
529	tristate "MD5 digest algorithm (SPARC64)"
530	depends on SPARC64
531	select CRYPTO_MD5
532	select CRYPTO_HASH
533	help
534	  MD5 message digest algorithm (RFC1321) implemented
535	  using sparc64 crypto instructions, when available.
536
537config CRYPTO_MICHAEL_MIC
538	tristate "Michael MIC keyed digest algorithm"
539	select CRYPTO_HASH
540	help
541	  Michael MIC is used for message integrity protection in TKIP
542	  (IEEE 802.11i). This algorithm is required for TKIP, but it
543	  should not be used for other purposes because of the weakness
544	  of the algorithm.
545
546config CRYPTO_RMD128
547	tristate "RIPEMD-128 digest algorithm"
548	select CRYPTO_HASH
549	help
550	  RIPEMD-128 (ISO/IEC 10118-3:2004).
551
552	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
553	  be used as a secure replacement for RIPEMD. For other use cases,
554	  RIPEMD-160 should be used.
555
556	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
557	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
558
559config CRYPTO_RMD160
560	tristate "RIPEMD-160 digest algorithm"
561	select CRYPTO_HASH
562	help
563	  RIPEMD-160 (ISO/IEC 10118-3:2004).
564
565	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
566	  to be used as a secure replacement for the 128-bit hash functions
567	  MD4, MD5 and it's predecessor RIPEMD
568	  (not to be confused with RIPEMD-128).
569
570	  It's speed is comparable to SHA1 and there are no known attacks
571	  against RIPEMD-160.
572
573	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
574	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
575
576config CRYPTO_RMD256
577	tristate "RIPEMD-256 digest algorithm"
578	select CRYPTO_HASH
579	help
580	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
581	  256 bit hash. It is intended for applications that require
582	  longer hash-results, without needing a larger security level
583	  (than RIPEMD-128).
584
585	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
586	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
587
588config CRYPTO_RMD320
589	tristate "RIPEMD-320 digest algorithm"
590	select CRYPTO_HASH
591	help
592	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
593	  320 bit hash. It is intended for applications that require
594	  longer hash-results, without needing a larger security level
595	  (than RIPEMD-160).
596
597	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
598	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
599
600config CRYPTO_SHA1
601	tristate "SHA1 digest algorithm"
602	select CRYPTO_HASH
603	help
604	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
605
606config CRYPTO_SHA1_SSSE3
607	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
608	depends on X86 && 64BIT
609	select CRYPTO_SHA1
610	select CRYPTO_HASH
611	help
612	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
613	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
614	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
615	  when available.
616
617config CRYPTO_SHA256_SSSE3
618	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
619	depends on X86 && 64BIT
620	select CRYPTO_SHA256
621	select CRYPTO_HASH
622	help
623	  SHA-256 secure hash standard (DFIPS 180-2) implemented
624	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
625	  Extensions version 1 (AVX1), or Advanced Vector Extensions
626	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
627	  Instructions) when available.
628
629config CRYPTO_SHA512_SSSE3
630	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
631	depends on X86 && 64BIT
632	select CRYPTO_SHA512
633	select CRYPTO_HASH
634	help
635	  SHA-512 secure hash standard (DFIPS 180-2) implemented
636	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
637	  Extensions version 1 (AVX1), or Advanced Vector Extensions
638	  version 2 (AVX2) instructions, when available.
639
640config CRYPTO_SHA1_OCTEON
641	tristate "SHA1 digest algorithm (OCTEON)"
642	depends on CPU_CAVIUM_OCTEON
643	select CRYPTO_SHA1
644	select CRYPTO_HASH
645	help
646	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
647	  using OCTEON crypto instructions, when available.
648
649config CRYPTO_SHA1_SPARC64
650	tristate "SHA1 digest algorithm (SPARC64)"
651	depends on SPARC64
652	select CRYPTO_SHA1
653	select CRYPTO_HASH
654	help
655	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
656	  using sparc64 crypto instructions, when available.
657
658config CRYPTO_SHA1_PPC
659	tristate "SHA1 digest algorithm (powerpc)"
660	depends on PPC
661	help
662	  This is the powerpc hardware accelerated implementation of the
663	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
664
665config CRYPTO_SHA1_PPC_SPE
666	tristate "SHA1 digest algorithm (PPC SPE)"
667	depends on PPC && SPE
668	help
669	  SHA-1 secure hash standard (DFIPS 180-4) implemented
670	  using powerpc SPE SIMD instruction set.
671
672config CRYPTO_SHA1_MB
673	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
674	depends on X86 && 64BIT
675	select CRYPTO_SHA1
676	select CRYPTO_HASH
677	select CRYPTO_MCRYPTD
678	help
679	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
680	  using multi-buffer technique.  This algorithm computes on
681	  multiple data lanes concurrently with SIMD instructions for
682	  better throughput.  It should not be enabled by default but
683	  used when there is significant amount of work to keep the keep
684	  the data lanes filled to get performance benefit.  If the data
685	  lanes remain unfilled, a flush operation will be initiated to
686	  process the crypto jobs, adding a slight latency.
687
688config CRYPTO_SHA256
689	tristate "SHA224 and SHA256 digest algorithm"
690	select CRYPTO_HASH
691	help
692	  SHA256 secure hash standard (DFIPS 180-2).
693
694	  This version of SHA implements a 256 bit hash with 128 bits of
695	  security against collision attacks.
696
697	  This code also includes SHA-224, a 224 bit hash with 112 bits
698	  of security against collision attacks.
699
700config CRYPTO_SHA256_PPC_SPE
701	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
702	depends on PPC && SPE
703	select CRYPTO_SHA256
704	select CRYPTO_HASH
705	help
706	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
707	  implemented using powerpc SPE SIMD instruction set.
708
709config CRYPTO_SHA256_OCTEON
710	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
711	depends on CPU_CAVIUM_OCTEON
712	select CRYPTO_SHA256
713	select CRYPTO_HASH
714	help
715	  SHA-256 secure hash standard (DFIPS 180-2) implemented
716	  using OCTEON crypto instructions, when available.
717
718config CRYPTO_SHA256_SPARC64
719	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
720	depends on SPARC64
721	select CRYPTO_SHA256
722	select CRYPTO_HASH
723	help
724	  SHA-256 secure hash standard (DFIPS 180-2) implemented
725	  using sparc64 crypto instructions, when available.
726
727config CRYPTO_SHA512
728	tristate "SHA384 and SHA512 digest algorithms"
729	select CRYPTO_HASH
730	help
731	  SHA512 secure hash standard (DFIPS 180-2).
732
733	  This version of SHA implements a 512 bit hash with 256 bits of
734	  security against collision attacks.
735
736	  This code also includes SHA-384, a 384 bit hash with 192 bits
737	  of security against collision attacks.
738
739config CRYPTO_SHA512_OCTEON
740	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
741	depends on CPU_CAVIUM_OCTEON
742	select CRYPTO_SHA512
743	select CRYPTO_HASH
744	help
745	  SHA-512 secure hash standard (DFIPS 180-2) implemented
746	  using OCTEON crypto instructions, when available.
747
748config CRYPTO_SHA512_SPARC64
749	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
750	depends on SPARC64
751	select CRYPTO_SHA512
752	select CRYPTO_HASH
753	help
754	  SHA-512 secure hash standard (DFIPS 180-2) implemented
755	  using sparc64 crypto instructions, when available.
756
757config CRYPTO_TGR192
758	tristate "Tiger digest algorithms"
759	select CRYPTO_HASH
760	help
761	  Tiger hash algorithm 192, 160 and 128-bit hashes
762
763	  Tiger is a hash function optimized for 64-bit processors while
764	  still having decent performance on 32-bit processors.
765	  Tiger was developed by Ross Anderson and Eli Biham.
766
767	  See also:
768	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
769
770config CRYPTO_WP512
771	tristate "Whirlpool digest algorithms"
772	select CRYPTO_HASH
773	help
774	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
775
776	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
777	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
778
779	  See also:
780	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
781
782config CRYPTO_GHASH_CLMUL_NI_INTEL
783	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
784	depends on X86 && 64BIT
785	select CRYPTO_CRYPTD
786	help
787	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
788	  The implementation is accelerated by CLMUL-NI of Intel.
789
790comment "Ciphers"
791
792config CRYPTO_AES
793	tristate "AES cipher algorithms"
794	select CRYPTO_ALGAPI
795	help
796	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
797	  algorithm.
798
799	  Rijndael appears to be consistently a very good performer in
800	  both hardware and software across a wide range of computing
801	  environments regardless of its use in feedback or non-feedback
802	  modes. Its key setup time is excellent, and its key agility is
803	  good. Rijndael's very low memory requirements make it very well
804	  suited for restricted-space environments, in which it also
805	  demonstrates excellent performance. Rijndael's operations are
806	  among the easiest to defend against power and timing attacks.
807
808	  The AES specifies three key sizes: 128, 192 and 256 bits
809
810	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
811
812config CRYPTO_AES_586
813	tristate "AES cipher algorithms (i586)"
814	depends on (X86 || UML_X86) && !64BIT
815	select CRYPTO_ALGAPI
816	select CRYPTO_AES
817	help
818	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
819	  algorithm.
820
821	  Rijndael appears to be consistently a very good performer in
822	  both hardware and software across a wide range of computing
823	  environments regardless of its use in feedback or non-feedback
824	  modes. Its key setup time is excellent, and its key agility is
825	  good. Rijndael's very low memory requirements make it very well
826	  suited for restricted-space environments, in which it also
827	  demonstrates excellent performance. Rijndael's operations are
828	  among the easiest to defend against power and timing attacks.
829
830	  The AES specifies three key sizes: 128, 192 and 256 bits
831
832	  See <http://csrc.nist.gov/encryption/aes/> for more information.
833
834config CRYPTO_AES_X86_64
835	tristate "AES cipher algorithms (x86_64)"
836	depends on (X86 || UML_X86) && 64BIT
837	select CRYPTO_ALGAPI
838	select CRYPTO_AES
839	help
840	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
841	  algorithm.
842
843	  Rijndael appears to be consistently a very good performer in
844	  both hardware and software across a wide range of computing
845	  environments regardless of its use in feedback or non-feedback
846	  modes. Its key setup time is excellent, and its key agility is
847	  good. Rijndael's very low memory requirements make it very well
848	  suited for restricted-space environments, in which it also
849	  demonstrates excellent performance. Rijndael's operations are
850	  among the easiest to defend against power and timing attacks.
851
852	  The AES specifies three key sizes: 128, 192 and 256 bits
853
854	  See <http://csrc.nist.gov/encryption/aes/> for more information.
855
856config CRYPTO_AES_NI_INTEL
857	tristate "AES cipher algorithms (AES-NI)"
858	depends on X86
859	select CRYPTO_AES_X86_64 if 64BIT
860	select CRYPTO_AES_586 if !64BIT
861	select CRYPTO_CRYPTD
862	select CRYPTO_ABLK_HELPER
863	select CRYPTO_ALGAPI
864	select CRYPTO_GLUE_HELPER_X86 if 64BIT
865	select CRYPTO_LRW
866	select CRYPTO_XTS
867	help
868	  Use Intel AES-NI instructions for AES algorithm.
869
870	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
871	  algorithm.
872
873	  Rijndael appears to be consistently a very good performer in
874	  both hardware and software across a wide range of computing
875	  environments regardless of its use in feedback or non-feedback
876	  modes. Its key setup time is excellent, and its key agility is
877	  good. Rijndael's very low memory requirements make it very well
878	  suited for restricted-space environments, in which it also
879	  demonstrates excellent performance. Rijndael's operations are
880	  among the easiest to defend against power and timing attacks.
881
882	  The AES specifies three key sizes: 128, 192 and 256 bits
883
884	  See <http://csrc.nist.gov/encryption/aes/> for more information.
885
886	  In addition to AES cipher algorithm support, the acceleration
887	  for some popular block cipher mode is supported too, including
888	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
889	  acceleration for CTR.
890
891config CRYPTO_AES_SPARC64
892	tristate "AES cipher algorithms (SPARC64)"
893	depends on SPARC64
894	select CRYPTO_CRYPTD
895	select CRYPTO_ALGAPI
896	help
897	  Use SPARC64 crypto opcodes for AES algorithm.
898
899	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
900	  algorithm.
901
902	  Rijndael appears to be consistently a very good performer in
903	  both hardware and software across a wide range of computing
904	  environments regardless of its use in feedback or non-feedback
905	  modes. Its key setup time is excellent, and its key agility is
906	  good. Rijndael's very low memory requirements make it very well
907	  suited for restricted-space environments, in which it also
908	  demonstrates excellent performance. Rijndael's operations are
909	  among the easiest to defend against power and timing attacks.
910
911	  The AES specifies three key sizes: 128, 192 and 256 bits
912
913	  See <http://csrc.nist.gov/encryption/aes/> for more information.
914
915	  In addition to AES cipher algorithm support, the acceleration
916	  for some popular block cipher mode is supported too, including
917	  ECB and CBC.
918
919config CRYPTO_AES_PPC_SPE
920	tristate "AES cipher algorithms (PPC SPE)"
921	depends on PPC && SPE
922	help
923	  AES cipher algorithms (FIPS-197). Additionally the acceleration
924	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
925	  This module should only be used for low power (router) devices
926	  without hardware AES acceleration (e.g. caam crypto). It reduces the
927	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
928	  timining attacks. Nevertheless it might be not as secure as other
929	  architecture specific assembler implementations that work on 1KB
930	  tables or 256 bytes S-boxes.
931
932config CRYPTO_ANUBIS
933	tristate "Anubis cipher algorithm"
934	select CRYPTO_ALGAPI
935	help
936	  Anubis cipher algorithm.
937
938	  Anubis is a variable key length cipher which can use keys from
939	  128 bits to 320 bits in length.  It was evaluated as a entrant
940	  in the NESSIE competition.
941
942	  See also:
943	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
944	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
945
946config CRYPTO_ARC4
947	tristate "ARC4 cipher algorithm"
948	select CRYPTO_BLKCIPHER
949	help
950	  ARC4 cipher algorithm.
951
952	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
953	  bits in length.  This algorithm is required for driver-based
954	  WEP, but it should not be for other purposes because of the
955	  weakness of the algorithm.
956
957config CRYPTO_BLOWFISH
958	tristate "Blowfish cipher algorithm"
959	select CRYPTO_ALGAPI
960	select CRYPTO_BLOWFISH_COMMON
961	help
962	  Blowfish cipher algorithm, by Bruce Schneier.
963
964	  This is a variable key length cipher which can use keys from 32
965	  bits to 448 bits in length.  It's fast, simple and specifically
966	  designed for use on "large microprocessors".
967
968	  See also:
969	  <http://www.schneier.com/blowfish.html>
970
971config CRYPTO_BLOWFISH_COMMON
972	tristate
973	help
974	  Common parts of the Blowfish cipher algorithm shared by the
975	  generic c and the assembler implementations.
976
977	  See also:
978	  <http://www.schneier.com/blowfish.html>
979
980config CRYPTO_BLOWFISH_X86_64
981	tristate "Blowfish cipher algorithm (x86_64)"
982	depends on X86 && 64BIT
983	select CRYPTO_ALGAPI
984	select CRYPTO_BLOWFISH_COMMON
985	help
986	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
987
988	  This is a variable key length cipher which can use keys from 32
989	  bits to 448 bits in length.  It's fast, simple and specifically
990	  designed for use on "large microprocessors".
991
992	  See also:
993	  <http://www.schneier.com/blowfish.html>
994
995config CRYPTO_CAMELLIA
996	tristate "Camellia cipher algorithms"
997	depends on CRYPTO
998	select CRYPTO_ALGAPI
999	help
1000	  Camellia cipher algorithms module.
1001
1002	  Camellia is a symmetric key block cipher developed jointly
1003	  at NTT and Mitsubishi Electric Corporation.
1004
1005	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1006
1007	  See also:
1008	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1009
1010config CRYPTO_CAMELLIA_X86_64
1011	tristate "Camellia cipher algorithm (x86_64)"
1012	depends on X86 && 64BIT
1013	depends on CRYPTO
1014	select CRYPTO_ALGAPI
1015	select CRYPTO_GLUE_HELPER_X86
1016	select CRYPTO_LRW
1017	select CRYPTO_XTS
1018	help
1019	  Camellia cipher algorithm module (x86_64).
1020
1021	  Camellia is a symmetric key block cipher developed jointly
1022	  at NTT and Mitsubishi Electric Corporation.
1023
1024	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1025
1026	  See also:
1027	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1028
1029config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1030	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1031	depends on X86 && 64BIT
1032	depends on CRYPTO
1033	select CRYPTO_ALGAPI
1034	select CRYPTO_CRYPTD
1035	select CRYPTO_ABLK_HELPER
1036	select CRYPTO_GLUE_HELPER_X86
1037	select CRYPTO_CAMELLIA_X86_64
1038	select CRYPTO_LRW
1039	select CRYPTO_XTS
1040	help
1041	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1042
1043	  Camellia is a symmetric key block cipher developed jointly
1044	  at NTT and Mitsubishi Electric Corporation.
1045
1046	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1047
1048	  See also:
1049	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1050
1051config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1052	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1053	depends on X86 && 64BIT
1054	depends on CRYPTO
1055	select CRYPTO_ALGAPI
1056	select CRYPTO_CRYPTD
1057	select CRYPTO_ABLK_HELPER
1058	select CRYPTO_GLUE_HELPER_X86
1059	select CRYPTO_CAMELLIA_X86_64
1060	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1061	select CRYPTO_LRW
1062	select CRYPTO_XTS
1063	help
1064	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1065
1066	  Camellia is a symmetric key block cipher developed jointly
1067	  at NTT and Mitsubishi Electric Corporation.
1068
1069	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1070
1071	  See also:
1072	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1073
1074config CRYPTO_CAMELLIA_SPARC64
1075	tristate "Camellia cipher algorithm (SPARC64)"
1076	depends on SPARC64
1077	depends on CRYPTO
1078	select CRYPTO_ALGAPI
1079	help
1080	  Camellia cipher algorithm module (SPARC64).
1081
1082	  Camellia is a symmetric key block cipher developed jointly
1083	  at NTT and Mitsubishi Electric Corporation.
1084
1085	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1086
1087	  See also:
1088	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1089
1090config CRYPTO_CAST_COMMON
1091	tristate
1092	help
1093	  Common parts of the CAST cipher algorithms shared by the
1094	  generic c and the assembler implementations.
1095
1096config CRYPTO_CAST5
1097	tristate "CAST5 (CAST-128) cipher algorithm"
1098	select CRYPTO_ALGAPI
1099	select CRYPTO_CAST_COMMON
1100	help
1101	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1102	  described in RFC2144.
1103
1104config CRYPTO_CAST5_AVX_X86_64
1105	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1106	depends on X86 && 64BIT
1107	select CRYPTO_ALGAPI
1108	select CRYPTO_CRYPTD
1109	select CRYPTO_ABLK_HELPER
1110	select CRYPTO_CAST_COMMON
1111	select CRYPTO_CAST5
1112	help
1113	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1114	  described in RFC2144.
1115
1116	  This module provides the Cast5 cipher algorithm that processes
1117	  sixteen blocks parallel using the AVX instruction set.
1118
1119config CRYPTO_CAST6
1120	tristate "CAST6 (CAST-256) cipher algorithm"
1121	select CRYPTO_ALGAPI
1122	select CRYPTO_CAST_COMMON
1123	help
1124	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1125	  described in RFC2612.
1126
1127config CRYPTO_CAST6_AVX_X86_64
1128	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1129	depends on X86 && 64BIT
1130	select CRYPTO_ALGAPI
1131	select CRYPTO_CRYPTD
1132	select CRYPTO_ABLK_HELPER
1133	select CRYPTO_GLUE_HELPER_X86
1134	select CRYPTO_CAST_COMMON
1135	select CRYPTO_CAST6
1136	select CRYPTO_LRW
1137	select CRYPTO_XTS
1138	help
1139	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1140	  described in RFC2612.
1141
1142	  This module provides the Cast6 cipher algorithm that processes
1143	  eight blocks parallel using the AVX instruction set.
1144
1145config CRYPTO_DES
1146	tristate "DES and Triple DES EDE cipher algorithms"
1147	select CRYPTO_ALGAPI
1148	help
1149	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1150
1151config CRYPTO_DES_SPARC64
1152	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1153	depends on SPARC64
1154	select CRYPTO_ALGAPI
1155	select CRYPTO_DES
1156	help
1157	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1158	  optimized using SPARC64 crypto opcodes.
1159
1160config CRYPTO_DES3_EDE_X86_64
1161	tristate "Triple DES EDE cipher algorithm (x86-64)"
1162	depends on X86 && 64BIT
1163	select CRYPTO_ALGAPI
1164	select CRYPTO_DES
1165	help
1166	  Triple DES EDE (FIPS 46-3) algorithm.
1167
1168	  This module provides implementation of the Triple DES EDE cipher
1169	  algorithm that is optimized for x86-64 processors. Two versions of
1170	  algorithm are provided; regular processing one input block and
1171	  one that processes three blocks parallel.
1172
1173config CRYPTO_FCRYPT
1174	tristate "FCrypt cipher algorithm"
1175	select CRYPTO_ALGAPI
1176	select CRYPTO_BLKCIPHER
1177	help
1178	  FCrypt algorithm used by RxRPC.
1179
1180config CRYPTO_KHAZAD
1181	tristate "Khazad cipher algorithm"
1182	select CRYPTO_ALGAPI
1183	help
1184	  Khazad cipher algorithm.
1185
1186	  Khazad was a finalist in the initial NESSIE competition.  It is
1187	  an algorithm optimized for 64-bit processors with good performance
1188	  on 32-bit processors.  Khazad uses an 128 bit key size.
1189
1190	  See also:
1191	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1192
1193config CRYPTO_SALSA20
1194	tristate "Salsa20 stream cipher algorithm"
1195	select CRYPTO_BLKCIPHER
1196	help
1197	  Salsa20 stream cipher algorithm.
1198
1199	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1200	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1201
1202	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1203	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1204
1205config CRYPTO_SALSA20_586
1206	tristate "Salsa20 stream cipher algorithm (i586)"
1207	depends on (X86 || UML_X86) && !64BIT
1208	select CRYPTO_BLKCIPHER
1209	help
1210	  Salsa20 stream cipher algorithm.
1211
1212	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1213	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1214
1215	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1216	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1217
1218config CRYPTO_SALSA20_X86_64
1219	tristate "Salsa20 stream cipher algorithm (x86_64)"
1220	depends on (X86 || UML_X86) && 64BIT
1221	select CRYPTO_BLKCIPHER
1222	help
1223	  Salsa20 stream cipher algorithm.
1224
1225	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1226	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1227
1228	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1229	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1230
1231config CRYPTO_CHACHA20
1232	tristate "ChaCha20 cipher algorithm"
1233	select CRYPTO_BLKCIPHER
1234	help
1235	  ChaCha20 cipher algorithm, RFC7539.
1236
1237	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1238	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1239	  This is the portable C implementation of ChaCha20.
1240
1241	  See also:
1242	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1243
1244config CRYPTO_CHACHA20_X86_64
1245	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1246	depends on X86 && 64BIT
1247	select CRYPTO_BLKCIPHER
1248	select CRYPTO_CHACHA20
1249	help
1250	  ChaCha20 cipher algorithm, RFC7539.
1251
1252	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1253	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1254	  This is the x86_64 assembler implementation using SIMD instructions.
1255
1256	  See also:
1257	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1258
1259config CRYPTO_SEED
1260	tristate "SEED cipher algorithm"
1261	select CRYPTO_ALGAPI
1262	help
1263	  SEED cipher algorithm (RFC4269).
1264
1265	  SEED is a 128-bit symmetric key block cipher that has been
1266	  developed by KISA (Korea Information Security Agency) as a
1267	  national standard encryption algorithm of the Republic of Korea.
1268	  It is a 16 round block cipher with the key size of 128 bit.
1269
1270	  See also:
1271	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1272
1273config CRYPTO_SERPENT
1274	tristate "Serpent cipher algorithm"
1275	select CRYPTO_ALGAPI
1276	help
1277	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1278
1279	  Keys are allowed to be from 0 to 256 bits in length, in steps
1280	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1281	  variant of Serpent for compatibility with old kerneli.org code.
1282
1283	  See also:
1284	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1285
1286config CRYPTO_SERPENT_SSE2_X86_64
1287	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1288	depends on X86 && 64BIT
1289	select CRYPTO_ALGAPI
1290	select CRYPTO_CRYPTD
1291	select CRYPTO_ABLK_HELPER
1292	select CRYPTO_GLUE_HELPER_X86
1293	select CRYPTO_SERPENT
1294	select CRYPTO_LRW
1295	select CRYPTO_XTS
1296	help
1297	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1298
1299	  Keys are allowed to be from 0 to 256 bits in length, in steps
1300	  of 8 bits.
1301
1302	  This module provides Serpent cipher algorithm that processes eight
1303	  blocks parallel using SSE2 instruction set.
1304
1305	  See also:
1306	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1307
1308config CRYPTO_SERPENT_SSE2_586
1309	tristate "Serpent cipher algorithm (i586/SSE2)"
1310	depends on X86 && !64BIT
1311	select CRYPTO_ALGAPI
1312	select CRYPTO_CRYPTD
1313	select CRYPTO_ABLK_HELPER
1314	select CRYPTO_GLUE_HELPER_X86
1315	select CRYPTO_SERPENT
1316	select CRYPTO_LRW
1317	select CRYPTO_XTS
1318	help
1319	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1320
1321	  Keys are allowed to be from 0 to 256 bits in length, in steps
1322	  of 8 bits.
1323
1324	  This module provides Serpent cipher algorithm that processes four
1325	  blocks parallel using SSE2 instruction set.
1326
1327	  See also:
1328	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1329
1330config CRYPTO_SERPENT_AVX_X86_64
1331	tristate "Serpent cipher algorithm (x86_64/AVX)"
1332	depends on X86 && 64BIT
1333	select CRYPTO_ALGAPI
1334	select CRYPTO_CRYPTD
1335	select CRYPTO_ABLK_HELPER
1336	select CRYPTO_GLUE_HELPER_X86
1337	select CRYPTO_SERPENT
1338	select CRYPTO_LRW
1339	select CRYPTO_XTS
1340	help
1341	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1342
1343	  Keys are allowed to be from 0 to 256 bits in length, in steps
1344	  of 8 bits.
1345
1346	  This module provides the Serpent cipher algorithm that processes
1347	  eight blocks parallel using the AVX instruction set.
1348
1349	  See also:
1350	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1351
1352config CRYPTO_SERPENT_AVX2_X86_64
1353	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1354	depends on X86 && 64BIT
1355	select CRYPTO_ALGAPI
1356	select CRYPTO_CRYPTD
1357	select CRYPTO_ABLK_HELPER
1358	select CRYPTO_GLUE_HELPER_X86
1359	select CRYPTO_SERPENT
1360	select CRYPTO_SERPENT_AVX_X86_64
1361	select CRYPTO_LRW
1362	select CRYPTO_XTS
1363	help
1364	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1365
1366	  Keys are allowed to be from 0 to 256 bits in length, in steps
1367	  of 8 bits.
1368
1369	  This module provides Serpent cipher algorithm that processes 16
1370	  blocks parallel using AVX2 instruction set.
1371
1372	  See also:
1373	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1374
1375config CRYPTO_TEA
1376	tristate "TEA, XTEA and XETA cipher algorithms"
1377	select CRYPTO_ALGAPI
1378	help
1379	  TEA cipher algorithm.
1380
1381	  Tiny Encryption Algorithm is a simple cipher that uses
1382	  many rounds for security.  It is very fast and uses
1383	  little memory.
1384
1385	  Xtendend Tiny Encryption Algorithm is a modification to
1386	  the TEA algorithm to address a potential key weakness
1387	  in the TEA algorithm.
1388
1389	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1390	  of the XTEA algorithm for compatibility purposes.
1391
1392config CRYPTO_TWOFISH
1393	tristate "Twofish cipher algorithm"
1394	select CRYPTO_ALGAPI
1395	select CRYPTO_TWOFISH_COMMON
1396	help
1397	  Twofish cipher algorithm.
1398
1399	  Twofish was submitted as an AES (Advanced Encryption Standard)
1400	  candidate cipher by researchers at CounterPane Systems.  It is a
1401	  16 round block cipher supporting key sizes of 128, 192, and 256
1402	  bits.
1403
1404	  See also:
1405	  <http://www.schneier.com/twofish.html>
1406
1407config CRYPTO_TWOFISH_COMMON
1408	tristate
1409	help
1410	  Common parts of the Twofish cipher algorithm shared by the
1411	  generic c and the assembler implementations.
1412
1413config CRYPTO_TWOFISH_586
1414	tristate "Twofish cipher algorithms (i586)"
1415	depends on (X86 || UML_X86) && !64BIT
1416	select CRYPTO_ALGAPI
1417	select CRYPTO_TWOFISH_COMMON
1418	help
1419	  Twofish cipher algorithm.
1420
1421	  Twofish was submitted as an AES (Advanced Encryption Standard)
1422	  candidate cipher by researchers at CounterPane Systems.  It is a
1423	  16 round block cipher supporting key sizes of 128, 192, and 256
1424	  bits.
1425
1426	  See also:
1427	  <http://www.schneier.com/twofish.html>
1428
1429config CRYPTO_TWOFISH_X86_64
1430	tristate "Twofish cipher algorithm (x86_64)"
1431	depends on (X86 || UML_X86) && 64BIT
1432	select CRYPTO_ALGAPI
1433	select CRYPTO_TWOFISH_COMMON
1434	help
1435	  Twofish cipher algorithm (x86_64).
1436
1437	  Twofish was submitted as an AES (Advanced Encryption Standard)
1438	  candidate cipher by researchers at CounterPane Systems.  It is a
1439	  16 round block cipher supporting key sizes of 128, 192, and 256
1440	  bits.
1441
1442	  See also:
1443	  <http://www.schneier.com/twofish.html>
1444
1445config CRYPTO_TWOFISH_X86_64_3WAY
1446	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1447	depends on X86 && 64BIT
1448	select CRYPTO_ALGAPI
1449	select CRYPTO_TWOFISH_COMMON
1450	select CRYPTO_TWOFISH_X86_64
1451	select CRYPTO_GLUE_HELPER_X86
1452	select CRYPTO_LRW
1453	select CRYPTO_XTS
1454	help
1455	  Twofish cipher algorithm (x86_64, 3-way parallel).
1456
1457	  Twofish was submitted as an AES (Advanced Encryption Standard)
1458	  candidate cipher by researchers at CounterPane Systems.  It is a
1459	  16 round block cipher supporting key sizes of 128, 192, and 256
1460	  bits.
1461
1462	  This module provides Twofish cipher algorithm that processes three
1463	  blocks parallel, utilizing resources of out-of-order CPUs better.
1464
1465	  See also:
1466	  <http://www.schneier.com/twofish.html>
1467
1468config CRYPTO_TWOFISH_AVX_X86_64
1469	tristate "Twofish cipher algorithm (x86_64/AVX)"
1470	depends on X86 && 64BIT
1471	select CRYPTO_ALGAPI
1472	select CRYPTO_CRYPTD
1473	select CRYPTO_ABLK_HELPER
1474	select CRYPTO_GLUE_HELPER_X86
1475	select CRYPTO_TWOFISH_COMMON
1476	select CRYPTO_TWOFISH_X86_64
1477	select CRYPTO_TWOFISH_X86_64_3WAY
1478	select CRYPTO_LRW
1479	select CRYPTO_XTS
1480	help
1481	  Twofish cipher algorithm (x86_64/AVX).
1482
1483	  Twofish was submitted as an AES (Advanced Encryption Standard)
1484	  candidate cipher by researchers at CounterPane Systems.  It is a
1485	  16 round block cipher supporting key sizes of 128, 192, and 256
1486	  bits.
1487
1488	  This module provides the Twofish cipher algorithm that processes
1489	  eight blocks parallel using the AVX Instruction Set.
1490
1491	  See also:
1492	  <http://www.schneier.com/twofish.html>
1493
1494comment "Compression"
1495
1496config CRYPTO_DEFLATE
1497	tristate "Deflate compression algorithm"
1498	select CRYPTO_ALGAPI
1499	select ZLIB_INFLATE
1500	select ZLIB_DEFLATE
1501	help
1502	  This is the Deflate algorithm (RFC1951), specified for use in
1503	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1504
1505	  You will most probably want this if using IPSec.
1506
1507config CRYPTO_ZLIB
1508	tristate "Zlib compression algorithm"
1509	select CRYPTO_PCOMP
1510	select ZLIB_INFLATE
1511	select ZLIB_DEFLATE
1512	select NLATTR
1513	help
1514	  This is the zlib algorithm.
1515
1516config CRYPTO_LZO
1517	tristate "LZO compression algorithm"
1518	select CRYPTO_ALGAPI
1519	select LZO_COMPRESS
1520	select LZO_DECOMPRESS
1521	help
1522	  This is the LZO algorithm.
1523
1524config CRYPTO_842
1525	tristate "842 compression algorithm"
1526	select CRYPTO_ALGAPI
1527	select 842_COMPRESS
1528	select 842_DECOMPRESS
1529	help
1530	  This is the 842 algorithm.
1531
1532config CRYPTO_LZ4
1533	tristate "LZ4 compression algorithm"
1534	select CRYPTO_ALGAPI
1535	select LZ4_COMPRESS
1536	select LZ4_DECOMPRESS
1537	help
1538	  This is the LZ4 algorithm.
1539
1540config CRYPTO_LZ4HC
1541	tristate "LZ4HC compression algorithm"
1542	select CRYPTO_ALGAPI
1543	select LZ4HC_COMPRESS
1544	select LZ4_DECOMPRESS
1545	help
1546	  This is the LZ4 high compression mode algorithm.
1547
1548comment "Random Number Generation"
1549
1550config CRYPTO_ANSI_CPRNG
1551	tristate "Pseudo Random Number Generation for Cryptographic modules"
1552	select CRYPTO_AES
1553	select CRYPTO_RNG
1554	help
1555	  This option enables the generic pseudo random number generator
1556	  for cryptographic modules.  Uses the Algorithm specified in
1557	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1558	  CRYPTO_FIPS is selected
1559
1560menuconfig CRYPTO_DRBG_MENU
1561	tristate "NIST SP800-90A DRBG"
1562	help
1563	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1564	  more of the DRBG types must be selected.
1565
1566if CRYPTO_DRBG_MENU
1567
1568config CRYPTO_DRBG_HMAC
1569	bool
1570	default y
1571	select CRYPTO_HMAC
1572	select CRYPTO_SHA256
1573
1574config CRYPTO_DRBG_HASH
1575	bool "Enable Hash DRBG"
1576	select CRYPTO_SHA256
1577	help
1578	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1579
1580config CRYPTO_DRBG_CTR
1581	bool "Enable CTR DRBG"
1582	select CRYPTO_AES
1583	help
1584	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1585
1586config CRYPTO_DRBG
1587	tristate
1588	default CRYPTO_DRBG_MENU
1589	select CRYPTO_RNG
1590	select CRYPTO_JITTERENTROPY
1591
1592endif	# if CRYPTO_DRBG_MENU
1593
1594config CRYPTO_JITTERENTROPY
1595	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1596	help
1597	  The Jitterentropy RNG is a noise that is intended
1598	  to provide seed to another RNG. The RNG does not
1599	  perform any cryptographic whitening of the generated
1600	  random numbers. This Jitterentropy RNG registers with
1601	  the kernel crypto API and can be used by any caller.
1602
1603config CRYPTO_USER_API
1604	tristate
1605
1606config CRYPTO_USER_API_HASH
1607	tristate "User-space interface for hash algorithms"
1608	depends on NET
1609	select CRYPTO_HASH
1610	select CRYPTO_USER_API
1611	help
1612	  This option enables the user-spaces interface for hash
1613	  algorithms.
1614
1615config CRYPTO_USER_API_SKCIPHER
1616	tristate "User-space interface for symmetric key cipher algorithms"
1617	depends on NET
1618	select CRYPTO_BLKCIPHER
1619	select CRYPTO_USER_API
1620	help
1621	  This option enables the user-spaces interface for symmetric
1622	  key cipher algorithms.
1623
1624config CRYPTO_USER_API_RNG
1625	tristate "User-space interface for random number generator algorithms"
1626	depends on NET
1627	select CRYPTO_RNG
1628	select CRYPTO_USER_API
1629	help
1630	  This option enables the user-spaces interface for random
1631	  number generator algorithms.
1632
1633config CRYPTO_USER_API_AEAD
1634	tristate "User-space interface for AEAD cipher algorithms"
1635	depends on NET
1636	select CRYPTO_AEAD
1637	select CRYPTO_USER_API
1638	help
1639	  This option enables the user-spaces interface for AEAD
1640	  cipher algorithms.
1641
1642config CRYPTO_HASH_INFO
1643	bool
1644
1645source "drivers/crypto/Kconfig"
1646source crypto/asymmetric_keys/Kconfig
1647source certs/Kconfig
1648
1649endif	# if CRYPTO
1650