xref: /openbmc/linux/crypto/Kconfig (revision a2cce7a9)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51	select CRYPTO_NULL2
52	select CRYPTO_RNG2
53
54config CRYPTO_BLKCIPHER
55	tristate
56	select CRYPTO_BLKCIPHER2
57	select CRYPTO_ALGAPI
58
59config CRYPTO_BLKCIPHER2
60	tristate
61	select CRYPTO_ALGAPI2
62	select CRYPTO_RNG2
63	select CRYPTO_WORKQUEUE
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_PCOMP
88	tristate
89	select CRYPTO_PCOMP2
90	select CRYPTO_ALGAPI
91
92config CRYPTO_PCOMP2
93	tristate
94	select CRYPTO_ALGAPI2
95
96config CRYPTO_AKCIPHER2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_AKCIPHER
101	tristate
102	select CRYPTO_AKCIPHER2
103	select CRYPTO_ALGAPI
104
105config CRYPTO_RSA
106	tristate "RSA algorithm"
107	select CRYPTO_AKCIPHER
108	select MPILIB
109	select ASN1
110	help
111	  Generic implementation of the RSA public key algorithm.
112
113config CRYPTO_MANAGER
114	tristate "Cryptographic algorithm manager"
115	select CRYPTO_MANAGER2
116	help
117	  Create default cryptographic template instantiations such as
118	  cbc(aes).
119
120config CRYPTO_MANAGER2
121	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
122	select CRYPTO_AEAD2
123	select CRYPTO_HASH2
124	select CRYPTO_BLKCIPHER2
125	select CRYPTO_PCOMP2
126	select CRYPTO_AKCIPHER2
127
128config CRYPTO_USER
129	tristate "Userspace cryptographic algorithm configuration"
130	depends on NET
131	select CRYPTO_MANAGER
132	help
133	  Userspace configuration for cryptographic instantiations such as
134	  cbc(aes).
135
136config CRYPTO_MANAGER_DISABLE_TESTS
137	bool "Disable run-time self tests"
138	default y
139	depends on CRYPTO_MANAGER2
140	help
141	  Disable run-time self tests that normally take place at
142	  algorithm registration.
143
144config CRYPTO_GF128MUL
145	tristate "GF(2^128) multiplication functions"
146	help
147	  Efficient table driven implementation of multiplications in the
148	  field GF(2^128).  This is needed by some cypher modes. This
149	  option will be selected automatically if you select such a
150	  cipher mode.  Only select this option by hand if you expect to load
151	  an external module that requires these functions.
152
153config CRYPTO_NULL
154	tristate "Null algorithms"
155	select CRYPTO_NULL2
156	help
157	  These are 'Null' algorithms, used by IPsec, which do nothing.
158
159config CRYPTO_NULL2
160	tristate
161	select CRYPTO_ALGAPI2
162	select CRYPTO_BLKCIPHER2
163	select CRYPTO_HASH2
164
165config CRYPTO_PCRYPT
166	tristate "Parallel crypto engine"
167	depends on SMP
168	select PADATA
169	select CRYPTO_MANAGER
170	select CRYPTO_AEAD
171	help
172	  This converts an arbitrary crypto algorithm into a parallel
173	  algorithm that executes in kernel threads.
174
175config CRYPTO_WORKQUEUE
176       tristate
177
178config CRYPTO_CRYPTD
179	tristate "Software async crypto daemon"
180	select CRYPTO_BLKCIPHER
181	select CRYPTO_HASH
182	select CRYPTO_MANAGER
183	select CRYPTO_WORKQUEUE
184	help
185	  This is a generic software asynchronous crypto daemon that
186	  converts an arbitrary synchronous software crypto algorithm
187	  into an asynchronous algorithm that executes in a kernel thread.
188
189config CRYPTO_MCRYPTD
190	tristate "Software async multi-buffer crypto daemon"
191	select CRYPTO_BLKCIPHER
192	select CRYPTO_HASH
193	select CRYPTO_MANAGER
194	select CRYPTO_WORKQUEUE
195	help
196	  This is a generic software asynchronous crypto daemon that
197	  provides the kernel thread to assist multi-buffer crypto
198	  algorithms for submitting jobs and flushing jobs in multi-buffer
199	  crypto algorithms.  Multi-buffer crypto algorithms are executed
200	  in the context of this kernel thread and drivers can post
201	  their crypto request asynchronously to be processed by this daemon.
202
203config CRYPTO_AUTHENC
204	tristate "Authenc support"
205	select CRYPTO_AEAD
206	select CRYPTO_BLKCIPHER
207	select CRYPTO_MANAGER
208	select CRYPTO_HASH
209	select CRYPTO_NULL
210	help
211	  Authenc: Combined mode wrapper for IPsec.
212	  This is required for IPSec.
213
214config CRYPTO_TEST
215	tristate "Testing module"
216	depends on m
217	select CRYPTO_MANAGER
218	help
219	  Quick & dirty crypto test module.
220
221config CRYPTO_ABLK_HELPER
222	tristate
223	select CRYPTO_CRYPTD
224
225config CRYPTO_GLUE_HELPER_X86
226	tristate
227	depends on X86
228	select CRYPTO_ALGAPI
229
230comment "Authenticated Encryption with Associated Data"
231
232config CRYPTO_CCM
233	tristate "CCM support"
234	select CRYPTO_CTR
235	select CRYPTO_AEAD
236	help
237	  Support for Counter with CBC MAC. Required for IPsec.
238
239config CRYPTO_GCM
240	tristate "GCM/GMAC support"
241	select CRYPTO_CTR
242	select CRYPTO_AEAD
243	select CRYPTO_GHASH
244	select CRYPTO_NULL
245	help
246	  Support for Galois/Counter Mode (GCM) and Galois Message
247	  Authentication Code (GMAC). Required for IPSec.
248
249config CRYPTO_CHACHA20POLY1305
250	tristate "ChaCha20-Poly1305 AEAD support"
251	select CRYPTO_CHACHA20
252	select CRYPTO_POLY1305
253	select CRYPTO_AEAD
254	help
255	  ChaCha20-Poly1305 AEAD support, RFC7539.
256
257	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
258	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
259	  IETF protocols.
260
261config CRYPTO_SEQIV
262	tristate "Sequence Number IV Generator"
263	select CRYPTO_AEAD
264	select CRYPTO_BLKCIPHER
265	select CRYPTO_NULL
266	select CRYPTO_RNG_DEFAULT
267	help
268	  This IV generator generates an IV based on a sequence number by
269	  xoring it with a salt.  This algorithm is mainly useful for CTR
270
271config CRYPTO_ECHAINIV
272	tristate "Encrypted Chain IV Generator"
273	select CRYPTO_AEAD
274	select CRYPTO_NULL
275	select CRYPTO_RNG_DEFAULT
276	default m
277	help
278	  This IV generator generates an IV based on the encryption of
279	  a sequence number xored with a salt.  This is the default
280	  algorithm for CBC.
281
282comment "Block modes"
283
284config CRYPTO_CBC
285	tristate "CBC support"
286	select CRYPTO_BLKCIPHER
287	select CRYPTO_MANAGER
288	help
289	  CBC: Cipher Block Chaining mode
290	  This block cipher algorithm is required for IPSec.
291
292config CRYPTO_CTR
293	tristate "CTR support"
294	select CRYPTO_BLKCIPHER
295	select CRYPTO_SEQIV
296	select CRYPTO_MANAGER
297	help
298	  CTR: Counter mode
299	  This block cipher algorithm is required for IPSec.
300
301config CRYPTO_CTS
302	tristate "CTS support"
303	select CRYPTO_BLKCIPHER
304	help
305	  CTS: Cipher Text Stealing
306	  This is the Cipher Text Stealing mode as described by
307	  Section 8 of rfc2040 and referenced by rfc3962.
308	  (rfc3962 includes errata information in its Appendix A)
309	  This mode is required for Kerberos gss mechanism support
310	  for AES encryption.
311
312config CRYPTO_ECB
313	tristate "ECB support"
314	select CRYPTO_BLKCIPHER
315	select CRYPTO_MANAGER
316	help
317	  ECB: Electronic CodeBook mode
318	  This is the simplest block cipher algorithm.  It simply encrypts
319	  the input block by block.
320
321config CRYPTO_LRW
322	tristate "LRW support"
323	select CRYPTO_BLKCIPHER
324	select CRYPTO_MANAGER
325	select CRYPTO_GF128MUL
326	help
327	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
328	  narrow block cipher mode for dm-crypt.  Use it with cipher
329	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
330	  The first 128, 192 or 256 bits in the key are used for AES and the
331	  rest is used to tie each cipher block to its logical position.
332
333config CRYPTO_PCBC
334	tristate "PCBC support"
335	select CRYPTO_BLKCIPHER
336	select CRYPTO_MANAGER
337	help
338	  PCBC: Propagating Cipher Block Chaining mode
339	  This block cipher algorithm is required for RxRPC.
340
341config CRYPTO_XTS
342	tristate "XTS support"
343	select CRYPTO_BLKCIPHER
344	select CRYPTO_MANAGER
345	select CRYPTO_GF128MUL
346	help
347	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
348	  key size 256, 384 or 512 bits. This implementation currently
349	  can't handle a sectorsize which is not a multiple of 16 bytes.
350
351comment "Hash modes"
352
353config CRYPTO_CMAC
354	tristate "CMAC support"
355	select CRYPTO_HASH
356	select CRYPTO_MANAGER
357	help
358	  Cipher-based Message Authentication Code (CMAC) specified by
359	  The National Institute of Standards and Technology (NIST).
360
361	  https://tools.ietf.org/html/rfc4493
362	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
363
364config CRYPTO_HMAC
365	tristate "HMAC support"
366	select CRYPTO_HASH
367	select CRYPTO_MANAGER
368	help
369	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
370	  This is required for IPSec.
371
372config CRYPTO_XCBC
373	tristate "XCBC support"
374	select CRYPTO_HASH
375	select CRYPTO_MANAGER
376	help
377	  XCBC: Keyed-Hashing with encryption algorithm
378		http://www.ietf.org/rfc/rfc3566.txt
379		http://csrc.nist.gov/encryption/modes/proposedmodes/
380		 xcbc-mac/xcbc-mac-spec.pdf
381
382config CRYPTO_VMAC
383	tristate "VMAC support"
384	select CRYPTO_HASH
385	select CRYPTO_MANAGER
386	help
387	  VMAC is a message authentication algorithm designed for
388	  very high speed on 64-bit architectures.
389
390	  See also:
391	  <http://fastcrypto.org/vmac>
392
393comment "Digest"
394
395config CRYPTO_CRC32C
396	tristate "CRC32c CRC algorithm"
397	select CRYPTO_HASH
398	select CRC32
399	help
400	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
401	  by iSCSI for header and data digests and by others.
402	  See Castagnoli93.  Module will be crc32c.
403
404config CRYPTO_CRC32C_INTEL
405	tristate "CRC32c INTEL hardware acceleration"
406	depends on X86
407	select CRYPTO_HASH
408	help
409	  In Intel processor with SSE4.2 supported, the processor will
410	  support CRC32C implementation using hardware accelerated CRC32
411	  instruction. This option will create 'crc32c-intel' module,
412	  which will enable any routine to use the CRC32 instruction to
413	  gain performance compared with software implementation.
414	  Module will be crc32c-intel.
415
416config CRYPTO_CRC32C_SPARC64
417	tristate "CRC32c CRC algorithm (SPARC64)"
418	depends on SPARC64
419	select CRYPTO_HASH
420	select CRC32
421	help
422	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
423	  when available.
424
425config CRYPTO_CRC32
426	tristate "CRC32 CRC algorithm"
427	select CRYPTO_HASH
428	select CRC32
429	help
430	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
431	  Shash crypto api wrappers to crc32_le function.
432
433config CRYPTO_CRC32_PCLMUL
434	tristate "CRC32 PCLMULQDQ hardware acceleration"
435	depends on X86
436	select CRYPTO_HASH
437	select CRC32
438	help
439	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
440	  and PCLMULQDQ supported, the processor will support
441	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
442	  instruction. This option will create 'crc32-plcmul' module,
443	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
444	  and gain better performance as compared with the table implementation.
445
446config CRYPTO_CRCT10DIF
447	tristate "CRCT10DIF algorithm"
448	select CRYPTO_HASH
449	help
450	  CRC T10 Data Integrity Field computation is being cast as
451	  a crypto transform.  This allows for faster crc t10 diff
452	  transforms to be used if they are available.
453
454config CRYPTO_CRCT10DIF_PCLMUL
455	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
456	depends on X86 && 64BIT && CRC_T10DIF
457	select CRYPTO_HASH
458	help
459	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
460	  CRC T10 DIF PCLMULQDQ computation can be hardware
461	  accelerated PCLMULQDQ instruction. This option will create
462	  'crct10dif-plcmul' module, which is faster when computing the
463	  crct10dif checksum as compared with the generic table implementation.
464
465config CRYPTO_GHASH
466	tristate "GHASH digest algorithm"
467	select CRYPTO_GF128MUL
468	help
469	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
470
471config CRYPTO_POLY1305
472	tristate "Poly1305 authenticator algorithm"
473	help
474	  Poly1305 authenticator algorithm, RFC7539.
475
476	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
477	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
478	  in IETF protocols. This is the portable C implementation of Poly1305.
479
480config CRYPTO_POLY1305_X86_64
481	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
482	depends on X86 && 64BIT
483	select CRYPTO_POLY1305
484	help
485	  Poly1305 authenticator algorithm, RFC7539.
486
487	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
488	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
489	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
490	  instructions.
491
492config CRYPTO_MD4
493	tristate "MD4 digest algorithm"
494	select CRYPTO_HASH
495	help
496	  MD4 message digest algorithm (RFC1320).
497
498config CRYPTO_MD5
499	tristate "MD5 digest algorithm"
500	select CRYPTO_HASH
501	help
502	  MD5 message digest algorithm (RFC1321).
503
504config CRYPTO_MD5_OCTEON
505	tristate "MD5 digest algorithm (OCTEON)"
506	depends on CPU_CAVIUM_OCTEON
507	select CRYPTO_MD5
508	select CRYPTO_HASH
509	help
510	  MD5 message digest algorithm (RFC1321) implemented
511	  using OCTEON crypto instructions, when available.
512
513config CRYPTO_MD5_PPC
514	tristate "MD5 digest algorithm (PPC)"
515	depends on PPC
516	select CRYPTO_HASH
517	help
518	  MD5 message digest algorithm (RFC1321) implemented
519	  in PPC assembler.
520
521config CRYPTO_MD5_SPARC64
522	tristate "MD5 digest algorithm (SPARC64)"
523	depends on SPARC64
524	select CRYPTO_MD5
525	select CRYPTO_HASH
526	help
527	  MD5 message digest algorithm (RFC1321) implemented
528	  using sparc64 crypto instructions, when available.
529
530config CRYPTO_MICHAEL_MIC
531	tristate "Michael MIC keyed digest algorithm"
532	select CRYPTO_HASH
533	help
534	  Michael MIC is used for message integrity protection in TKIP
535	  (IEEE 802.11i). This algorithm is required for TKIP, but it
536	  should not be used for other purposes because of the weakness
537	  of the algorithm.
538
539config CRYPTO_RMD128
540	tristate "RIPEMD-128 digest algorithm"
541	select CRYPTO_HASH
542	help
543	  RIPEMD-128 (ISO/IEC 10118-3:2004).
544
545	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
546	  be used as a secure replacement for RIPEMD. For other use cases,
547	  RIPEMD-160 should be used.
548
549	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
550	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
551
552config CRYPTO_RMD160
553	tristate "RIPEMD-160 digest algorithm"
554	select CRYPTO_HASH
555	help
556	  RIPEMD-160 (ISO/IEC 10118-3:2004).
557
558	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
559	  to be used as a secure replacement for the 128-bit hash functions
560	  MD4, MD5 and it's predecessor RIPEMD
561	  (not to be confused with RIPEMD-128).
562
563	  It's speed is comparable to SHA1 and there are no known attacks
564	  against RIPEMD-160.
565
566	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
567	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
568
569config CRYPTO_RMD256
570	tristate "RIPEMD-256 digest algorithm"
571	select CRYPTO_HASH
572	help
573	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
574	  256 bit hash. It is intended for applications that require
575	  longer hash-results, without needing a larger security level
576	  (than RIPEMD-128).
577
578	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
579	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
580
581config CRYPTO_RMD320
582	tristate "RIPEMD-320 digest algorithm"
583	select CRYPTO_HASH
584	help
585	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
586	  320 bit hash. It is intended for applications that require
587	  longer hash-results, without needing a larger security level
588	  (than RIPEMD-160).
589
590	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
591	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
592
593config CRYPTO_SHA1
594	tristate "SHA1 digest algorithm"
595	select CRYPTO_HASH
596	help
597	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
598
599config CRYPTO_SHA1_SSSE3
600	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
601	depends on X86 && 64BIT
602	select CRYPTO_SHA1
603	select CRYPTO_HASH
604	help
605	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
606	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
607	  Extensions (AVX/AVX2), when available.
608
609config CRYPTO_SHA256_SSSE3
610	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
611	depends on X86 && 64BIT
612	select CRYPTO_SHA256
613	select CRYPTO_HASH
614	help
615	  SHA-256 secure hash standard (DFIPS 180-2) implemented
616	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
617	  Extensions version 1 (AVX1), or Advanced Vector Extensions
618	  version 2 (AVX2) instructions, when available.
619
620config CRYPTO_SHA512_SSSE3
621	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
622	depends on X86 && 64BIT
623	select CRYPTO_SHA512
624	select CRYPTO_HASH
625	help
626	  SHA-512 secure hash standard (DFIPS 180-2) implemented
627	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
628	  Extensions version 1 (AVX1), or Advanced Vector Extensions
629	  version 2 (AVX2) instructions, when available.
630
631config CRYPTO_SHA1_OCTEON
632	tristate "SHA1 digest algorithm (OCTEON)"
633	depends on CPU_CAVIUM_OCTEON
634	select CRYPTO_SHA1
635	select CRYPTO_HASH
636	help
637	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
638	  using OCTEON crypto instructions, when available.
639
640config CRYPTO_SHA1_SPARC64
641	tristate "SHA1 digest algorithm (SPARC64)"
642	depends on SPARC64
643	select CRYPTO_SHA1
644	select CRYPTO_HASH
645	help
646	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
647	  using sparc64 crypto instructions, when available.
648
649config CRYPTO_SHA1_PPC
650	tristate "SHA1 digest algorithm (powerpc)"
651	depends on PPC
652	help
653	  This is the powerpc hardware accelerated implementation of the
654	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
655
656config CRYPTO_SHA1_PPC_SPE
657	tristate "SHA1 digest algorithm (PPC SPE)"
658	depends on PPC && SPE
659	help
660	  SHA-1 secure hash standard (DFIPS 180-4) implemented
661	  using powerpc SPE SIMD instruction set.
662
663config CRYPTO_SHA1_MB
664	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
665	depends on X86 && 64BIT
666	select CRYPTO_SHA1
667	select CRYPTO_HASH
668	select CRYPTO_MCRYPTD
669	help
670	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
671	  using multi-buffer technique.  This algorithm computes on
672	  multiple data lanes concurrently with SIMD instructions for
673	  better throughput.  It should not be enabled by default but
674	  used when there is significant amount of work to keep the keep
675	  the data lanes filled to get performance benefit.  If the data
676	  lanes remain unfilled, a flush operation will be initiated to
677	  process the crypto jobs, adding a slight latency.
678
679config CRYPTO_SHA256
680	tristate "SHA224 and SHA256 digest algorithm"
681	select CRYPTO_HASH
682	help
683	  SHA256 secure hash standard (DFIPS 180-2).
684
685	  This version of SHA implements a 256 bit hash with 128 bits of
686	  security against collision attacks.
687
688	  This code also includes SHA-224, a 224 bit hash with 112 bits
689	  of security against collision attacks.
690
691config CRYPTO_SHA256_PPC_SPE
692	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
693	depends on PPC && SPE
694	select CRYPTO_SHA256
695	select CRYPTO_HASH
696	help
697	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
698	  implemented using powerpc SPE SIMD instruction set.
699
700config CRYPTO_SHA256_OCTEON
701	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
702	depends on CPU_CAVIUM_OCTEON
703	select CRYPTO_SHA256
704	select CRYPTO_HASH
705	help
706	  SHA-256 secure hash standard (DFIPS 180-2) implemented
707	  using OCTEON crypto instructions, when available.
708
709config CRYPTO_SHA256_SPARC64
710	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
711	depends on SPARC64
712	select CRYPTO_SHA256
713	select CRYPTO_HASH
714	help
715	  SHA-256 secure hash standard (DFIPS 180-2) implemented
716	  using sparc64 crypto instructions, when available.
717
718config CRYPTO_SHA512
719	tristate "SHA384 and SHA512 digest algorithms"
720	select CRYPTO_HASH
721	help
722	  SHA512 secure hash standard (DFIPS 180-2).
723
724	  This version of SHA implements a 512 bit hash with 256 bits of
725	  security against collision attacks.
726
727	  This code also includes SHA-384, a 384 bit hash with 192 bits
728	  of security against collision attacks.
729
730config CRYPTO_SHA512_OCTEON
731	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
732	depends on CPU_CAVIUM_OCTEON
733	select CRYPTO_SHA512
734	select CRYPTO_HASH
735	help
736	  SHA-512 secure hash standard (DFIPS 180-2) implemented
737	  using OCTEON crypto instructions, when available.
738
739config CRYPTO_SHA512_SPARC64
740	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
741	depends on SPARC64
742	select CRYPTO_SHA512
743	select CRYPTO_HASH
744	help
745	  SHA-512 secure hash standard (DFIPS 180-2) implemented
746	  using sparc64 crypto instructions, when available.
747
748config CRYPTO_TGR192
749	tristate "Tiger digest algorithms"
750	select CRYPTO_HASH
751	help
752	  Tiger hash algorithm 192, 160 and 128-bit hashes
753
754	  Tiger is a hash function optimized for 64-bit processors while
755	  still having decent performance on 32-bit processors.
756	  Tiger was developed by Ross Anderson and Eli Biham.
757
758	  See also:
759	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
760
761config CRYPTO_WP512
762	tristate "Whirlpool digest algorithms"
763	select CRYPTO_HASH
764	help
765	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
766
767	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
768	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
769
770	  See also:
771	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
772
773config CRYPTO_GHASH_CLMUL_NI_INTEL
774	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
775	depends on X86 && 64BIT
776	select CRYPTO_CRYPTD
777	help
778	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
779	  The implementation is accelerated by CLMUL-NI of Intel.
780
781comment "Ciphers"
782
783config CRYPTO_AES
784	tristate "AES cipher algorithms"
785	select CRYPTO_ALGAPI
786	help
787	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
788	  algorithm.
789
790	  Rijndael appears to be consistently a very good performer in
791	  both hardware and software across a wide range of computing
792	  environments regardless of its use in feedback or non-feedback
793	  modes. Its key setup time is excellent, and its key agility is
794	  good. Rijndael's very low memory requirements make it very well
795	  suited for restricted-space environments, in which it also
796	  demonstrates excellent performance. Rijndael's operations are
797	  among the easiest to defend against power and timing attacks.
798
799	  The AES specifies three key sizes: 128, 192 and 256 bits
800
801	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
802
803config CRYPTO_AES_586
804	tristate "AES cipher algorithms (i586)"
805	depends on (X86 || UML_X86) && !64BIT
806	select CRYPTO_ALGAPI
807	select CRYPTO_AES
808	help
809	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
810	  algorithm.
811
812	  Rijndael appears to be consistently a very good performer in
813	  both hardware and software across a wide range of computing
814	  environments regardless of its use in feedback or non-feedback
815	  modes. Its key setup time is excellent, and its key agility is
816	  good. Rijndael's very low memory requirements make it very well
817	  suited for restricted-space environments, in which it also
818	  demonstrates excellent performance. Rijndael's operations are
819	  among the easiest to defend against power and timing attacks.
820
821	  The AES specifies three key sizes: 128, 192 and 256 bits
822
823	  See <http://csrc.nist.gov/encryption/aes/> for more information.
824
825config CRYPTO_AES_X86_64
826	tristate "AES cipher algorithms (x86_64)"
827	depends on (X86 || UML_X86) && 64BIT
828	select CRYPTO_ALGAPI
829	select CRYPTO_AES
830	help
831	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
832	  algorithm.
833
834	  Rijndael appears to be consistently a very good performer in
835	  both hardware and software across a wide range of computing
836	  environments regardless of its use in feedback or non-feedback
837	  modes. Its key setup time is excellent, and its key agility is
838	  good. Rijndael's very low memory requirements make it very well
839	  suited for restricted-space environments, in which it also
840	  demonstrates excellent performance. Rijndael's operations are
841	  among the easiest to defend against power and timing attacks.
842
843	  The AES specifies three key sizes: 128, 192 and 256 bits
844
845	  See <http://csrc.nist.gov/encryption/aes/> for more information.
846
847config CRYPTO_AES_NI_INTEL
848	tristate "AES cipher algorithms (AES-NI)"
849	depends on X86
850	select CRYPTO_AES_X86_64 if 64BIT
851	select CRYPTO_AES_586 if !64BIT
852	select CRYPTO_CRYPTD
853	select CRYPTO_ABLK_HELPER
854	select CRYPTO_ALGAPI
855	select CRYPTO_GLUE_HELPER_X86 if 64BIT
856	select CRYPTO_LRW
857	select CRYPTO_XTS
858	help
859	  Use Intel AES-NI instructions for AES algorithm.
860
861	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
862	  algorithm.
863
864	  Rijndael appears to be consistently a very good performer in
865	  both hardware and software across a wide range of computing
866	  environments regardless of its use in feedback or non-feedback
867	  modes. Its key setup time is excellent, and its key agility is
868	  good. Rijndael's very low memory requirements make it very well
869	  suited for restricted-space environments, in which it also
870	  demonstrates excellent performance. Rijndael's operations are
871	  among the easiest to defend against power and timing attacks.
872
873	  The AES specifies three key sizes: 128, 192 and 256 bits
874
875	  See <http://csrc.nist.gov/encryption/aes/> for more information.
876
877	  In addition to AES cipher algorithm support, the acceleration
878	  for some popular block cipher mode is supported too, including
879	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
880	  acceleration for CTR.
881
882config CRYPTO_AES_SPARC64
883	tristate "AES cipher algorithms (SPARC64)"
884	depends on SPARC64
885	select CRYPTO_CRYPTD
886	select CRYPTO_ALGAPI
887	help
888	  Use SPARC64 crypto opcodes for AES algorithm.
889
890	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
891	  algorithm.
892
893	  Rijndael appears to be consistently a very good performer in
894	  both hardware and software across a wide range of computing
895	  environments regardless of its use in feedback or non-feedback
896	  modes. Its key setup time is excellent, and its key agility is
897	  good. Rijndael's very low memory requirements make it very well
898	  suited for restricted-space environments, in which it also
899	  demonstrates excellent performance. Rijndael's operations are
900	  among the easiest to defend against power and timing attacks.
901
902	  The AES specifies three key sizes: 128, 192 and 256 bits
903
904	  See <http://csrc.nist.gov/encryption/aes/> for more information.
905
906	  In addition to AES cipher algorithm support, the acceleration
907	  for some popular block cipher mode is supported too, including
908	  ECB and CBC.
909
910config CRYPTO_AES_PPC_SPE
911	tristate "AES cipher algorithms (PPC SPE)"
912	depends on PPC && SPE
913	help
914	  AES cipher algorithms (FIPS-197). Additionally the acceleration
915	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
916	  This module should only be used for low power (router) devices
917	  without hardware AES acceleration (e.g. caam crypto). It reduces the
918	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
919	  timining attacks. Nevertheless it might be not as secure as other
920	  architecture specific assembler implementations that work on 1KB
921	  tables or 256 bytes S-boxes.
922
923config CRYPTO_ANUBIS
924	tristate "Anubis cipher algorithm"
925	select CRYPTO_ALGAPI
926	help
927	  Anubis cipher algorithm.
928
929	  Anubis is a variable key length cipher which can use keys from
930	  128 bits to 320 bits in length.  It was evaluated as a entrant
931	  in the NESSIE competition.
932
933	  See also:
934	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
935	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
936
937config CRYPTO_ARC4
938	tristate "ARC4 cipher algorithm"
939	select CRYPTO_BLKCIPHER
940	help
941	  ARC4 cipher algorithm.
942
943	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
944	  bits in length.  This algorithm is required for driver-based
945	  WEP, but it should not be for other purposes because of the
946	  weakness of the algorithm.
947
948config CRYPTO_BLOWFISH
949	tristate "Blowfish cipher algorithm"
950	select CRYPTO_ALGAPI
951	select CRYPTO_BLOWFISH_COMMON
952	help
953	  Blowfish cipher algorithm, by Bruce Schneier.
954
955	  This is a variable key length cipher which can use keys from 32
956	  bits to 448 bits in length.  It's fast, simple and specifically
957	  designed for use on "large microprocessors".
958
959	  See also:
960	  <http://www.schneier.com/blowfish.html>
961
962config CRYPTO_BLOWFISH_COMMON
963	tristate
964	help
965	  Common parts of the Blowfish cipher algorithm shared by the
966	  generic c and the assembler implementations.
967
968	  See also:
969	  <http://www.schneier.com/blowfish.html>
970
971config CRYPTO_BLOWFISH_X86_64
972	tristate "Blowfish cipher algorithm (x86_64)"
973	depends on X86 && 64BIT
974	select CRYPTO_ALGAPI
975	select CRYPTO_BLOWFISH_COMMON
976	help
977	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
978
979	  This is a variable key length cipher which can use keys from 32
980	  bits to 448 bits in length.  It's fast, simple and specifically
981	  designed for use on "large microprocessors".
982
983	  See also:
984	  <http://www.schneier.com/blowfish.html>
985
986config CRYPTO_CAMELLIA
987	tristate "Camellia cipher algorithms"
988	depends on CRYPTO
989	select CRYPTO_ALGAPI
990	help
991	  Camellia cipher algorithms module.
992
993	  Camellia is a symmetric key block cipher developed jointly
994	  at NTT and Mitsubishi Electric Corporation.
995
996	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
997
998	  See also:
999	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1000
1001config CRYPTO_CAMELLIA_X86_64
1002	tristate "Camellia cipher algorithm (x86_64)"
1003	depends on X86 && 64BIT
1004	depends on CRYPTO
1005	select CRYPTO_ALGAPI
1006	select CRYPTO_GLUE_HELPER_X86
1007	select CRYPTO_LRW
1008	select CRYPTO_XTS
1009	help
1010	  Camellia cipher algorithm module (x86_64).
1011
1012	  Camellia is a symmetric key block cipher developed jointly
1013	  at NTT and Mitsubishi Electric Corporation.
1014
1015	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1016
1017	  See also:
1018	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1019
1020config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1021	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1022	depends on X86 && 64BIT
1023	depends on CRYPTO
1024	select CRYPTO_ALGAPI
1025	select CRYPTO_CRYPTD
1026	select CRYPTO_ABLK_HELPER
1027	select CRYPTO_GLUE_HELPER_X86
1028	select CRYPTO_CAMELLIA_X86_64
1029	select CRYPTO_LRW
1030	select CRYPTO_XTS
1031	help
1032	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1033
1034	  Camellia is a symmetric key block cipher developed jointly
1035	  at NTT and Mitsubishi Electric Corporation.
1036
1037	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1038
1039	  See also:
1040	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1041
1042config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1043	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1044	depends on X86 && 64BIT
1045	depends on CRYPTO
1046	select CRYPTO_ALGAPI
1047	select CRYPTO_CRYPTD
1048	select CRYPTO_ABLK_HELPER
1049	select CRYPTO_GLUE_HELPER_X86
1050	select CRYPTO_CAMELLIA_X86_64
1051	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1052	select CRYPTO_LRW
1053	select CRYPTO_XTS
1054	help
1055	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1056
1057	  Camellia is a symmetric key block cipher developed jointly
1058	  at NTT and Mitsubishi Electric Corporation.
1059
1060	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1061
1062	  See also:
1063	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1064
1065config CRYPTO_CAMELLIA_SPARC64
1066	tristate "Camellia cipher algorithm (SPARC64)"
1067	depends on SPARC64
1068	depends on CRYPTO
1069	select CRYPTO_ALGAPI
1070	help
1071	  Camellia cipher algorithm module (SPARC64).
1072
1073	  Camellia is a symmetric key block cipher developed jointly
1074	  at NTT and Mitsubishi Electric Corporation.
1075
1076	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1077
1078	  See also:
1079	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1080
1081config CRYPTO_CAST_COMMON
1082	tristate
1083	help
1084	  Common parts of the CAST cipher algorithms shared by the
1085	  generic c and the assembler implementations.
1086
1087config CRYPTO_CAST5
1088	tristate "CAST5 (CAST-128) cipher algorithm"
1089	select CRYPTO_ALGAPI
1090	select CRYPTO_CAST_COMMON
1091	help
1092	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1093	  described in RFC2144.
1094
1095config CRYPTO_CAST5_AVX_X86_64
1096	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1097	depends on X86 && 64BIT
1098	select CRYPTO_ALGAPI
1099	select CRYPTO_CRYPTD
1100	select CRYPTO_ABLK_HELPER
1101	select CRYPTO_CAST_COMMON
1102	select CRYPTO_CAST5
1103	help
1104	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1105	  described in RFC2144.
1106
1107	  This module provides the Cast5 cipher algorithm that processes
1108	  sixteen blocks parallel using the AVX instruction set.
1109
1110config CRYPTO_CAST6
1111	tristate "CAST6 (CAST-256) cipher algorithm"
1112	select CRYPTO_ALGAPI
1113	select CRYPTO_CAST_COMMON
1114	help
1115	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1116	  described in RFC2612.
1117
1118config CRYPTO_CAST6_AVX_X86_64
1119	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1120	depends on X86 && 64BIT
1121	select CRYPTO_ALGAPI
1122	select CRYPTO_CRYPTD
1123	select CRYPTO_ABLK_HELPER
1124	select CRYPTO_GLUE_HELPER_X86
1125	select CRYPTO_CAST_COMMON
1126	select CRYPTO_CAST6
1127	select CRYPTO_LRW
1128	select CRYPTO_XTS
1129	help
1130	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1131	  described in RFC2612.
1132
1133	  This module provides the Cast6 cipher algorithm that processes
1134	  eight blocks parallel using the AVX instruction set.
1135
1136config CRYPTO_DES
1137	tristate "DES and Triple DES EDE cipher algorithms"
1138	select CRYPTO_ALGAPI
1139	help
1140	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1141
1142config CRYPTO_DES_SPARC64
1143	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1144	depends on SPARC64
1145	select CRYPTO_ALGAPI
1146	select CRYPTO_DES
1147	help
1148	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1149	  optimized using SPARC64 crypto opcodes.
1150
1151config CRYPTO_DES3_EDE_X86_64
1152	tristate "Triple DES EDE cipher algorithm (x86-64)"
1153	depends on X86 && 64BIT
1154	select CRYPTO_ALGAPI
1155	select CRYPTO_DES
1156	help
1157	  Triple DES EDE (FIPS 46-3) algorithm.
1158
1159	  This module provides implementation of the Triple DES EDE cipher
1160	  algorithm that is optimized for x86-64 processors. Two versions of
1161	  algorithm are provided; regular processing one input block and
1162	  one that processes three blocks parallel.
1163
1164config CRYPTO_FCRYPT
1165	tristate "FCrypt cipher algorithm"
1166	select CRYPTO_ALGAPI
1167	select CRYPTO_BLKCIPHER
1168	help
1169	  FCrypt algorithm used by RxRPC.
1170
1171config CRYPTO_KHAZAD
1172	tristate "Khazad cipher algorithm"
1173	select CRYPTO_ALGAPI
1174	help
1175	  Khazad cipher algorithm.
1176
1177	  Khazad was a finalist in the initial NESSIE competition.  It is
1178	  an algorithm optimized for 64-bit processors with good performance
1179	  on 32-bit processors.  Khazad uses an 128 bit key size.
1180
1181	  See also:
1182	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1183
1184config CRYPTO_SALSA20
1185	tristate "Salsa20 stream cipher algorithm"
1186	select CRYPTO_BLKCIPHER
1187	help
1188	  Salsa20 stream cipher algorithm.
1189
1190	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1191	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1192
1193	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1194	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1195
1196config CRYPTO_SALSA20_586
1197	tristate "Salsa20 stream cipher algorithm (i586)"
1198	depends on (X86 || UML_X86) && !64BIT
1199	select CRYPTO_BLKCIPHER
1200	help
1201	  Salsa20 stream cipher algorithm.
1202
1203	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1204	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1205
1206	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1207	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1208
1209config CRYPTO_SALSA20_X86_64
1210	tristate "Salsa20 stream cipher algorithm (x86_64)"
1211	depends on (X86 || UML_X86) && 64BIT
1212	select CRYPTO_BLKCIPHER
1213	help
1214	  Salsa20 stream cipher algorithm.
1215
1216	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1217	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1218
1219	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1220	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1221
1222config CRYPTO_CHACHA20
1223	tristate "ChaCha20 cipher algorithm"
1224	select CRYPTO_BLKCIPHER
1225	help
1226	  ChaCha20 cipher algorithm, RFC7539.
1227
1228	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1229	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1230	  This is the portable C implementation of ChaCha20.
1231
1232	  See also:
1233	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1234
1235config CRYPTO_CHACHA20_X86_64
1236	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1237	depends on X86 && 64BIT
1238	select CRYPTO_BLKCIPHER
1239	select CRYPTO_CHACHA20
1240	help
1241	  ChaCha20 cipher algorithm, RFC7539.
1242
1243	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1244	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1245	  This is the x86_64 assembler implementation using SIMD instructions.
1246
1247	  See also:
1248	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1249
1250config CRYPTO_SEED
1251	tristate "SEED cipher algorithm"
1252	select CRYPTO_ALGAPI
1253	help
1254	  SEED cipher algorithm (RFC4269).
1255
1256	  SEED is a 128-bit symmetric key block cipher that has been
1257	  developed by KISA (Korea Information Security Agency) as a
1258	  national standard encryption algorithm of the Republic of Korea.
1259	  It is a 16 round block cipher with the key size of 128 bit.
1260
1261	  See also:
1262	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1263
1264config CRYPTO_SERPENT
1265	tristate "Serpent cipher algorithm"
1266	select CRYPTO_ALGAPI
1267	help
1268	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1269
1270	  Keys are allowed to be from 0 to 256 bits in length, in steps
1271	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1272	  variant of Serpent for compatibility with old kerneli.org code.
1273
1274	  See also:
1275	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1276
1277config CRYPTO_SERPENT_SSE2_X86_64
1278	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1279	depends on X86 && 64BIT
1280	select CRYPTO_ALGAPI
1281	select CRYPTO_CRYPTD
1282	select CRYPTO_ABLK_HELPER
1283	select CRYPTO_GLUE_HELPER_X86
1284	select CRYPTO_SERPENT
1285	select CRYPTO_LRW
1286	select CRYPTO_XTS
1287	help
1288	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1289
1290	  Keys are allowed to be from 0 to 256 bits in length, in steps
1291	  of 8 bits.
1292
1293	  This module provides Serpent cipher algorithm that processes eight
1294	  blocks parallel using SSE2 instruction set.
1295
1296	  See also:
1297	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1298
1299config CRYPTO_SERPENT_SSE2_586
1300	tristate "Serpent cipher algorithm (i586/SSE2)"
1301	depends on X86 && !64BIT
1302	select CRYPTO_ALGAPI
1303	select CRYPTO_CRYPTD
1304	select CRYPTO_ABLK_HELPER
1305	select CRYPTO_GLUE_HELPER_X86
1306	select CRYPTO_SERPENT
1307	select CRYPTO_LRW
1308	select CRYPTO_XTS
1309	help
1310	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1311
1312	  Keys are allowed to be from 0 to 256 bits in length, in steps
1313	  of 8 bits.
1314
1315	  This module provides Serpent cipher algorithm that processes four
1316	  blocks parallel using SSE2 instruction set.
1317
1318	  See also:
1319	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1320
1321config CRYPTO_SERPENT_AVX_X86_64
1322	tristate "Serpent cipher algorithm (x86_64/AVX)"
1323	depends on X86 && 64BIT
1324	select CRYPTO_ALGAPI
1325	select CRYPTO_CRYPTD
1326	select CRYPTO_ABLK_HELPER
1327	select CRYPTO_GLUE_HELPER_X86
1328	select CRYPTO_SERPENT
1329	select CRYPTO_LRW
1330	select CRYPTO_XTS
1331	help
1332	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1333
1334	  Keys are allowed to be from 0 to 256 bits in length, in steps
1335	  of 8 bits.
1336
1337	  This module provides the Serpent cipher algorithm that processes
1338	  eight blocks parallel using the AVX instruction set.
1339
1340	  See also:
1341	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1342
1343config CRYPTO_SERPENT_AVX2_X86_64
1344	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1345	depends on X86 && 64BIT
1346	select CRYPTO_ALGAPI
1347	select CRYPTO_CRYPTD
1348	select CRYPTO_ABLK_HELPER
1349	select CRYPTO_GLUE_HELPER_X86
1350	select CRYPTO_SERPENT
1351	select CRYPTO_SERPENT_AVX_X86_64
1352	select CRYPTO_LRW
1353	select CRYPTO_XTS
1354	help
1355	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1356
1357	  Keys are allowed to be from 0 to 256 bits in length, in steps
1358	  of 8 bits.
1359
1360	  This module provides Serpent cipher algorithm that processes 16
1361	  blocks parallel using AVX2 instruction set.
1362
1363	  See also:
1364	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1365
1366config CRYPTO_TEA
1367	tristate "TEA, XTEA and XETA cipher algorithms"
1368	select CRYPTO_ALGAPI
1369	help
1370	  TEA cipher algorithm.
1371
1372	  Tiny Encryption Algorithm is a simple cipher that uses
1373	  many rounds for security.  It is very fast and uses
1374	  little memory.
1375
1376	  Xtendend Tiny Encryption Algorithm is a modification to
1377	  the TEA algorithm to address a potential key weakness
1378	  in the TEA algorithm.
1379
1380	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1381	  of the XTEA algorithm for compatibility purposes.
1382
1383config CRYPTO_TWOFISH
1384	tristate "Twofish cipher algorithm"
1385	select CRYPTO_ALGAPI
1386	select CRYPTO_TWOFISH_COMMON
1387	help
1388	  Twofish cipher algorithm.
1389
1390	  Twofish was submitted as an AES (Advanced Encryption Standard)
1391	  candidate cipher by researchers at CounterPane Systems.  It is a
1392	  16 round block cipher supporting key sizes of 128, 192, and 256
1393	  bits.
1394
1395	  See also:
1396	  <http://www.schneier.com/twofish.html>
1397
1398config CRYPTO_TWOFISH_COMMON
1399	tristate
1400	help
1401	  Common parts of the Twofish cipher algorithm shared by the
1402	  generic c and the assembler implementations.
1403
1404config CRYPTO_TWOFISH_586
1405	tristate "Twofish cipher algorithms (i586)"
1406	depends on (X86 || UML_X86) && !64BIT
1407	select CRYPTO_ALGAPI
1408	select CRYPTO_TWOFISH_COMMON
1409	help
1410	  Twofish cipher algorithm.
1411
1412	  Twofish was submitted as an AES (Advanced Encryption Standard)
1413	  candidate cipher by researchers at CounterPane Systems.  It is a
1414	  16 round block cipher supporting key sizes of 128, 192, and 256
1415	  bits.
1416
1417	  See also:
1418	  <http://www.schneier.com/twofish.html>
1419
1420config CRYPTO_TWOFISH_X86_64
1421	tristate "Twofish cipher algorithm (x86_64)"
1422	depends on (X86 || UML_X86) && 64BIT
1423	select CRYPTO_ALGAPI
1424	select CRYPTO_TWOFISH_COMMON
1425	help
1426	  Twofish cipher algorithm (x86_64).
1427
1428	  Twofish was submitted as an AES (Advanced Encryption Standard)
1429	  candidate cipher by researchers at CounterPane Systems.  It is a
1430	  16 round block cipher supporting key sizes of 128, 192, and 256
1431	  bits.
1432
1433	  See also:
1434	  <http://www.schneier.com/twofish.html>
1435
1436config CRYPTO_TWOFISH_X86_64_3WAY
1437	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1438	depends on X86 && 64BIT
1439	select CRYPTO_ALGAPI
1440	select CRYPTO_TWOFISH_COMMON
1441	select CRYPTO_TWOFISH_X86_64
1442	select CRYPTO_GLUE_HELPER_X86
1443	select CRYPTO_LRW
1444	select CRYPTO_XTS
1445	help
1446	  Twofish cipher algorithm (x86_64, 3-way parallel).
1447
1448	  Twofish was submitted as an AES (Advanced Encryption Standard)
1449	  candidate cipher by researchers at CounterPane Systems.  It is a
1450	  16 round block cipher supporting key sizes of 128, 192, and 256
1451	  bits.
1452
1453	  This module provides Twofish cipher algorithm that processes three
1454	  blocks parallel, utilizing resources of out-of-order CPUs better.
1455
1456	  See also:
1457	  <http://www.schneier.com/twofish.html>
1458
1459config CRYPTO_TWOFISH_AVX_X86_64
1460	tristate "Twofish cipher algorithm (x86_64/AVX)"
1461	depends on X86 && 64BIT
1462	select CRYPTO_ALGAPI
1463	select CRYPTO_CRYPTD
1464	select CRYPTO_ABLK_HELPER
1465	select CRYPTO_GLUE_HELPER_X86
1466	select CRYPTO_TWOFISH_COMMON
1467	select CRYPTO_TWOFISH_X86_64
1468	select CRYPTO_TWOFISH_X86_64_3WAY
1469	select CRYPTO_LRW
1470	select CRYPTO_XTS
1471	help
1472	  Twofish cipher algorithm (x86_64/AVX).
1473
1474	  Twofish was submitted as an AES (Advanced Encryption Standard)
1475	  candidate cipher by researchers at CounterPane Systems.  It is a
1476	  16 round block cipher supporting key sizes of 128, 192, and 256
1477	  bits.
1478
1479	  This module provides the Twofish cipher algorithm that processes
1480	  eight blocks parallel using the AVX Instruction Set.
1481
1482	  See also:
1483	  <http://www.schneier.com/twofish.html>
1484
1485comment "Compression"
1486
1487config CRYPTO_DEFLATE
1488	tristate "Deflate compression algorithm"
1489	select CRYPTO_ALGAPI
1490	select ZLIB_INFLATE
1491	select ZLIB_DEFLATE
1492	help
1493	  This is the Deflate algorithm (RFC1951), specified for use in
1494	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1495
1496	  You will most probably want this if using IPSec.
1497
1498config CRYPTO_ZLIB
1499	tristate "Zlib compression algorithm"
1500	select CRYPTO_PCOMP
1501	select ZLIB_INFLATE
1502	select ZLIB_DEFLATE
1503	select NLATTR
1504	help
1505	  This is the zlib algorithm.
1506
1507config CRYPTO_LZO
1508	tristate "LZO compression algorithm"
1509	select CRYPTO_ALGAPI
1510	select LZO_COMPRESS
1511	select LZO_DECOMPRESS
1512	help
1513	  This is the LZO algorithm.
1514
1515config CRYPTO_842
1516	tristate "842 compression algorithm"
1517	select CRYPTO_ALGAPI
1518	select 842_COMPRESS
1519	select 842_DECOMPRESS
1520	help
1521	  This is the 842 algorithm.
1522
1523config CRYPTO_LZ4
1524	tristate "LZ4 compression algorithm"
1525	select CRYPTO_ALGAPI
1526	select LZ4_COMPRESS
1527	select LZ4_DECOMPRESS
1528	help
1529	  This is the LZ4 algorithm.
1530
1531config CRYPTO_LZ4HC
1532	tristate "LZ4HC compression algorithm"
1533	select CRYPTO_ALGAPI
1534	select LZ4HC_COMPRESS
1535	select LZ4_DECOMPRESS
1536	help
1537	  This is the LZ4 high compression mode algorithm.
1538
1539comment "Random Number Generation"
1540
1541config CRYPTO_ANSI_CPRNG
1542	tristate "Pseudo Random Number Generation for Cryptographic modules"
1543	select CRYPTO_AES
1544	select CRYPTO_RNG
1545	help
1546	  This option enables the generic pseudo random number generator
1547	  for cryptographic modules.  Uses the Algorithm specified in
1548	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1549	  CRYPTO_FIPS is selected
1550
1551menuconfig CRYPTO_DRBG_MENU
1552	tristate "NIST SP800-90A DRBG"
1553	help
1554	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1555	  more of the DRBG types must be selected.
1556
1557if CRYPTO_DRBG_MENU
1558
1559config CRYPTO_DRBG_HMAC
1560	bool
1561	default y
1562	select CRYPTO_HMAC
1563	select CRYPTO_SHA256
1564
1565config CRYPTO_DRBG_HASH
1566	bool "Enable Hash DRBG"
1567	select CRYPTO_SHA256
1568	help
1569	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1570
1571config CRYPTO_DRBG_CTR
1572	bool "Enable CTR DRBG"
1573	select CRYPTO_AES
1574	help
1575	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1576
1577config CRYPTO_DRBG
1578	tristate
1579	default CRYPTO_DRBG_MENU
1580	select CRYPTO_RNG
1581	select CRYPTO_JITTERENTROPY
1582
1583endif	# if CRYPTO_DRBG_MENU
1584
1585config CRYPTO_JITTERENTROPY
1586	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1587	help
1588	  The Jitterentropy RNG is a noise that is intended
1589	  to provide seed to another RNG. The RNG does not
1590	  perform any cryptographic whitening of the generated
1591	  random numbers. This Jitterentropy RNG registers with
1592	  the kernel crypto API and can be used by any caller.
1593
1594config CRYPTO_USER_API
1595	tristate
1596
1597config CRYPTO_USER_API_HASH
1598	tristate "User-space interface for hash algorithms"
1599	depends on NET
1600	select CRYPTO_HASH
1601	select CRYPTO_USER_API
1602	help
1603	  This option enables the user-spaces interface for hash
1604	  algorithms.
1605
1606config CRYPTO_USER_API_SKCIPHER
1607	tristate "User-space interface for symmetric key cipher algorithms"
1608	depends on NET
1609	select CRYPTO_BLKCIPHER
1610	select CRYPTO_USER_API
1611	help
1612	  This option enables the user-spaces interface for symmetric
1613	  key cipher algorithms.
1614
1615config CRYPTO_USER_API_RNG
1616	tristate "User-space interface for random number generator algorithms"
1617	depends on NET
1618	select CRYPTO_RNG
1619	select CRYPTO_USER_API
1620	help
1621	  This option enables the user-spaces interface for random
1622	  number generator algorithms.
1623
1624config CRYPTO_USER_API_AEAD
1625	tristate "User-space interface for AEAD cipher algorithms"
1626	depends on NET
1627	select CRYPTO_AEAD
1628	select CRYPTO_USER_API
1629	help
1630	  This option enables the user-spaces interface for AEAD
1631	  cipher algorithms.
1632
1633config CRYPTO_HASH_INFO
1634	bool
1635
1636source "drivers/crypto/Kconfig"
1637source crypto/asymmetric_keys/Kconfig
1638source certs/Kconfig
1639
1640endif	# if CRYPTO
1641