1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_RSA 116 tristate "RSA algorithm" 117 select CRYPTO_AKCIPHER 118 select CRYPTO_MANAGER 119 select MPILIB 120 select ASN1 121 help 122 Generic implementation of the RSA public key algorithm. 123 124config CRYPTO_DH 125 tristate "Diffie-Hellman algorithm" 126 select CRYPTO_KPP 127 select MPILIB 128 help 129 Generic implementation of the Diffie-Hellman algorithm. 130 131config CRYPTO_ECDH 132 tristate "ECDH algorithm" 133 select CRYTPO_KPP 134 select CRYPTO_RNG_DEFAULT 135 help 136 Generic implementation of the ECDH algorithm 137 138config CRYPTO_MANAGER 139 tristate "Cryptographic algorithm manager" 140 select CRYPTO_MANAGER2 141 help 142 Create default cryptographic template instantiations such as 143 cbc(aes). 144 145config CRYPTO_MANAGER2 146 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 147 select CRYPTO_AEAD2 148 select CRYPTO_HASH2 149 select CRYPTO_BLKCIPHER2 150 select CRYPTO_AKCIPHER2 151 select CRYPTO_KPP2 152 select CRYPTO_ACOMP2 153 154config CRYPTO_USER 155 tristate "Userspace cryptographic algorithm configuration" 156 depends on NET 157 select CRYPTO_MANAGER 158 help 159 Userspace configuration for cryptographic instantiations such as 160 cbc(aes). 161 162config CRYPTO_MANAGER_DISABLE_TESTS 163 bool "Disable run-time self tests" 164 default y 165 depends on CRYPTO_MANAGER2 166 help 167 Disable run-time self tests that normally take place at 168 algorithm registration. 169 170config CRYPTO_GF128MUL 171 tristate "GF(2^128) multiplication functions" 172 help 173 Efficient table driven implementation of multiplications in the 174 field GF(2^128). This is needed by some cypher modes. This 175 option will be selected automatically if you select such a 176 cipher mode. Only select this option by hand if you expect to load 177 an external module that requires these functions. 178 179config CRYPTO_NULL 180 tristate "Null algorithms" 181 select CRYPTO_NULL2 182 help 183 These are 'Null' algorithms, used by IPsec, which do nothing. 184 185config CRYPTO_NULL2 186 tristate 187 select CRYPTO_ALGAPI2 188 select CRYPTO_BLKCIPHER2 189 select CRYPTO_HASH2 190 191config CRYPTO_PCRYPT 192 tristate "Parallel crypto engine" 193 depends on SMP 194 select PADATA 195 select CRYPTO_MANAGER 196 select CRYPTO_AEAD 197 help 198 This converts an arbitrary crypto algorithm into a parallel 199 algorithm that executes in kernel threads. 200 201config CRYPTO_WORKQUEUE 202 tristate 203 204config CRYPTO_CRYPTD 205 tristate "Software async crypto daemon" 206 select CRYPTO_BLKCIPHER 207 select CRYPTO_HASH 208 select CRYPTO_MANAGER 209 select CRYPTO_WORKQUEUE 210 help 211 This is a generic software asynchronous crypto daemon that 212 converts an arbitrary synchronous software crypto algorithm 213 into an asynchronous algorithm that executes in a kernel thread. 214 215config CRYPTO_MCRYPTD 216 tristate "Software async multi-buffer crypto daemon" 217 select CRYPTO_BLKCIPHER 218 select CRYPTO_HASH 219 select CRYPTO_MANAGER 220 select CRYPTO_WORKQUEUE 221 help 222 This is a generic software asynchronous crypto daemon that 223 provides the kernel thread to assist multi-buffer crypto 224 algorithms for submitting jobs and flushing jobs in multi-buffer 225 crypto algorithms. Multi-buffer crypto algorithms are executed 226 in the context of this kernel thread and drivers can post 227 their crypto request asynchronously to be processed by this daemon. 228 229config CRYPTO_AUTHENC 230 tristate "Authenc support" 231 select CRYPTO_AEAD 232 select CRYPTO_BLKCIPHER 233 select CRYPTO_MANAGER 234 select CRYPTO_HASH 235 select CRYPTO_NULL 236 help 237 Authenc: Combined mode wrapper for IPsec. 238 This is required for IPSec. 239 240config CRYPTO_TEST 241 tristate "Testing module" 242 depends on m 243 select CRYPTO_MANAGER 244 help 245 Quick & dirty crypto test module. 246 247config CRYPTO_ABLK_HELPER 248 tristate 249 select CRYPTO_CRYPTD 250 251config CRYPTO_SIMD 252 tristate 253 select CRYPTO_CRYPTD 254 255config CRYPTO_GLUE_HELPER_X86 256 tristate 257 depends on X86 258 select CRYPTO_BLKCIPHER 259 260config CRYPTO_ENGINE 261 tristate 262 263comment "Authenticated Encryption with Associated Data" 264 265config CRYPTO_CCM 266 tristate "CCM support" 267 select CRYPTO_CTR 268 select CRYPTO_HASH 269 select CRYPTO_AEAD 270 help 271 Support for Counter with CBC MAC. Required for IPsec. 272 273config CRYPTO_GCM 274 tristate "GCM/GMAC support" 275 select CRYPTO_CTR 276 select CRYPTO_AEAD 277 select CRYPTO_GHASH 278 select CRYPTO_NULL 279 help 280 Support for Galois/Counter Mode (GCM) and Galois Message 281 Authentication Code (GMAC). Required for IPSec. 282 283config CRYPTO_CHACHA20POLY1305 284 tristate "ChaCha20-Poly1305 AEAD support" 285 select CRYPTO_CHACHA20 286 select CRYPTO_POLY1305 287 select CRYPTO_AEAD 288 help 289 ChaCha20-Poly1305 AEAD support, RFC7539. 290 291 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 292 with the Poly1305 authenticator. It is defined in RFC7539 for use in 293 IETF protocols. 294 295config CRYPTO_SEQIV 296 tristate "Sequence Number IV Generator" 297 select CRYPTO_AEAD 298 select CRYPTO_BLKCIPHER 299 select CRYPTO_NULL 300 select CRYPTO_RNG_DEFAULT 301 help 302 This IV generator generates an IV based on a sequence number by 303 xoring it with a salt. This algorithm is mainly useful for CTR 304 305config CRYPTO_ECHAINIV 306 tristate "Encrypted Chain IV Generator" 307 select CRYPTO_AEAD 308 select CRYPTO_NULL 309 select CRYPTO_RNG_DEFAULT 310 default m 311 help 312 This IV generator generates an IV based on the encryption of 313 a sequence number xored with a salt. This is the default 314 algorithm for CBC. 315 316comment "Block modes" 317 318config CRYPTO_CBC 319 tristate "CBC support" 320 select CRYPTO_BLKCIPHER 321 select CRYPTO_MANAGER 322 help 323 CBC: Cipher Block Chaining mode 324 This block cipher algorithm is required for IPSec. 325 326config CRYPTO_CTR 327 tristate "CTR support" 328 select CRYPTO_BLKCIPHER 329 select CRYPTO_SEQIV 330 select CRYPTO_MANAGER 331 help 332 CTR: Counter mode 333 This block cipher algorithm is required for IPSec. 334 335config CRYPTO_CTS 336 tristate "CTS support" 337 select CRYPTO_BLKCIPHER 338 help 339 CTS: Cipher Text Stealing 340 This is the Cipher Text Stealing mode as described by 341 Section 8 of rfc2040 and referenced by rfc3962. 342 (rfc3962 includes errata information in its Appendix A) 343 This mode is required for Kerberos gss mechanism support 344 for AES encryption. 345 346config CRYPTO_ECB 347 tristate "ECB support" 348 select CRYPTO_BLKCIPHER 349 select CRYPTO_MANAGER 350 help 351 ECB: Electronic CodeBook mode 352 This is the simplest block cipher algorithm. It simply encrypts 353 the input block by block. 354 355config CRYPTO_LRW 356 tristate "LRW support" 357 select CRYPTO_BLKCIPHER 358 select CRYPTO_MANAGER 359 select CRYPTO_GF128MUL 360 help 361 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 362 narrow block cipher mode for dm-crypt. Use it with cipher 363 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 364 The first 128, 192 or 256 bits in the key are used for AES and the 365 rest is used to tie each cipher block to its logical position. 366 367config CRYPTO_PCBC 368 tristate "PCBC support" 369 select CRYPTO_BLKCIPHER 370 select CRYPTO_MANAGER 371 help 372 PCBC: Propagating Cipher Block Chaining mode 373 This block cipher algorithm is required for RxRPC. 374 375config CRYPTO_XTS 376 tristate "XTS support" 377 select CRYPTO_BLKCIPHER 378 select CRYPTO_MANAGER 379 select CRYPTO_ECB 380 help 381 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 382 key size 256, 384 or 512 bits. This implementation currently 383 can't handle a sectorsize which is not a multiple of 16 bytes. 384 385config CRYPTO_KEYWRAP 386 tristate "Key wrapping support" 387 select CRYPTO_BLKCIPHER 388 help 389 Support for key wrapping (NIST SP800-38F / RFC3394) without 390 padding. 391 392comment "Hash modes" 393 394config CRYPTO_CMAC 395 tristate "CMAC support" 396 select CRYPTO_HASH 397 select CRYPTO_MANAGER 398 help 399 Cipher-based Message Authentication Code (CMAC) specified by 400 The National Institute of Standards and Technology (NIST). 401 402 https://tools.ietf.org/html/rfc4493 403 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 404 405config CRYPTO_HMAC 406 tristate "HMAC support" 407 select CRYPTO_HASH 408 select CRYPTO_MANAGER 409 help 410 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 411 This is required for IPSec. 412 413config CRYPTO_XCBC 414 tristate "XCBC support" 415 select CRYPTO_HASH 416 select CRYPTO_MANAGER 417 help 418 XCBC: Keyed-Hashing with encryption algorithm 419 http://www.ietf.org/rfc/rfc3566.txt 420 http://csrc.nist.gov/encryption/modes/proposedmodes/ 421 xcbc-mac/xcbc-mac-spec.pdf 422 423config CRYPTO_VMAC 424 tristate "VMAC support" 425 select CRYPTO_HASH 426 select CRYPTO_MANAGER 427 help 428 VMAC is a message authentication algorithm designed for 429 very high speed on 64-bit architectures. 430 431 See also: 432 <http://fastcrypto.org/vmac> 433 434comment "Digest" 435 436config CRYPTO_CRC32C 437 tristate "CRC32c CRC algorithm" 438 select CRYPTO_HASH 439 select CRC32 440 help 441 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 442 by iSCSI for header and data digests and by others. 443 See Castagnoli93. Module will be crc32c. 444 445config CRYPTO_CRC32C_INTEL 446 tristate "CRC32c INTEL hardware acceleration" 447 depends on X86 448 select CRYPTO_HASH 449 help 450 In Intel processor with SSE4.2 supported, the processor will 451 support CRC32C implementation using hardware accelerated CRC32 452 instruction. This option will create 'crc32c-intel' module, 453 which will enable any routine to use the CRC32 instruction to 454 gain performance compared with software implementation. 455 Module will be crc32c-intel. 456 457config CRYPTO_CRC32C_VPMSUM 458 tristate "CRC32c CRC algorithm (powerpc64)" 459 depends on PPC64 && ALTIVEC 460 select CRYPTO_HASH 461 select CRC32 462 help 463 CRC32c algorithm implemented using vector polynomial multiply-sum 464 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 465 and newer processors for improved performance. 466 467 468config CRYPTO_CRC32C_SPARC64 469 tristate "CRC32c CRC algorithm (SPARC64)" 470 depends on SPARC64 471 select CRYPTO_HASH 472 select CRC32 473 help 474 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 475 when available. 476 477config CRYPTO_CRC32 478 tristate "CRC32 CRC algorithm" 479 select CRYPTO_HASH 480 select CRC32 481 help 482 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 483 Shash crypto api wrappers to crc32_le function. 484 485config CRYPTO_CRC32_PCLMUL 486 tristate "CRC32 PCLMULQDQ hardware acceleration" 487 depends on X86 488 select CRYPTO_HASH 489 select CRC32 490 help 491 From Intel Westmere and AMD Bulldozer processor with SSE4.2 492 and PCLMULQDQ supported, the processor will support 493 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 494 instruction. This option will create 'crc32-plcmul' module, 495 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 496 and gain better performance as compared with the table implementation. 497 498config CRYPTO_CRCT10DIF 499 tristate "CRCT10DIF algorithm" 500 select CRYPTO_HASH 501 help 502 CRC T10 Data Integrity Field computation is being cast as 503 a crypto transform. This allows for faster crc t10 diff 504 transforms to be used if they are available. 505 506config CRYPTO_CRCT10DIF_PCLMUL 507 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 508 depends on X86 && 64BIT && CRC_T10DIF 509 select CRYPTO_HASH 510 help 511 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 512 CRC T10 DIF PCLMULQDQ computation can be hardware 513 accelerated PCLMULQDQ instruction. This option will create 514 'crct10dif-plcmul' module, which is faster when computing the 515 crct10dif checksum as compared with the generic table implementation. 516 517config CRYPTO_CRCT10DIF_VPMSUM 518 tristate "CRC32T10DIF powerpc64 hardware acceleration" 519 depends on PPC64 && ALTIVEC && CRC_T10DIF 520 select CRYPTO_HASH 521 help 522 CRC10T10DIF algorithm implemented using vector polynomial 523 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 524 POWER8 and newer processors for improved performance. 525 526config CRYPTO_VPMSUM_TESTER 527 tristate "Powerpc64 vpmsum hardware acceleration tester" 528 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 529 help 530 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 531 POWER8 vpmsum instructions. 532 Unless you are testing these algorithms, you don't need this. 533 534config CRYPTO_GHASH 535 tristate "GHASH digest algorithm" 536 select CRYPTO_GF128MUL 537 select CRYPTO_HASH 538 help 539 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 540 541config CRYPTO_POLY1305 542 tristate "Poly1305 authenticator algorithm" 543 select CRYPTO_HASH 544 help 545 Poly1305 authenticator algorithm, RFC7539. 546 547 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 548 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 549 in IETF protocols. This is the portable C implementation of Poly1305. 550 551config CRYPTO_POLY1305_X86_64 552 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 553 depends on X86 && 64BIT 554 select CRYPTO_POLY1305 555 help 556 Poly1305 authenticator algorithm, RFC7539. 557 558 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 559 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 560 in IETF protocols. This is the x86_64 assembler implementation using SIMD 561 instructions. 562 563config CRYPTO_MD4 564 tristate "MD4 digest algorithm" 565 select CRYPTO_HASH 566 help 567 MD4 message digest algorithm (RFC1320). 568 569config CRYPTO_MD5 570 tristate "MD5 digest algorithm" 571 select CRYPTO_HASH 572 help 573 MD5 message digest algorithm (RFC1321). 574 575config CRYPTO_MD5_OCTEON 576 tristate "MD5 digest algorithm (OCTEON)" 577 depends on CPU_CAVIUM_OCTEON 578 select CRYPTO_MD5 579 select CRYPTO_HASH 580 help 581 MD5 message digest algorithm (RFC1321) implemented 582 using OCTEON crypto instructions, when available. 583 584config CRYPTO_MD5_PPC 585 tristate "MD5 digest algorithm (PPC)" 586 depends on PPC 587 select CRYPTO_HASH 588 help 589 MD5 message digest algorithm (RFC1321) implemented 590 in PPC assembler. 591 592config CRYPTO_MD5_SPARC64 593 tristate "MD5 digest algorithm (SPARC64)" 594 depends on SPARC64 595 select CRYPTO_MD5 596 select CRYPTO_HASH 597 help 598 MD5 message digest algorithm (RFC1321) implemented 599 using sparc64 crypto instructions, when available. 600 601config CRYPTO_MICHAEL_MIC 602 tristate "Michael MIC keyed digest algorithm" 603 select CRYPTO_HASH 604 help 605 Michael MIC is used for message integrity protection in TKIP 606 (IEEE 802.11i). This algorithm is required for TKIP, but it 607 should not be used for other purposes because of the weakness 608 of the algorithm. 609 610config CRYPTO_RMD128 611 tristate "RIPEMD-128 digest algorithm" 612 select CRYPTO_HASH 613 help 614 RIPEMD-128 (ISO/IEC 10118-3:2004). 615 616 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 617 be used as a secure replacement for RIPEMD. For other use cases, 618 RIPEMD-160 should be used. 619 620 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 621 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 622 623config CRYPTO_RMD160 624 tristate "RIPEMD-160 digest algorithm" 625 select CRYPTO_HASH 626 help 627 RIPEMD-160 (ISO/IEC 10118-3:2004). 628 629 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 630 to be used as a secure replacement for the 128-bit hash functions 631 MD4, MD5 and it's predecessor RIPEMD 632 (not to be confused with RIPEMD-128). 633 634 It's speed is comparable to SHA1 and there are no known attacks 635 against RIPEMD-160. 636 637 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 638 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 639 640config CRYPTO_RMD256 641 tristate "RIPEMD-256 digest algorithm" 642 select CRYPTO_HASH 643 help 644 RIPEMD-256 is an optional extension of RIPEMD-128 with a 645 256 bit hash. It is intended for applications that require 646 longer hash-results, without needing a larger security level 647 (than RIPEMD-128). 648 649 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 650 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 651 652config CRYPTO_RMD320 653 tristate "RIPEMD-320 digest algorithm" 654 select CRYPTO_HASH 655 help 656 RIPEMD-320 is an optional extension of RIPEMD-160 with a 657 320 bit hash. It is intended for applications that require 658 longer hash-results, without needing a larger security level 659 (than RIPEMD-160). 660 661 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 662 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 663 664config CRYPTO_SHA1 665 tristate "SHA1 digest algorithm" 666 select CRYPTO_HASH 667 help 668 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 669 670config CRYPTO_SHA1_SSSE3 671 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 672 depends on X86 && 64BIT 673 select CRYPTO_SHA1 674 select CRYPTO_HASH 675 help 676 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 677 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 678 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 679 when available. 680 681config CRYPTO_SHA256_SSSE3 682 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 683 depends on X86 && 64BIT 684 select CRYPTO_SHA256 685 select CRYPTO_HASH 686 help 687 SHA-256 secure hash standard (DFIPS 180-2) implemented 688 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 689 Extensions version 1 (AVX1), or Advanced Vector Extensions 690 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 691 Instructions) when available. 692 693config CRYPTO_SHA512_SSSE3 694 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 695 depends on X86 && 64BIT 696 select CRYPTO_SHA512 697 select CRYPTO_HASH 698 help 699 SHA-512 secure hash standard (DFIPS 180-2) implemented 700 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 701 Extensions version 1 (AVX1), or Advanced Vector Extensions 702 version 2 (AVX2) instructions, when available. 703 704config CRYPTO_SHA1_OCTEON 705 tristate "SHA1 digest algorithm (OCTEON)" 706 depends on CPU_CAVIUM_OCTEON 707 select CRYPTO_SHA1 708 select CRYPTO_HASH 709 help 710 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 711 using OCTEON crypto instructions, when available. 712 713config CRYPTO_SHA1_SPARC64 714 tristate "SHA1 digest algorithm (SPARC64)" 715 depends on SPARC64 716 select CRYPTO_SHA1 717 select CRYPTO_HASH 718 help 719 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 720 using sparc64 crypto instructions, when available. 721 722config CRYPTO_SHA1_PPC 723 tristate "SHA1 digest algorithm (powerpc)" 724 depends on PPC 725 help 726 This is the powerpc hardware accelerated implementation of the 727 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 728 729config CRYPTO_SHA1_PPC_SPE 730 tristate "SHA1 digest algorithm (PPC SPE)" 731 depends on PPC && SPE 732 help 733 SHA-1 secure hash standard (DFIPS 180-4) implemented 734 using powerpc SPE SIMD instruction set. 735 736config CRYPTO_SHA1_MB 737 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 738 depends on X86 && 64BIT 739 select CRYPTO_SHA1 740 select CRYPTO_HASH 741 select CRYPTO_MCRYPTD 742 help 743 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 744 using multi-buffer technique. This algorithm computes on 745 multiple data lanes concurrently with SIMD instructions for 746 better throughput. It should not be enabled by default but 747 used when there is significant amount of work to keep the keep 748 the data lanes filled to get performance benefit. If the data 749 lanes remain unfilled, a flush operation will be initiated to 750 process the crypto jobs, adding a slight latency. 751 752config CRYPTO_SHA256_MB 753 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)" 754 depends on X86 && 64BIT 755 select CRYPTO_SHA256 756 select CRYPTO_HASH 757 select CRYPTO_MCRYPTD 758 help 759 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 760 using multi-buffer technique. This algorithm computes on 761 multiple data lanes concurrently with SIMD instructions for 762 better throughput. It should not be enabled by default but 763 used when there is significant amount of work to keep the keep 764 the data lanes filled to get performance benefit. If the data 765 lanes remain unfilled, a flush operation will be initiated to 766 process the crypto jobs, adding a slight latency. 767 768config CRYPTO_SHA512_MB 769 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)" 770 depends on X86 && 64BIT 771 select CRYPTO_SHA512 772 select CRYPTO_HASH 773 select CRYPTO_MCRYPTD 774 help 775 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 776 using multi-buffer technique. This algorithm computes on 777 multiple data lanes concurrently with SIMD instructions for 778 better throughput. It should not be enabled by default but 779 used when there is significant amount of work to keep the keep 780 the data lanes filled to get performance benefit. If the data 781 lanes remain unfilled, a flush operation will be initiated to 782 process the crypto jobs, adding a slight latency. 783 784config CRYPTO_SHA256 785 tristate "SHA224 and SHA256 digest algorithm" 786 select CRYPTO_HASH 787 help 788 SHA256 secure hash standard (DFIPS 180-2). 789 790 This version of SHA implements a 256 bit hash with 128 bits of 791 security against collision attacks. 792 793 This code also includes SHA-224, a 224 bit hash with 112 bits 794 of security against collision attacks. 795 796config CRYPTO_SHA256_PPC_SPE 797 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 798 depends on PPC && SPE 799 select CRYPTO_SHA256 800 select CRYPTO_HASH 801 help 802 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 803 implemented using powerpc SPE SIMD instruction set. 804 805config CRYPTO_SHA256_OCTEON 806 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 807 depends on CPU_CAVIUM_OCTEON 808 select CRYPTO_SHA256 809 select CRYPTO_HASH 810 help 811 SHA-256 secure hash standard (DFIPS 180-2) implemented 812 using OCTEON crypto instructions, when available. 813 814config CRYPTO_SHA256_SPARC64 815 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 816 depends on SPARC64 817 select CRYPTO_SHA256 818 select CRYPTO_HASH 819 help 820 SHA-256 secure hash standard (DFIPS 180-2) implemented 821 using sparc64 crypto instructions, when available. 822 823config CRYPTO_SHA512 824 tristate "SHA384 and SHA512 digest algorithms" 825 select CRYPTO_HASH 826 help 827 SHA512 secure hash standard (DFIPS 180-2). 828 829 This version of SHA implements a 512 bit hash with 256 bits of 830 security against collision attacks. 831 832 This code also includes SHA-384, a 384 bit hash with 192 bits 833 of security against collision attacks. 834 835config CRYPTO_SHA512_OCTEON 836 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 837 depends on CPU_CAVIUM_OCTEON 838 select CRYPTO_SHA512 839 select CRYPTO_HASH 840 help 841 SHA-512 secure hash standard (DFIPS 180-2) implemented 842 using OCTEON crypto instructions, when available. 843 844config CRYPTO_SHA512_SPARC64 845 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 846 depends on SPARC64 847 select CRYPTO_SHA512 848 select CRYPTO_HASH 849 help 850 SHA-512 secure hash standard (DFIPS 180-2) implemented 851 using sparc64 crypto instructions, when available. 852 853config CRYPTO_SHA3 854 tristate "SHA3 digest algorithm" 855 select CRYPTO_HASH 856 help 857 SHA-3 secure hash standard (DFIPS 202). It's based on 858 cryptographic sponge function family called Keccak. 859 860 References: 861 http://keccak.noekeon.org/ 862 863config CRYPTO_TGR192 864 tristate "Tiger digest algorithms" 865 select CRYPTO_HASH 866 help 867 Tiger hash algorithm 192, 160 and 128-bit hashes 868 869 Tiger is a hash function optimized for 64-bit processors while 870 still having decent performance on 32-bit processors. 871 Tiger was developed by Ross Anderson and Eli Biham. 872 873 See also: 874 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 875 876config CRYPTO_WP512 877 tristate "Whirlpool digest algorithms" 878 select CRYPTO_HASH 879 help 880 Whirlpool hash algorithm 512, 384 and 256-bit hashes 881 882 Whirlpool-512 is part of the NESSIE cryptographic primitives. 883 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 884 885 See also: 886 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 887 888config CRYPTO_GHASH_CLMUL_NI_INTEL 889 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 890 depends on X86 && 64BIT 891 select CRYPTO_CRYPTD 892 help 893 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 894 The implementation is accelerated by CLMUL-NI of Intel. 895 896comment "Ciphers" 897 898config CRYPTO_AES 899 tristate "AES cipher algorithms" 900 select CRYPTO_ALGAPI 901 help 902 AES cipher algorithms (FIPS-197). AES uses the Rijndael 903 algorithm. 904 905 Rijndael appears to be consistently a very good performer in 906 both hardware and software across a wide range of computing 907 environments regardless of its use in feedback or non-feedback 908 modes. Its key setup time is excellent, and its key agility is 909 good. Rijndael's very low memory requirements make it very well 910 suited for restricted-space environments, in which it also 911 demonstrates excellent performance. Rijndael's operations are 912 among the easiest to defend against power and timing attacks. 913 914 The AES specifies three key sizes: 128, 192 and 256 bits 915 916 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 917 918config CRYPTO_AES_TI 919 tristate "Fixed time AES cipher" 920 select CRYPTO_ALGAPI 921 help 922 This is a generic implementation of AES that attempts to eliminate 923 data dependent latencies as much as possible without affecting 924 performance too much. It is intended for use by the generic CCM 925 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 926 solely on encryption (although decryption is supported as well, but 927 with a more dramatic performance hit) 928 929 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 930 8 for decryption), this implementation only uses just two S-boxes of 931 256 bytes each, and attempts to eliminate data dependent latencies by 932 prefetching the entire table into the cache at the start of each 933 block. 934 935config CRYPTO_AES_586 936 tristate "AES cipher algorithms (i586)" 937 depends on (X86 || UML_X86) && !64BIT 938 select CRYPTO_ALGAPI 939 select CRYPTO_AES 940 help 941 AES cipher algorithms (FIPS-197). AES uses the Rijndael 942 algorithm. 943 944 Rijndael appears to be consistently a very good performer in 945 both hardware and software across a wide range of computing 946 environments regardless of its use in feedback or non-feedback 947 modes. Its key setup time is excellent, and its key agility is 948 good. Rijndael's very low memory requirements make it very well 949 suited for restricted-space environments, in which it also 950 demonstrates excellent performance. Rijndael's operations are 951 among the easiest to defend against power and timing attacks. 952 953 The AES specifies three key sizes: 128, 192 and 256 bits 954 955 See <http://csrc.nist.gov/encryption/aes/> for more information. 956 957config CRYPTO_AES_X86_64 958 tristate "AES cipher algorithms (x86_64)" 959 depends on (X86 || UML_X86) && 64BIT 960 select CRYPTO_ALGAPI 961 select CRYPTO_AES 962 help 963 AES cipher algorithms (FIPS-197). AES uses the Rijndael 964 algorithm. 965 966 Rijndael appears to be consistently a very good performer in 967 both hardware and software across a wide range of computing 968 environments regardless of its use in feedback or non-feedback 969 modes. Its key setup time is excellent, and its key agility is 970 good. Rijndael's very low memory requirements make it very well 971 suited for restricted-space environments, in which it also 972 demonstrates excellent performance. Rijndael's operations are 973 among the easiest to defend against power and timing attacks. 974 975 The AES specifies three key sizes: 128, 192 and 256 bits 976 977 See <http://csrc.nist.gov/encryption/aes/> for more information. 978 979config CRYPTO_AES_NI_INTEL 980 tristate "AES cipher algorithms (AES-NI)" 981 depends on X86 982 select CRYPTO_AEAD 983 select CRYPTO_AES_X86_64 if 64BIT 984 select CRYPTO_AES_586 if !64BIT 985 select CRYPTO_ALGAPI 986 select CRYPTO_BLKCIPHER 987 select CRYPTO_GLUE_HELPER_X86 if 64BIT 988 select CRYPTO_SIMD 989 help 990 Use Intel AES-NI instructions for AES algorithm. 991 992 AES cipher algorithms (FIPS-197). AES uses the Rijndael 993 algorithm. 994 995 Rijndael appears to be consistently a very good performer in 996 both hardware and software across a wide range of computing 997 environments regardless of its use in feedback or non-feedback 998 modes. Its key setup time is excellent, and its key agility is 999 good. Rijndael's very low memory requirements make it very well 1000 suited for restricted-space environments, in which it also 1001 demonstrates excellent performance. Rijndael's operations are 1002 among the easiest to defend against power and timing attacks. 1003 1004 The AES specifies three key sizes: 128, 192 and 256 bits 1005 1006 See <http://csrc.nist.gov/encryption/aes/> for more information. 1007 1008 In addition to AES cipher algorithm support, the acceleration 1009 for some popular block cipher mode is supported too, including 1010 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1011 acceleration for CTR. 1012 1013config CRYPTO_AES_SPARC64 1014 tristate "AES cipher algorithms (SPARC64)" 1015 depends on SPARC64 1016 select CRYPTO_CRYPTD 1017 select CRYPTO_ALGAPI 1018 help 1019 Use SPARC64 crypto opcodes for AES algorithm. 1020 1021 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1022 algorithm. 1023 1024 Rijndael appears to be consistently a very good performer in 1025 both hardware and software across a wide range of computing 1026 environments regardless of its use in feedback or non-feedback 1027 modes. Its key setup time is excellent, and its key agility is 1028 good. Rijndael's very low memory requirements make it very well 1029 suited for restricted-space environments, in which it also 1030 demonstrates excellent performance. Rijndael's operations are 1031 among the easiest to defend against power and timing attacks. 1032 1033 The AES specifies three key sizes: 128, 192 and 256 bits 1034 1035 See <http://csrc.nist.gov/encryption/aes/> for more information. 1036 1037 In addition to AES cipher algorithm support, the acceleration 1038 for some popular block cipher mode is supported too, including 1039 ECB and CBC. 1040 1041config CRYPTO_AES_PPC_SPE 1042 tristate "AES cipher algorithms (PPC SPE)" 1043 depends on PPC && SPE 1044 help 1045 AES cipher algorithms (FIPS-197). Additionally the acceleration 1046 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1047 This module should only be used for low power (router) devices 1048 without hardware AES acceleration (e.g. caam crypto). It reduces the 1049 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1050 timining attacks. Nevertheless it might be not as secure as other 1051 architecture specific assembler implementations that work on 1KB 1052 tables or 256 bytes S-boxes. 1053 1054config CRYPTO_ANUBIS 1055 tristate "Anubis cipher algorithm" 1056 select CRYPTO_ALGAPI 1057 help 1058 Anubis cipher algorithm. 1059 1060 Anubis is a variable key length cipher which can use keys from 1061 128 bits to 320 bits in length. It was evaluated as a entrant 1062 in the NESSIE competition. 1063 1064 See also: 1065 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1066 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1067 1068config CRYPTO_ARC4 1069 tristate "ARC4 cipher algorithm" 1070 select CRYPTO_BLKCIPHER 1071 help 1072 ARC4 cipher algorithm. 1073 1074 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1075 bits in length. This algorithm is required for driver-based 1076 WEP, but it should not be for other purposes because of the 1077 weakness of the algorithm. 1078 1079config CRYPTO_BLOWFISH 1080 tristate "Blowfish cipher algorithm" 1081 select CRYPTO_ALGAPI 1082 select CRYPTO_BLOWFISH_COMMON 1083 help 1084 Blowfish cipher algorithm, by Bruce Schneier. 1085 1086 This is a variable key length cipher which can use keys from 32 1087 bits to 448 bits in length. It's fast, simple and specifically 1088 designed for use on "large microprocessors". 1089 1090 See also: 1091 <http://www.schneier.com/blowfish.html> 1092 1093config CRYPTO_BLOWFISH_COMMON 1094 tristate 1095 help 1096 Common parts of the Blowfish cipher algorithm shared by the 1097 generic c and the assembler implementations. 1098 1099 See also: 1100 <http://www.schneier.com/blowfish.html> 1101 1102config CRYPTO_BLOWFISH_X86_64 1103 tristate "Blowfish cipher algorithm (x86_64)" 1104 depends on X86 && 64BIT 1105 select CRYPTO_ALGAPI 1106 select CRYPTO_BLOWFISH_COMMON 1107 help 1108 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1109 1110 This is a variable key length cipher which can use keys from 32 1111 bits to 448 bits in length. It's fast, simple and specifically 1112 designed for use on "large microprocessors". 1113 1114 See also: 1115 <http://www.schneier.com/blowfish.html> 1116 1117config CRYPTO_CAMELLIA 1118 tristate "Camellia cipher algorithms" 1119 depends on CRYPTO 1120 select CRYPTO_ALGAPI 1121 help 1122 Camellia cipher algorithms module. 1123 1124 Camellia is a symmetric key block cipher developed jointly 1125 at NTT and Mitsubishi Electric Corporation. 1126 1127 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1128 1129 See also: 1130 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1131 1132config CRYPTO_CAMELLIA_X86_64 1133 tristate "Camellia cipher algorithm (x86_64)" 1134 depends on X86 && 64BIT 1135 depends on CRYPTO 1136 select CRYPTO_ALGAPI 1137 select CRYPTO_GLUE_HELPER_X86 1138 select CRYPTO_LRW 1139 select CRYPTO_XTS 1140 help 1141 Camellia cipher algorithm module (x86_64). 1142 1143 Camellia is a symmetric key block cipher developed jointly 1144 at NTT and Mitsubishi Electric Corporation. 1145 1146 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1147 1148 See also: 1149 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1150 1151config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1152 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1153 depends on X86 && 64BIT 1154 depends on CRYPTO 1155 select CRYPTO_ALGAPI 1156 select CRYPTO_CRYPTD 1157 select CRYPTO_ABLK_HELPER 1158 select CRYPTO_GLUE_HELPER_X86 1159 select CRYPTO_CAMELLIA_X86_64 1160 select CRYPTO_LRW 1161 select CRYPTO_XTS 1162 help 1163 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1164 1165 Camellia is a symmetric key block cipher developed jointly 1166 at NTT and Mitsubishi Electric Corporation. 1167 1168 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1169 1170 See also: 1171 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1172 1173config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1174 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1175 depends on X86 && 64BIT 1176 depends on CRYPTO 1177 select CRYPTO_ALGAPI 1178 select CRYPTO_CRYPTD 1179 select CRYPTO_ABLK_HELPER 1180 select CRYPTO_GLUE_HELPER_X86 1181 select CRYPTO_CAMELLIA_X86_64 1182 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1183 select CRYPTO_LRW 1184 select CRYPTO_XTS 1185 help 1186 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1187 1188 Camellia is a symmetric key block cipher developed jointly 1189 at NTT and Mitsubishi Electric Corporation. 1190 1191 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1192 1193 See also: 1194 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1195 1196config CRYPTO_CAMELLIA_SPARC64 1197 tristate "Camellia cipher algorithm (SPARC64)" 1198 depends on SPARC64 1199 depends on CRYPTO 1200 select CRYPTO_ALGAPI 1201 help 1202 Camellia cipher algorithm module (SPARC64). 1203 1204 Camellia is a symmetric key block cipher developed jointly 1205 at NTT and Mitsubishi Electric Corporation. 1206 1207 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1208 1209 See also: 1210 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1211 1212config CRYPTO_CAST_COMMON 1213 tristate 1214 help 1215 Common parts of the CAST cipher algorithms shared by the 1216 generic c and the assembler implementations. 1217 1218config CRYPTO_CAST5 1219 tristate "CAST5 (CAST-128) cipher algorithm" 1220 select CRYPTO_ALGAPI 1221 select CRYPTO_CAST_COMMON 1222 help 1223 The CAST5 encryption algorithm (synonymous with CAST-128) is 1224 described in RFC2144. 1225 1226config CRYPTO_CAST5_AVX_X86_64 1227 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1228 depends on X86 && 64BIT 1229 select CRYPTO_ALGAPI 1230 select CRYPTO_CRYPTD 1231 select CRYPTO_ABLK_HELPER 1232 select CRYPTO_CAST_COMMON 1233 select CRYPTO_CAST5 1234 help 1235 The CAST5 encryption algorithm (synonymous with CAST-128) is 1236 described in RFC2144. 1237 1238 This module provides the Cast5 cipher algorithm that processes 1239 sixteen blocks parallel using the AVX instruction set. 1240 1241config CRYPTO_CAST6 1242 tristate "CAST6 (CAST-256) cipher algorithm" 1243 select CRYPTO_ALGAPI 1244 select CRYPTO_CAST_COMMON 1245 help 1246 The CAST6 encryption algorithm (synonymous with CAST-256) is 1247 described in RFC2612. 1248 1249config CRYPTO_CAST6_AVX_X86_64 1250 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1251 depends on X86 && 64BIT 1252 select CRYPTO_ALGAPI 1253 select CRYPTO_CRYPTD 1254 select CRYPTO_ABLK_HELPER 1255 select CRYPTO_GLUE_HELPER_X86 1256 select CRYPTO_CAST_COMMON 1257 select CRYPTO_CAST6 1258 select CRYPTO_LRW 1259 select CRYPTO_XTS 1260 help 1261 The CAST6 encryption algorithm (synonymous with CAST-256) is 1262 described in RFC2612. 1263 1264 This module provides the Cast6 cipher algorithm that processes 1265 eight blocks parallel using the AVX instruction set. 1266 1267config CRYPTO_DES 1268 tristate "DES and Triple DES EDE cipher algorithms" 1269 select CRYPTO_ALGAPI 1270 help 1271 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1272 1273config CRYPTO_DES_SPARC64 1274 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1275 depends on SPARC64 1276 select CRYPTO_ALGAPI 1277 select CRYPTO_DES 1278 help 1279 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1280 optimized using SPARC64 crypto opcodes. 1281 1282config CRYPTO_DES3_EDE_X86_64 1283 tristate "Triple DES EDE cipher algorithm (x86-64)" 1284 depends on X86 && 64BIT 1285 select CRYPTO_ALGAPI 1286 select CRYPTO_DES 1287 help 1288 Triple DES EDE (FIPS 46-3) algorithm. 1289 1290 This module provides implementation of the Triple DES EDE cipher 1291 algorithm that is optimized for x86-64 processors. Two versions of 1292 algorithm are provided; regular processing one input block and 1293 one that processes three blocks parallel. 1294 1295config CRYPTO_FCRYPT 1296 tristate "FCrypt cipher algorithm" 1297 select CRYPTO_ALGAPI 1298 select CRYPTO_BLKCIPHER 1299 help 1300 FCrypt algorithm used by RxRPC. 1301 1302config CRYPTO_KHAZAD 1303 tristate "Khazad cipher algorithm" 1304 select CRYPTO_ALGAPI 1305 help 1306 Khazad cipher algorithm. 1307 1308 Khazad was a finalist in the initial NESSIE competition. It is 1309 an algorithm optimized for 64-bit processors with good performance 1310 on 32-bit processors. Khazad uses an 128 bit key size. 1311 1312 See also: 1313 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1314 1315config CRYPTO_SALSA20 1316 tristate "Salsa20 stream cipher algorithm" 1317 select CRYPTO_BLKCIPHER 1318 help 1319 Salsa20 stream cipher algorithm. 1320 1321 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1322 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1323 1324 The Salsa20 stream cipher algorithm is designed by Daniel J. 1325 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1326 1327config CRYPTO_SALSA20_586 1328 tristate "Salsa20 stream cipher algorithm (i586)" 1329 depends on (X86 || UML_X86) && !64BIT 1330 select CRYPTO_BLKCIPHER 1331 help 1332 Salsa20 stream cipher algorithm. 1333 1334 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1335 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1336 1337 The Salsa20 stream cipher algorithm is designed by Daniel J. 1338 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1339 1340config CRYPTO_SALSA20_X86_64 1341 tristate "Salsa20 stream cipher algorithm (x86_64)" 1342 depends on (X86 || UML_X86) && 64BIT 1343 select CRYPTO_BLKCIPHER 1344 help 1345 Salsa20 stream cipher algorithm. 1346 1347 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1348 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1349 1350 The Salsa20 stream cipher algorithm is designed by Daniel J. 1351 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1352 1353config CRYPTO_CHACHA20 1354 tristate "ChaCha20 cipher algorithm" 1355 select CRYPTO_BLKCIPHER 1356 help 1357 ChaCha20 cipher algorithm, RFC7539. 1358 1359 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1360 Bernstein and further specified in RFC7539 for use in IETF protocols. 1361 This is the portable C implementation of ChaCha20. 1362 1363 See also: 1364 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1365 1366config CRYPTO_CHACHA20_X86_64 1367 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1368 depends on X86 && 64BIT 1369 select CRYPTO_BLKCIPHER 1370 select CRYPTO_CHACHA20 1371 help 1372 ChaCha20 cipher algorithm, RFC7539. 1373 1374 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1375 Bernstein and further specified in RFC7539 for use in IETF protocols. 1376 This is the x86_64 assembler implementation using SIMD instructions. 1377 1378 See also: 1379 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1380 1381config CRYPTO_SEED 1382 tristate "SEED cipher algorithm" 1383 select CRYPTO_ALGAPI 1384 help 1385 SEED cipher algorithm (RFC4269). 1386 1387 SEED is a 128-bit symmetric key block cipher that has been 1388 developed by KISA (Korea Information Security Agency) as a 1389 national standard encryption algorithm of the Republic of Korea. 1390 It is a 16 round block cipher with the key size of 128 bit. 1391 1392 See also: 1393 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1394 1395config CRYPTO_SERPENT 1396 tristate "Serpent cipher algorithm" 1397 select CRYPTO_ALGAPI 1398 help 1399 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1400 1401 Keys are allowed to be from 0 to 256 bits in length, in steps 1402 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1403 variant of Serpent for compatibility with old kerneli.org code. 1404 1405 See also: 1406 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1407 1408config CRYPTO_SERPENT_SSE2_X86_64 1409 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1410 depends on X86 && 64BIT 1411 select CRYPTO_ALGAPI 1412 select CRYPTO_CRYPTD 1413 select CRYPTO_ABLK_HELPER 1414 select CRYPTO_GLUE_HELPER_X86 1415 select CRYPTO_SERPENT 1416 select CRYPTO_LRW 1417 select CRYPTO_XTS 1418 help 1419 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1420 1421 Keys are allowed to be from 0 to 256 bits in length, in steps 1422 of 8 bits. 1423 1424 This module provides Serpent cipher algorithm that processes eight 1425 blocks parallel using SSE2 instruction set. 1426 1427 See also: 1428 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1429 1430config CRYPTO_SERPENT_SSE2_586 1431 tristate "Serpent cipher algorithm (i586/SSE2)" 1432 depends on X86 && !64BIT 1433 select CRYPTO_ALGAPI 1434 select CRYPTO_CRYPTD 1435 select CRYPTO_ABLK_HELPER 1436 select CRYPTO_GLUE_HELPER_X86 1437 select CRYPTO_SERPENT 1438 select CRYPTO_LRW 1439 select CRYPTO_XTS 1440 help 1441 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1442 1443 Keys are allowed to be from 0 to 256 bits in length, in steps 1444 of 8 bits. 1445 1446 This module provides Serpent cipher algorithm that processes four 1447 blocks parallel using SSE2 instruction set. 1448 1449 See also: 1450 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1451 1452config CRYPTO_SERPENT_AVX_X86_64 1453 tristate "Serpent cipher algorithm (x86_64/AVX)" 1454 depends on X86 && 64BIT 1455 select CRYPTO_ALGAPI 1456 select CRYPTO_CRYPTD 1457 select CRYPTO_ABLK_HELPER 1458 select CRYPTO_GLUE_HELPER_X86 1459 select CRYPTO_SERPENT 1460 select CRYPTO_LRW 1461 select CRYPTO_XTS 1462 help 1463 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1464 1465 Keys are allowed to be from 0 to 256 bits in length, in steps 1466 of 8 bits. 1467 1468 This module provides the Serpent cipher algorithm that processes 1469 eight blocks parallel using the AVX instruction set. 1470 1471 See also: 1472 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1473 1474config CRYPTO_SERPENT_AVX2_X86_64 1475 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1476 depends on X86 && 64BIT 1477 select CRYPTO_ALGAPI 1478 select CRYPTO_CRYPTD 1479 select CRYPTO_ABLK_HELPER 1480 select CRYPTO_GLUE_HELPER_X86 1481 select CRYPTO_SERPENT 1482 select CRYPTO_SERPENT_AVX_X86_64 1483 select CRYPTO_LRW 1484 select CRYPTO_XTS 1485 help 1486 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1487 1488 Keys are allowed to be from 0 to 256 bits in length, in steps 1489 of 8 bits. 1490 1491 This module provides Serpent cipher algorithm that processes 16 1492 blocks parallel using AVX2 instruction set. 1493 1494 See also: 1495 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1496 1497config CRYPTO_TEA 1498 tristate "TEA, XTEA and XETA cipher algorithms" 1499 select CRYPTO_ALGAPI 1500 help 1501 TEA cipher algorithm. 1502 1503 Tiny Encryption Algorithm is a simple cipher that uses 1504 many rounds for security. It is very fast and uses 1505 little memory. 1506 1507 Xtendend Tiny Encryption Algorithm is a modification to 1508 the TEA algorithm to address a potential key weakness 1509 in the TEA algorithm. 1510 1511 Xtendend Encryption Tiny Algorithm is a mis-implementation 1512 of the XTEA algorithm for compatibility purposes. 1513 1514config CRYPTO_TWOFISH 1515 tristate "Twofish cipher algorithm" 1516 select CRYPTO_ALGAPI 1517 select CRYPTO_TWOFISH_COMMON 1518 help 1519 Twofish cipher algorithm. 1520 1521 Twofish was submitted as an AES (Advanced Encryption Standard) 1522 candidate cipher by researchers at CounterPane Systems. It is a 1523 16 round block cipher supporting key sizes of 128, 192, and 256 1524 bits. 1525 1526 See also: 1527 <http://www.schneier.com/twofish.html> 1528 1529config CRYPTO_TWOFISH_COMMON 1530 tristate 1531 help 1532 Common parts of the Twofish cipher algorithm shared by the 1533 generic c and the assembler implementations. 1534 1535config CRYPTO_TWOFISH_586 1536 tristate "Twofish cipher algorithms (i586)" 1537 depends on (X86 || UML_X86) && !64BIT 1538 select CRYPTO_ALGAPI 1539 select CRYPTO_TWOFISH_COMMON 1540 help 1541 Twofish cipher algorithm. 1542 1543 Twofish was submitted as an AES (Advanced Encryption Standard) 1544 candidate cipher by researchers at CounterPane Systems. It is a 1545 16 round block cipher supporting key sizes of 128, 192, and 256 1546 bits. 1547 1548 See also: 1549 <http://www.schneier.com/twofish.html> 1550 1551config CRYPTO_TWOFISH_X86_64 1552 tristate "Twofish cipher algorithm (x86_64)" 1553 depends on (X86 || UML_X86) && 64BIT 1554 select CRYPTO_ALGAPI 1555 select CRYPTO_TWOFISH_COMMON 1556 help 1557 Twofish cipher algorithm (x86_64). 1558 1559 Twofish was submitted as an AES (Advanced Encryption Standard) 1560 candidate cipher by researchers at CounterPane Systems. It is a 1561 16 round block cipher supporting key sizes of 128, 192, and 256 1562 bits. 1563 1564 See also: 1565 <http://www.schneier.com/twofish.html> 1566 1567config CRYPTO_TWOFISH_X86_64_3WAY 1568 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1569 depends on X86 && 64BIT 1570 select CRYPTO_ALGAPI 1571 select CRYPTO_TWOFISH_COMMON 1572 select CRYPTO_TWOFISH_X86_64 1573 select CRYPTO_GLUE_HELPER_X86 1574 select CRYPTO_LRW 1575 select CRYPTO_XTS 1576 help 1577 Twofish cipher algorithm (x86_64, 3-way parallel). 1578 1579 Twofish was submitted as an AES (Advanced Encryption Standard) 1580 candidate cipher by researchers at CounterPane Systems. It is a 1581 16 round block cipher supporting key sizes of 128, 192, and 256 1582 bits. 1583 1584 This module provides Twofish cipher algorithm that processes three 1585 blocks parallel, utilizing resources of out-of-order CPUs better. 1586 1587 See also: 1588 <http://www.schneier.com/twofish.html> 1589 1590config CRYPTO_TWOFISH_AVX_X86_64 1591 tristate "Twofish cipher algorithm (x86_64/AVX)" 1592 depends on X86 && 64BIT 1593 select CRYPTO_ALGAPI 1594 select CRYPTO_CRYPTD 1595 select CRYPTO_ABLK_HELPER 1596 select CRYPTO_GLUE_HELPER_X86 1597 select CRYPTO_TWOFISH_COMMON 1598 select CRYPTO_TWOFISH_X86_64 1599 select CRYPTO_TWOFISH_X86_64_3WAY 1600 select CRYPTO_LRW 1601 select CRYPTO_XTS 1602 help 1603 Twofish cipher algorithm (x86_64/AVX). 1604 1605 Twofish was submitted as an AES (Advanced Encryption Standard) 1606 candidate cipher by researchers at CounterPane Systems. It is a 1607 16 round block cipher supporting key sizes of 128, 192, and 256 1608 bits. 1609 1610 This module provides the Twofish cipher algorithm that processes 1611 eight blocks parallel using the AVX Instruction Set. 1612 1613 See also: 1614 <http://www.schneier.com/twofish.html> 1615 1616comment "Compression" 1617 1618config CRYPTO_DEFLATE 1619 tristate "Deflate compression algorithm" 1620 select CRYPTO_ALGAPI 1621 select CRYPTO_ACOMP2 1622 select ZLIB_INFLATE 1623 select ZLIB_DEFLATE 1624 help 1625 This is the Deflate algorithm (RFC1951), specified for use in 1626 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1627 1628 You will most probably want this if using IPSec. 1629 1630config CRYPTO_LZO 1631 tristate "LZO compression algorithm" 1632 select CRYPTO_ALGAPI 1633 select CRYPTO_ACOMP2 1634 select LZO_COMPRESS 1635 select LZO_DECOMPRESS 1636 help 1637 This is the LZO algorithm. 1638 1639config CRYPTO_842 1640 tristate "842 compression algorithm" 1641 select CRYPTO_ALGAPI 1642 select CRYPTO_ACOMP2 1643 select 842_COMPRESS 1644 select 842_DECOMPRESS 1645 help 1646 This is the 842 algorithm. 1647 1648config CRYPTO_LZ4 1649 tristate "LZ4 compression algorithm" 1650 select CRYPTO_ALGAPI 1651 select CRYPTO_ACOMP2 1652 select LZ4_COMPRESS 1653 select LZ4_DECOMPRESS 1654 help 1655 This is the LZ4 algorithm. 1656 1657config CRYPTO_LZ4HC 1658 tristate "LZ4HC compression algorithm" 1659 select CRYPTO_ALGAPI 1660 select CRYPTO_ACOMP2 1661 select LZ4HC_COMPRESS 1662 select LZ4_DECOMPRESS 1663 help 1664 This is the LZ4 high compression mode algorithm. 1665 1666comment "Random Number Generation" 1667 1668config CRYPTO_ANSI_CPRNG 1669 tristate "Pseudo Random Number Generation for Cryptographic modules" 1670 select CRYPTO_AES 1671 select CRYPTO_RNG 1672 help 1673 This option enables the generic pseudo random number generator 1674 for cryptographic modules. Uses the Algorithm specified in 1675 ANSI X9.31 A.2.4. Note that this option must be enabled if 1676 CRYPTO_FIPS is selected 1677 1678menuconfig CRYPTO_DRBG_MENU 1679 tristate "NIST SP800-90A DRBG" 1680 help 1681 NIST SP800-90A compliant DRBG. In the following submenu, one or 1682 more of the DRBG types must be selected. 1683 1684if CRYPTO_DRBG_MENU 1685 1686config CRYPTO_DRBG_HMAC 1687 bool 1688 default y 1689 select CRYPTO_HMAC 1690 select CRYPTO_SHA256 1691 1692config CRYPTO_DRBG_HASH 1693 bool "Enable Hash DRBG" 1694 select CRYPTO_SHA256 1695 help 1696 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1697 1698config CRYPTO_DRBG_CTR 1699 bool "Enable CTR DRBG" 1700 select CRYPTO_AES 1701 depends on CRYPTO_CTR 1702 help 1703 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1704 1705config CRYPTO_DRBG 1706 tristate 1707 default CRYPTO_DRBG_MENU 1708 select CRYPTO_RNG 1709 select CRYPTO_JITTERENTROPY 1710 1711endif # if CRYPTO_DRBG_MENU 1712 1713config CRYPTO_JITTERENTROPY 1714 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1715 select CRYPTO_RNG 1716 help 1717 The Jitterentropy RNG is a noise that is intended 1718 to provide seed to another RNG. The RNG does not 1719 perform any cryptographic whitening of the generated 1720 random numbers. This Jitterentropy RNG registers with 1721 the kernel crypto API and can be used by any caller. 1722 1723config CRYPTO_USER_API 1724 tristate 1725 1726config CRYPTO_USER_API_HASH 1727 tristate "User-space interface for hash algorithms" 1728 depends on NET 1729 select CRYPTO_HASH 1730 select CRYPTO_USER_API 1731 help 1732 This option enables the user-spaces interface for hash 1733 algorithms. 1734 1735config CRYPTO_USER_API_SKCIPHER 1736 tristate "User-space interface for symmetric key cipher algorithms" 1737 depends on NET 1738 select CRYPTO_BLKCIPHER 1739 select CRYPTO_USER_API 1740 help 1741 This option enables the user-spaces interface for symmetric 1742 key cipher algorithms. 1743 1744config CRYPTO_USER_API_RNG 1745 tristate "User-space interface for random number generator algorithms" 1746 depends on NET 1747 select CRYPTO_RNG 1748 select CRYPTO_USER_API 1749 help 1750 This option enables the user-spaces interface for random 1751 number generator algorithms. 1752 1753config CRYPTO_USER_API_AEAD 1754 tristate "User-space interface for AEAD cipher algorithms" 1755 depends on NET 1756 select CRYPTO_AEAD 1757 select CRYPTO_BLKCIPHER 1758 select CRYPTO_NULL 1759 select CRYPTO_USER_API 1760 help 1761 This option enables the user-spaces interface for AEAD 1762 cipher algorithms. 1763 1764config CRYPTO_HASH_INFO 1765 bool 1766 1767source "drivers/crypto/Kconfig" 1768source crypto/asymmetric_keys/Kconfig 1769source certs/Kconfig 1770 1771endif # if CRYPTO 1772