1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 27 depends on MODULE_SIG 28 help 29 This options enables the fips boot option which is 30 required if you want to system to operate in a FIPS 200 31 certification. You should say no unless you know what 32 this is. 33 34config CRYPTO_ALGAPI 35 tristate 36 select CRYPTO_ALGAPI2 37 help 38 This option provides the API for cryptographic algorithms. 39 40config CRYPTO_ALGAPI2 41 tristate 42 43config CRYPTO_AEAD 44 tristate 45 select CRYPTO_AEAD2 46 select CRYPTO_ALGAPI 47 48config CRYPTO_AEAD2 49 tristate 50 select CRYPTO_ALGAPI2 51 select CRYPTO_NULL2 52 select CRYPTO_RNG2 53 54config CRYPTO_BLKCIPHER 55 tristate 56 select CRYPTO_BLKCIPHER2 57 select CRYPTO_ALGAPI 58 59config CRYPTO_BLKCIPHER2 60 tristate 61 select CRYPTO_ALGAPI2 62 select CRYPTO_RNG2 63 select CRYPTO_WORKQUEUE 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_PCOMP 88 tristate 89 select CRYPTO_PCOMP2 90 select CRYPTO_ALGAPI 91 92config CRYPTO_PCOMP2 93 tristate 94 select CRYPTO_ALGAPI2 95 96config CRYPTO_AKCIPHER2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_AKCIPHER 101 tristate 102 select CRYPTO_AKCIPHER2 103 select CRYPTO_ALGAPI 104 105config CRYPTO_RSA 106 tristate "RSA algorithm" 107 select CRYPTO_AKCIPHER 108 select MPILIB 109 select ASN1 110 help 111 Generic implementation of the RSA public key algorithm. 112 113config CRYPTO_MANAGER 114 tristate "Cryptographic algorithm manager" 115 select CRYPTO_MANAGER2 116 help 117 Create default cryptographic template instantiations such as 118 cbc(aes). 119 120config CRYPTO_MANAGER2 121 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 122 select CRYPTO_AEAD2 123 select CRYPTO_HASH2 124 select CRYPTO_BLKCIPHER2 125 select CRYPTO_PCOMP2 126 select CRYPTO_AKCIPHER2 127 128config CRYPTO_USER 129 tristate "Userspace cryptographic algorithm configuration" 130 depends on NET 131 select CRYPTO_MANAGER 132 help 133 Userspace configuration for cryptographic instantiations such as 134 cbc(aes). 135 136config CRYPTO_MANAGER_DISABLE_TESTS 137 bool "Disable run-time self tests" 138 default y 139 depends on CRYPTO_MANAGER2 140 help 141 Disable run-time self tests that normally take place at 142 algorithm registration. 143 144config CRYPTO_GF128MUL 145 tristate "GF(2^128) multiplication functions" 146 help 147 Efficient table driven implementation of multiplications in the 148 field GF(2^128). This is needed by some cypher modes. This 149 option will be selected automatically if you select such a 150 cipher mode. Only select this option by hand if you expect to load 151 an external module that requires these functions. 152 153config CRYPTO_NULL 154 tristate "Null algorithms" 155 select CRYPTO_NULL2 156 help 157 These are 'Null' algorithms, used by IPsec, which do nothing. 158 159config CRYPTO_NULL2 160 tristate 161 select CRYPTO_ALGAPI2 162 select CRYPTO_BLKCIPHER2 163 select CRYPTO_HASH2 164 165config CRYPTO_PCRYPT 166 tristate "Parallel crypto engine" 167 depends on SMP 168 select PADATA 169 select CRYPTO_MANAGER 170 select CRYPTO_AEAD 171 help 172 This converts an arbitrary crypto algorithm into a parallel 173 algorithm that executes in kernel threads. 174 175config CRYPTO_WORKQUEUE 176 tristate 177 178config CRYPTO_CRYPTD 179 tristate "Software async crypto daemon" 180 select CRYPTO_BLKCIPHER 181 select CRYPTO_HASH 182 select CRYPTO_MANAGER 183 select CRYPTO_WORKQUEUE 184 help 185 This is a generic software asynchronous crypto daemon that 186 converts an arbitrary synchronous software crypto algorithm 187 into an asynchronous algorithm that executes in a kernel thread. 188 189config CRYPTO_MCRYPTD 190 tristate "Software async multi-buffer crypto daemon" 191 select CRYPTO_BLKCIPHER 192 select CRYPTO_HASH 193 select CRYPTO_MANAGER 194 select CRYPTO_WORKQUEUE 195 help 196 This is a generic software asynchronous crypto daemon that 197 provides the kernel thread to assist multi-buffer crypto 198 algorithms for submitting jobs and flushing jobs in multi-buffer 199 crypto algorithms. Multi-buffer crypto algorithms are executed 200 in the context of this kernel thread and drivers can post 201 their crypto request asynchronously to be processed by this daemon. 202 203config CRYPTO_AUTHENC 204 tristate "Authenc support" 205 select CRYPTO_AEAD 206 select CRYPTO_BLKCIPHER 207 select CRYPTO_MANAGER 208 select CRYPTO_HASH 209 select CRYPTO_NULL 210 help 211 Authenc: Combined mode wrapper for IPsec. 212 This is required for IPSec. 213 214config CRYPTO_TEST 215 tristate "Testing module" 216 depends on m 217 select CRYPTO_MANAGER 218 help 219 Quick & dirty crypto test module. 220 221config CRYPTO_ABLK_HELPER 222 tristate 223 select CRYPTO_CRYPTD 224 225config CRYPTO_GLUE_HELPER_X86 226 tristate 227 depends on X86 228 select CRYPTO_ALGAPI 229 230comment "Authenticated Encryption with Associated Data" 231 232config CRYPTO_CCM 233 tristate "CCM support" 234 select CRYPTO_CTR 235 select CRYPTO_AEAD 236 help 237 Support for Counter with CBC MAC. Required for IPsec. 238 239config CRYPTO_GCM 240 tristate "GCM/GMAC support" 241 select CRYPTO_CTR 242 select CRYPTO_AEAD 243 select CRYPTO_GHASH 244 select CRYPTO_NULL 245 help 246 Support for Galois/Counter Mode (GCM) and Galois Message 247 Authentication Code (GMAC). Required for IPSec. 248 249config CRYPTO_CHACHA20POLY1305 250 tristate "ChaCha20-Poly1305 AEAD support" 251 select CRYPTO_CHACHA20 252 select CRYPTO_POLY1305 253 select CRYPTO_AEAD 254 help 255 ChaCha20-Poly1305 AEAD support, RFC7539. 256 257 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 258 with the Poly1305 authenticator. It is defined in RFC7539 for use in 259 IETF protocols. 260 261config CRYPTO_SEQIV 262 tristate "Sequence Number IV Generator" 263 select CRYPTO_AEAD 264 select CRYPTO_BLKCIPHER 265 select CRYPTO_NULL 266 select CRYPTO_RNG_DEFAULT 267 help 268 This IV generator generates an IV based on a sequence number by 269 xoring it with a salt. This algorithm is mainly useful for CTR 270 271config CRYPTO_ECHAINIV 272 tristate "Encrypted Chain IV Generator" 273 select CRYPTO_AEAD 274 select CRYPTO_NULL 275 select CRYPTO_RNG_DEFAULT 276 default m 277 help 278 This IV generator generates an IV based on the encryption of 279 a sequence number xored with a salt. This is the default 280 algorithm for CBC. 281 282comment "Block modes" 283 284config CRYPTO_CBC 285 tristate "CBC support" 286 select CRYPTO_BLKCIPHER 287 select CRYPTO_MANAGER 288 help 289 CBC: Cipher Block Chaining mode 290 This block cipher algorithm is required for IPSec. 291 292config CRYPTO_CTR 293 tristate "CTR support" 294 select CRYPTO_BLKCIPHER 295 select CRYPTO_SEQIV 296 select CRYPTO_MANAGER 297 help 298 CTR: Counter mode 299 This block cipher algorithm is required for IPSec. 300 301config CRYPTO_CTS 302 tristate "CTS support" 303 select CRYPTO_BLKCIPHER 304 help 305 CTS: Cipher Text Stealing 306 This is the Cipher Text Stealing mode as described by 307 Section 8 of rfc2040 and referenced by rfc3962. 308 (rfc3962 includes errata information in its Appendix A) 309 This mode is required for Kerberos gss mechanism support 310 for AES encryption. 311 312config CRYPTO_ECB 313 tristate "ECB support" 314 select CRYPTO_BLKCIPHER 315 select CRYPTO_MANAGER 316 help 317 ECB: Electronic CodeBook mode 318 This is the simplest block cipher algorithm. It simply encrypts 319 the input block by block. 320 321config CRYPTO_LRW 322 tristate "LRW support" 323 select CRYPTO_BLKCIPHER 324 select CRYPTO_MANAGER 325 select CRYPTO_GF128MUL 326 help 327 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 328 narrow block cipher mode for dm-crypt. Use it with cipher 329 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 330 The first 128, 192 or 256 bits in the key are used for AES and the 331 rest is used to tie each cipher block to its logical position. 332 333config CRYPTO_PCBC 334 tristate "PCBC support" 335 select CRYPTO_BLKCIPHER 336 select CRYPTO_MANAGER 337 help 338 PCBC: Propagating Cipher Block Chaining mode 339 This block cipher algorithm is required for RxRPC. 340 341config CRYPTO_XTS 342 tristate "XTS support" 343 select CRYPTO_BLKCIPHER 344 select CRYPTO_MANAGER 345 select CRYPTO_GF128MUL 346 help 347 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 348 key size 256, 384 or 512 bits. This implementation currently 349 can't handle a sectorsize which is not a multiple of 16 bytes. 350 351config CRYPTO_KEYWRAP 352 tristate "Key wrapping support" 353 select CRYPTO_BLKCIPHER 354 help 355 Support for key wrapping (NIST SP800-38F / RFC3394) without 356 padding. 357 358comment "Hash modes" 359 360config CRYPTO_CMAC 361 tristate "CMAC support" 362 select CRYPTO_HASH 363 select CRYPTO_MANAGER 364 help 365 Cipher-based Message Authentication Code (CMAC) specified by 366 The National Institute of Standards and Technology (NIST). 367 368 https://tools.ietf.org/html/rfc4493 369 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 370 371config CRYPTO_HMAC 372 tristate "HMAC support" 373 select CRYPTO_HASH 374 select CRYPTO_MANAGER 375 help 376 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 377 This is required for IPSec. 378 379config CRYPTO_XCBC 380 tristate "XCBC support" 381 select CRYPTO_HASH 382 select CRYPTO_MANAGER 383 help 384 XCBC: Keyed-Hashing with encryption algorithm 385 http://www.ietf.org/rfc/rfc3566.txt 386 http://csrc.nist.gov/encryption/modes/proposedmodes/ 387 xcbc-mac/xcbc-mac-spec.pdf 388 389config CRYPTO_VMAC 390 tristate "VMAC support" 391 select CRYPTO_HASH 392 select CRYPTO_MANAGER 393 help 394 VMAC is a message authentication algorithm designed for 395 very high speed on 64-bit architectures. 396 397 See also: 398 <http://fastcrypto.org/vmac> 399 400comment "Digest" 401 402config CRYPTO_CRC32C 403 tristate "CRC32c CRC algorithm" 404 select CRYPTO_HASH 405 select CRC32 406 help 407 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 408 by iSCSI for header and data digests and by others. 409 See Castagnoli93. Module will be crc32c. 410 411config CRYPTO_CRC32C_INTEL 412 tristate "CRC32c INTEL hardware acceleration" 413 depends on X86 414 select CRYPTO_HASH 415 help 416 In Intel processor with SSE4.2 supported, the processor will 417 support CRC32C implementation using hardware accelerated CRC32 418 instruction. This option will create 'crc32c-intel' module, 419 which will enable any routine to use the CRC32 instruction to 420 gain performance compared with software implementation. 421 Module will be crc32c-intel. 422 423config CRYPTO_CRC32C_SPARC64 424 tristate "CRC32c CRC algorithm (SPARC64)" 425 depends on SPARC64 426 select CRYPTO_HASH 427 select CRC32 428 help 429 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 430 when available. 431 432config CRYPTO_CRC32 433 tristate "CRC32 CRC algorithm" 434 select CRYPTO_HASH 435 select CRC32 436 help 437 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 438 Shash crypto api wrappers to crc32_le function. 439 440config CRYPTO_CRC32_PCLMUL 441 tristate "CRC32 PCLMULQDQ hardware acceleration" 442 depends on X86 443 select CRYPTO_HASH 444 select CRC32 445 help 446 From Intel Westmere and AMD Bulldozer processor with SSE4.2 447 and PCLMULQDQ supported, the processor will support 448 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 449 instruction. This option will create 'crc32-plcmul' module, 450 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 451 and gain better performance as compared with the table implementation. 452 453config CRYPTO_CRCT10DIF 454 tristate "CRCT10DIF algorithm" 455 select CRYPTO_HASH 456 help 457 CRC T10 Data Integrity Field computation is being cast as 458 a crypto transform. This allows for faster crc t10 diff 459 transforms to be used if they are available. 460 461config CRYPTO_CRCT10DIF_PCLMUL 462 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 463 depends on X86 && 64BIT && CRC_T10DIF 464 select CRYPTO_HASH 465 help 466 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 467 CRC T10 DIF PCLMULQDQ computation can be hardware 468 accelerated PCLMULQDQ instruction. This option will create 469 'crct10dif-plcmul' module, which is faster when computing the 470 crct10dif checksum as compared with the generic table implementation. 471 472config CRYPTO_GHASH 473 tristate "GHASH digest algorithm" 474 select CRYPTO_GF128MUL 475 select CRYPTO_HASH 476 help 477 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 478 479config CRYPTO_POLY1305 480 tristate "Poly1305 authenticator algorithm" 481 select CRYPTO_HASH 482 help 483 Poly1305 authenticator algorithm, RFC7539. 484 485 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 486 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 487 in IETF protocols. This is the portable C implementation of Poly1305. 488 489config CRYPTO_POLY1305_X86_64 490 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 491 depends on X86 && 64BIT 492 select CRYPTO_POLY1305 493 help 494 Poly1305 authenticator algorithm, RFC7539. 495 496 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 497 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 498 in IETF protocols. This is the x86_64 assembler implementation using SIMD 499 instructions. 500 501config CRYPTO_MD4 502 tristate "MD4 digest algorithm" 503 select CRYPTO_HASH 504 help 505 MD4 message digest algorithm (RFC1320). 506 507config CRYPTO_MD5 508 tristate "MD5 digest algorithm" 509 select CRYPTO_HASH 510 help 511 MD5 message digest algorithm (RFC1321). 512 513config CRYPTO_MD5_OCTEON 514 tristate "MD5 digest algorithm (OCTEON)" 515 depends on CPU_CAVIUM_OCTEON 516 select CRYPTO_MD5 517 select CRYPTO_HASH 518 help 519 MD5 message digest algorithm (RFC1321) implemented 520 using OCTEON crypto instructions, when available. 521 522config CRYPTO_MD5_PPC 523 tristate "MD5 digest algorithm (PPC)" 524 depends on PPC 525 select CRYPTO_HASH 526 help 527 MD5 message digest algorithm (RFC1321) implemented 528 in PPC assembler. 529 530config CRYPTO_MD5_SPARC64 531 tristate "MD5 digest algorithm (SPARC64)" 532 depends on SPARC64 533 select CRYPTO_MD5 534 select CRYPTO_HASH 535 help 536 MD5 message digest algorithm (RFC1321) implemented 537 using sparc64 crypto instructions, when available. 538 539config CRYPTO_MICHAEL_MIC 540 tristate "Michael MIC keyed digest algorithm" 541 select CRYPTO_HASH 542 help 543 Michael MIC is used for message integrity protection in TKIP 544 (IEEE 802.11i). This algorithm is required for TKIP, but it 545 should not be used for other purposes because of the weakness 546 of the algorithm. 547 548config CRYPTO_RMD128 549 tristate "RIPEMD-128 digest algorithm" 550 select CRYPTO_HASH 551 help 552 RIPEMD-128 (ISO/IEC 10118-3:2004). 553 554 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 555 be used as a secure replacement for RIPEMD. For other use cases, 556 RIPEMD-160 should be used. 557 558 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 559 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 560 561config CRYPTO_RMD160 562 tristate "RIPEMD-160 digest algorithm" 563 select CRYPTO_HASH 564 help 565 RIPEMD-160 (ISO/IEC 10118-3:2004). 566 567 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 568 to be used as a secure replacement for the 128-bit hash functions 569 MD4, MD5 and it's predecessor RIPEMD 570 (not to be confused with RIPEMD-128). 571 572 It's speed is comparable to SHA1 and there are no known attacks 573 against RIPEMD-160. 574 575 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 576 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 577 578config CRYPTO_RMD256 579 tristate "RIPEMD-256 digest algorithm" 580 select CRYPTO_HASH 581 help 582 RIPEMD-256 is an optional extension of RIPEMD-128 with a 583 256 bit hash. It is intended for applications that require 584 longer hash-results, without needing a larger security level 585 (than RIPEMD-128). 586 587 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 588 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 589 590config CRYPTO_RMD320 591 tristate "RIPEMD-320 digest algorithm" 592 select CRYPTO_HASH 593 help 594 RIPEMD-320 is an optional extension of RIPEMD-160 with a 595 320 bit hash. It is intended for applications that require 596 longer hash-results, without needing a larger security level 597 (than RIPEMD-160). 598 599 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 600 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 601 602config CRYPTO_SHA1 603 tristate "SHA1 digest algorithm" 604 select CRYPTO_HASH 605 help 606 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 607 608config CRYPTO_SHA1_SSSE3 609 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 610 depends on X86 && 64BIT 611 select CRYPTO_SHA1 612 select CRYPTO_HASH 613 help 614 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 615 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 616 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 617 when available. 618 619config CRYPTO_SHA256_SSSE3 620 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 621 depends on X86 && 64BIT 622 select CRYPTO_SHA256 623 select CRYPTO_HASH 624 help 625 SHA-256 secure hash standard (DFIPS 180-2) implemented 626 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 627 Extensions version 1 (AVX1), or Advanced Vector Extensions 628 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 629 Instructions) when available. 630 631config CRYPTO_SHA512_SSSE3 632 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 633 depends on X86 && 64BIT 634 select CRYPTO_SHA512 635 select CRYPTO_HASH 636 help 637 SHA-512 secure hash standard (DFIPS 180-2) implemented 638 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 639 Extensions version 1 (AVX1), or Advanced Vector Extensions 640 version 2 (AVX2) instructions, when available. 641 642config CRYPTO_SHA1_OCTEON 643 tristate "SHA1 digest algorithm (OCTEON)" 644 depends on CPU_CAVIUM_OCTEON 645 select CRYPTO_SHA1 646 select CRYPTO_HASH 647 help 648 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 649 using OCTEON crypto instructions, when available. 650 651config CRYPTO_SHA1_SPARC64 652 tristate "SHA1 digest algorithm (SPARC64)" 653 depends on SPARC64 654 select CRYPTO_SHA1 655 select CRYPTO_HASH 656 help 657 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 658 using sparc64 crypto instructions, when available. 659 660config CRYPTO_SHA1_PPC 661 tristate "SHA1 digest algorithm (powerpc)" 662 depends on PPC 663 help 664 This is the powerpc hardware accelerated implementation of the 665 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 666 667config CRYPTO_SHA1_PPC_SPE 668 tristate "SHA1 digest algorithm (PPC SPE)" 669 depends on PPC && SPE 670 help 671 SHA-1 secure hash standard (DFIPS 180-4) implemented 672 using powerpc SPE SIMD instruction set. 673 674config CRYPTO_SHA1_MB 675 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 676 depends on X86 && 64BIT 677 select CRYPTO_SHA1 678 select CRYPTO_HASH 679 select CRYPTO_MCRYPTD 680 help 681 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 682 using multi-buffer technique. This algorithm computes on 683 multiple data lanes concurrently with SIMD instructions for 684 better throughput. It should not be enabled by default but 685 used when there is significant amount of work to keep the keep 686 the data lanes filled to get performance benefit. If the data 687 lanes remain unfilled, a flush operation will be initiated to 688 process the crypto jobs, adding a slight latency. 689 690config CRYPTO_SHA256 691 tristate "SHA224 and SHA256 digest algorithm" 692 select CRYPTO_HASH 693 help 694 SHA256 secure hash standard (DFIPS 180-2). 695 696 This version of SHA implements a 256 bit hash with 128 bits of 697 security against collision attacks. 698 699 This code also includes SHA-224, a 224 bit hash with 112 bits 700 of security against collision attacks. 701 702config CRYPTO_SHA256_PPC_SPE 703 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 704 depends on PPC && SPE 705 select CRYPTO_SHA256 706 select CRYPTO_HASH 707 help 708 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 709 implemented using powerpc SPE SIMD instruction set. 710 711config CRYPTO_SHA256_OCTEON 712 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 713 depends on CPU_CAVIUM_OCTEON 714 select CRYPTO_SHA256 715 select CRYPTO_HASH 716 help 717 SHA-256 secure hash standard (DFIPS 180-2) implemented 718 using OCTEON crypto instructions, when available. 719 720config CRYPTO_SHA256_SPARC64 721 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 722 depends on SPARC64 723 select CRYPTO_SHA256 724 select CRYPTO_HASH 725 help 726 SHA-256 secure hash standard (DFIPS 180-2) implemented 727 using sparc64 crypto instructions, when available. 728 729config CRYPTO_SHA512 730 tristate "SHA384 and SHA512 digest algorithms" 731 select CRYPTO_HASH 732 help 733 SHA512 secure hash standard (DFIPS 180-2). 734 735 This version of SHA implements a 512 bit hash with 256 bits of 736 security against collision attacks. 737 738 This code also includes SHA-384, a 384 bit hash with 192 bits 739 of security against collision attacks. 740 741config CRYPTO_SHA512_OCTEON 742 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 743 depends on CPU_CAVIUM_OCTEON 744 select CRYPTO_SHA512 745 select CRYPTO_HASH 746 help 747 SHA-512 secure hash standard (DFIPS 180-2) implemented 748 using OCTEON crypto instructions, when available. 749 750config CRYPTO_SHA512_SPARC64 751 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 752 depends on SPARC64 753 select CRYPTO_SHA512 754 select CRYPTO_HASH 755 help 756 SHA-512 secure hash standard (DFIPS 180-2) implemented 757 using sparc64 crypto instructions, when available. 758 759config CRYPTO_TGR192 760 tristate "Tiger digest algorithms" 761 select CRYPTO_HASH 762 help 763 Tiger hash algorithm 192, 160 and 128-bit hashes 764 765 Tiger is a hash function optimized for 64-bit processors while 766 still having decent performance on 32-bit processors. 767 Tiger was developed by Ross Anderson and Eli Biham. 768 769 See also: 770 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 771 772config CRYPTO_WP512 773 tristate "Whirlpool digest algorithms" 774 select CRYPTO_HASH 775 help 776 Whirlpool hash algorithm 512, 384 and 256-bit hashes 777 778 Whirlpool-512 is part of the NESSIE cryptographic primitives. 779 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 780 781 See also: 782 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 783 784config CRYPTO_GHASH_CLMUL_NI_INTEL 785 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 786 depends on X86 && 64BIT 787 select CRYPTO_CRYPTD 788 help 789 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 790 The implementation is accelerated by CLMUL-NI of Intel. 791 792comment "Ciphers" 793 794config CRYPTO_AES 795 tristate "AES cipher algorithms" 796 select CRYPTO_ALGAPI 797 help 798 AES cipher algorithms (FIPS-197). AES uses the Rijndael 799 algorithm. 800 801 Rijndael appears to be consistently a very good performer in 802 both hardware and software across a wide range of computing 803 environments regardless of its use in feedback or non-feedback 804 modes. Its key setup time is excellent, and its key agility is 805 good. Rijndael's very low memory requirements make it very well 806 suited for restricted-space environments, in which it also 807 demonstrates excellent performance. Rijndael's operations are 808 among the easiest to defend against power and timing attacks. 809 810 The AES specifies three key sizes: 128, 192 and 256 bits 811 812 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 813 814config CRYPTO_AES_586 815 tristate "AES cipher algorithms (i586)" 816 depends on (X86 || UML_X86) && !64BIT 817 select CRYPTO_ALGAPI 818 select CRYPTO_AES 819 help 820 AES cipher algorithms (FIPS-197). AES uses the Rijndael 821 algorithm. 822 823 Rijndael appears to be consistently a very good performer in 824 both hardware and software across a wide range of computing 825 environments regardless of its use in feedback or non-feedback 826 modes. Its key setup time is excellent, and its key agility is 827 good. Rijndael's very low memory requirements make it very well 828 suited for restricted-space environments, in which it also 829 demonstrates excellent performance. Rijndael's operations are 830 among the easiest to defend against power and timing attacks. 831 832 The AES specifies three key sizes: 128, 192 and 256 bits 833 834 See <http://csrc.nist.gov/encryption/aes/> for more information. 835 836config CRYPTO_AES_X86_64 837 tristate "AES cipher algorithms (x86_64)" 838 depends on (X86 || UML_X86) && 64BIT 839 select CRYPTO_ALGAPI 840 select CRYPTO_AES 841 help 842 AES cipher algorithms (FIPS-197). AES uses the Rijndael 843 algorithm. 844 845 Rijndael appears to be consistently a very good performer in 846 both hardware and software across a wide range of computing 847 environments regardless of its use in feedback or non-feedback 848 modes. Its key setup time is excellent, and its key agility is 849 good. Rijndael's very low memory requirements make it very well 850 suited for restricted-space environments, in which it also 851 demonstrates excellent performance. Rijndael's operations are 852 among the easiest to defend against power and timing attacks. 853 854 The AES specifies three key sizes: 128, 192 and 256 bits 855 856 See <http://csrc.nist.gov/encryption/aes/> for more information. 857 858config CRYPTO_AES_NI_INTEL 859 tristate "AES cipher algorithms (AES-NI)" 860 depends on X86 861 select CRYPTO_AES_X86_64 if 64BIT 862 select CRYPTO_AES_586 if !64BIT 863 select CRYPTO_CRYPTD 864 select CRYPTO_ABLK_HELPER 865 select CRYPTO_ALGAPI 866 select CRYPTO_GLUE_HELPER_X86 if 64BIT 867 select CRYPTO_LRW 868 select CRYPTO_XTS 869 help 870 Use Intel AES-NI instructions for AES algorithm. 871 872 AES cipher algorithms (FIPS-197). AES uses the Rijndael 873 algorithm. 874 875 Rijndael appears to be consistently a very good performer in 876 both hardware and software across a wide range of computing 877 environments regardless of its use in feedback or non-feedback 878 modes. Its key setup time is excellent, and its key agility is 879 good. Rijndael's very low memory requirements make it very well 880 suited for restricted-space environments, in which it also 881 demonstrates excellent performance. Rijndael's operations are 882 among the easiest to defend against power and timing attacks. 883 884 The AES specifies three key sizes: 128, 192 and 256 bits 885 886 See <http://csrc.nist.gov/encryption/aes/> for more information. 887 888 In addition to AES cipher algorithm support, the acceleration 889 for some popular block cipher mode is supported too, including 890 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 891 acceleration for CTR. 892 893config CRYPTO_AES_SPARC64 894 tristate "AES cipher algorithms (SPARC64)" 895 depends on SPARC64 896 select CRYPTO_CRYPTD 897 select CRYPTO_ALGAPI 898 help 899 Use SPARC64 crypto opcodes for AES algorithm. 900 901 AES cipher algorithms (FIPS-197). AES uses the Rijndael 902 algorithm. 903 904 Rijndael appears to be consistently a very good performer in 905 both hardware and software across a wide range of computing 906 environments regardless of its use in feedback or non-feedback 907 modes. Its key setup time is excellent, and its key agility is 908 good. Rijndael's very low memory requirements make it very well 909 suited for restricted-space environments, in which it also 910 demonstrates excellent performance. Rijndael's operations are 911 among the easiest to defend against power and timing attacks. 912 913 The AES specifies three key sizes: 128, 192 and 256 bits 914 915 See <http://csrc.nist.gov/encryption/aes/> for more information. 916 917 In addition to AES cipher algorithm support, the acceleration 918 for some popular block cipher mode is supported too, including 919 ECB and CBC. 920 921config CRYPTO_AES_PPC_SPE 922 tristate "AES cipher algorithms (PPC SPE)" 923 depends on PPC && SPE 924 help 925 AES cipher algorithms (FIPS-197). Additionally the acceleration 926 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 927 This module should only be used for low power (router) devices 928 without hardware AES acceleration (e.g. caam crypto). It reduces the 929 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 930 timining attacks. Nevertheless it might be not as secure as other 931 architecture specific assembler implementations that work on 1KB 932 tables or 256 bytes S-boxes. 933 934config CRYPTO_ANUBIS 935 tristate "Anubis cipher algorithm" 936 select CRYPTO_ALGAPI 937 help 938 Anubis cipher algorithm. 939 940 Anubis is a variable key length cipher which can use keys from 941 128 bits to 320 bits in length. It was evaluated as a entrant 942 in the NESSIE competition. 943 944 See also: 945 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 946 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 947 948config CRYPTO_ARC4 949 tristate "ARC4 cipher algorithm" 950 select CRYPTO_BLKCIPHER 951 help 952 ARC4 cipher algorithm. 953 954 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 955 bits in length. This algorithm is required for driver-based 956 WEP, but it should not be for other purposes because of the 957 weakness of the algorithm. 958 959config CRYPTO_BLOWFISH 960 tristate "Blowfish cipher algorithm" 961 select CRYPTO_ALGAPI 962 select CRYPTO_BLOWFISH_COMMON 963 help 964 Blowfish cipher algorithm, by Bruce Schneier. 965 966 This is a variable key length cipher which can use keys from 32 967 bits to 448 bits in length. It's fast, simple and specifically 968 designed for use on "large microprocessors". 969 970 See also: 971 <http://www.schneier.com/blowfish.html> 972 973config CRYPTO_BLOWFISH_COMMON 974 tristate 975 help 976 Common parts of the Blowfish cipher algorithm shared by the 977 generic c and the assembler implementations. 978 979 See also: 980 <http://www.schneier.com/blowfish.html> 981 982config CRYPTO_BLOWFISH_X86_64 983 tristate "Blowfish cipher algorithm (x86_64)" 984 depends on X86 && 64BIT 985 select CRYPTO_ALGAPI 986 select CRYPTO_BLOWFISH_COMMON 987 help 988 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 989 990 This is a variable key length cipher which can use keys from 32 991 bits to 448 bits in length. It's fast, simple and specifically 992 designed for use on "large microprocessors". 993 994 See also: 995 <http://www.schneier.com/blowfish.html> 996 997config CRYPTO_CAMELLIA 998 tristate "Camellia cipher algorithms" 999 depends on CRYPTO 1000 select CRYPTO_ALGAPI 1001 help 1002 Camellia cipher algorithms module. 1003 1004 Camellia is a symmetric key block cipher developed jointly 1005 at NTT and Mitsubishi Electric Corporation. 1006 1007 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1008 1009 See also: 1010 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1011 1012config CRYPTO_CAMELLIA_X86_64 1013 tristate "Camellia cipher algorithm (x86_64)" 1014 depends on X86 && 64BIT 1015 depends on CRYPTO 1016 select CRYPTO_ALGAPI 1017 select CRYPTO_GLUE_HELPER_X86 1018 select CRYPTO_LRW 1019 select CRYPTO_XTS 1020 help 1021 Camellia cipher algorithm module (x86_64). 1022 1023 Camellia is a symmetric key block cipher developed jointly 1024 at NTT and Mitsubishi Electric Corporation. 1025 1026 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1027 1028 See also: 1029 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1030 1031config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1032 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1033 depends on X86 && 64BIT 1034 depends on CRYPTO 1035 select CRYPTO_ALGAPI 1036 select CRYPTO_CRYPTD 1037 select CRYPTO_ABLK_HELPER 1038 select CRYPTO_GLUE_HELPER_X86 1039 select CRYPTO_CAMELLIA_X86_64 1040 select CRYPTO_LRW 1041 select CRYPTO_XTS 1042 help 1043 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1044 1045 Camellia is a symmetric key block cipher developed jointly 1046 at NTT and Mitsubishi Electric Corporation. 1047 1048 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1049 1050 See also: 1051 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1052 1053config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1054 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1055 depends on X86 && 64BIT 1056 depends on CRYPTO 1057 select CRYPTO_ALGAPI 1058 select CRYPTO_CRYPTD 1059 select CRYPTO_ABLK_HELPER 1060 select CRYPTO_GLUE_HELPER_X86 1061 select CRYPTO_CAMELLIA_X86_64 1062 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1063 select CRYPTO_LRW 1064 select CRYPTO_XTS 1065 help 1066 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1067 1068 Camellia is a symmetric key block cipher developed jointly 1069 at NTT and Mitsubishi Electric Corporation. 1070 1071 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1072 1073 See also: 1074 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1075 1076config CRYPTO_CAMELLIA_SPARC64 1077 tristate "Camellia cipher algorithm (SPARC64)" 1078 depends on SPARC64 1079 depends on CRYPTO 1080 select CRYPTO_ALGAPI 1081 help 1082 Camellia cipher algorithm module (SPARC64). 1083 1084 Camellia is a symmetric key block cipher developed jointly 1085 at NTT and Mitsubishi Electric Corporation. 1086 1087 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1088 1089 See also: 1090 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1091 1092config CRYPTO_CAST_COMMON 1093 tristate 1094 help 1095 Common parts of the CAST cipher algorithms shared by the 1096 generic c and the assembler implementations. 1097 1098config CRYPTO_CAST5 1099 tristate "CAST5 (CAST-128) cipher algorithm" 1100 select CRYPTO_ALGAPI 1101 select CRYPTO_CAST_COMMON 1102 help 1103 The CAST5 encryption algorithm (synonymous with CAST-128) is 1104 described in RFC2144. 1105 1106config CRYPTO_CAST5_AVX_X86_64 1107 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1108 depends on X86 && 64BIT 1109 select CRYPTO_ALGAPI 1110 select CRYPTO_CRYPTD 1111 select CRYPTO_ABLK_HELPER 1112 select CRYPTO_CAST_COMMON 1113 select CRYPTO_CAST5 1114 help 1115 The CAST5 encryption algorithm (synonymous with CAST-128) is 1116 described in RFC2144. 1117 1118 This module provides the Cast5 cipher algorithm that processes 1119 sixteen blocks parallel using the AVX instruction set. 1120 1121config CRYPTO_CAST6 1122 tristate "CAST6 (CAST-256) cipher algorithm" 1123 select CRYPTO_ALGAPI 1124 select CRYPTO_CAST_COMMON 1125 help 1126 The CAST6 encryption algorithm (synonymous with CAST-256) is 1127 described in RFC2612. 1128 1129config CRYPTO_CAST6_AVX_X86_64 1130 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1131 depends on X86 && 64BIT 1132 select CRYPTO_ALGAPI 1133 select CRYPTO_CRYPTD 1134 select CRYPTO_ABLK_HELPER 1135 select CRYPTO_GLUE_HELPER_X86 1136 select CRYPTO_CAST_COMMON 1137 select CRYPTO_CAST6 1138 select CRYPTO_LRW 1139 select CRYPTO_XTS 1140 help 1141 The CAST6 encryption algorithm (synonymous with CAST-256) is 1142 described in RFC2612. 1143 1144 This module provides the Cast6 cipher algorithm that processes 1145 eight blocks parallel using the AVX instruction set. 1146 1147config CRYPTO_DES 1148 tristate "DES and Triple DES EDE cipher algorithms" 1149 select CRYPTO_ALGAPI 1150 help 1151 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1152 1153config CRYPTO_DES_SPARC64 1154 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1155 depends on SPARC64 1156 select CRYPTO_ALGAPI 1157 select CRYPTO_DES 1158 help 1159 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1160 optimized using SPARC64 crypto opcodes. 1161 1162config CRYPTO_DES3_EDE_X86_64 1163 tristate "Triple DES EDE cipher algorithm (x86-64)" 1164 depends on X86 && 64BIT 1165 select CRYPTO_ALGAPI 1166 select CRYPTO_DES 1167 help 1168 Triple DES EDE (FIPS 46-3) algorithm. 1169 1170 This module provides implementation of the Triple DES EDE cipher 1171 algorithm that is optimized for x86-64 processors. Two versions of 1172 algorithm are provided; regular processing one input block and 1173 one that processes three blocks parallel. 1174 1175config CRYPTO_FCRYPT 1176 tristate "FCrypt cipher algorithm" 1177 select CRYPTO_ALGAPI 1178 select CRYPTO_BLKCIPHER 1179 help 1180 FCrypt algorithm used by RxRPC. 1181 1182config CRYPTO_KHAZAD 1183 tristate "Khazad cipher algorithm" 1184 select CRYPTO_ALGAPI 1185 help 1186 Khazad cipher algorithm. 1187 1188 Khazad was a finalist in the initial NESSIE competition. It is 1189 an algorithm optimized for 64-bit processors with good performance 1190 on 32-bit processors. Khazad uses an 128 bit key size. 1191 1192 See also: 1193 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1194 1195config CRYPTO_SALSA20 1196 tristate "Salsa20 stream cipher algorithm" 1197 select CRYPTO_BLKCIPHER 1198 help 1199 Salsa20 stream cipher algorithm. 1200 1201 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1202 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1203 1204 The Salsa20 stream cipher algorithm is designed by Daniel J. 1205 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1206 1207config CRYPTO_SALSA20_586 1208 tristate "Salsa20 stream cipher algorithm (i586)" 1209 depends on (X86 || UML_X86) && !64BIT 1210 select CRYPTO_BLKCIPHER 1211 help 1212 Salsa20 stream cipher algorithm. 1213 1214 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1215 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1216 1217 The Salsa20 stream cipher algorithm is designed by Daniel J. 1218 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1219 1220config CRYPTO_SALSA20_X86_64 1221 tristate "Salsa20 stream cipher algorithm (x86_64)" 1222 depends on (X86 || UML_X86) && 64BIT 1223 select CRYPTO_BLKCIPHER 1224 help 1225 Salsa20 stream cipher algorithm. 1226 1227 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1228 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1229 1230 The Salsa20 stream cipher algorithm is designed by Daniel J. 1231 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1232 1233config CRYPTO_CHACHA20 1234 tristate "ChaCha20 cipher algorithm" 1235 select CRYPTO_BLKCIPHER 1236 help 1237 ChaCha20 cipher algorithm, RFC7539. 1238 1239 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1240 Bernstein and further specified in RFC7539 for use in IETF protocols. 1241 This is the portable C implementation of ChaCha20. 1242 1243 See also: 1244 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1245 1246config CRYPTO_CHACHA20_X86_64 1247 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1248 depends on X86 && 64BIT 1249 select CRYPTO_BLKCIPHER 1250 select CRYPTO_CHACHA20 1251 help 1252 ChaCha20 cipher algorithm, RFC7539. 1253 1254 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1255 Bernstein and further specified in RFC7539 for use in IETF protocols. 1256 This is the x86_64 assembler implementation using SIMD instructions. 1257 1258 See also: 1259 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1260 1261config CRYPTO_SEED 1262 tristate "SEED cipher algorithm" 1263 select CRYPTO_ALGAPI 1264 help 1265 SEED cipher algorithm (RFC4269). 1266 1267 SEED is a 128-bit symmetric key block cipher that has been 1268 developed by KISA (Korea Information Security Agency) as a 1269 national standard encryption algorithm of the Republic of Korea. 1270 It is a 16 round block cipher with the key size of 128 bit. 1271 1272 See also: 1273 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1274 1275config CRYPTO_SERPENT 1276 tristate "Serpent cipher algorithm" 1277 select CRYPTO_ALGAPI 1278 help 1279 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1280 1281 Keys are allowed to be from 0 to 256 bits in length, in steps 1282 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1283 variant of Serpent for compatibility with old kerneli.org code. 1284 1285 See also: 1286 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1287 1288config CRYPTO_SERPENT_SSE2_X86_64 1289 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1290 depends on X86 && 64BIT 1291 select CRYPTO_ALGAPI 1292 select CRYPTO_CRYPTD 1293 select CRYPTO_ABLK_HELPER 1294 select CRYPTO_GLUE_HELPER_X86 1295 select CRYPTO_SERPENT 1296 select CRYPTO_LRW 1297 select CRYPTO_XTS 1298 help 1299 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1300 1301 Keys are allowed to be from 0 to 256 bits in length, in steps 1302 of 8 bits. 1303 1304 This module provides Serpent cipher algorithm that processes eight 1305 blocks parallel using SSE2 instruction set. 1306 1307 See also: 1308 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1309 1310config CRYPTO_SERPENT_SSE2_586 1311 tristate "Serpent cipher algorithm (i586/SSE2)" 1312 depends on X86 && !64BIT 1313 select CRYPTO_ALGAPI 1314 select CRYPTO_CRYPTD 1315 select CRYPTO_ABLK_HELPER 1316 select CRYPTO_GLUE_HELPER_X86 1317 select CRYPTO_SERPENT 1318 select CRYPTO_LRW 1319 select CRYPTO_XTS 1320 help 1321 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1322 1323 Keys are allowed to be from 0 to 256 bits in length, in steps 1324 of 8 bits. 1325 1326 This module provides Serpent cipher algorithm that processes four 1327 blocks parallel using SSE2 instruction set. 1328 1329 See also: 1330 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1331 1332config CRYPTO_SERPENT_AVX_X86_64 1333 tristate "Serpent cipher algorithm (x86_64/AVX)" 1334 depends on X86 && 64BIT 1335 select CRYPTO_ALGAPI 1336 select CRYPTO_CRYPTD 1337 select CRYPTO_ABLK_HELPER 1338 select CRYPTO_GLUE_HELPER_X86 1339 select CRYPTO_SERPENT 1340 select CRYPTO_LRW 1341 select CRYPTO_XTS 1342 help 1343 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1344 1345 Keys are allowed to be from 0 to 256 bits in length, in steps 1346 of 8 bits. 1347 1348 This module provides the Serpent cipher algorithm that processes 1349 eight blocks parallel using the AVX instruction set. 1350 1351 See also: 1352 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1353 1354config CRYPTO_SERPENT_AVX2_X86_64 1355 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1356 depends on X86 && 64BIT 1357 select CRYPTO_ALGAPI 1358 select CRYPTO_CRYPTD 1359 select CRYPTO_ABLK_HELPER 1360 select CRYPTO_GLUE_HELPER_X86 1361 select CRYPTO_SERPENT 1362 select CRYPTO_SERPENT_AVX_X86_64 1363 select CRYPTO_LRW 1364 select CRYPTO_XTS 1365 help 1366 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1367 1368 Keys are allowed to be from 0 to 256 bits in length, in steps 1369 of 8 bits. 1370 1371 This module provides Serpent cipher algorithm that processes 16 1372 blocks parallel using AVX2 instruction set. 1373 1374 See also: 1375 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1376 1377config CRYPTO_TEA 1378 tristate "TEA, XTEA and XETA cipher algorithms" 1379 select CRYPTO_ALGAPI 1380 help 1381 TEA cipher algorithm. 1382 1383 Tiny Encryption Algorithm is a simple cipher that uses 1384 many rounds for security. It is very fast and uses 1385 little memory. 1386 1387 Xtendend Tiny Encryption Algorithm is a modification to 1388 the TEA algorithm to address a potential key weakness 1389 in the TEA algorithm. 1390 1391 Xtendend Encryption Tiny Algorithm is a mis-implementation 1392 of the XTEA algorithm for compatibility purposes. 1393 1394config CRYPTO_TWOFISH 1395 tristate "Twofish cipher algorithm" 1396 select CRYPTO_ALGAPI 1397 select CRYPTO_TWOFISH_COMMON 1398 help 1399 Twofish cipher algorithm. 1400 1401 Twofish was submitted as an AES (Advanced Encryption Standard) 1402 candidate cipher by researchers at CounterPane Systems. It is a 1403 16 round block cipher supporting key sizes of 128, 192, and 256 1404 bits. 1405 1406 See also: 1407 <http://www.schneier.com/twofish.html> 1408 1409config CRYPTO_TWOFISH_COMMON 1410 tristate 1411 help 1412 Common parts of the Twofish cipher algorithm shared by the 1413 generic c and the assembler implementations. 1414 1415config CRYPTO_TWOFISH_586 1416 tristate "Twofish cipher algorithms (i586)" 1417 depends on (X86 || UML_X86) && !64BIT 1418 select CRYPTO_ALGAPI 1419 select CRYPTO_TWOFISH_COMMON 1420 help 1421 Twofish cipher algorithm. 1422 1423 Twofish was submitted as an AES (Advanced Encryption Standard) 1424 candidate cipher by researchers at CounterPane Systems. It is a 1425 16 round block cipher supporting key sizes of 128, 192, and 256 1426 bits. 1427 1428 See also: 1429 <http://www.schneier.com/twofish.html> 1430 1431config CRYPTO_TWOFISH_X86_64 1432 tristate "Twofish cipher algorithm (x86_64)" 1433 depends on (X86 || UML_X86) && 64BIT 1434 select CRYPTO_ALGAPI 1435 select CRYPTO_TWOFISH_COMMON 1436 help 1437 Twofish cipher algorithm (x86_64). 1438 1439 Twofish was submitted as an AES (Advanced Encryption Standard) 1440 candidate cipher by researchers at CounterPane Systems. It is a 1441 16 round block cipher supporting key sizes of 128, 192, and 256 1442 bits. 1443 1444 See also: 1445 <http://www.schneier.com/twofish.html> 1446 1447config CRYPTO_TWOFISH_X86_64_3WAY 1448 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1449 depends on X86 && 64BIT 1450 select CRYPTO_ALGAPI 1451 select CRYPTO_TWOFISH_COMMON 1452 select CRYPTO_TWOFISH_X86_64 1453 select CRYPTO_GLUE_HELPER_X86 1454 select CRYPTO_LRW 1455 select CRYPTO_XTS 1456 help 1457 Twofish cipher algorithm (x86_64, 3-way parallel). 1458 1459 Twofish was submitted as an AES (Advanced Encryption Standard) 1460 candidate cipher by researchers at CounterPane Systems. It is a 1461 16 round block cipher supporting key sizes of 128, 192, and 256 1462 bits. 1463 1464 This module provides Twofish cipher algorithm that processes three 1465 blocks parallel, utilizing resources of out-of-order CPUs better. 1466 1467 See also: 1468 <http://www.schneier.com/twofish.html> 1469 1470config CRYPTO_TWOFISH_AVX_X86_64 1471 tristate "Twofish cipher algorithm (x86_64/AVX)" 1472 depends on X86 && 64BIT 1473 select CRYPTO_ALGAPI 1474 select CRYPTO_CRYPTD 1475 select CRYPTO_ABLK_HELPER 1476 select CRYPTO_GLUE_HELPER_X86 1477 select CRYPTO_TWOFISH_COMMON 1478 select CRYPTO_TWOFISH_X86_64 1479 select CRYPTO_TWOFISH_X86_64_3WAY 1480 select CRYPTO_LRW 1481 select CRYPTO_XTS 1482 help 1483 Twofish cipher algorithm (x86_64/AVX). 1484 1485 Twofish was submitted as an AES (Advanced Encryption Standard) 1486 candidate cipher by researchers at CounterPane Systems. It is a 1487 16 round block cipher supporting key sizes of 128, 192, and 256 1488 bits. 1489 1490 This module provides the Twofish cipher algorithm that processes 1491 eight blocks parallel using the AVX Instruction Set. 1492 1493 See also: 1494 <http://www.schneier.com/twofish.html> 1495 1496comment "Compression" 1497 1498config CRYPTO_DEFLATE 1499 tristate "Deflate compression algorithm" 1500 select CRYPTO_ALGAPI 1501 select ZLIB_INFLATE 1502 select ZLIB_DEFLATE 1503 help 1504 This is the Deflate algorithm (RFC1951), specified for use in 1505 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1506 1507 You will most probably want this if using IPSec. 1508 1509config CRYPTO_ZLIB 1510 tristate "Zlib compression algorithm" 1511 select CRYPTO_PCOMP 1512 select ZLIB_INFLATE 1513 select ZLIB_DEFLATE 1514 select NLATTR 1515 help 1516 This is the zlib algorithm. 1517 1518config CRYPTO_LZO 1519 tristate "LZO compression algorithm" 1520 select CRYPTO_ALGAPI 1521 select LZO_COMPRESS 1522 select LZO_DECOMPRESS 1523 help 1524 This is the LZO algorithm. 1525 1526config CRYPTO_842 1527 tristate "842 compression algorithm" 1528 select CRYPTO_ALGAPI 1529 select 842_COMPRESS 1530 select 842_DECOMPRESS 1531 help 1532 This is the 842 algorithm. 1533 1534config CRYPTO_LZ4 1535 tristate "LZ4 compression algorithm" 1536 select CRYPTO_ALGAPI 1537 select LZ4_COMPRESS 1538 select LZ4_DECOMPRESS 1539 help 1540 This is the LZ4 algorithm. 1541 1542config CRYPTO_LZ4HC 1543 tristate "LZ4HC compression algorithm" 1544 select CRYPTO_ALGAPI 1545 select LZ4HC_COMPRESS 1546 select LZ4_DECOMPRESS 1547 help 1548 This is the LZ4 high compression mode algorithm. 1549 1550comment "Random Number Generation" 1551 1552config CRYPTO_ANSI_CPRNG 1553 tristate "Pseudo Random Number Generation for Cryptographic modules" 1554 select CRYPTO_AES 1555 select CRYPTO_RNG 1556 help 1557 This option enables the generic pseudo random number generator 1558 for cryptographic modules. Uses the Algorithm specified in 1559 ANSI X9.31 A.2.4. Note that this option must be enabled if 1560 CRYPTO_FIPS is selected 1561 1562menuconfig CRYPTO_DRBG_MENU 1563 tristate "NIST SP800-90A DRBG" 1564 help 1565 NIST SP800-90A compliant DRBG. In the following submenu, one or 1566 more of the DRBG types must be selected. 1567 1568if CRYPTO_DRBG_MENU 1569 1570config CRYPTO_DRBG_HMAC 1571 bool 1572 default y 1573 select CRYPTO_HMAC 1574 select CRYPTO_SHA256 1575 1576config CRYPTO_DRBG_HASH 1577 bool "Enable Hash DRBG" 1578 select CRYPTO_SHA256 1579 help 1580 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1581 1582config CRYPTO_DRBG_CTR 1583 bool "Enable CTR DRBG" 1584 select CRYPTO_AES 1585 help 1586 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1587 1588config CRYPTO_DRBG 1589 tristate 1590 default CRYPTO_DRBG_MENU 1591 select CRYPTO_RNG 1592 select CRYPTO_JITTERENTROPY 1593 1594endif # if CRYPTO_DRBG_MENU 1595 1596config CRYPTO_JITTERENTROPY 1597 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1598 help 1599 The Jitterentropy RNG is a noise that is intended 1600 to provide seed to another RNG. The RNG does not 1601 perform any cryptographic whitening of the generated 1602 random numbers. This Jitterentropy RNG registers with 1603 the kernel crypto API and can be used by any caller. 1604 1605config CRYPTO_USER_API 1606 tristate 1607 1608config CRYPTO_USER_API_HASH 1609 tristate "User-space interface for hash algorithms" 1610 depends on NET 1611 select CRYPTO_HASH 1612 select CRYPTO_USER_API 1613 help 1614 This option enables the user-spaces interface for hash 1615 algorithms. 1616 1617config CRYPTO_USER_API_SKCIPHER 1618 tristate "User-space interface for symmetric key cipher algorithms" 1619 depends on NET 1620 select CRYPTO_BLKCIPHER 1621 select CRYPTO_USER_API 1622 help 1623 This option enables the user-spaces interface for symmetric 1624 key cipher algorithms. 1625 1626config CRYPTO_USER_API_RNG 1627 tristate "User-space interface for random number generator algorithms" 1628 depends on NET 1629 select CRYPTO_RNG 1630 select CRYPTO_USER_API 1631 help 1632 This option enables the user-spaces interface for random 1633 number generator algorithms. 1634 1635config CRYPTO_USER_API_AEAD 1636 tristate "User-space interface for AEAD cipher algorithms" 1637 depends on NET 1638 select CRYPTO_AEAD 1639 select CRYPTO_USER_API 1640 help 1641 This option enables the user-spaces interface for AEAD 1642 cipher algorithms. 1643 1644config CRYPTO_HASH_INFO 1645 bool 1646 1647source "drivers/crypto/Kconfig" 1648source crypto/asymmetric_keys/Kconfig 1649source certs/Kconfig 1650 1651endif # if CRYPTO 1652