xref: /openbmc/linux/crypto/Kconfig (revision c819e2cf)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51
52config CRYPTO_BLKCIPHER
53	tristate
54	select CRYPTO_BLKCIPHER2
55	select CRYPTO_ALGAPI
56
57config CRYPTO_BLKCIPHER2
58	tristate
59	select CRYPTO_ALGAPI2
60	select CRYPTO_RNG2
61	select CRYPTO_WORKQUEUE
62
63config CRYPTO_HASH
64	tristate
65	select CRYPTO_HASH2
66	select CRYPTO_ALGAPI
67
68config CRYPTO_HASH2
69	tristate
70	select CRYPTO_ALGAPI2
71
72config CRYPTO_RNG
73	tristate
74	select CRYPTO_RNG2
75	select CRYPTO_ALGAPI
76
77config CRYPTO_RNG2
78	tristate
79	select CRYPTO_ALGAPI2
80
81config CRYPTO_PCOMP
82	tristate
83	select CRYPTO_PCOMP2
84	select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
87	tristate
88	select CRYPTO_ALGAPI2
89
90config CRYPTO_MANAGER
91	tristate "Cryptographic algorithm manager"
92	select CRYPTO_MANAGER2
93	help
94	  Create default cryptographic template instantiations such as
95	  cbc(aes).
96
97config CRYPTO_MANAGER2
98	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99	select CRYPTO_AEAD2
100	select CRYPTO_HASH2
101	select CRYPTO_BLKCIPHER2
102	select CRYPTO_PCOMP2
103
104config CRYPTO_USER
105	tristate "Userspace cryptographic algorithm configuration"
106	depends on NET
107	select CRYPTO_MANAGER
108	help
109	  Userspace configuration for cryptographic instantiations such as
110	  cbc(aes).
111
112config CRYPTO_MANAGER_DISABLE_TESTS
113	bool "Disable run-time self tests"
114	default y
115	depends on CRYPTO_MANAGER2
116	help
117	  Disable run-time self tests that normally take place at
118	  algorithm registration.
119
120config CRYPTO_GF128MUL
121	tristate "GF(2^128) multiplication functions"
122	help
123	  Efficient table driven implementation of multiplications in the
124	  field GF(2^128).  This is needed by some cypher modes. This
125	  option will be selected automatically if you select such a
126	  cipher mode.  Only select this option by hand if you expect to load
127	  an external module that requires these functions.
128
129config CRYPTO_NULL
130	tristate "Null algorithms"
131	select CRYPTO_ALGAPI
132	select CRYPTO_BLKCIPHER
133	select CRYPTO_HASH
134	help
135	  These are 'Null' algorithms, used by IPsec, which do nothing.
136
137config CRYPTO_PCRYPT
138	tristate "Parallel crypto engine"
139	depends on SMP
140	select PADATA
141	select CRYPTO_MANAGER
142	select CRYPTO_AEAD
143	help
144	  This converts an arbitrary crypto algorithm into a parallel
145	  algorithm that executes in kernel threads.
146
147config CRYPTO_WORKQUEUE
148       tristate
149
150config CRYPTO_CRYPTD
151	tristate "Software async crypto daemon"
152	select CRYPTO_BLKCIPHER
153	select CRYPTO_HASH
154	select CRYPTO_MANAGER
155	select CRYPTO_WORKQUEUE
156	help
157	  This is a generic software asynchronous crypto daemon that
158	  converts an arbitrary synchronous software crypto algorithm
159	  into an asynchronous algorithm that executes in a kernel thread.
160
161config CRYPTO_MCRYPTD
162	tristate "Software async multi-buffer crypto daemon"
163	select CRYPTO_BLKCIPHER
164	select CRYPTO_HASH
165	select CRYPTO_MANAGER
166	select CRYPTO_WORKQUEUE
167	help
168	  This is a generic software asynchronous crypto daemon that
169	  provides the kernel thread to assist multi-buffer crypto
170	  algorithms for submitting jobs and flushing jobs in multi-buffer
171	  crypto algorithms.  Multi-buffer crypto algorithms are executed
172	  in the context of this kernel thread and drivers can post
173	  their crypto request asynchronously to be processed by this daemon.
174
175config CRYPTO_AUTHENC
176	tristate "Authenc support"
177	select CRYPTO_AEAD
178	select CRYPTO_BLKCIPHER
179	select CRYPTO_MANAGER
180	select CRYPTO_HASH
181	help
182	  Authenc: Combined mode wrapper for IPsec.
183	  This is required for IPSec.
184
185config CRYPTO_TEST
186	tristate "Testing module"
187	depends on m
188	select CRYPTO_MANAGER
189	help
190	  Quick & dirty crypto test module.
191
192config CRYPTO_ABLK_HELPER
193	tristate
194	select CRYPTO_CRYPTD
195
196config CRYPTO_GLUE_HELPER_X86
197	tristate
198	depends on X86
199	select CRYPTO_ALGAPI
200
201comment "Authenticated Encryption with Associated Data"
202
203config CRYPTO_CCM
204	tristate "CCM support"
205	select CRYPTO_CTR
206	select CRYPTO_AEAD
207	help
208	  Support for Counter with CBC MAC. Required for IPsec.
209
210config CRYPTO_GCM
211	tristate "GCM/GMAC support"
212	select CRYPTO_CTR
213	select CRYPTO_AEAD
214	select CRYPTO_GHASH
215	select CRYPTO_NULL
216	help
217	  Support for Galois/Counter Mode (GCM) and Galois Message
218	  Authentication Code (GMAC). Required for IPSec.
219
220config CRYPTO_SEQIV
221	tristate "Sequence Number IV Generator"
222	select CRYPTO_AEAD
223	select CRYPTO_BLKCIPHER
224	select CRYPTO_RNG
225	help
226	  This IV generator generates an IV based on a sequence number by
227	  xoring it with a salt.  This algorithm is mainly useful for CTR
228
229comment "Block modes"
230
231config CRYPTO_CBC
232	tristate "CBC support"
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	help
236	  CBC: Cipher Block Chaining mode
237	  This block cipher algorithm is required for IPSec.
238
239config CRYPTO_CTR
240	tristate "CTR support"
241	select CRYPTO_BLKCIPHER
242	select CRYPTO_SEQIV
243	select CRYPTO_MANAGER
244	help
245	  CTR: Counter mode
246	  This block cipher algorithm is required for IPSec.
247
248config CRYPTO_CTS
249	tristate "CTS support"
250	select CRYPTO_BLKCIPHER
251	help
252	  CTS: Cipher Text Stealing
253	  This is the Cipher Text Stealing mode as described by
254	  Section 8 of rfc2040 and referenced by rfc3962.
255	  (rfc3962 includes errata information in its Appendix A)
256	  This mode is required for Kerberos gss mechanism support
257	  for AES encryption.
258
259config CRYPTO_ECB
260	tristate "ECB support"
261	select CRYPTO_BLKCIPHER
262	select CRYPTO_MANAGER
263	help
264	  ECB: Electronic CodeBook mode
265	  This is the simplest block cipher algorithm.  It simply encrypts
266	  the input block by block.
267
268config CRYPTO_LRW
269	tristate "LRW support"
270	select CRYPTO_BLKCIPHER
271	select CRYPTO_MANAGER
272	select CRYPTO_GF128MUL
273	help
274	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
275	  narrow block cipher mode for dm-crypt.  Use it with cipher
276	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
277	  The first 128, 192 or 256 bits in the key are used for AES and the
278	  rest is used to tie each cipher block to its logical position.
279
280config CRYPTO_PCBC
281	tristate "PCBC support"
282	select CRYPTO_BLKCIPHER
283	select CRYPTO_MANAGER
284	help
285	  PCBC: Propagating Cipher Block Chaining mode
286	  This block cipher algorithm is required for RxRPC.
287
288config CRYPTO_XTS
289	tristate "XTS support"
290	select CRYPTO_BLKCIPHER
291	select CRYPTO_MANAGER
292	select CRYPTO_GF128MUL
293	help
294	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
295	  key size 256, 384 or 512 bits. This implementation currently
296	  can't handle a sectorsize which is not a multiple of 16 bytes.
297
298comment "Hash modes"
299
300config CRYPTO_CMAC
301	tristate "CMAC support"
302	select CRYPTO_HASH
303	select CRYPTO_MANAGER
304	help
305	  Cipher-based Message Authentication Code (CMAC) specified by
306	  The National Institute of Standards and Technology (NIST).
307
308	  https://tools.ietf.org/html/rfc4493
309	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
310
311config CRYPTO_HMAC
312	tristate "HMAC support"
313	select CRYPTO_HASH
314	select CRYPTO_MANAGER
315	help
316	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
317	  This is required for IPSec.
318
319config CRYPTO_XCBC
320	tristate "XCBC support"
321	select CRYPTO_HASH
322	select CRYPTO_MANAGER
323	help
324	  XCBC: Keyed-Hashing with encryption algorithm
325		http://www.ietf.org/rfc/rfc3566.txt
326		http://csrc.nist.gov/encryption/modes/proposedmodes/
327		 xcbc-mac/xcbc-mac-spec.pdf
328
329config CRYPTO_VMAC
330	tristate "VMAC support"
331	select CRYPTO_HASH
332	select CRYPTO_MANAGER
333	help
334	  VMAC is a message authentication algorithm designed for
335	  very high speed on 64-bit architectures.
336
337	  See also:
338	  <http://fastcrypto.org/vmac>
339
340comment "Digest"
341
342config CRYPTO_CRC32C
343	tristate "CRC32c CRC algorithm"
344	select CRYPTO_HASH
345	select CRC32
346	help
347	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
348	  by iSCSI for header and data digests and by others.
349	  See Castagnoli93.  Module will be crc32c.
350
351config CRYPTO_CRC32C_INTEL
352	tristate "CRC32c INTEL hardware acceleration"
353	depends on X86
354	select CRYPTO_HASH
355	help
356	  In Intel processor with SSE4.2 supported, the processor will
357	  support CRC32C implementation using hardware accelerated CRC32
358	  instruction. This option will create 'crc32c-intel' module,
359	  which will enable any routine to use the CRC32 instruction to
360	  gain performance compared with software implementation.
361	  Module will be crc32c-intel.
362
363config CRYPTO_CRC32C_SPARC64
364	tristate "CRC32c CRC algorithm (SPARC64)"
365	depends on SPARC64
366	select CRYPTO_HASH
367	select CRC32
368	help
369	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
370	  when available.
371
372config CRYPTO_CRC32
373	tristate "CRC32 CRC algorithm"
374	select CRYPTO_HASH
375	select CRC32
376	help
377	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
378	  Shash crypto api wrappers to crc32_le function.
379
380config CRYPTO_CRC32_PCLMUL
381	tristate "CRC32 PCLMULQDQ hardware acceleration"
382	depends on X86
383	select CRYPTO_HASH
384	select CRC32
385	help
386	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
387	  and PCLMULQDQ supported, the processor will support
388	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
389	  instruction. This option will create 'crc32-plcmul' module,
390	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
391	  and gain better performance as compared with the table implementation.
392
393config CRYPTO_CRCT10DIF
394	tristate "CRCT10DIF algorithm"
395	select CRYPTO_HASH
396	help
397	  CRC T10 Data Integrity Field computation is being cast as
398	  a crypto transform.  This allows for faster crc t10 diff
399	  transforms to be used if they are available.
400
401config CRYPTO_CRCT10DIF_PCLMUL
402	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
403	depends on X86 && 64BIT && CRC_T10DIF
404	select CRYPTO_HASH
405	help
406	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
407	  CRC T10 DIF PCLMULQDQ computation can be hardware
408	  accelerated PCLMULQDQ instruction. This option will create
409	  'crct10dif-plcmul' module, which is faster when computing the
410	  crct10dif checksum as compared with the generic table implementation.
411
412config CRYPTO_GHASH
413	tristate "GHASH digest algorithm"
414	select CRYPTO_GF128MUL
415	help
416	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
417
418config CRYPTO_MD4
419	tristate "MD4 digest algorithm"
420	select CRYPTO_HASH
421	help
422	  MD4 message digest algorithm (RFC1320).
423
424config CRYPTO_MD5
425	tristate "MD5 digest algorithm"
426	select CRYPTO_HASH
427	help
428	  MD5 message digest algorithm (RFC1321).
429
430config CRYPTO_MD5_SPARC64
431	tristate "MD5 digest algorithm (SPARC64)"
432	depends on SPARC64
433	select CRYPTO_MD5
434	select CRYPTO_HASH
435	help
436	  MD5 message digest algorithm (RFC1321) implemented
437	  using sparc64 crypto instructions, when available.
438
439config CRYPTO_MICHAEL_MIC
440	tristate "Michael MIC keyed digest algorithm"
441	select CRYPTO_HASH
442	help
443	  Michael MIC is used for message integrity protection in TKIP
444	  (IEEE 802.11i). This algorithm is required for TKIP, but it
445	  should not be used for other purposes because of the weakness
446	  of the algorithm.
447
448config CRYPTO_RMD128
449	tristate "RIPEMD-128 digest algorithm"
450	select CRYPTO_HASH
451	help
452	  RIPEMD-128 (ISO/IEC 10118-3:2004).
453
454	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
455	  be used as a secure replacement for RIPEMD. For other use cases,
456	  RIPEMD-160 should be used.
457
458	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
459	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
460
461config CRYPTO_RMD160
462	tristate "RIPEMD-160 digest algorithm"
463	select CRYPTO_HASH
464	help
465	  RIPEMD-160 (ISO/IEC 10118-3:2004).
466
467	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
468	  to be used as a secure replacement for the 128-bit hash functions
469	  MD4, MD5 and it's predecessor RIPEMD
470	  (not to be confused with RIPEMD-128).
471
472	  It's speed is comparable to SHA1 and there are no known attacks
473	  against RIPEMD-160.
474
475	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
476	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
477
478config CRYPTO_RMD256
479	tristate "RIPEMD-256 digest algorithm"
480	select CRYPTO_HASH
481	help
482	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
483	  256 bit hash. It is intended for applications that require
484	  longer hash-results, without needing a larger security level
485	  (than RIPEMD-128).
486
487	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
488	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
489
490config CRYPTO_RMD320
491	tristate "RIPEMD-320 digest algorithm"
492	select CRYPTO_HASH
493	help
494	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
495	  320 bit hash. It is intended for applications that require
496	  longer hash-results, without needing a larger security level
497	  (than RIPEMD-160).
498
499	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
500	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
501
502config CRYPTO_SHA1
503	tristate "SHA1 digest algorithm"
504	select CRYPTO_HASH
505	help
506	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
507
508config CRYPTO_SHA1_SSSE3
509	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
510	depends on X86 && 64BIT
511	select CRYPTO_SHA1
512	select CRYPTO_HASH
513	help
514	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
515	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
516	  Extensions (AVX/AVX2), when available.
517
518config CRYPTO_SHA256_SSSE3
519	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
520	depends on X86 && 64BIT
521	select CRYPTO_SHA256
522	select CRYPTO_HASH
523	help
524	  SHA-256 secure hash standard (DFIPS 180-2) implemented
525	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
526	  Extensions version 1 (AVX1), or Advanced Vector Extensions
527	  version 2 (AVX2) instructions, when available.
528
529config CRYPTO_SHA512_SSSE3
530	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
531	depends on X86 && 64BIT
532	select CRYPTO_SHA512
533	select CRYPTO_HASH
534	help
535	  SHA-512 secure hash standard (DFIPS 180-2) implemented
536	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
537	  Extensions version 1 (AVX1), or Advanced Vector Extensions
538	  version 2 (AVX2) instructions, when available.
539
540config CRYPTO_SHA1_SPARC64
541	tristate "SHA1 digest algorithm (SPARC64)"
542	depends on SPARC64
543	select CRYPTO_SHA1
544	select CRYPTO_HASH
545	help
546	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
547	  using sparc64 crypto instructions, when available.
548
549config CRYPTO_SHA1_ARM
550	tristate "SHA1 digest algorithm (ARM-asm)"
551	depends on ARM
552	select CRYPTO_SHA1
553	select CRYPTO_HASH
554	help
555	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
556	  using optimized ARM assembler.
557
558config CRYPTO_SHA1_ARM_NEON
559	tristate "SHA1 digest algorithm (ARM NEON)"
560	depends on ARM && KERNEL_MODE_NEON
561	select CRYPTO_SHA1_ARM
562	select CRYPTO_SHA1
563	select CRYPTO_HASH
564	help
565	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
566	  using optimized ARM NEON assembly, when NEON instructions are
567	  available.
568
569config CRYPTO_SHA1_PPC
570	tristate "SHA1 digest algorithm (powerpc)"
571	depends on PPC
572	help
573	  This is the powerpc hardware accelerated implementation of the
574	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
575
576config CRYPTO_SHA1_MB
577	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
578	depends on X86 && 64BIT
579	select CRYPTO_SHA1
580	select CRYPTO_HASH
581	select CRYPTO_MCRYPTD
582	help
583	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
584	  using multi-buffer technique.  This algorithm computes on
585	  multiple data lanes concurrently with SIMD instructions for
586	  better throughput.  It should not be enabled by default but
587	  used when there is significant amount of work to keep the keep
588	  the data lanes filled to get performance benefit.  If the data
589	  lanes remain unfilled, a flush operation will be initiated to
590	  process the crypto jobs, adding a slight latency.
591
592config CRYPTO_SHA256
593	tristate "SHA224 and SHA256 digest algorithm"
594	select CRYPTO_HASH
595	help
596	  SHA256 secure hash standard (DFIPS 180-2).
597
598	  This version of SHA implements a 256 bit hash with 128 bits of
599	  security against collision attacks.
600
601	  This code also includes SHA-224, a 224 bit hash with 112 bits
602	  of security against collision attacks.
603
604config CRYPTO_SHA256_SPARC64
605	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
606	depends on SPARC64
607	select CRYPTO_SHA256
608	select CRYPTO_HASH
609	help
610	  SHA-256 secure hash standard (DFIPS 180-2) implemented
611	  using sparc64 crypto instructions, when available.
612
613config CRYPTO_SHA512
614	tristate "SHA384 and SHA512 digest algorithms"
615	select CRYPTO_HASH
616	help
617	  SHA512 secure hash standard (DFIPS 180-2).
618
619	  This version of SHA implements a 512 bit hash with 256 bits of
620	  security against collision attacks.
621
622	  This code also includes SHA-384, a 384 bit hash with 192 bits
623	  of security against collision attacks.
624
625config CRYPTO_SHA512_SPARC64
626	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
627	depends on SPARC64
628	select CRYPTO_SHA512
629	select CRYPTO_HASH
630	help
631	  SHA-512 secure hash standard (DFIPS 180-2) implemented
632	  using sparc64 crypto instructions, when available.
633
634config CRYPTO_SHA512_ARM_NEON
635	tristate "SHA384 and SHA512 digest algorithm (ARM NEON)"
636	depends on ARM && KERNEL_MODE_NEON
637	select CRYPTO_SHA512
638	select CRYPTO_HASH
639	help
640	  SHA-512 secure hash standard (DFIPS 180-2) implemented
641	  using ARM NEON instructions, when available.
642
643	  This version of SHA implements a 512 bit hash with 256 bits of
644	  security against collision attacks.
645
646	  This code also includes SHA-384, a 384 bit hash with 192 bits
647	  of security against collision attacks.
648
649config CRYPTO_TGR192
650	tristate "Tiger digest algorithms"
651	select CRYPTO_HASH
652	help
653	  Tiger hash algorithm 192, 160 and 128-bit hashes
654
655	  Tiger is a hash function optimized for 64-bit processors while
656	  still having decent performance on 32-bit processors.
657	  Tiger was developed by Ross Anderson and Eli Biham.
658
659	  See also:
660	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
661
662config CRYPTO_WP512
663	tristate "Whirlpool digest algorithms"
664	select CRYPTO_HASH
665	help
666	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
667
668	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
669	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
670
671	  See also:
672	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
673
674config CRYPTO_GHASH_CLMUL_NI_INTEL
675	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
676	depends on X86 && 64BIT
677	select CRYPTO_CRYPTD
678	help
679	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
680	  The implementation is accelerated by CLMUL-NI of Intel.
681
682comment "Ciphers"
683
684config CRYPTO_AES
685	tristate "AES cipher algorithms"
686	select CRYPTO_ALGAPI
687	help
688	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
689	  algorithm.
690
691	  Rijndael appears to be consistently a very good performer in
692	  both hardware and software across a wide range of computing
693	  environments regardless of its use in feedback or non-feedback
694	  modes. Its key setup time is excellent, and its key agility is
695	  good. Rijndael's very low memory requirements make it very well
696	  suited for restricted-space environments, in which it also
697	  demonstrates excellent performance. Rijndael's operations are
698	  among the easiest to defend against power and timing attacks.
699
700	  The AES specifies three key sizes: 128, 192 and 256 bits
701
702	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
703
704config CRYPTO_AES_586
705	tristate "AES cipher algorithms (i586)"
706	depends on (X86 || UML_X86) && !64BIT
707	select CRYPTO_ALGAPI
708	select CRYPTO_AES
709	help
710	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
711	  algorithm.
712
713	  Rijndael appears to be consistently a very good performer in
714	  both hardware and software across a wide range of computing
715	  environments regardless of its use in feedback or non-feedback
716	  modes. Its key setup time is excellent, and its key agility is
717	  good. Rijndael's very low memory requirements make it very well
718	  suited for restricted-space environments, in which it also
719	  demonstrates excellent performance. Rijndael's operations are
720	  among the easiest to defend against power and timing attacks.
721
722	  The AES specifies three key sizes: 128, 192 and 256 bits
723
724	  See <http://csrc.nist.gov/encryption/aes/> for more information.
725
726config CRYPTO_AES_X86_64
727	tristate "AES cipher algorithms (x86_64)"
728	depends on (X86 || UML_X86) && 64BIT
729	select CRYPTO_ALGAPI
730	select CRYPTO_AES
731	help
732	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
733	  algorithm.
734
735	  Rijndael appears to be consistently a very good performer in
736	  both hardware and software across a wide range of computing
737	  environments regardless of its use in feedback or non-feedback
738	  modes. Its key setup time is excellent, and its key agility is
739	  good. Rijndael's very low memory requirements make it very well
740	  suited for restricted-space environments, in which it also
741	  demonstrates excellent performance. Rijndael's operations are
742	  among the easiest to defend against power and timing attacks.
743
744	  The AES specifies three key sizes: 128, 192 and 256 bits
745
746	  See <http://csrc.nist.gov/encryption/aes/> for more information.
747
748config CRYPTO_AES_NI_INTEL
749	tristate "AES cipher algorithms (AES-NI)"
750	depends on X86
751	select CRYPTO_AES_X86_64 if 64BIT
752	select CRYPTO_AES_586 if !64BIT
753	select CRYPTO_CRYPTD
754	select CRYPTO_ABLK_HELPER
755	select CRYPTO_ALGAPI
756	select CRYPTO_GLUE_HELPER_X86 if 64BIT
757	select CRYPTO_LRW
758	select CRYPTO_XTS
759	help
760	  Use Intel AES-NI instructions for AES algorithm.
761
762	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
763	  algorithm.
764
765	  Rijndael appears to be consistently a very good performer in
766	  both hardware and software across a wide range of computing
767	  environments regardless of its use in feedback or non-feedback
768	  modes. Its key setup time is excellent, and its key agility is
769	  good. Rijndael's very low memory requirements make it very well
770	  suited for restricted-space environments, in which it also
771	  demonstrates excellent performance. Rijndael's operations are
772	  among the easiest to defend against power and timing attacks.
773
774	  The AES specifies three key sizes: 128, 192 and 256 bits
775
776	  See <http://csrc.nist.gov/encryption/aes/> for more information.
777
778	  In addition to AES cipher algorithm support, the acceleration
779	  for some popular block cipher mode is supported too, including
780	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
781	  acceleration for CTR.
782
783config CRYPTO_AES_SPARC64
784	tristate "AES cipher algorithms (SPARC64)"
785	depends on SPARC64
786	select CRYPTO_CRYPTD
787	select CRYPTO_ALGAPI
788	help
789	  Use SPARC64 crypto opcodes for AES algorithm.
790
791	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
792	  algorithm.
793
794	  Rijndael appears to be consistently a very good performer in
795	  both hardware and software across a wide range of computing
796	  environments regardless of its use in feedback or non-feedback
797	  modes. Its key setup time is excellent, and its key agility is
798	  good. Rijndael's very low memory requirements make it very well
799	  suited for restricted-space environments, in which it also
800	  demonstrates excellent performance. Rijndael's operations are
801	  among the easiest to defend against power and timing attacks.
802
803	  The AES specifies three key sizes: 128, 192 and 256 bits
804
805	  See <http://csrc.nist.gov/encryption/aes/> for more information.
806
807	  In addition to AES cipher algorithm support, the acceleration
808	  for some popular block cipher mode is supported too, including
809	  ECB and CBC.
810
811config CRYPTO_AES_ARM
812	tristate "AES cipher algorithms (ARM-asm)"
813	depends on ARM
814	select CRYPTO_ALGAPI
815	select CRYPTO_AES
816	help
817	  Use optimized AES assembler routines for ARM platforms.
818
819	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
820	  algorithm.
821
822	  Rijndael appears to be consistently a very good performer in
823	  both hardware and software across a wide range of computing
824	  environments regardless of its use in feedback or non-feedback
825	  modes. Its key setup time is excellent, and its key agility is
826	  good. Rijndael's very low memory requirements make it very well
827	  suited for restricted-space environments, in which it also
828	  demonstrates excellent performance. Rijndael's operations are
829	  among the easiest to defend against power and timing attacks.
830
831	  The AES specifies three key sizes: 128, 192 and 256 bits
832
833	  See <http://csrc.nist.gov/encryption/aes/> for more information.
834
835config CRYPTO_AES_ARM_BS
836	tristate "Bit sliced AES using NEON instructions"
837	depends on ARM && KERNEL_MODE_NEON
838	select CRYPTO_ALGAPI
839	select CRYPTO_AES_ARM
840	select CRYPTO_ABLK_HELPER
841	help
842	  Use a faster and more secure NEON based implementation of AES in CBC,
843	  CTR and XTS modes
844
845	  Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
846	  and for XTS mode encryption, CBC and XTS mode decryption speedup is
847	  around 25%. (CBC encryption speed is not affected by this driver.)
848	  This implementation does not rely on any lookup tables so it is
849	  believed to be invulnerable to cache timing attacks.
850
851config CRYPTO_ANUBIS
852	tristate "Anubis cipher algorithm"
853	select CRYPTO_ALGAPI
854	help
855	  Anubis cipher algorithm.
856
857	  Anubis is a variable key length cipher which can use keys from
858	  128 bits to 320 bits in length.  It was evaluated as a entrant
859	  in the NESSIE competition.
860
861	  See also:
862	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
863	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
864
865config CRYPTO_ARC4
866	tristate "ARC4 cipher algorithm"
867	select CRYPTO_BLKCIPHER
868	help
869	  ARC4 cipher algorithm.
870
871	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
872	  bits in length.  This algorithm is required for driver-based
873	  WEP, but it should not be for other purposes because of the
874	  weakness of the algorithm.
875
876config CRYPTO_BLOWFISH
877	tristate "Blowfish cipher algorithm"
878	select CRYPTO_ALGAPI
879	select CRYPTO_BLOWFISH_COMMON
880	help
881	  Blowfish cipher algorithm, by Bruce Schneier.
882
883	  This is a variable key length cipher which can use keys from 32
884	  bits to 448 bits in length.  It's fast, simple and specifically
885	  designed for use on "large microprocessors".
886
887	  See also:
888	  <http://www.schneier.com/blowfish.html>
889
890config CRYPTO_BLOWFISH_COMMON
891	tristate
892	help
893	  Common parts of the Blowfish cipher algorithm shared by the
894	  generic c and the assembler implementations.
895
896	  See also:
897	  <http://www.schneier.com/blowfish.html>
898
899config CRYPTO_BLOWFISH_X86_64
900	tristate "Blowfish cipher algorithm (x86_64)"
901	depends on X86 && 64BIT
902	select CRYPTO_ALGAPI
903	select CRYPTO_BLOWFISH_COMMON
904	help
905	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
906
907	  This is a variable key length cipher which can use keys from 32
908	  bits to 448 bits in length.  It's fast, simple and specifically
909	  designed for use on "large microprocessors".
910
911	  See also:
912	  <http://www.schneier.com/blowfish.html>
913
914config CRYPTO_CAMELLIA
915	tristate "Camellia cipher algorithms"
916	depends on CRYPTO
917	select CRYPTO_ALGAPI
918	help
919	  Camellia cipher algorithms module.
920
921	  Camellia is a symmetric key block cipher developed jointly
922	  at NTT and Mitsubishi Electric Corporation.
923
924	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
925
926	  See also:
927	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
928
929config CRYPTO_CAMELLIA_X86_64
930	tristate "Camellia cipher algorithm (x86_64)"
931	depends on X86 && 64BIT
932	depends on CRYPTO
933	select CRYPTO_ALGAPI
934	select CRYPTO_GLUE_HELPER_X86
935	select CRYPTO_LRW
936	select CRYPTO_XTS
937	help
938	  Camellia cipher algorithm module (x86_64).
939
940	  Camellia is a symmetric key block cipher developed jointly
941	  at NTT and Mitsubishi Electric Corporation.
942
943	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
944
945	  See also:
946	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
947
948config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
949	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
950	depends on X86 && 64BIT
951	depends on CRYPTO
952	select CRYPTO_ALGAPI
953	select CRYPTO_CRYPTD
954	select CRYPTO_ABLK_HELPER
955	select CRYPTO_GLUE_HELPER_X86
956	select CRYPTO_CAMELLIA_X86_64
957	select CRYPTO_LRW
958	select CRYPTO_XTS
959	help
960	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
961
962	  Camellia is a symmetric key block cipher developed jointly
963	  at NTT and Mitsubishi Electric Corporation.
964
965	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
966
967	  See also:
968	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
969
970config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
971	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
972	depends on X86 && 64BIT
973	depends on CRYPTO
974	select CRYPTO_ALGAPI
975	select CRYPTO_CRYPTD
976	select CRYPTO_ABLK_HELPER
977	select CRYPTO_GLUE_HELPER_X86
978	select CRYPTO_CAMELLIA_X86_64
979	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
980	select CRYPTO_LRW
981	select CRYPTO_XTS
982	help
983	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
984
985	  Camellia is a symmetric key block cipher developed jointly
986	  at NTT and Mitsubishi Electric Corporation.
987
988	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
989
990	  See also:
991	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
992
993config CRYPTO_CAMELLIA_SPARC64
994	tristate "Camellia cipher algorithm (SPARC64)"
995	depends on SPARC64
996	depends on CRYPTO
997	select CRYPTO_ALGAPI
998	help
999	  Camellia cipher algorithm module (SPARC64).
1000
1001	  Camellia is a symmetric key block cipher developed jointly
1002	  at NTT and Mitsubishi Electric Corporation.
1003
1004	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1005
1006	  See also:
1007	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1008
1009config CRYPTO_CAST_COMMON
1010	tristate
1011	help
1012	  Common parts of the CAST cipher algorithms shared by the
1013	  generic c and the assembler implementations.
1014
1015config CRYPTO_CAST5
1016	tristate "CAST5 (CAST-128) cipher algorithm"
1017	select CRYPTO_ALGAPI
1018	select CRYPTO_CAST_COMMON
1019	help
1020	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1021	  described in RFC2144.
1022
1023config CRYPTO_CAST5_AVX_X86_64
1024	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1025	depends on X86 && 64BIT
1026	select CRYPTO_ALGAPI
1027	select CRYPTO_CRYPTD
1028	select CRYPTO_ABLK_HELPER
1029	select CRYPTO_CAST_COMMON
1030	select CRYPTO_CAST5
1031	help
1032	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1033	  described in RFC2144.
1034
1035	  This module provides the Cast5 cipher algorithm that processes
1036	  sixteen blocks parallel using the AVX instruction set.
1037
1038config CRYPTO_CAST6
1039	tristate "CAST6 (CAST-256) cipher algorithm"
1040	select CRYPTO_ALGAPI
1041	select CRYPTO_CAST_COMMON
1042	help
1043	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1044	  described in RFC2612.
1045
1046config CRYPTO_CAST6_AVX_X86_64
1047	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1048	depends on X86 && 64BIT
1049	select CRYPTO_ALGAPI
1050	select CRYPTO_CRYPTD
1051	select CRYPTO_ABLK_HELPER
1052	select CRYPTO_GLUE_HELPER_X86
1053	select CRYPTO_CAST_COMMON
1054	select CRYPTO_CAST6
1055	select CRYPTO_LRW
1056	select CRYPTO_XTS
1057	help
1058	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1059	  described in RFC2612.
1060
1061	  This module provides the Cast6 cipher algorithm that processes
1062	  eight blocks parallel using the AVX instruction set.
1063
1064config CRYPTO_DES
1065	tristate "DES and Triple DES EDE cipher algorithms"
1066	select CRYPTO_ALGAPI
1067	help
1068	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1069
1070config CRYPTO_DES_SPARC64
1071	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1072	depends on SPARC64
1073	select CRYPTO_ALGAPI
1074	select CRYPTO_DES
1075	help
1076	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1077	  optimized using SPARC64 crypto opcodes.
1078
1079config CRYPTO_DES3_EDE_X86_64
1080	tristate "Triple DES EDE cipher algorithm (x86-64)"
1081	depends on X86 && 64BIT
1082	select CRYPTO_ALGAPI
1083	select CRYPTO_DES
1084	help
1085	  Triple DES EDE (FIPS 46-3) algorithm.
1086
1087	  This module provides implementation of the Triple DES EDE cipher
1088	  algorithm that is optimized for x86-64 processors. Two versions of
1089	  algorithm are provided; regular processing one input block and
1090	  one that processes three blocks parallel.
1091
1092config CRYPTO_FCRYPT
1093	tristate "FCrypt cipher algorithm"
1094	select CRYPTO_ALGAPI
1095	select CRYPTO_BLKCIPHER
1096	help
1097	  FCrypt algorithm used by RxRPC.
1098
1099config CRYPTO_KHAZAD
1100	tristate "Khazad cipher algorithm"
1101	select CRYPTO_ALGAPI
1102	help
1103	  Khazad cipher algorithm.
1104
1105	  Khazad was a finalist in the initial NESSIE competition.  It is
1106	  an algorithm optimized for 64-bit processors with good performance
1107	  on 32-bit processors.  Khazad uses an 128 bit key size.
1108
1109	  See also:
1110	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1111
1112config CRYPTO_SALSA20
1113	tristate "Salsa20 stream cipher algorithm"
1114	select CRYPTO_BLKCIPHER
1115	help
1116	  Salsa20 stream cipher algorithm.
1117
1118	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1119	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1120
1121	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1122	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1123
1124config CRYPTO_SALSA20_586
1125	tristate "Salsa20 stream cipher algorithm (i586)"
1126	depends on (X86 || UML_X86) && !64BIT
1127	select CRYPTO_BLKCIPHER
1128	help
1129	  Salsa20 stream cipher algorithm.
1130
1131	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1132	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1133
1134	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1135	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1136
1137config CRYPTO_SALSA20_X86_64
1138	tristate "Salsa20 stream cipher algorithm (x86_64)"
1139	depends on (X86 || UML_X86) && 64BIT
1140	select CRYPTO_BLKCIPHER
1141	help
1142	  Salsa20 stream cipher algorithm.
1143
1144	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1145	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1146
1147	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1148	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1149
1150config CRYPTO_SEED
1151	tristate "SEED cipher algorithm"
1152	select CRYPTO_ALGAPI
1153	help
1154	  SEED cipher algorithm (RFC4269).
1155
1156	  SEED is a 128-bit symmetric key block cipher that has been
1157	  developed by KISA (Korea Information Security Agency) as a
1158	  national standard encryption algorithm of the Republic of Korea.
1159	  It is a 16 round block cipher with the key size of 128 bit.
1160
1161	  See also:
1162	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1163
1164config CRYPTO_SERPENT
1165	tristate "Serpent cipher algorithm"
1166	select CRYPTO_ALGAPI
1167	help
1168	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1169
1170	  Keys are allowed to be from 0 to 256 bits in length, in steps
1171	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1172	  variant of Serpent for compatibility with old kerneli.org code.
1173
1174	  See also:
1175	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1176
1177config CRYPTO_SERPENT_SSE2_X86_64
1178	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1179	depends on X86 && 64BIT
1180	select CRYPTO_ALGAPI
1181	select CRYPTO_CRYPTD
1182	select CRYPTO_ABLK_HELPER
1183	select CRYPTO_GLUE_HELPER_X86
1184	select CRYPTO_SERPENT
1185	select CRYPTO_LRW
1186	select CRYPTO_XTS
1187	help
1188	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1189
1190	  Keys are allowed to be from 0 to 256 bits in length, in steps
1191	  of 8 bits.
1192
1193	  This module provides Serpent cipher algorithm that processes eigth
1194	  blocks parallel using SSE2 instruction set.
1195
1196	  See also:
1197	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1198
1199config CRYPTO_SERPENT_SSE2_586
1200	tristate "Serpent cipher algorithm (i586/SSE2)"
1201	depends on X86 && !64BIT
1202	select CRYPTO_ALGAPI
1203	select CRYPTO_CRYPTD
1204	select CRYPTO_ABLK_HELPER
1205	select CRYPTO_GLUE_HELPER_X86
1206	select CRYPTO_SERPENT
1207	select CRYPTO_LRW
1208	select CRYPTO_XTS
1209	help
1210	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1211
1212	  Keys are allowed to be from 0 to 256 bits in length, in steps
1213	  of 8 bits.
1214
1215	  This module provides Serpent cipher algorithm that processes four
1216	  blocks parallel using SSE2 instruction set.
1217
1218	  See also:
1219	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1220
1221config CRYPTO_SERPENT_AVX_X86_64
1222	tristate "Serpent cipher algorithm (x86_64/AVX)"
1223	depends on X86 && 64BIT
1224	select CRYPTO_ALGAPI
1225	select CRYPTO_CRYPTD
1226	select CRYPTO_ABLK_HELPER
1227	select CRYPTO_GLUE_HELPER_X86
1228	select CRYPTO_SERPENT
1229	select CRYPTO_LRW
1230	select CRYPTO_XTS
1231	help
1232	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1233
1234	  Keys are allowed to be from 0 to 256 bits in length, in steps
1235	  of 8 bits.
1236
1237	  This module provides the Serpent cipher algorithm that processes
1238	  eight blocks parallel using the AVX instruction set.
1239
1240	  See also:
1241	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1242
1243config CRYPTO_SERPENT_AVX2_X86_64
1244	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1245	depends on X86 && 64BIT
1246	select CRYPTO_ALGAPI
1247	select CRYPTO_CRYPTD
1248	select CRYPTO_ABLK_HELPER
1249	select CRYPTO_GLUE_HELPER_X86
1250	select CRYPTO_SERPENT
1251	select CRYPTO_SERPENT_AVX_X86_64
1252	select CRYPTO_LRW
1253	select CRYPTO_XTS
1254	help
1255	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1256
1257	  Keys are allowed to be from 0 to 256 bits in length, in steps
1258	  of 8 bits.
1259
1260	  This module provides Serpent cipher algorithm that processes 16
1261	  blocks parallel using AVX2 instruction set.
1262
1263	  See also:
1264	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1265
1266config CRYPTO_TEA
1267	tristate "TEA, XTEA and XETA cipher algorithms"
1268	select CRYPTO_ALGAPI
1269	help
1270	  TEA cipher algorithm.
1271
1272	  Tiny Encryption Algorithm is a simple cipher that uses
1273	  many rounds for security.  It is very fast and uses
1274	  little memory.
1275
1276	  Xtendend Tiny Encryption Algorithm is a modification to
1277	  the TEA algorithm to address a potential key weakness
1278	  in the TEA algorithm.
1279
1280	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1281	  of the XTEA algorithm for compatibility purposes.
1282
1283config CRYPTO_TWOFISH
1284	tristate "Twofish cipher algorithm"
1285	select CRYPTO_ALGAPI
1286	select CRYPTO_TWOFISH_COMMON
1287	help
1288	  Twofish cipher algorithm.
1289
1290	  Twofish was submitted as an AES (Advanced Encryption Standard)
1291	  candidate cipher by researchers at CounterPane Systems.  It is a
1292	  16 round block cipher supporting key sizes of 128, 192, and 256
1293	  bits.
1294
1295	  See also:
1296	  <http://www.schneier.com/twofish.html>
1297
1298config CRYPTO_TWOFISH_COMMON
1299	tristate
1300	help
1301	  Common parts of the Twofish cipher algorithm shared by the
1302	  generic c and the assembler implementations.
1303
1304config CRYPTO_TWOFISH_586
1305	tristate "Twofish cipher algorithms (i586)"
1306	depends on (X86 || UML_X86) && !64BIT
1307	select CRYPTO_ALGAPI
1308	select CRYPTO_TWOFISH_COMMON
1309	help
1310	  Twofish cipher algorithm.
1311
1312	  Twofish was submitted as an AES (Advanced Encryption Standard)
1313	  candidate cipher by researchers at CounterPane Systems.  It is a
1314	  16 round block cipher supporting key sizes of 128, 192, and 256
1315	  bits.
1316
1317	  See also:
1318	  <http://www.schneier.com/twofish.html>
1319
1320config CRYPTO_TWOFISH_X86_64
1321	tristate "Twofish cipher algorithm (x86_64)"
1322	depends on (X86 || UML_X86) && 64BIT
1323	select CRYPTO_ALGAPI
1324	select CRYPTO_TWOFISH_COMMON
1325	help
1326	  Twofish cipher algorithm (x86_64).
1327
1328	  Twofish was submitted as an AES (Advanced Encryption Standard)
1329	  candidate cipher by researchers at CounterPane Systems.  It is a
1330	  16 round block cipher supporting key sizes of 128, 192, and 256
1331	  bits.
1332
1333	  See also:
1334	  <http://www.schneier.com/twofish.html>
1335
1336config CRYPTO_TWOFISH_X86_64_3WAY
1337	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1338	depends on X86 && 64BIT
1339	select CRYPTO_ALGAPI
1340	select CRYPTO_TWOFISH_COMMON
1341	select CRYPTO_TWOFISH_X86_64
1342	select CRYPTO_GLUE_HELPER_X86
1343	select CRYPTO_LRW
1344	select CRYPTO_XTS
1345	help
1346	  Twofish cipher algorithm (x86_64, 3-way parallel).
1347
1348	  Twofish was submitted as an AES (Advanced Encryption Standard)
1349	  candidate cipher by researchers at CounterPane Systems.  It is a
1350	  16 round block cipher supporting key sizes of 128, 192, and 256
1351	  bits.
1352
1353	  This module provides Twofish cipher algorithm that processes three
1354	  blocks parallel, utilizing resources of out-of-order CPUs better.
1355
1356	  See also:
1357	  <http://www.schneier.com/twofish.html>
1358
1359config CRYPTO_TWOFISH_AVX_X86_64
1360	tristate "Twofish cipher algorithm (x86_64/AVX)"
1361	depends on X86 && 64BIT
1362	select CRYPTO_ALGAPI
1363	select CRYPTO_CRYPTD
1364	select CRYPTO_ABLK_HELPER
1365	select CRYPTO_GLUE_HELPER_X86
1366	select CRYPTO_TWOFISH_COMMON
1367	select CRYPTO_TWOFISH_X86_64
1368	select CRYPTO_TWOFISH_X86_64_3WAY
1369	select CRYPTO_LRW
1370	select CRYPTO_XTS
1371	help
1372	  Twofish cipher algorithm (x86_64/AVX).
1373
1374	  Twofish was submitted as an AES (Advanced Encryption Standard)
1375	  candidate cipher by researchers at CounterPane Systems.  It is a
1376	  16 round block cipher supporting key sizes of 128, 192, and 256
1377	  bits.
1378
1379	  This module provides the Twofish cipher algorithm that processes
1380	  eight blocks parallel using the AVX Instruction Set.
1381
1382	  See also:
1383	  <http://www.schneier.com/twofish.html>
1384
1385comment "Compression"
1386
1387config CRYPTO_DEFLATE
1388	tristate "Deflate compression algorithm"
1389	select CRYPTO_ALGAPI
1390	select ZLIB_INFLATE
1391	select ZLIB_DEFLATE
1392	help
1393	  This is the Deflate algorithm (RFC1951), specified for use in
1394	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1395
1396	  You will most probably want this if using IPSec.
1397
1398config CRYPTO_ZLIB
1399	tristate "Zlib compression algorithm"
1400	select CRYPTO_PCOMP
1401	select ZLIB_INFLATE
1402	select ZLIB_DEFLATE
1403	select NLATTR
1404	help
1405	  This is the zlib algorithm.
1406
1407config CRYPTO_LZO
1408	tristate "LZO compression algorithm"
1409	select CRYPTO_ALGAPI
1410	select LZO_COMPRESS
1411	select LZO_DECOMPRESS
1412	help
1413	  This is the LZO algorithm.
1414
1415config CRYPTO_842
1416	tristate "842 compression algorithm"
1417	depends on CRYPTO_DEV_NX_COMPRESS
1418	# 842 uses lzo if the hardware becomes unavailable
1419	select LZO_COMPRESS
1420	select LZO_DECOMPRESS
1421	help
1422	  This is the 842 algorithm.
1423
1424config CRYPTO_LZ4
1425	tristate "LZ4 compression algorithm"
1426	select CRYPTO_ALGAPI
1427	select LZ4_COMPRESS
1428	select LZ4_DECOMPRESS
1429	help
1430	  This is the LZ4 algorithm.
1431
1432config CRYPTO_LZ4HC
1433	tristate "LZ4HC compression algorithm"
1434	select CRYPTO_ALGAPI
1435	select LZ4HC_COMPRESS
1436	select LZ4_DECOMPRESS
1437	help
1438	  This is the LZ4 high compression mode algorithm.
1439
1440comment "Random Number Generation"
1441
1442config CRYPTO_ANSI_CPRNG
1443	tristate "Pseudo Random Number Generation for Cryptographic modules"
1444	default m
1445	select CRYPTO_AES
1446	select CRYPTO_RNG
1447	help
1448	  This option enables the generic pseudo random number generator
1449	  for cryptographic modules.  Uses the Algorithm specified in
1450	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1451	  CRYPTO_FIPS is selected
1452
1453menuconfig CRYPTO_DRBG_MENU
1454	tristate "NIST SP800-90A DRBG"
1455	help
1456	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1457	  more of the DRBG types must be selected.
1458
1459if CRYPTO_DRBG_MENU
1460
1461config CRYPTO_DRBG_HMAC
1462	bool "Enable HMAC DRBG"
1463	default y
1464	select CRYPTO_HMAC
1465	help
1466	  Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1467
1468config CRYPTO_DRBG_HASH
1469	bool "Enable Hash DRBG"
1470	select CRYPTO_HASH
1471	help
1472	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1473
1474config CRYPTO_DRBG_CTR
1475	bool "Enable CTR DRBG"
1476	select CRYPTO_AES
1477	help
1478	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1479
1480config CRYPTO_DRBG
1481	tristate
1482	default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1483	select CRYPTO_RNG
1484
1485endif	# if CRYPTO_DRBG_MENU
1486
1487config CRYPTO_USER_API
1488	tristate
1489
1490config CRYPTO_USER_API_HASH
1491	tristate "User-space interface for hash algorithms"
1492	depends on NET
1493	select CRYPTO_HASH
1494	select CRYPTO_USER_API
1495	help
1496	  This option enables the user-spaces interface for hash
1497	  algorithms.
1498
1499config CRYPTO_USER_API_SKCIPHER
1500	tristate "User-space interface for symmetric key cipher algorithms"
1501	depends on NET
1502	select CRYPTO_BLKCIPHER
1503	select CRYPTO_USER_API
1504	help
1505	  This option enables the user-spaces interface for symmetric
1506	  key cipher algorithms.
1507
1508config CRYPTO_HASH_INFO
1509	bool
1510
1511source "drivers/crypto/Kconfig"
1512source crypto/asymmetric_keys/Kconfig
1513
1514endif	# if CRYPTO
1515