xref: /openbmc/linux/crypto/Kconfig (revision ebd09753)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_RSA
117	tristate "RSA algorithm"
118	select CRYPTO_AKCIPHER
119	select CRYPTO_MANAGER
120	select MPILIB
121	select ASN1
122	help
123	  Generic implementation of the RSA public key algorithm.
124
125config CRYPTO_DH
126	tristate "Diffie-Hellman algorithm"
127	select CRYPTO_KPP
128	select MPILIB
129	help
130	  Generic implementation of the Diffie-Hellman algorithm.
131
132config CRYPTO_ECDH
133	tristate "ECDH algorithm"
134	select CRYPTO_KPP
135	select CRYPTO_RNG_DEFAULT
136	help
137	  Generic implementation of the ECDH algorithm
138
139config CRYPTO_MANAGER
140	tristate "Cryptographic algorithm manager"
141	select CRYPTO_MANAGER2
142	help
143	  Create default cryptographic template instantiations such as
144	  cbc(aes).
145
146config CRYPTO_MANAGER2
147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148	select CRYPTO_AEAD2
149	select CRYPTO_HASH2
150	select CRYPTO_BLKCIPHER2
151	select CRYPTO_AKCIPHER2
152	select CRYPTO_KPP2
153	select CRYPTO_ACOMP2
154
155config CRYPTO_USER
156	tristate "Userspace cryptographic algorithm configuration"
157	depends on NET
158	select CRYPTO_MANAGER
159	help
160	  Userspace configuration for cryptographic instantiations such as
161	  cbc(aes).
162
163config CRYPTO_MANAGER_DISABLE_TESTS
164	bool "Disable run-time self tests"
165	default y
166	depends on CRYPTO_MANAGER2
167	help
168	  Disable run-time self tests that normally take place at
169	  algorithm registration.
170
171config CRYPTO_GF128MUL
172	tristate "GF(2^128) multiplication functions"
173	help
174	  Efficient table driven implementation of multiplications in the
175	  field GF(2^128).  This is needed by some cypher modes. This
176	  option will be selected automatically if you select such a
177	  cipher mode.  Only select this option by hand if you expect to load
178	  an external module that requires these functions.
179
180config CRYPTO_NULL
181	tristate "Null algorithms"
182	select CRYPTO_NULL2
183	help
184	  These are 'Null' algorithms, used by IPsec, which do nothing.
185
186config CRYPTO_NULL2
187	tristate
188	select CRYPTO_ALGAPI2
189	select CRYPTO_BLKCIPHER2
190	select CRYPTO_HASH2
191
192config CRYPTO_PCRYPT
193	tristate "Parallel crypto engine"
194	depends on SMP
195	select PADATA
196	select CRYPTO_MANAGER
197	select CRYPTO_AEAD
198	help
199	  This converts an arbitrary crypto algorithm into a parallel
200	  algorithm that executes in kernel threads.
201
202config CRYPTO_WORKQUEUE
203       tristate
204
205config CRYPTO_CRYPTD
206	tristate "Software async crypto daemon"
207	select CRYPTO_BLKCIPHER
208	select CRYPTO_HASH
209	select CRYPTO_MANAGER
210	select CRYPTO_WORKQUEUE
211	help
212	  This is a generic software asynchronous crypto daemon that
213	  converts an arbitrary synchronous software crypto algorithm
214	  into an asynchronous algorithm that executes in a kernel thread.
215
216config CRYPTO_AUTHENC
217	tristate "Authenc support"
218	select CRYPTO_AEAD
219	select CRYPTO_BLKCIPHER
220	select CRYPTO_MANAGER
221	select CRYPTO_HASH
222	select CRYPTO_NULL
223	help
224	  Authenc: Combined mode wrapper for IPsec.
225	  This is required for IPSec.
226
227config CRYPTO_TEST
228	tristate "Testing module"
229	depends on m
230	select CRYPTO_MANAGER
231	help
232	  Quick & dirty crypto test module.
233
234config CRYPTO_SIMD
235	tristate
236	select CRYPTO_CRYPTD
237
238config CRYPTO_GLUE_HELPER_X86
239	tristate
240	depends on X86
241	select CRYPTO_BLKCIPHER
242
243config CRYPTO_ENGINE
244	tristate
245
246comment "Authenticated Encryption with Associated Data"
247
248config CRYPTO_CCM
249	tristate "CCM support"
250	select CRYPTO_CTR
251	select CRYPTO_HASH
252	select CRYPTO_AEAD
253	help
254	  Support for Counter with CBC MAC. Required for IPsec.
255
256config CRYPTO_GCM
257	tristate "GCM/GMAC support"
258	select CRYPTO_CTR
259	select CRYPTO_AEAD
260	select CRYPTO_GHASH
261	select CRYPTO_NULL
262	help
263	  Support for Galois/Counter Mode (GCM) and Galois Message
264	  Authentication Code (GMAC). Required for IPSec.
265
266config CRYPTO_CHACHA20POLY1305
267	tristate "ChaCha20-Poly1305 AEAD support"
268	select CRYPTO_CHACHA20
269	select CRYPTO_POLY1305
270	select CRYPTO_AEAD
271	help
272	  ChaCha20-Poly1305 AEAD support, RFC7539.
273
274	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
275	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
276	  IETF protocols.
277
278config CRYPTO_AEGIS128
279	tristate "AEGIS-128 AEAD algorithm"
280	select CRYPTO_AEAD
281	select CRYPTO_AES  # for AES S-box tables
282	help
283	 Support for the AEGIS-128 dedicated AEAD algorithm.
284
285config CRYPTO_AEGIS128L
286	tristate "AEGIS-128L AEAD algorithm"
287	select CRYPTO_AEAD
288	select CRYPTO_AES  # for AES S-box tables
289	help
290	 Support for the AEGIS-128L dedicated AEAD algorithm.
291
292config CRYPTO_AEGIS256
293	tristate "AEGIS-256 AEAD algorithm"
294	select CRYPTO_AEAD
295	select CRYPTO_AES  # for AES S-box tables
296	help
297	 Support for the AEGIS-256 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128_AESNI_SSE2
300	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
301	depends on X86 && 64BIT
302	select CRYPTO_AEAD
303	select CRYPTO_CRYPTD
304	help
305	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
306
307config CRYPTO_AEGIS128L_AESNI_SSE2
308	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
309	depends on X86 && 64BIT
310	select CRYPTO_AEAD
311	select CRYPTO_CRYPTD
312	help
313	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
314
315config CRYPTO_AEGIS256_AESNI_SSE2
316	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
317	depends on X86 && 64BIT
318	select CRYPTO_AEAD
319	select CRYPTO_CRYPTD
320	help
321	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
322
323config CRYPTO_MORUS640
324	tristate "MORUS-640 AEAD algorithm"
325	select CRYPTO_AEAD
326	help
327	  Support for the MORUS-640 dedicated AEAD algorithm.
328
329config CRYPTO_MORUS640_GLUE
330	tristate
331	depends on X86
332	select CRYPTO_AEAD
333	select CRYPTO_CRYPTD
334	help
335	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
336	  algorithm.
337
338config CRYPTO_MORUS640_SSE2
339	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
340	depends on X86 && 64BIT
341	select CRYPTO_AEAD
342	select CRYPTO_MORUS640_GLUE
343	help
344	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
345
346config CRYPTO_MORUS1280
347	tristate "MORUS-1280 AEAD algorithm"
348	select CRYPTO_AEAD
349	help
350	  Support for the MORUS-1280 dedicated AEAD algorithm.
351
352config CRYPTO_MORUS1280_GLUE
353	tristate
354	depends on X86
355	select CRYPTO_AEAD
356	select CRYPTO_CRYPTD
357	help
358	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
359	  algorithm.
360
361config CRYPTO_MORUS1280_SSE2
362	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
363	depends on X86 && 64BIT
364	select CRYPTO_AEAD
365	select CRYPTO_MORUS1280_GLUE
366	help
367	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
368	  algorithm.
369
370config CRYPTO_MORUS1280_AVX2
371	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
372	depends on X86 && 64BIT
373	select CRYPTO_AEAD
374	select CRYPTO_MORUS1280_GLUE
375	help
376	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
377	  algorithm.
378
379config CRYPTO_SEQIV
380	tristate "Sequence Number IV Generator"
381	select CRYPTO_AEAD
382	select CRYPTO_BLKCIPHER
383	select CRYPTO_NULL
384	select CRYPTO_RNG_DEFAULT
385	help
386	  This IV generator generates an IV based on a sequence number by
387	  xoring it with a salt.  This algorithm is mainly useful for CTR
388
389config CRYPTO_ECHAINIV
390	tristate "Encrypted Chain IV Generator"
391	select CRYPTO_AEAD
392	select CRYPTO_NULL
393	select CRYPTO_RNG_DEFAULT
394	default m
395	help
396	  This IV generator generates an IV based on the encryption of
397	  a sequence number xored with a salt.  This is the default
398	  algorithm for CBC.
399
400comment "Block modes"
401
402config CRYPTO_CBC
403	tristate "CBC support"
404	select CRYPTO_BLKCIPHER
405	select CRYPTO_MANAGER
406	help
407	  CBC: Cipher Block Chaining mode
408	  This block cipher algorithm is required for IPSec.
409
410config CRYPTO_CFB
411	tristate "CFB support"
412	select CRYPTO_BLKCIPHER
413	select CRYPTO_MANAGER
414	help
415	  CFB: Cipher FeedBack mode
416	  This block cipher algorithm is required for TPM2 Cryptography.
417
418config CRYPTO_CTR
419	tristate "CTR support"
420	select CRYPTO_BLKCIPHER
421	select CRYPTO_SEQIV
422	select CRYPTO_MANAGER
423	help
424	  CTR: Counter mode
425	  This block cipher algorithm is required for IPSec.
426
427config CRYPTO_CTS
428	tristate "CTS support"
429	select CRYPTO_BLKCIPHER
430	help
431	  CTS: Cipher Text Stealing
432	  This is the Cipher Text Stealing mode as described by
433	  Section 8 of rfc2040 and referenced by rfc3962.
434	  (rfc3962 includes errata information in its Appendix A)
435	  This mode is required for Kerberos gss mechanism support
436	  for AES encryption.
437
438config CRYPTO_ECB
439	tristate "ECB support"
440	select CRYPTO_BLKCIPHER
441	select CRYPTO_MANAGER
442	help
443	  ECB: Electronic CodeBook mode
444	  This is the simplest block cipher algorithm.  It simply encrypts
445	  the input block by block.
446
447config CRYPTO_LRW
448	tristate "LRW support"
449	select CRYPTO_BLKCIPHER
450	select CRYPTO_MANAGER
451	select CRYPTO_GF128MUL
452	help
453	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
454	  narrow block cipher mode for dm-crypt.  Use it with cipher
455	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
456	  The first 128, 192 or 256 bits in the key are used for AES and the
457	  rest is used to tie each cipher block to its logical position.
458
459config CRYPTO_OFB
460	tristate "OFB support"
461	select CRYPTO_BLKCIPHER
462	select CRYPTO_MANAGER
463	help
464	  OFB: the Output Feedback mode makes a block cipher into a synchronous
465	  stream cipher. It generates keystream blocks, which are then XORed
466	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
467	  ciphertext produces a flipped bit in the plaintext at the same
468	  location. This property allows many error correcting codes to function
469	  normally even when applied before encryption.
470
471config CRYPTO_PCBC
472	tristate "PCBC support"
473	select CRYPTO_BLKCIPHER
474	select CRYPTO_MANAGER
475	help
476	  PCBC: Propagating Cipher Block Chaining mode
477	  This block cipher algorithm is required for RxRPC.
478
479config CRYPTO_XTS
480	tristate "XTS support"
481	select CRYPTO_BLKCIPHER
482	select CRYPTO_MANAGER
483	select CRYPTO_ECB
484	help
485	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
486	  key size 256, 384 or 512 bits. This implementation currently
487	  can't handle a sectorsize which is not a multiple of 16 bytes.
488
489config CRYPTO_KEYWRAP
490	tristate "Key wrapping support"
491	select CRYPTO_BLKCIPHER
492	help
493	  Support for key wrapping (NIST SP800-38F / RFC3394) without
494	  padding.
495
496comment "Hash modes"
497
498config CRYPTO_CMAC
499	tristate "CMAC support"
500	select CRYPTO_HASH
501	select CRYPTO_MANAGER
502	help
503	  Cipher-based Message Authentication Code (CMAC) specified by
504	  The National Institute of Standards and Technology (NIST).
505
506	  https://tools.ietf.org/html/rfc4493
507	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
508
509config CRYPTO_HMAC
510	tristate "HMAC support"
511	select CRYPTO_HASH
512	select CRYPTO_MANAGER
513	help
514	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
515	  This is required for IPSec.
516
517config CRYPTO_XCBC
518	tristate "XCBC support"
519	select CRYPTO_HASH
520	select CRYPTO_MANAGER
521	help
522	  XCBC: Keyed-Hashing with encryption algorithm
523		http://www.ietf.org/rfc/rfc3566.txt
524		http://csrc.nist.gov/encryption/modes/proposedmodes/
525		 xcbc-mac/xcbc-mac-spec.pdf
526
527config CRYPTO_VMAC
528	tristate "VMAC support"
529	select CRYPTO_HASH
530	select CRYPTO_MANAGER
531	help
532	  VMAC is a message authentication algorithm designed for
533	  very high speed on 64-bit architectures.
534
535	  See also:
536	  <http://fastcrypto.org/vmac>
537
538comment "Digest"
539
540config CRYPTO_CRC32C
541	tristate "CRC32c CRC algorithm"
542	select CRYPTO_HASH
543	select CRC32
544	help
545	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
546	  by iSCSI for header and data digests and by others.
547	  See Castagnoli93.  Module will be crc32c.
548
549config CRYPTO_CRC32C_INTEL
550	tristate "CRC32c INTEL hardware acceleration"
551	depends on X86
552	select CRYPTO_HASH
553	help
554	  In Intel processor with SSE4.2 supported, the processor will
555	  support CRC32C implementation using hardware accelerated CRC32
556	  instruction. This option will create 'crc32c-intel' module,
557	  which will enable any routine to use the CRC32 instruction to
558	  gain performance compared with software implementation.
559	  Module will be crc32c-intel.
560
561config CRYPTO_CRC32C_VPMSUM
562	tristate "CRC32c CRC algorithm (powerpc64)"
563	depends on PPC64 && ALTIVEC
564	select CRYPTO_HASH
565	select CRC32
566	help
567	  CRC32c algorithm implemented using vector polynomial multiply-sum
568	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
569	  and newer processors for improved performance.
570
571
572config CRYPTO_CRC32C_SPARC64
573	tristate "CRC32c CRC algorithm (SPARC64)"
574	depends on SPARC64
575	select CRYPTO_HASH
576	select CRC32
577	help
578	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
579	  when available.
580
581config CRYPTO_CRC32
582	tristate "CRC32 CRC algorithm"
583	select CRYPTO_HASH
584	select CRC32
585	help
586	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
587	  Shash crypto api wrappers to crc32_le function.
588
589config CRYPTO_CRC32_PCLMUL
590	tristate "CRC32 PCLMULQDQ hardware acceleration"
591	depends on X86
592	select CRYPTO_HASH
593	select CRC32
594	help
595	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
596	  and PCLMULQDQ supported, the processor will support
597	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
598	  instruction. This option will create 'crc32-plcmul' module,
599	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
600	  and gain better performance as compared with the table implementation.
601
602config CRYPTO_CRC32_MIPS
603	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
604	depends on MIPS_CRC_SUPPORT
605	select CRYPTO_HASH
606	help
607	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
608	  instructions, when available.
609
610
611config CRYPTO_CRCT10DIF
612	tristate "CRCT10DIF algorithm"
613	select CRYPTO_HASH
614	help
615	  CRC T10 Data Integrity Field computation is being cast as
616	  a crypto transform.  This allows for faster crc t10 diff
617	  transforms to be used if they are available.
618
619config CRYPTO_CRCT10DIF_PCLMUL
620	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
621	depends on X86 && 64BIT && CRC_T10DIF
622	select CRYPTO_HASH
623	help
624	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
625	  CRC T10 DIF PCLMULQDQ computation can be hardware
626	  accelerated PCLMULQDQ instruction. This option will create
627	  'crct10dif-plcmul' module, which is faster when computing the
628	  crct10dif checksum as compared with the generic table implementation.
629
630config CRYPTO_CRCT10DIF_VPMSUM
631	tristate "CRC32T10DIF powerpc64 hardware acceleration"
632	depends on PPC64 && ALTIVEC && CRC_T10DIF
633	select CRYPTO_HASH
634	help
635	  CRC10T10DIF algorithm implemented using vector polynomial
636	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
637	  POWER8 and newer processors for improved performance.
638
639config CRYPTO_VPMSUM_TESTER
640	tristate "Powerpc64 vpmsum hardware acceleration tester"
641	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
642	help
643	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
644	  POWER8 vpmsum instructions.
645	  Unless you are testing these algorithms, you don't need this.
646
647config CRYPTO_GHASH
648	tristate "GHASH digest algorithm"
649	select CRYPTO_GF128MUL
650	select CRYPTO_HASH
651	help
652	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
653
654config CRYPTO_POLY1305
655	tristate "Poly1305 authenticator algorithm"
656	select CRYPTO_HASH
657	help
658	  Poly1305 authenticator algorithm, RFC7539.
659
660	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
661	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
662	  in IETF protocols. This is the portable C implementation of Poly1305.
663
664config CRYPTO_POLY1305_X86_64
665	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
666	depends on X86 && 64BIT
667	select CRYPTO_POLY1305
668	help
669	  Poly1305 authenticator algorithm, RFC7539.
670
671	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
672	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
673	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
674	  instructions.
675
676config CRYPTO_MD4
677	tristate "MD4 digest algorithm"
678	select CRYPTO_HASH
679	help
680	  MD4 message digest algorithm (RFC1320).
681
682config CRYPTO_MD5
683	tristate "MD5 digest algorithm"
684	select CRYPTO_HASH
685	help
686	  MD5 message digest algorithm (RFC1321).
687
688config CRYPTO_MD5_OCTEON
689	tristate "MD5 digest algorithm (OCTEON)"
690	depends on CPU_CAVIUM_OCTEON
691	select CRYPTO_MD5
692	select CRYPTO_HASH
693	help
694	  MD5 message digest algorithm (RFC1321) implemented
695	  using OCTEON crypto instructions, when available.
696
697config CRYPTO_MD5_PPC
698	tristate "MD5 digest algorithm (PPC)"
699	depends on PPC
700	select CRYPTO_HASH
701	help
702	  MD5 message digest algorithm (RFC1321) implemented
703	  in PPC assembler.
704
705config CRYPTO_MD5_SPARC64
706	tristate "MD5 digest algorithm (SPARC64)"
707	depends on SPARC64
708	select CRYPTO_MD5
709	select CRYPTO_HASH
710	help
711	  MD5 message digest algorithm (RFC1321) implemented
712	  using sparc64 crypto instructions, when available.
713
714config CRYPTO_MICHAEL_MIC
715	tristate "Michael MIC keyed digest algorithm"
716	select CRYPTO_HASH
717	help
718	  Michael MIC is used for message integrity protection in TKIP
719	  (IEEE 802.11i). This algorithm is required for TKIP, but it
720	  should not be used for other purposes because of the weakness
721	  of the algorithm.
722
723config CRYPTO_RMD128
724	tristate "RIPEMD-128 digest algorithm"
725	select CRYPTO_HASH
726	help
727	  RIPEMD-128 (ISO/IEC 10118-3:2004).
728
729	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
730	  be used as a secure replacement for RIPEMD. For other use cases,
731	  RIPEMD-160 should be used.
732
733	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
734	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
735
736config CRYPTO_RMD160
737	tristate "RIPEMD-160 digest algorithm"
738	select CRYPTO_HASH
739	help
740	  RIPEMD-160 (ISO/IEC 10118-3:2004).
741
742	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
743	  to be used as a secure replacement for the 128-bit hash functions
744	  MD4, MD5 and it's predecessor RIPEMD
745	  (not to be confused with RIPEMD-128).
746
747	  It's speed is comparable to SHA1 and there are no known attacks
748	  against RIPEMD-160.
749
750	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
751	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
752
753config CRYPTO_RMD256
754	tristate "RIPEMD-256 digest algorithm"
755	select CRYPTO_HASH
756	help
757	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
758	  256 bit hash. It is intended for applications that require
759	  longer hash-results, without needing a larger security level
760	  (than RIPEMD-128).
761
762	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
763	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
764
765config CRYPTO_RMD320
766	tristate "RIPEMD-320 digest algorithm"
767	select CRYPTO_HASH
768	help
769	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
770	  320 bit hash. It is intended for applications that require
771	  longer hash-results, without needing a larger security level
772	  (than RIPEMD-160).
773
774	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
775	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
776
777config CRYPTO_SHA1
778	tristate "SHA1 digest algorithm"
779	select CRYPTO_HASH
780	help
781	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
782
783config CRYPTO_SHA1_SSSE3
784	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
785	depends on X86 && 64BIT
786	select CRYPTO_SHA1
787	select CRYPTO_HASH
788	help
789	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
790	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
791	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
792	  when available.
793
794config CRYPTO_SHA256_SSSE3
795	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
796	depends on X86 && 64BIT
797	select CRYPTO_SHA256
798	select CRYPTO_HASH
799	help
800	  SHA-256 secure hash standard (DFIPS 180-2) implemented
801	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
802	  Extensions version 1 (AVX1), or Advanced Vector Extensions
803	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
804	  Instructions) when available.
805
806config CRYPTO_SHA512_SSSE3
807	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
808	depends on X86 && 64BIT
809	select CRYPTO_SHA512
810	select CRYPTO_HASH
811	help
812	  SHA-512 secure hash standard (DFIPS 180-2) implemented
813	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
814	  Extensions version 1 (AVX1), or Advanced Vector Extensions
815	  version 2 (AVX2) instructions, when available.
816
817config CRYPTO_SHA1_OCTEON
818	tristate "SHA1 digest algorithm (OCTEON)"
819	depends on CPU_CAVIUM_OCTEON
820	select CRYPTO_SHA1
821	select CRYPTO_HASH
822	help
823	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
824	  using OCTEON crypto instructions, when available.
825
826config CRYPTO_SHA1_SPARC64
827	tristate "SHA1 digest algorithm (SPARC64)"
828	depends on SPARC64
829	select CRYPTO_SHA1
830	select CRYPTO_HASH
831	help
832	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
833	  using sparc64 crypto instructions, when available.
834
835config CRYPTO_SHA1_PPC
836	tristate "SHA1 digest algorithm (powerpc)"
837	depends on PPC
838	help
839	  This is the powerpc hardware accelerated implementation of the
840	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
841
842config CRYPTO_SHA1_PPC_SPE
843	tristate "SHA1 digest algorithm (PPC SPE)"
844	depends on PPC && SPE
845	help
846	  SHA-1 secure hash standard (DFIPS 180-4) implemented
847	  using powerpc SPE SIMD instruction set.
848
849config CRYPTO_SHA256
850	tristate "SHA224 and SHA256 digest algorithm"
851	select CRYPTO_HASH
852	help
853	  SHA256 secure hash standard (DFIPS 180-2).
854
855	  This version of SHA implements a 256 bit hash with 128 bits of
856	  security against collision attacks.
857
858	  This code also includes SHA-224, a 224 bit hash with 112 bits
859	  of security against collision attacks.
860
861config CRYPTO_SHA256_PPC_SPE
862	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
863	depends on PPC && SPE
864	select CRYPTO_SHA256
865	select CRYPTO_HASH
866	help
867	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
868	  implemented using powerpc SPE SIMD instruction set.
869
870config CRYPTO_SHA256_OCTEON
871	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
872	depends on CPU_CAVIUM_OCTEON
873	select CRYPTO_SHA256
874	select CRYPTO_HASH
875	help
876	  SHA-256 secure hash standard (DFIPS 180-2) implemented
877	  using OCTEON crypto instructions, when available.
878
879config CRYPTO_SHA256_SPARC64
880	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
881	depends on SPARC64
882	select CRYPTO_SHA256
883	select CRYPTO_HASH
884	help
885	  SHA-256 secure hash standard (DFIPS 180-2) implemented
886	  using sparc64 crypto instructions, when available.
887
888config CRYPTO_SHA512
889	tristate "SHA384 and SHA512 digest algorithms"
890	select CRYPTO_HASH
891	help
892	  SHA512 secure hash standard (DFIPS 180-2).
893
894	  This version of SHA implements a 512 bit hash with 256 bits of
895	  security against collision attacks.
896
897	  This code also includes SHA-384, a 384 bit hash with 192 bits
898	  of security against collision attacks.
899
900config CRYPTO_SHA512_OCTEON
901	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
902	depends on CPU_CAVIUM_OCTEON
903	select CRYPTO_SHA512
904	select CRYPTO_HASH
905	help
906	  SHA-512 secure hash standard (DFIPS 180-2) implemented
907	  using OCTEON crypto instructions, when available.
908
909config CRYPTO_SHA512_SPARC64
910	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
911	depends on SPARC64
912	select CRYPTO_SHA512
913	select CRYPTO_HASH
914	help
915	  SHA-512 secure hash standard (DFIPS 180-2) implemented
916	  using sparc64 crypto instructions, when available.
917
918config CRYPTO_SHA3
919	tristate "SHA3 digest algorithm"
920	select CRYPTO_HASH
921	help
922	  SHA-3 secure hash standard (DFIPS 202). It's based on
923	  cryptographic sponge function family called Keccak.
924
925	  References:
926	  http://keccak.noekeon.org/
927
928config CRYPTO_SM3
929	tristate "SM3 digest algorithm"
930	select CRYPTO_HASH
931	help
932	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
933	  It is part of the Chinese Commercial Cryptography suite.
934
935	  References:
936	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
937	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
938
939config CRYPTO_TGR192
940	tristate "Tiger digest algorithms"
941	select CRYPTO_HASH
942	help
943	  Tiger hash algorithm 192, 160 and 128-bit hashes
944
945	  Tiger is a hash function optimized for 64-bit processors while
946	  still having decent performance on 32-bit processors.
947	  Tiger was developed by Ross Anderson and Eli Biham.
948
949	  See also:
950	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
951
952config CRYPTO_WP512
953	tristate "Whirlpool digest algorithms"
954	select CRYPTO_HASH
955	help
956	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
957
958	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
959	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
960
961	  See also:
962	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
963
964config CRYPTO_GHASH_CLMUL_NI_INTEL
965	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
966	depends on X86 && 64BIT
967	select CRYPTO_CRYPTD
968	help
969	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
970	  The implementation is accelerated by CLMUL-NI of Intel.
971
972comment "Ciphers"
973
974config CRYPTO_AES
975	tristate "AES cipher algorithms"
976	select CRYPTO_ALGAPI
977	help
978	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
979	  algorithm.
980
981	  Rijndael appears to be consistently a very good performer in
982	  both hardware and software across a wide range of computing
983	  environments regardless of its use in feedback or non-feedback
984	  modes. Its key setup time is excellent, and its key agility is
985	  good. Rijndael's very low memory requirements make it very well
986	  suited for restricted-space environments, in which it also
987	  demonstrates excellent performance. Rijndael's operations are
988	  among the easiest to defend against power and timing attacks.
989
990	  The AES specifies three key sizes: 128, 192 and 256 bits
991
992	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
993
994config CRYPTO_AES_TI
995	tristate "Fixed time AES cipher"
996	select CRYPTO_ALGAPI
997	help
998	  This is a generic implementation of AES that attempts to eliminate
999	  data dependent latencies as much as possible without affecting
1000	  performance too much. It is intended for use by the generic CCM
1001	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1002	  solely on encryption (although decryption is supported as well, but
1003	  with a more dramatic performance hit)
1004
1005	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1006	  8 for decryption), this implementation only uses just two S-boxes of
1007	  256 bytes each, and attempts to eliminate data dependent latencies by
1008	  prefetching the entire table into the cache at the start of each
1009	  block.
1010
1011config CRYPTO_AES_586
1012	tristate "AES cipher algorithms (i586)"
1013	depends on (X86 || UML_X86) && !64BIT
1014	select CRYPTO_ALGAPI
1015	select CRYPTO_AES
1016	help
1017	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1018	  algorithm.
1019
1020	  Rijndael appears to be consistently a very good performer in
1021	  both hardware and software across a wide range of computing
1022	  environments regardless of its use in feedback or non-feedback
1023	  modes. Its key setup time is excellent, and its key agility is
1024	  good. Rijndael's very low memory requirements make it very well
1025	  suited for restricted-space environments, in which it also
1026	  demonstrates excellent performance. Rijndael's operations are
1027	  among the easiest to defend against power and timing attacks.
1028
1029	  The AES specifies three key sizes: 128, 192 and 256 bits
1030
1031	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1032
1033config CRYPTO_AES_X86_64
1034	tristate "AES cipher algorithms (x86_64)"
1035	depends on (X86 || UML_X86) && 64BIT
1036	select CRYPTO_ALGAPI
1037	select CRYPTO_AES
1038	help
1039	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1040	  algorithm.
1041
1042	  Rijndael appears to be consistently a very good performer in
1043	  both hardware and software across a wide range of computing
1044	  environments regardless of its use in feedback or non-feedback
1045	  modes. Its key setup time is excellent, and its key agility is
1046	  good. Rijndael's very low memory requirements make it very well
1047	  suited for restricted-space environments, in which it also
1048	  demonstrates excellent performance. Rijndael's operations are
1049	  among the easiest to defend against power and timing attacks.
1050
1051	  The AES specifies three key sizes: 128, 192 and 256 bits
1052
1053	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1054
1055config CRYPTO_AES_NI_INTEL
1056	tristate "AES cipher algorithms (AES-NI)"
1057	depends on X86
1058	select CRYPTO_AEAD
1059	select CRYPTO_AES_X86_64 if 64BIT
1060	select CRYPTO_AES_586 if !64BIT
1061	select CRYPTO_ALGAPI
1062	select CRYPTO_BLKCIPHER
1063	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1064	select CRYPTO_SIMD
1065	help
1066	  Use Intel AES-NI instructions for AES algorithm.
1067
1068	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1069	  algorithm.
1070
1071	  Rijndael appears to be consistently a very good performer in
1072	  both hardware and software across a wide range of computing
1073	  environments regardless of its use in feedback or non-feedback
1074	  modes. Its key setup time is excellent, and its key agility is
1075	  good. Rijndael's very low memory requirements make it very well
1076	  suited for restricted-space environments, in which it also
1077	  demonstrates excellent performance. Rijndael's operations are
1078	  among the easiest to defend against power and timing attacks.
1079
1080	  The AES specifies three key sizes: 128, 192 and 256 bits
1081
1082	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1083
1084	  In addition to AES cipher algorithm support, the acceleration
1085	  for some popular block cipher mode is supported too, including
1086	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1087	  acceleration for CTR.
1088
1089config CRYPTO_AES_SPARC64
1090	tristate "AES cipher algorithms (SPARC64)"
1091	depends on SPARC64
1092	select CRYPTO_CRYPTD
1093	select CRYPTO_ALGAPI
1094	help
1095	  Use SPARC64 crypto opcodes for AES algorithm.
1096
1097	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1098	  algorithm.
1099
1100	  Rijndael appears to be consistently a very good performer in
1101	  both hardware and software across a wide range of computing
1102	  environments regardless of its use in feedback or non-feedback
1103	  modes. Its key setup time is excellent, and its key agility is
1104	  good. Rijndael's very low memory requirements make it very well
1105	  suited for restricted-space environments, in which it also
1106	  demonstrates excellent performance. Rijndael's operations are
1107	  among the easiest to defend against power and timing attacks.
1108
1109	  The AES specifies three key sizes: 128, 192 and 256 bits
1110
1111	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1112
1113	  In addition to AES cipher algorithm support, the acceleration
1114	  for some popular block cipher mode is supported too, including
1115	  ECB and CBC.
1116
1117config CRYPTO_AES_PPC_SPE
1118	tristate "AES cipher algorithms (PPC SPE)"
1119	depends on PPC && SPE
1120	help
1121	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1122	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1123	  This module should only be used for low power (router) devices
1124	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1125	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1126	  timining attacks. Nevertheless it might be not as secure as other
1127	  architecture specific assembler implementations that work on 1KB
1128	  tables or 256 bytes S-boxes.
1129
1130config CRYPTO_ANUBIS
1131	tristate "Anubis cipher algorithm"
1132	select CRYPTO_ALGAPI
1133	help
1134	  Anubis cipher algorithm.
1135
1136	  Anubis is a variable key length cipher which can use keys from
1137	  128 bits to 320 bits in length.  It was evaluated as a entrant
1138	  in the NESSIE competition.
1139
1140	  See also:
1141	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1142	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1143
1144config CRYPTO_ARC4
1145	tristate "ARC4 cipher algorithm"
1146	select CRYPTO_BLKCIPHER
1147	help
1148	  ARC4 cipher algorithm.
1149
1150	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1151	  bits in length.  This algorithm is required for driver-based
1152	  WEP, but it should not be for other purposes because of the
1153	  weakness of the algorithm.
1154
1155config CRYPTO_BLOWFISH
1156	tristate "Blowfish cipher algorithm"
1157	select CRYPTO_ALGAPI
1158	select CRYPTO_BLOWFISH_COMMON
1159	help
1160	  Blowfish cipher algorithm, by Bruce Schneier.
1161
1162	  This is a variable key length cipher which can use keys from 32
1163	  bits to 448 bits in length.  It's fast, simple and specifically
1164	  designed for use on "large microprocessors".
1165
1166	  See also:
1167	  <http://www.schneier.com/blowfish.html>
1168
1169config CRYPTO_BLOWFISH_COMMON
1170	tristate
1171	help
1172	  Common parts of the Blowfish cipher algorithm shared by the
1173	  generic c and the assembler implementations.
1174
1175	  See also:
1176	  <http://www.schneier.com/blowfish.html>
1177
1178config CRYPTO_BLOWFISH_X86_64
1179	tristate "Blowfish cipher algorithm (x86_64)"
1180	depends on X86 && 64BIT
1181	select CRYPTO_BLKCIPHER
1182	select CRYPTO_BLOWFISH_COMMON
1183	help
1184	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1185
1186	  This is a variable key length cipher which can use keys from 32
1187	  bits to 448 bits in length.  It's fast, simple and specifically
1188	  designed for use on "large microprocessors".
1189
1190	  See also:
1191	  <http://www.schneier.com/blowfish.html>
1192
1193config CRYPTO_CAMELLIA
1194	tristate "Camellia cipher algorithms"
1195	depends on CRYPTO
1196	select CRYPTO_ALGAPI
1197	help
1198	  Camellia cipher algorithms module.
1199
1200	  Camellia is a symmetric key block cipher developed jointly
1201	  at NTT and Mitsubishi Electric Corporation.
1202
1203	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1204
1205	  See also:
1206	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1207
1208config CRYPTO_CAMELLIA_X86_64
1209	tristate "Camellia cipher algorithm (x86_64)"
1210	depends on X86 && 64BIT
1211	depends on CRYPTO
1212	select CRYPTO_BLKCIPHER
1213	select CRYPTO_GLUE_HELPER_X86
1214	help
1215	  Camellia cipher algorithm module (x86_64).
1216
1217	  Camellia is a symmetric key block cipher developed jointly
1218	  at NTT and Mitsubishi Electric Corporation.
1219
1220	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1221
1222	  See also:
1223	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1224
1225config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1226	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1227	depends on X86 && 64BIT
1228	depends on CRYPTO
1229	select CRYPTO_BLKCIPHER
1230	select CRYPTO_CAMELLIA_X86_64
1231	select CRYPTO_GLUE_HELPER_X86
1232	select CRYPTO_SIMD
1233	select CRYPTO_XTS
1234	help
1235	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1236
1237	  Camellia is a symmetric key block cipher developed jointly
1238	  at NTT and Mitsubishi Electric Corporation.
1239
1240	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1241
1242	  See also:
1243	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1244
1245config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1246	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1247	depends on X86 && 64BIT
1248	depends on CRYPTO
1249	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1250	help
1251	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1252
1253	  Camellia is a symmetric key block cipher developed jointly
1254	  at NTT and Mitsubishi Electric Corporation.
1255
1256	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1257
1258	  See also:
1259	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1260
1261config CRYPTO_CAMELLIA_SPARC64
1262	tristate "Camellia cipher algorithm (SPARC64)"
1263	depends on SPARC64
1264	depends on CRYPTO
1265	select CRYPTO_ALGAPI
1266	help
1267	  Camellia cipher algorithm module (SPARC64).
1268
1269	  Camellia is a symmetric key block cipher developed jointly
1270	  at NTT and Mitsubishi Electric Corporation.
1271
1272	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1273
1274	  See also:
1275	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1276
1277config CRYPTO_CAST_COMMON
1278	tristate
1279	help
1280	  Common parts of the CAST cipher algorithms shared by the
1281	  generic c and the assembler implementations.
1282
1283config CRYPTO_CAST5
1284	tristate "CAST5 (CAST-128) cipher algorithm"
1285	select CRYPTO_ALGAPI
1286	select CRYPTO_CAST_COMMON
1287	help
1288	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1289	  described in RFC2144.
1290
1291config CRYPTO_CAST5_AVX_X86_64
1292	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1293	depends on X86 && 64BIT
1294	select CRYPTO_BLKCIPHER
1295	select CRYPTO_CAST5
1296	select CRYPTO_CAST_COMMON
1297	select CRYPTO_SIMD
1298	help
1299	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1300	  described in RFC2144.
1301
1302	  This module provides the Cast5 cipher algorithm that processes
1303	  sixteen blocks parallel using the AVX instruction set.
1304
1305config CRYPTO_CAST6
1306	tristate "CAST6 (CAST-256) cipher algorithm"
1307	select CRYPTO_ALGAPI
1308	select CRYPTO_CAST_COMMON
1309	help
1310	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1311	  described in RFC2612.
1312
1313config CRYPTO_CAST6_AVX_X86_64
1314	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1315	depends on X86 && 64BIT
1316	select CRYPTO_BLKCIPHER
1317	select CRYPTO_CAST6
1318	select CRYPTO_CAST_COMMON
1319	select CRYPTO_GLUE_HELPER_X86
1320	select CRYPTO_SIMD
1321	select CRYPTO_XTS
1322	help
1323	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1324	  described in RFC2612.
1325
1326	  This module provides the Cast6 cipher algorithm that processes
1327	  eight blocks parallel using the AVX instruction set.
1328
1329config CRYPTO_DES
1330	tristate "DES and Triple DES EDE cipher algorithms"
1331	select CRYPTO_ALGAPI
1332	help
1333	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1334
1335config CRYPTO_DES_SPARC64
1336	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1337	depends on SPARC64
1338	select CRYPTO_ALGAPI
1339	select CRYPTO_DES
1340	help
1341	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1342	  optimized using SPARC64 crypto opcodes.
1343
1344config CRYPTO_DES3_EDE_X86_64
1345	tristate "Triple DES EDE cipher algorithm (x86-64)"
1346	depends on X86 && 64BIT
1347	select CRYPTO_BLKCIPHER
1348	select CRYPTO_DES
1349	help
1350	  Triple DES EDE (FIPS 46-3) algorithm.
1351
1352	  This module provides implementation of the Triple DES EDE cipher
1353	  algorithm that is optimized for x86-64 processors. Two versions of
1354	  algorithm are provided; regular processing one input block and
1355	  one that processes three blocks parallel.
1356
1357config CRYPTO_FCRYPT
1358	tristate "FCrypt cipher algorithm"
1359	select CRYPTO_ALGAPI
1360	select CRYPTO_BLKCIPHER
1361	help
1362	  FCrypt algorithm used by RxRPC.
1363
1364config CRYPTO_KHAZAD
1365	tristate "Khazad cipher algorithm"
1366	select CRYPTO_ALGAPI
1367	help
1368	  Khazad cipher algorithm.
1369
1370	  Khazad was a finalist in the initial NESSIE competition.  It is
1371	  an algorithm optimized for 64-bit processors with good performance
1372	  on 32-bit processors.  Khazad uses an 128 bit key size.
1373
1374	  See also:
1375	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1376
1377config CRYPTO_SALSA20
1378	tristate "Salsa20 stream cipher algorithm"
1379	select CRYPTO_BLKCIPHER
1380	help
1381	  Salsa20 stream cipher algorithm.
1382
1383	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1384	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1385
1386	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1387	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1388
1389config CRYPTO_CHACHA20
1390	tristate "ChaCha20 cipher algorithm"
1391	select CRYPTO_BLKCIPHER
1392	help
1393	  ChaCha20 cipher algorithm, RFC7539.
1394
1395	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1396	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1397	  This is the portable C implementation of ChaCha20.
1398
1399	  See also:
1400	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1401
1402config CRYPTO_CHACHA20_X86_64
1403	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1404	depends on X86 && 64BIT
1405	select CRYPTO_BLKCIPHER
1406	select CRYPTO_CHACHA20
1407	help
1408	  ChaCha20 cipher algorithm, RFC7539.
1409
1410	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1411	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1412	  This is the x86_64 assembler implementation using SIMD instructions.
1413
1414	  See also:
1415	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1416
1417config CRYPTO_SEED
1418	tristate "SEED cipher algorithm"
1419	select CRYPTO_ALGAPI
1420	help
1421	  SEED cipher algorithm (RFC4269).
1422
1423	  SEED is a 128-bit symmetric key block cipher that has been
1424	  developed by KISA (Korea Information Security Agency) as a
1425	  national standard encryption algorithm of the Republic of Korea.
1426	  It is a 16 round block cipher with the key size of 128 bit.
1427
1428	  See also:
1429	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1430
1431config CRYPTO_SERPENT
1432	tristate "Serpent cipher algorithm"
1433	select CRYPTO_ALGAPI
1434	help
1435	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1436
1437	  Keys are allowed to be from 0 to 256 bits in length, in steps
1438	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1439	  variant of Serpent for compatibility with old kerneli.org code.
1440
1441	  See also:
1442	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1443
1444config CRYPTO_SERPENT_SSE2_X86_64
1445	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1446	depends on X86 && 64BIT
1447	select CRYPTO_BLKCIPHER
1448	select CRYPTO_GLUE_HELPER_X86
1449	select CRYPTO_SERPENT
1450	select CRYPTO_SIMD
1451	help
1452	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1453
1454	  Keys are allowed to be from 0 to 256 bits in length, in steps
1455	  of 8 bits.
1456
1457	  This module provides Serpent cipher algorithm that processes eight
1458	  blocks parallel using SSE2 instruction set.
1459
1460	  See also:
1461	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1462
1463config CRYPTO_SERPENT_SSE2_586
1464	tristate "Serpent cipher algorithm (i586/SSE2)"
1465	depends on X86 && !64BIT
1466	select CRYPTO_BLKCIPHER
1467	select CRYPTO_GLUE_HELPER_X86
1468	select CRYPTO_SERPENT
1469	select CRYPTO_SIMD
1470	help
1471	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1472
1473	  Keys are allowed to be from 0 to 256 bits in length, in steps
1474	  of 8 bits.
1475
1476	  This module provides Serpent cipher algorithm that processes four
1477	  blocks parallel using SSE2 instruction set.
1478
1479	  See also:
1480	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1481
1482config CRYPTO_SERPENT_AVX_X86_64
1483	tristate "Serpent cipher algorithm (x86_64/AVX)"
1484	depends on X86 && 64BIT
1485	select CRYPTO_BLKCIPHER
1486	select CRYPTO_GLUE_HELPER_X86
1487	select CRYPTO_SERPENT
1488	select CRYPTO_SIMD
1489	select CRYPTO_XTS
1490	help
1491	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1492
1493	  Keys are allowed to be from 0 to 256 bits in length, in steps
1494	  of 8 bits.
1495
1496	  This module provides the Serpent cipher algorithm that processes
1497	  eight blocks parallel using the AVX instruction set.
1498
1499	  See also:
1500	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1501
1502config CRYPTO_SERPENT_AVX2_X86_64
1503	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1504	depends on X86 && 64BIT
1505	select CRYPTO_SERPENT_AVX_X86_64
1506	help
1507	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1508
1509	  Keys are allowed to be from 0 to 256 bits in length, in steps
1510	  of 8 bits.
1511
1512	  This module provides Serpent cipher algorithm that processes 16
1513	  blocks parallel using AVX2 instruction set.
1514
1515	  See also:
1516	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1517
1518config CRYPTO_SM4
1519	tristate "SM4 cipher algorithm"
1520	select CRYPTO_ALGAPI
1521	help
1522	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1523
1524	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1525	  Organization of State Commercial Administration of China (OSCCA)
1526	  as an authorized cryptographic algorithms for the use within China.
1527
1528	  SMS4 was originally created for use in protecting wireless
1529	  networks, and is mandated in the Chinese National Standard for
1530	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1531	  (GB.15629.11-2003).
1532
1533	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1534	  standardized through TC 260 of the Standardization Administration
1535	  of the People's Republic of China (SAC).
1536
1537	  The input, output, and key of SMS4 are each 128 bits.
1538
1539	  See also: <https://eprint.iacr.org/2008/329.pdf>
1540
1541	  If unsure, say N.
1542
1543config CRYPTO_TEA
1544	tristate "TEA, XTEA and XETA cipher algorithms"
1545	select CRYPTO_ALGAPI
1546	help
1547	  TEA cipher algorithm.
1548
1549	  Tiny Encryption Algorithm is a simple cipher that uses
1550	  many rounds for security.  It is very fast and uses
1551	  little memory.
1552
1553	  Xtendend Tiny Encryption Algorithm is a modification to
1554	  the TEA algorithm to address a potential key weakness
1555	  in the TEA algorithm.
1556
1557	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1558	  of the XTEA algorithm for compatibility purposes.
1559
1560config CRYPTO_TWOFISH
1561	tristate "Twofish cipher algorithm"
1562	select CRYPTO_ALGAPI
1563	select CRYPTO_TWOFISH_COMMON
1564	help
1565	  Twofish cipher algorithm.
1566
1567	  Twofish was submitted as an AES (Advanced Encryption Standard)
1568	  candidate cipher by researchers at CounterPane Systems.  It is a
1569	  16 round block cipher supporting key sizes of 128, 192, and 256
1570	  bits.
1571
1572	  See also:
1573	  <http://www.schneier.com/twofish.html>
1574
1575config CRYPTO_TWOFISH_COMMON
1576	tristate
1577	help
1578	  Common parts of the Twofish cipher algorithm shared by the
1579	  generic c and the assembler implementations.
1580
1581config CRYPTO_TWOFISH_586
1582	tristate "Twofish cipher algorithms (i586)"
1583	depends on (X86 || UML_X86) && !64BIT
1584	select CRYPTO_ALGAPI
1585	select CRYPTO_TWOFISH_COMMON
1586	help
1587	  Twofish cipher algorithm.
1588
1589	  Twofish was submitted as an AES (Advanced Encryption Standard)
1590	  candidate cipher by researchers at CounterPane Systems.  It is a
1591	  16 round block cipher supporting key sizes of 128, 192, and 256
1592	  bits.
1593
1594	  See also:
1595	  <http://www.schneier.com/twofish.html>
1596
1597config CRYPTO_TWOFISH_X86_64
1598	tristate "Twofish cipher algorithm (x86_64)"
1599	depends on (X86 || UML_X86) && 64BIT
1600	select CRYPTO_ALGAPI
1601	select CRYPTO_TWOFISH_COMMON
1602	help
1603	  Twofish cipher algorithm (x86_64).
1604
1605	  Twofish was submitted as an AES (Advanced Encryption Standard)
1606	  candidate cipher by researchers at CounterPane Systems.  It is a
1607	  16 round block cipher supporting key sizes of 128, 192, and 256
1608	  bits.
1609
1610	  See also:
1611	  <http://www.schneier.com/twofish.html>
1612
1613config CRYPTO_TWOFISH_X86_64_3WAY
1614	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1615	depends on X86 && 64BIT
1616	select CRYPTO_BLKCIPHER
1617	select CRYPTO_TWOFISH_COMMON
1618	select CRYPTO_TWOFISH_X86_64
1619	select CRYPTO_GLUE_HELPER_X86
1620	help
1621	  Twofish cipher algorithm (x86_64, 3-way parallel).
1622
1623	  Twofish was submitted as an AES (Advanced Encryption Standard)
1624	  candidate cipher by researchers at CounterPane Systems.  It is a
1625	  16 round block cipher supporting key sizes of 128, 192, and 256
1626	  bits.
1627
1628	  This module provides Twofish cipher algorithm that processes three
1629	  blocks parallel, utilizing resources of out-of-order CPUs better.
1630
1631	  See also:
1632	  <http://www.schneier.com/twofish.html>
1633
1634config CRYPTO_TWOFISH_AVX_X86_64
1635	tristate "Twofish cipher algorithm (x86_64/AVX)"
1636	depends on X86 && 64BIT
1637	select CRYPTO_BLKCIPHER
1638	select CRYPTO_GLUE_HELPER_X86
1639	select CRYPTO_SIMD
1640	select CRYPTO_TWOFISH_COMMON
1641	select CRYPTO_TWOFISH_X86_64
1642	select CRYPTO_TWOFISH_X86_64_3WAY
1643	help
1644	  Twofish cipher algorithm (x86_64/AVX).
1645
1646	  Twofish was submitted as an AES (Advanced Encryption Standard)
1647	  candidate cipher by researchers at CounterPane Systems.  It is a
1648	  16 round block cipher supporting key sizes of 128, 192, and 256
1649	  bits.
1650
1651	  This module provides the Twofish cipher algorithm that processes
1652	  eight blocks parallel using the AVX Instruction Set.
1653
1654	  See also:
1655	  <http://www.schneier.com/twofish.html>
1656
1657comment "Compression"
1658
1659config CRYPTO_DEFLATE
1660	tristate "Deflate compression algorithm"
1661	select CRYPTO_ALGAPI
1662	select CRYPTO_ACOMP2
1663	select ZLIB_INFLATE
1664	select ZLIB_DEFLATE
1665	help
1666	  This is the Deflate algorithm (RFC1951), specified for use in
1667	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1668
1669	  You will most probably want this if using IPSec.
1670
1671config CRYPTO_LZO
1672	tristate "LZO compression algorithm"
1673	select CRYPTO_ALGAPI
1674	select CRYPTO_ACOMP2
1675	select LZO_COMPRESS
1676	select LZO_DECOMPRESS
1677	help
1678	  This is the LZO algorithm.
1679
1680config CRYPTO_842
1681	tristate "842 compression algorithm"
1682	select CRYPTO_ALGAPI
1683	select CRYPTO_ACOMP2
1684	select 842_COMPRESS
1685	select 842_DECOMPRESS
1686	help
1687	  This is the 842 algorithm.
1688
1689config CRYPTO_LZ4
1690	tristate "LZ4 compression algorithm"
1691	select CRYPTO_ALGAPI
1692	select CRYPTO_ACOMP2
1693	select LZ4_COMPRESS
1694	select LZ4_DECOMPRESS
1695	help
1696	  This is the LZ4 algorithm.
1697
1698config CRYPTO_LZ4HC
1699	tristate "LZ4HC compression algorithm"
1700	select CRYPTO_ALGAPI
1701	select CRYPTO_ACOMP2
1702	select LZ4HC_COMPRESS
1703	select LZ4_DECOMPRESS
1704	help
1705	  This is the LZ4 high compression mode algorithm.
1706
1707config CRYPTO_ZSTD
1708	tristate "Zstd compression algorithm"
1709	select CRYPTO_ALGAPI
1710	select CRYPTO_ACOMP2
1711	select ZSTD_COMPRESS
1712	select ZSTD_DECOMPRESS
1713	help
1714	  This is the zstd algorithm.
1715
1716comment "Random Number Generation"
1717
1718config CRYPTO_ANSI_CPRNG
1719	tristate "Pseudo Random Number Generation for Cryptographic modules"
1720	select CRYPTO_AES
1721	select CRYPTO_RNG
1722	help
1723	  This option enables the generic pseudo random number generator
1724	  for cryptographic modules.  Uses the Algorithm specified in
1725	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1726	  CRYPTO_FIPS is selected
1727
1728menuconfig CRYPTO_DRBG_MENU
1729	tristate "NIST SP800-90A DRBG"
1730	help
1731	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1732	  more of the DRBG types must be selected.
1733
1734if CRYPTO_DRBG_MENU
1735
1736config CRYPTO_DRBG_HMAC
1737	bool
1738	default y
1739	select CRYPTO_HMAC
1740	select CRYPTO_SHA256
1741
1742config CRYPTO_DRBG_HASH
1743	bool "Enable Hash DRBG"
1744	select CRYPTO_SHA256
1745	help
1746	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1747
1748config CRYPTO_DRBG_CTR
1749	bool "Enable CTR DRBG"
1750	select CRYPTO_AES
1751	depends on CRYPTO_CTR
1752	help
1753	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1754
1755config CRYPTO_DRBG
1756	tristate
1757	default CRYPTO_DRBG_MENU
1758	select CRYPTO_RNG
1759	select CRYPTO_JITTERENTROPY
1760
1761endif	# if CRYPTO_DRBG_MENU
1762
1763config CRYPTO_JITTERENTROPY
1764	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1765	select CRYPTO_RNG
1766	help
1767	  The Jitterentropy RNG is a noise that is intended
1768	  to provide seed to another RNG. The RNG does not
1769	  perform any cryptographic whitening of the generated
1770	  random numbers. This Jitterentropy RNG registers with
1771	  the kernel crypto API and can be used by any caller.
1772
1773config CRYPTO_USER_API
1774	tristate
1775
1776config CRYPTO_USER_API_HASH
1777	tristate "User-space interface for hash algorithms"
1778	depends on NET
1779	select CRYPTO_HASH
1780	select CRYPTO_USER_API
1781	help
1782	  This option enables the user-spaces interface for hash
1783	  algorithms.
1784
1785config CRYPTO_USER_API_SKCIPHER
1786	tristate "User-space interface for symmetric key cipher algorithms"
1787	depends on NET
1788	select CRYPTO_BLKCIPHER
1789	select CRYPTO_USER_API
1790	help
1791	  This option enables the user-spaces interface for symmetric
1792	  key cipher algorithms.
1793
1794config CRYPTO_USER_API_RNG
1795	tristate "User-space interface for random number generator algorithms"
1796	depends on NET
1797	select CRYPTO_RNG
1798	select CRYPTO_USER_API
1799	help
1800	  This option enables the user-spaces interface for random
1801	  number generator algorithms.
1802
1803config CRYPTO_USER_API_AEAD
1804	tristate "User-space interface for AEAD cipher algorithms"
1805	depends on NET
1806	select CRYPTO_AEAD
1807	select CRYPTO_BLKCIPHER
1808	select CRYPTO_NULL
1809	select CRYPTO_USER_API
1810	help
1811	  This option enables the user-spaces interface for AEAD
1812	  cipher algorithms.
1813
1814config CRYPTO_STATS
1815	bool "Crypto usage statistics for User-space"
1816	help
1817	  This option enables the gathering of crypto stats.
1818	  This will collect:
1819	  - encrypt/decrypt size and numbers of symmeric operations
1820	  - compress/decompress size and numbers of compress operations
1821	  - size and numbers of hash operations
1822	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1823	  - generate/seed numbers for rng operations
1824
1825config CRYPTO_HASH_INFO
1826	bool
1827
1828source "drivers/crypto/Kconfig"
1829source crypto/asymmetric_keys/Kconfig
1830source certs/Kconfig
1831
1832endif	# if CRYPTO
1833