xref: /openbmc/linux/crypto/Kconfig (revision fb960bd2)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_RSA
116	tristate "RSA algorithm"
117	select CRYPTO_AKCIPHER
118	select CRYPTO_MANAGER
119	select MPILIB
120	select ASN1
121	help
122	  Generic implementation of the RSA public key algorithm.
123
124config CRYPTO_DH
125	tristate "Diffie-Hellman algorithm"
126	select CRYPTO_KPP
127	select MPILIB
128	help
129	  Generic implementation of the Diffie-Hellman algorithm.
130
131config CRYPTO_ECDH
132	tristate "ECDH algorithm"
133	select CRYTPO_KPP
134	select CRYPTO_RNG_DEFAULT
135	help
136	  Generic implementation of the ECDH algorithm
137
138config CRYPTO_MANAGER
139	tristate "Cryptographic algorithm manager"
140	select CRYPTO_MANAGER2
141	help
142	  Create default cryptographic template instantiations such as
143	  cbc(aes).
144
145config CRYPTO_MANAGER2
146	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
147	select CRYPTO_AEAD2
148	select CRYPTO_HASH2
149	select CRYPTO_BLKCIPHER2
150	select CRYPTO_AKCIPHER2
151	select CRYPTO_KPP2
152	select CRYPTO_ACOMP2
153
154config CRYPTO_USER
155	tristate "Userspace cryptographic algorithm configuration"
156	depends on NET
157	select CRYPTO_MANAGER
158	help
159	  Userspace configuration for cryptographic instantiations such as
160	  cbc(aes).
161
162config CRYPTO_MANAGER_DISABLE_TESTS
163	bool "Disable run-time self tests"
164	default y
165	depends on CRYPTO_MANAGER2
166	help
167	  Disable run-time self tests that normally take place at
168	  algorithm registration.
169
170config CRYPTO_GF128MUL
171	tristate "GF(2^128) multiplication functions"
172	help
173	  Efficient table driven implementation of multiplications in the
174	  field GF(2^128).  This is needed by some cypher modes. This
175	  option will be selected automatically if you select such a
176	  cipher mode.  Only select this option by hand if you expect to load
177	  an external module that requires these functions.
178
179config CRYPTO_NULL
180	tristate "Null algorithms"
181	select CRYPTO_NULL2
182	help
183	  These are 'Null' algorithms, used by IPsec, which do nothing.
184
185config CRYPTO_NULL2
186	tristate
187	select CRYPTO_ALGAPI2
188	select CRYPTO_BLKCIPHER2
189	select CRYPTO_HASH2
190
191config CRYPTO_PCRYPT
192	tristate "Parallel crypto engine"
193	depends on SMP
194	select PADATA
195	select CRYPTO_MANAGER
196	select CRYPTO_AEAD
197	help
198	  This converts an arbitrary crypto algorithm into a parallel
199	  algorithm that executes in kernel threads.
200
201config CRYPTO_WORKQUEUE
202       tristate
203
204config CRYPTO_CRYPTD
205	tristate "Software async crypto daemon"
206	select CRYPTO_BLKCIPHER
207	select CRYPTO_HASH
208	select CRYPTO_MANAGER
209	select CRYPTO_WORKQUEUE
210	help
211	  This is a generic software asynchronous crypto daemon that
212	  converts an arbitrary synchronous software crypto algorithm
213	  into an asynchronous algorithm that executes in a kernel thread.
214
215config CRYPTO_MCRYPTD
216	tristate "Software async multi-buffer crypto daemon"
217	select CRYPTO_BLKCIPHER
218	select CRYPTO_HASH
219	select CRYPTO_MANAGER
220	select CRYPTO_WORKQUEUE
221	help
222	  This is a generic software asynchronous crypto daemon that
223	  provides the kernel thread to assist multi-buffer crypto
224	  algorithms for submitting jobs and flushing jobs in multi-buffer
225	  crypto algorithms.  Multi-buffer crypto algorithms are executed
226	  in the context of this kernel thread and drivers can post
227	  their crypto request asynchronously to be processed by this daemon.
228
229config CRYPTO_AUTHENC
230	tristate "Authenc support"
231	select CRYPTO_AEAD
232	select CRYPTO_BLKCIPHER
233	select CRYPTO_MANAGER
234	select CRYPTO_HASH
235	select CRYPTO_NULL
236	help
237	  Authenc: Combined mode wrapper for IPsec.
238	  This is required for IPSec.
239
240config CRYPTO_TEST
241	tristate "Testing module"
242	depends on m
243	select CRYPTO_MANAGER
244	help
245	  Quick & dirty crypto test module.
246
247config CRYPTO_ABLK_HELPER
248	tristate
249	select CRYPTO_CRYPTD
250
251config CRYPTO_SIMD
252	tristate
253	select CRYPTO_CRYPTD
254
255config CRYPTO_GLUE_HELPER_X86
256	tristate
257	depends on X86
258	select CRYPTO_BLKCIPHER
259
260config CRYPTO_ENGINE
261	tristate
262
263comment "Authenticated Encryption with Associated Data"
264
265config CRYPTO_CCM
266	tristate "CCM support"
267	select CRYPTO_CTR
268	select CRYPTO_HASH
269	select CRYPTO_AEAD
270	help
271	  Support for Counter with CBC MAC. Required for IPsec.
272
273config CRYPTO_GCM
274	tristate "GCM/GMAC support"
275	select CRYPTO_CTR
276	select CRYPTO_AEAD
277	select CRYPTO_GHASH
278	select CRYPTO_NULL
279	help
280	  Support for Galois/Counter Mode (GCM) and Galois Message
281	  Authentication Code (GMAC). Required for IPSec.
282
283config CRYPTO_CHACHA20POLY1305
284	tristate "ChaCha20-Poly1305 AEAD support"
285	select CRYPTO_CHACHA20
286	select CRYPTO_POLY1305
287	select CRYPTO_AEAD
288	help
289	  ChaCha20-Poly1305 AEAD support, RFC7539.
290
291	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
292	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
293	  IETF protocols.
294
295config CRYPTO_SEQIV
296	tristate "Sequence Number IV Generator"
297	select CRYPTO_AEAD
298	select CRYPTO_BLKCIPHER
299	select CRYPTO_NULL
300	select CRYPTO_RNG_DEFAULT
301	help
302	  This IV generator generates an IV based on a sequence number by
303	  xoring it with a salt.  This algorithm is mainly useful for CTR
304
305config CRYPTO_ECHAINIV
306	tristate "Encrypted Chain IV Generator"
307	select CRYPTO_AEAD
308	select CRYPTO_NULL
309	select CRYPTO_RNG_DEFAULT
310	default m
311	help
312	  This IV generator generates an IV based on the encryption of
313	  a sequence number xored with a salt.  This is the default
314	  algorithm for CBC.
315
316comment "Block modes"
317
318config CRYPTO_CBC
319	tristate "CBC support"
320	select CRYPTO_BLKCIPHER
321	select CRYPTO_MANAGER
322	help
323	  CBC: Cipher Block Chaining mode
324	  This block cipher algorithm is required for IPSec.
325
326config CRYPTO_CTR
327	tristate "CTR support"
328	select CRYPTO_BLKCIPHER
329	select CRYPTO_SEQIV
330	select CRYPTO_MANAGER
331	help
332	  CTR: Counter mode
333	  This block cipher algorithm is required for IPSec.
334
335config CRYPTO_CTS
336	tristate "CTS support"
337	select CRYPTO_BLKCIPHER
338	help
339	  CTS: Cipher Text Stealing
340	  This is the Cipher Text Stealing mode as described by
341	  Section 8 of rfc2040 and referenced by rfc3962.
342	  (rfc3962 includes errata information in its Appendix A)
343	  This mode is required for Kerberos gss mechanism support
344	  for AES encryption.
345
346config CRYPTO_ECB
347	tristate "ECB support"
348	select CRYPTO_BLKCIPHER
349	select CRYPTO_MANAGER
350	help
351	  ECB: Electronic CodeBook mode
352	  This is the simplest block cipher algorithm.  It simply encrypts
353	  the input block by block.
354
355config CRYPTO_LRW
356	tristate "LRW support"
357	select CRYPTO_BLKCIPHER
358	select CRYPTO_MANAGER
359	select CRYPTO_GF128MUL
360	help
361	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
362	  narrow block cipher mode for dm-crypt.  Use it with cipher
363	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
364	  The first 128, 192 or 256 bits in the key are used for AES and the
365	  rest is used to tie each cipher block to its logical position.
366
367config CRYPTO_PCBC
368	tristate "PCBC support"
369	select CRYPTO_BLKCIPHER
370	select CRYPTO_MANAGER
371	help
372	  PCBC: Propagating Cipher Block Chaining mode
373	  This block cipher algorithm is required for RxRPC.
374
375config CRYPTO_XTS
376	tristate "XTS support"
377	select CRYPTO_BLKCIPHER
378	select CRYPTO_MANAGER
379	select CRYPTO_ECB
380	help
381	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
382	  key size 256, 384 or 512 bits. This implementation currently
383	  can't handle a sectorsize which is not a multiple of 16 bytes.
384
385config CRYPTO_KEYWRAP
386	tristate "Key wrapping support"
387	select CRYPTO_BLKCIPHER
388	help
389	  Support for key wrapping (NIST SP800-38F / RFC3394) without
390	  padding.
391
392comment "Hash modes"
393
394config CRYPTO_CMAC
395	tristate "CMAC support"
396	select CRYPTO_HASH
397	select CRYPTO_MANAGER
398	help
399	  Cipher-based Message Authentication Code (CMAC) specified by
400	  The National Institute of Standards and Technology (NIST).
401
402	  https://tools.ietf.org/html/rfc4493
403	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
404
405config CRYPTO_HMAC
406	tristate "HMAC support"
407	select CRYPTO_HASH
408	select CRYPTO_MANAGER
409	help
410	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
411	  This is required for IPSec.
412
413config CRYPTO_XCBC
414	tristate "XCBC support"
415	select CRYPTO_HASH
416	select CRYPTO_MANAGER
417	help
418	  XCBC: Keyed-Hashing with encryption algorithm
419		http://www.ietf.org/rfc/rfc3566.txt
420		http://csrc.nist.gov/encryption/modes/proposedmodes/
421		 xcbc-mac/xcbc-mac-spec.pdf
422
423config CRYPTO_VMAC
424	tristate "VMAC support"
425	select CRYPTO_HASH
426	select CRYPTO_MANAGER
427	help
428	  VMAC is a message authentication algorithm designed for
429	  very high speed on 64-bit architectures.
430
431	  See also:
432	  <http://fastcrypto.org/vmac>
433
434comment "Digest"
435
436config CRYPTO_CRC32C
437	tristate "CRC32c CRC algorithm"
438	select CRYPTO_HASH
439	select CRC32
440	help
441	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
442	  by iSCSI for header and data digests and by others.
443	  See Castagnoli93.  Module will be crc32c.
444
445config CRYPTO_CRC32C_INTEL
446	tristate "CRC32c INTEL hardware acceleration"
447	depends on X86
448	select CRYPTO_HASH
449	help
450	  In Intel processor with SSE4.2 supported, the processor will
451	  support CRC32C implementation using hardware accelerated CRC32
452	  instruction. This option will create 'crc32c-intel' module,
453	  which will enable any routine to use the CRC32 instruction to
454	  gain performance compared with software implementation.
455	  Module will be crc32c-intel.
456
457config CRYPTO_CRC32C_VPMSUM
458	tristate "CRC32c CRC algorithm (powerpc64)"
459	depends on PPC64 && ALTIVEC
460	select CRYPTO_HASH
461	select CRC32
462	help
463	  CRC32c algorithm implemented using vector polynomial multiply-sum
464	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
465	  and newer processors for improved performance.
466
467
468config CRYPTO_CRC32C_SPARC64
469	tristate "CRC32c CRC algorithm (SPARC64)"
470	depends on SPARC64
471	select CRYPTO_HASH
472	select CRC32
473	help
474	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
475	  when available.
476
477config CRYPTO_CRC32
478	tristate "CRC32 CRC algorithm"
479	select CRYPTO_HASH
480	select CRC32
481	help
482	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
483	  Shash crypto api wrappers to crc32_le function.
484
485config CRYPTO_CRC32_PCLMUL
486	tristate "CRC32 PCLMULQDQ hardware acceleration"
487	depends on X86
488	select CRYPTO_HASH
489	select CRC32
490	help
491	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
492	  and PCLMULQDQ supported, the processor will support
493	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
494	  instruction. This option will create 'crc32-plcmul' module,
495	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
496	  and gain better performance as compared with the table implementation.
497
498config CRYPTO_CRCT10DIF
499	tristate "CRCT10DIF algorithm"
500	select CRYPTO_HASH
501	help
502	  CRC T10 Data Integrity Field computation is being cast as
503	  a crypto transform.  This allows for faster crc t10 diff
504	  transforms to be used if they are available.
505
506config CRYPTO_CRCT10DIF_PCLMUL
507	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
508	depends on X86 && 64BIT && CRC_T10DIF
509	select CRYPTO_HASH
510	help
511	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
512	  CRC T10 DIF PCLMULQDQ computation can be hardware
513	  accelerated PCLMULQDQ instruction. This option will create
514	  'crct10dif-plcmul' module, which is faster when computing the
515	  crct10dif checksum as compared with the generic table implementation.
516
517config CRYPTO_CRCT10DIF_VPMSUM
518	tristate "CRC32T10DIF powerpc64 hardware acceleration"
519	depends on PPC64 && ALTIVEC && CRC_T10DIF
520	select CRYPTO_HASH
521	help
522	  CRC10T10DIF algorithm implemented using vector polynomial
523	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
524	  POWER8 and newer processors for improved performance.
525
526config CRYPTO_VPMSUM_TESTER
527	tristate "Powerpc64 vpmsum hardware acceleration tester"
528	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
529	help
530	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
531	  POWER8 vpmsum instructions.
532	  Unless you are testing these algorithms, you don't need this.
533
534config CRYPTO_GHASH
535	tristate "GHASH digest algorithm"
536	select CRYPTO_GF128MUL
537	select CRYPTO_HASH
538	help
539	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
540
541config CRYPTO_POLY1305
542	tristate "Poly1305 authenticator algorithm"
543	select CRYPTO_HASH
544	help
545	  Poly1305 authenticator algorithm, RFC7539.
546
547	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
548	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
549	  in IETF protocols. This is the portable C implementation of Poly1305.
550
551config CRYPTO_POLY1305_X86_64
552	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
553	depends on X86 && 64BIT
554	select CRYPTO_POLY1305
555	help
556	  Poly1305 authenticator algorithm, RFC7539.
557
558	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
559	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
560	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
561	  instructions.
562
563config CRYPTO_MD4
564	tristate "MD4 digest algorithm"
565	select CRYPTO_HASH
566	help
567	  MD4 message digest algorithm (RFC1320).
568
569config CRYPTO_MD5
570	tristate "MD5 digest algorithm"
571	select CRYPTO_HASH
572	help
573	  MD5 message digest algorithm (RFC1321).
574
575config CRYPTO_MD5_OCTEON
576	tristate "MD5 digest algorithm (OCTEON)"
577	depends on CPU_CAVIUM_OCTEON
578	select CRYPTO_MD5
579	select CRYPTO_HASH
580	help
581	  MD5 message digest algorithm (RFC1321) implemented
582	  using OCTEON crypto instructions, when available.
583
584config CRYPTO_MD5_PPC
585	tristate "MD5 digest algorithm (PPC)"
586	depends on PPC
587	select CRYPTO_HASH
588	help
589	  MD5 message digest algorithm (RFC1321) implemented
590	  in PPC assembler.
591
592config CRYPTO_MD5_SPARC64
593	tristate "MD5 digest algorithm (SPARC64)"
594	depends on SPARC64
595	select CRYPTO_MD5
596	select CRYPTO_HASH
597	help
598	  MD5 message digest algorithm (RFC1321) implemented
599	  using sparc64 crypto instructions, when available.
600
601config CRYPTO_MICHAEL_MIC
602	tristate "Michael MIC keyed digest algorithm"
603	select CRYPTO_HASH
604	help
605	  Michael MIC is used for message integrity protection in TKIP
606	  (IEEE 802.11i). This algorithm is required for TKIP, but it
607	  should not be used for other purposes because of the weakness
608	  of the algorithm.
609
610config CRYPTO_RMD128
611	tristate "RIPEMD-128 digest algorithm"
612	select CRYPTO_HASH
613	help
614	  RIPEMD-128 (ISO/IEC 10118-3:2004).
615
616	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
617	  be used as a secure replacement for RIPEMD. For other use cases,
618	  RIPEMD-160 should be used.
619
620	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
621	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
622
623config CRYPTO_RMD160
624	tristate "RIPEMD-160 digest algorithm"
625	select CRYPTO_HASH
626	help
627	  RIPEMD-160 (ISO/IEC 10118-3:2004).
628
629	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
630	  to be used as a secure replacement for the 128-bit hash functions
631	  MD4, MD5 and it's predecessor RIPEMD
632	  (not to be confused with RIPEMD-128).
633
634	  It's speed is comparable to SHA1 and there are no known attacks
635	  against RIPEMD-160.
636
637	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
638	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
639
640config CRYPTO_RMD256
641	tristate "RIPEMD-256 digest algorithm"
642	select CRYPTO_HASH
643	help
644	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
645	  256 bit hash. It is intended for applications that require
646	  longer hash-results, without needing a larger security level
647	  (than RIPEMD-128).
648
649	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
650	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
651
652config CRYPTO_RMD320
653	tristate "RIPEMD-320 digest algorithm"
654	select CRYPTO_HASH
655	help
656	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
657	  320 bit hash. It is intended for applications that require
658	  longer hash-results, without needing a larger security level
659	  (than RIPEMD-160).
660
661	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
662	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
663
664config CRYPTO_SHA1
665	tristate "SHA1 digest algorithm"
666	select CRYPTO_HASH
667	help
668	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
669
670config CRYPTO_SHA1_SSSE3
671	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
672	depends on X86 && 64BIT
673	select CRYPTO_SHA1
674	select CRYPTO_HASH
675	help
676	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
677	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
678	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
679	  when available.
680
681config CRYPTO_SHA256_SSSE3
682	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
683	depends on X86 && 64BIT
684	select CRYPTO_SHA256
685	select CRYPTO_HASH
686	help
687	  SHA-256 secure hash standard (DFIPS 180-2) implemented
688	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
689	  Extensions version 1 (AVX1), or Advanced Vector Extensions
690	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
691	  Instructions) when available.
692
693config CRYPTO_SHA512_SSSE3
694	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
695	depends on X86 && 64BIT
696	select CRYPTO_SHA512
697	select CRYPTO_HASH
698	help
699	  SHA-512 secure hash standard (DFIPS 180-2) implemented
700	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
701	  Extensions version 1 (AVX1), or Advanced Vector Extensions
702	  version 2 (AVX2) instructions, when available.
703
704config CRYPTO_SHA1_OCTEON
705	tristate "SHA1 digest algorithm (OCTEON)"
706	depends on CPU_CAVIUM_OCTEON
707	select CRYPTO_SHA1
708	select CRYPTO_HASH
709	help
710	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
711	  using OCTEON crypto instructions, when available.
712
713config CRYPTO_SHA1_SPARC64
714	tristate "SHA1 digest algorithm (SPARC64)"
715	depends on SPARC64
716	select CRYPTO_SHA1
717	select CRYPTO_HASH
718	help
719	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
720	  using sparc64 crypto instructions, when available.
721
722config CRYPTO_SHA1_PPC
723	tristate "SHA1 digest algorithm (powerpc)"
724	depends on PPC
725	help
726	  This is the powerpc hardware accelerated implementation of the
727	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
728
729config CRYPTO_SHA1_PPC_SPE
730	tristate "SHA1 digest algorithm (PPC SPE)"
731	depends on PPC && SPE
732	help
733	  SHA-1 secure hash standard (DFIPS 180-4) implemented
734	  using powerpc SPE SIMD instruction set.
735
736config CRYPTO_SHA1_MB
737	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
738	depends on X86 && 64BIT
739	select CRYPTO_SHA1
740	select CRYPTO_HASH
741	select CRYPTO_MCRYPTD
742	help
743	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
744	  using multi-buffer technique.  This algorithm computes on
745	  multiple data lanes concurrently with SIMD instructions for
746	  better throughput.  It should not be enabled by default but
747	  used when there is significant amount of work to keep the keep
748	  the data lanes filled to get performance benefit.  If the data
749	  lanes remain unfilled, a flush operation will be initiated to
750	  process the crypto jobs, adding a slight latency.
751
752config CRYPTO_SHA256_MB
753	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
754	depends on X86 && 64BIT
755	select CRYPTO_SHA256
756	select CRYPTO_HASH
757	select CRYPTO_MCRYPTD
758	help
759	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
760	  using multi-buffer technique.  This algorithm computes on
761	  multiple data lanes concurrently with SIMD instructions for
762	  better throughput.  It should not be enabled by default but
763	  used when there is significant amount of work to keep the keep
764	  the data lanes filled to get performance benefit.  If the data
765	  lanes remain unfilled, a flush operation will be initiated to
766	  process the crypto jobs, adding a slight latency.
767
768config CRYPTO_SHA512_MB
769        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
770        depends on X86 && 64BIT
771        select CRYPTO_SHA512
772        select CRYPTO_HASH
773        select CRYPTO_MCRYPTD
774        help
775          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
776          using multi-buffer technique.  This algorithm computes on
777          multiple data lanes concurrently with SIMD instructions for
778          better throughput.  It should not be enabled by default but
779          used when there is significant amount of work to keep the keep
780          the data lanes filled to get performance benefit.  If the data
781          lanes remain unfilled, a flush operation will be initiated to
782          process the crypto jobs, adding a slight latency.
783
784config CRYPTO_SHA256
785	tristate "SHA224 and SHA256 digest algorithm"
786	select CRYPTO_HASH
787	help
788	  SHA256 secure hash standard (DFIPS 180-2).
789
790	  This version of SHA implements a 256 bit hash with 128 bits of
791	  security against collision attacks.
792
793	  This code also includes SHA-224, a 224 bit hash with 112 bits
794	  of security against collision attacks.
795
796config CRYPTO_SHA256_PPC_SPE
797	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
798	depends on PPC && SPE
799	select CRYPTO_SHA256
800	select CRYPTO_HASH
801	help
802	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
803	  implemented using powerpc SPE SIMD instruction set.
804
805config CRYPTO_SHA256_OCTEON
806	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
807	depends on CPU_CAVIUM_OCTEON
808	select CRYPTO_SHA256
809	select CRYPTO_HASH
810	help
811	  SHA-256 secure hash standard (DFIPS 180-2) implemented
812	  using OCTEON crypto instructions, when available.
813
814config CRYPTO_SHA256_SPARC64
815	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
816	depends on SPARC64
817	select CRYPTO_SHA256
818	select CRYPTO_HASH
819	help
820	  SHA-256 secure hash standard (DFIPS 180-2) implemented
821	  using sparc64 crypto instructions, when available.
822
823config CRYPTO_SHA512
824	tristate "SHA384 and SHA512 digest algorithms"
825	select CRYPTO_HASH
826	help
827	  SHA512 secure hash standard (DFIPS 180-2).
828
829	  This version of SHA implements a 512 bit hash with 256 bits of
830	  security against collision attacks.
831
832	  This code also includes SHA-384, a 384 bit hash with 192 bits
833	  of security against collision attacks.
834
835config CRYPTO_SHA512_OCTEON
836	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
837	depends on CPU_CAVIUM_OCTEON
838	select CRYPTO_SHA512
839	select CRYPTO_HASH
840	help
841	  SHA-512 secure hash standard (DFIPS 180-2) implemented
842	  using OCTEON crypto instructions, when available.
843
844config CRYPTO_SHA512_SPARC64
845	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
846	depends on SPARC64
847	select CRYPTO_SHA512
848	select CRYPTO_HASH
849	help
850	  SHA-512 secure hash standard (DFIPS 180-2) implemented
851	  using sparc64 crypto instructions, when available.
852
853config CRYPTO_SHA3
854	tristate "SHA3 digest algorithm"
855	select CRYPTO_HASH
856	help
857	  SHA-3 secure hash standard (DFIPS 202). It's based on
858	  cryptographic sponge function family called Keccak.
859
860	  References:
861	  http://keccak.noekeon.org/
862
863config CRYPTO_SM3
864	tristate "SM3 digest algorithm"
865	select CRYPTO_HASH
866	help
867	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
868	  It is part of the Chinese Commercial Cryptography suite.
869
870	  References:
871	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
872	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
873
874config CRYPTO_TGR192
875	tristate "Tiger digest algorithms"
876	select CRYPTO_HASH
877	help
878	  Tiger hash algorithm 192, 160 and 128-bit hashes
879
880	  Tiger is a hash function optimized for 64-bit processors while
881	  still having decent performance on 32-bit processors.
882	  Tiger was developed by Ross Anderson and Eli Biham.
883
884	  See also:
885	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
886
887config CRYPTO_WP512
888	tristate "Whirlpool digest algorithms"
889	select CRYPTO_HASH
890	help
891	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
892
893	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
894	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
895
896	  See also:
897	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
898
899config CRYPTO_GHASH_CLMUL_NI_INTEL
900	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
901	depends on X86 && 64BIT
902	select CRYPTO_CRYPTD
903	help
904	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
905	  The implementation is accelerated by CLMUL-NI of Intel.
906
907comment "Ciphers"
908
909config CRYPTO_AES
910	tristate "AES cipher algorithms"
911	select CRYPTO_ALGAPI
912	help
913	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
914	  algorithm.
915
916	  Rijndael appears to be consistently a very good performer in
917	  both hardware and software across a wide range of computing
918	  environments regardless of its use in feedback or non-feedback
919	  modes. Its key setup time is excellent, and its key agility is
920	  good. Rijndael's very low memory requirements make it very well
921	  suited for restricted-space environments, in which it also
922	  demonstrates excellent performance. Rijndael's operations are
923	  among the easiest to defend against power and timing attacks.
924
925	  The AES specifies three key sizes: 128, 192 and 256 bits
926
927	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
928
929config CRYPTO_AES_TI
930	tristate "Fixed time AES cipher"
931	select CRYPTO_ALGAPI
932	help
933	  This is a generic implementation of AES that attempts to eliminate
934	  data dependent latencies as much as possible without affecting
935	  performance too much. It is intended for use by the generic CCM
936	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
937	  solely on encryption (although decryption is supported as well, but
938	  with a more dramatic performance hit)
939
940	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
941	  8 for decryption), this implementation only uses just two S-boxes of
942	  256 bytes each, and attempts to eliminate data dependent latencies by
943	  prefetching the entire table into the cache at the start of each
944	  block.
945
946config CRYPTO_AES_586
947	tristate "AES cipher algorithms (i586)"
948	depends on (X86 || UML_X86) && !64BIT
949	select CRYPTO_ALGAPI
950	select CRYPTO_AES
951	help
952	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
953	  algorithm.
954
955	  Rijndael appears to be consistently a very good performer in
956	  both hardware and software across a wide range of computing
957	  environments regardless of its use in feedback or non-feedback
958	  modes. Its key setup time is excellent, and its key agility is
959	  good. Rijndael's very low memory requirements make it very well
960	  suited for restricted-space environments, in which it also
961	  demonstrates excellent performance. Rijndael's operations are
962	  among the easiest to defend against power and timing attacks.
963
964	  The AES specifies three key sizes: 128, 192 and 256 bits
965
966	  See <http://csrc.nist.gov/encryption/aes/> for more information.
967
968config CRYPTO_AES_X86_64
969	tristate "AES cipher algorithms (x86_64)"
970	depends on (X86 || UML_X86) && 64BIT
971	select CRYPTO_ALGAPI
972	select CRYPTO_AES
973	help
974	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
975	  algorithm.
976
977	  Rijndael appears to be consistently a very good performer in
978	  both hardware and software across a wide range of computing
979	  environments regardless of its use in feedback or non-feedback
980	  modes. Its key setup time is excellent, and its key agility is
981	  good. Rijndael's very low memory requirements make it very well
982	  suited for restricted-space environments, in which it also
983	  demonstrates excellent performance. Rijndael's operations are
984	  among the easiest to defend against power and timing attacks.
985
986	  The AES specifies three key sizes: 128, 192 and 256 bits
987
988	  See <http://csrc.nist.gov/encryption/aes/> for more information.
989
990config CRYPTO_AES_NI_INTEL
991	tristate "AES cipher algorithms (AES-NI)"
992	depends on X86
993	select CRYPTO_AEAD
994	select CRYPTO_AES_X86_64 if 64BIT
995	select CRYPTO_AES_586 if !64BIT
996	select CRYPTO_ALGAPI
997	select CRYPTO_BLKCIPHER
998	select CRYPTO_GLUE_HELPER_X86 if 64BIT
999	select CRYPTO_SIMD
1000	help
1001	  Use Intel AES-NI instructions for AES algorithm.
1002
1003	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1004	  algorithm.
1005
1006	  Rijndael appears to be consistently a very good performer in
1007	  both hardware and software across a wide range of computing
1008	  environments regardless of its use in feedback or non-feedback
1009	  modes. Its key setup time is excellent, and its key agility is
1010	  good. Rijndael's very low memory requirements make it very well
1011	  suited for restricted-space environments, in which it also
1012	  demonstrates excellent performance. Rijndael's operations are
1013	  among the easiest to defend against power and timing attacks.
1014
1015	  The AES specifies three key sizes: 128, 192 and 256 bits
1016
1017	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1018
1019	  In addition to AES cipher algorithm support, the acceleration
1020	  for some popular block cipher mode is supported too, including
1021	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1022	  acceleration for CTR.
1023
1024config CRYPTO_AES_SPARC64
1025	tristate "AES cipher algorithms (SPARC64)"
1026	depends on SPARC64
1027	select CRYPTO_CRYPTD
1028	select CRYPTO_ALGAPI
1029	help
1030	  Use SPARC64 crypto opcodes for AES algorithm.
1031
1032	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1033	  algorithm.
1034
1035	  Rijndael appears to be consistently a very good performer in
1036	  both hardware and software across a wide range of computing
1037	  environments regardless of its use in feedback or non-feedback
1038	  modes. Its key setup time is excellent, and its key agility is
1039	  good. Rijndael's very low memory requirements make it very well
1040	  suited for restricted-space environments, in which it also
1041	  demonstrates excellent performance. Rijndael's operations are
1042	  among the easiest to defend against power and timing attacks.
1043
1044	  The AES specifies three key sizes: 128, 192 and 256 bits
1045
1046	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1047
1048	  In addition to AES cipher algorithm support, the acceleration
1049	  for some popular block cipher mode is supported too, including
1050	  ECB and CBC.
1051
1052config CRYPTO_AES_PPC_SPE
1053	tristate "AES cipher algorithms (PPC SPE)"
1054	depends on PPC && SPE
1055	help
1056	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1057	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1058	  This module should only be used for low power (router) devices
1059	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1060	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1061	  timining attacks. Nevertheless it might be not as secure as other
1062	  architecture specific assembler implementations that work on 1KB
1063	  tables or 256 bytes S-boxes.
1064
1065config CRYPTO_ANUBIS
1066	tristate "Anubis cipher algorithm"
1067	select CRYPTO_ALGAPI
1068	help
1069	  Anubis cipher algorithm.
1070
1071	  Anubis is a variable key length cipher which can use keys from
1072	  128 bits to 320 bits in length.  It was evaluated as a entrant
1073	  in the NESSIE competition.
1074
1075	  See also:
1076	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1077	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1078
1079config CRYPTO_ARC4
1080	tristate "ARC4 cipher algorithm"
1081	select CRYPTO_BLKCIPHER
1082	help
1083	  ARC4 cipher algorithm.
1084
1085	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1086	  bits in length.  This algorithm is required for driver-based
1087	  WEP, but it should not be for other purposes because of the
1088	  weakness of the algorithm.
1089
1090config CRYPTO_BLOWFISH
1091	tristate "Blowfish cipher algorithm"
1092	select CRYPTO_ALGAPI
1093	select CRYPTO_BLOWFISH_COMMON
1094	help
1095	  Blowfish cipher algorithm, by Bruce Schneier.
1096
1097	  This is a variable key length cipher which can use keys from 32
1098	  bits to 448 bits in length.  It's fast, simple and specifically
1099	  designed for use on "large microprocessors".
1100
1101	  See also:
1102	  <http://www.schneier.com/blowfish.html>
1103
1104config CRYPTO_BLOWFISH_COMMON
1105	tristate
1106	help
1107	  Common parts of the Blowfish cipher algorithm shared by the
1108	  generic c and the assembler implementations.
1109
1110	  See also:
1111	  <http://www.schneier.com/blowfish.html>
1112
1113config CRYPTO_BLOWFISH_X86_64
1114	tristate "Blowfish cipher algorithm (x86_64)"
1115	depends on X86 && 64BIT
1116	select CRYPTO_ALGAPI
1117	select CRYPTO_BLOWFISH_COMMON
1118	help
1119	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1120
1121	  This is a variable key length cipher which can use keys from 32
1122	  bits to 448 bits in length.  It's fast, simple and specifically
1123	  designed for use on "large microprocessors".
1124
1125	  See also:
1126	  <http://www.schneier.com/blowfish.html>
1127
1128config CRYPTO_CAMELLIA
1129	tristate "Camellia cipher algorithms"
1130	depends on CRYPTO
1131	select CRYPTO_ALGAPI
1132	help
1133	  Camellia cipher algorithms module.
1134
1135	  Camellia is a symmetric key block cipher developed jointly
1136	  at NTT and Mitsubishi Electric Corporation.
1137
1138	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1139
1140	  See also:
1141	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1142
1143config CRYPTO_CAMELLIA_X86_64
1144	tristate "Camellia cipher algorithm (x86_64)"
1145	depends on X86 && 64BIT
1146	depends on CRYPTO
1147	select CRYPTO_ALGAPI
1148	select CRYPTO_GLUE_HELPER_X86
1149	select CRYPTO_LRW
1150	select CRYPTO_XTS
1151	help
1152	  Camellia cipher algorithm module (x86_64).
1153
1154	  Camellia is a symmetric key block cipher developed jointly
1155	  at NTT and Mitsubishi Electric Corporation.
1156
1157	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1158
1159	  See also:
1160	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1161
1162config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1163	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1164	depends on X86 && 64BIT
1165	depends on CRYPTO
1166	select CRYPTO_ALGAPI
1167	select CRYPTO_CRYPTD
1168	select CRYPTO_ABLK_HELPER
1169	select CRYPTO_GLUE_HELPER_X86
1170	select CRYPTO_CAMELLIA_X86_64
1171	select CRYPTO_LRW
1172	select CRYPTO_XTS
1173	help
1174	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1175
1176	  Camellia is a symmetric key block cipher developed jointly
1177	  at NTT and Mitsubishi Electric Corporation.
1178
1179	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1180
1181	  See also:
1182	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1183
1184config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1185	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1186	depends on X86 && 64BIT
1187	depends on CRYPTO
1188	select CRYPTO_ALGAPI
1189	select CRYPTO_CRYPTD
1190	select CRYPTO_ABLK_HELPER
1191	select CRYPTO_GLUE_HELPER_X86
1192	select CRYPTO_CAMELLIA_X86_64
1193	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1194	select CRYPTO_LRW
1195	select CRYPTO_XTS
1196	help
1197	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1198
1199	  Camellia is a symmetric key block cipher developed jointly
1200	  at NTT and Mitsubishi Electric Corporation.
1201
1202	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1203
1204	  See also:
1205	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1206
1207config CRYPTO_CAMELLIA_SPARC64
1208	tristate "Camellia cipher algorithm (SPARC64)"
1209	depends on SPARC64
1210	depends on CRYPTO
1211	select CRYPTO_ALGAPI
1212	help
1213	  Camellia cipher algorithm module (SPARC64).
1214
1215	  Camellia is a symmetric key block cipher developed jointly
1216	  at NTT and Mitsubishi Electric Corporation.
1217
1218	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1219
1220	  See also:
1221	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1222
1223config CRYPTO_CAST_COMMON
1224	tristate
1225	help
1226	  Common parts of the CAST cipher algorithms shared by the
1227	  generic c and the assembler implementations.
1228
1229config CRYPTO_CAST5
1230	tristate "CAST5 (CAST-128) cipher algorithm"
1231	select CRYPTO_ALGAPI
1232	select CRYPTO_CAST_COMMON
1233	help
1234	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1235	  described in RFC2144.
1236
1237config CRYPTO_CAST5_AVX_X86_64
1238	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1239	depends on X86 && 64BIT
1240	select CRYPTO_ALGAPI
1241	select CRYPTO_CRYPTD
1242	select CRYPTO_ABLK_HELPER
1243	select CRYPTO_CAST_COMMON
1244	select CRYPTO_CAST5
1245	help
1246	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1247	  described in RFC2144.
1248
1249	  This module provides the Cast5 cipher algorithm that processes
1250	  sixteen blocks parallel using the AVX instruction set.
1251
1252config CRYPTO_CAST6
1253	tristate "CAST6 (CAST-256) cipher algorithm"
1254	select CRYPTO_ALGAPI
1255	select CRYPTO_CAST_COMMON
1256	help
1257	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1258	  described in RFC2612.
1259
1260config CRYPTO_CAST6_AVX_X86_64
1261	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1262	depends on X86 && 64BIT
1263	select CRYPTO_ALGAPI
1264	select CRYPTO_CRYPTD
1265	select CRYPTO_ABLK_HELPER
1266	select CRYPTO_GLUE_HELPER_X86
1267	select CRYPTO_CAST_COMMON
1268	select CRYPTO_CAST6
1269	select CRYPTO_LRW
1270	select CRYPTO_XTS
1271	help
1272	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1273	  described in RFC2612.
1274
1275	  This module provides the Cast6 cipher algorithm that processes
1276	  eight blocks parallel using the AVX instruction set.
1277
1278config CRYPTO_DES
1279	tristate "DES and Triple DES EDE cipher algorithms"
1280	select CRYPTO_ALGAPI
1281	help
1282	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1283
1284config CRYPTO_DES_SPARC64
1285	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1286	depends on SPARC64
1287	select CRYPTO_ALGAPI
1288	select CRYPTO_DES
1289	help
1290	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1291	  optimized using SPARC64 crypto opcodes.
1292
1293config CRYPTO_DES3_EDE_X86_64
1294	tristate "Triple DES EDE cipher algorithm (x86-64)"
1295	depends on X86 && 64BIT
1296	select CRYPTO_ALGAPI
1297	select CRYPTO_DES
1298	help
1299	  Triple DES EDE (FIPS 46-3) algorithm.
1300
1301	  This module provides implementation of the Triple DES EDE cipher
1302	  algorithm that is optimized for x86-64 processors. Two versions of
1303	  algorithm are provided; regular processing one input block and
1304	  one that processes three blocks parallel.
1305
1306config CRYPTO_FCRYPT
1307	tristate "FCrypt cipher algorithm"
1308	select CRYPTO_ALGAPI
1309	select CRYPTO_BLKCIPHER
1310	help
1311	  FCrypt algorithm used by RxRPC.
1312
1313config CRYPTO_KHAZAD
1314	tristate "Khazad cipher algorithm"
1315	select CRYPTO_ALGAPI
1316	help
1317	  Khazad cipher algorithm.
1318
1319	  Khazad was a finalist in the initial NESSIE competition.  It is
1320	  an algorithm optimized for 64-bit processors with good performance
1321	  on 32-bit processors.  Khazad uses an 128 bit key size.
1322
1323	  See also:
1324	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1325
1326config CRYPTO_SALSA20
1327	tristate "Salsa20 stream cipher algorithm"
1328	select CRYPTO_BLKCIPHER
1329	help
1330	  Salsa20 stream cipher algorithm.
1331
1332	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1333	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1334
1335	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1336	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1337
1338config CRYPTO_SALSA20_586
1339	tristate "Salsa20 stream cipher algorithm (i586)"
1340	depends on (X86 || UML_X86) && !64BIT
1341	select CRYPTO_BLKCIPHER
1342	help
1343	  Salsa20 stream cipher algorithm.
1344
1345	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1346	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1347
1348	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1349	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1350
1351config CRYPTO_SALSA20_X86_64
1352	tristate "Salsa20 stream cipher algorithm (x86_64)"
1353	depends on (X86 || UML_X86) && 64BIT
1354	select CRYPTO_BLKCIPHER
1355	help
1356	  Salsa20 stream cipher algorithm.
1357
1358	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1359	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1360
1361	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1362	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1363
1364config CRYPTO_CHACHA20
1365	tristate "ChaCha20 cipher algorithm"
1366	select CRYPTO_BLKCIPHER
1367	help
1368	  ChaCha20 cipher algorithm, RFC7539.
1369
1370	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1371	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1372	  This is the portable C implementation of ChaCha20.
1373
1374	  See also:
1375	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1376
1377config CRYPTO_CHACHA20_X86_64
1378	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1379	depends on X86 && 64BIT
1380	select CRYPTO_BLKCIPHER
1381	select CRYPTO_CHACHA20
1382	help
1383	  ChaCha20 cipher algorithm, RFC7539.
1384
1385	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1386	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1387	  This is the x86_64 assembler implementation using SIMD instructions.
1388
1389	  See also:
1390	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1391
1392config CRYPTO_SEED
1393	tristate "SEED cipher algorithm"
1394	select CRYPTO_ALGAPI
1395	help
1396	  SEED cipher algorithm (RFC4269).
1397
1398	  SEED is a 128-bit symmetric key block cipher that has been
1399	  developed by KISA (Korea Information Security Agency) as a
1400	  national standard encryption algorithm of the Republic of Korea.
1401	  It is a 16 round block cipher with the key size of 128 bit.
1402
1403	  See also:
1404	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1405
1406config CRYPTO_SERPENT
1407	tristate "Serpent cipher algorithm"
1408	select CRYPTO_ALGAPI
1409	help
1410	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1411
1412	  Keys are allowed to be from 0 to 256 bits in length, in steps
1413	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1414	  variant of Serpent for compatibility with old kerneli.org code.
1415
1416	  See also:
1417	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1418
1419config CRYPTO_SERPENT_SSE2_X86_64
1420	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1421	depends on X86 && 64BIT
1422	select CRYPTO_ALGAPI
1423	select CRYPTO_CRYPTD
1424	select CRYPTO_ABLK_HELPER
1425	select CRYPTO_GLUE_HELPER_X86
1426	select CRYPTO_SERPENT
1427	select CRYPTO_LRW
1428	select CRYPTO_XTS
1429	help
1430	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1431
1432	  Keys are allowed to be from 0 to 256 bits in length, in steps
1433	  of 8 bits.
1434
1435	  This module provides Serpent cipher algorithm that processes eight
1436	  blocks parallel using SSE2 instruction set.
1437
1438	  See also:
1439	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1440
1441config CRYPTO_SERPENT_SSE2_586
1442	tristate "Serpent cipher algorithm (i586/SSE2)"
1443	depends on X86 && !64BIT
1444	select CRYPTO_ALGAPI
1445	select CRYPTO_CRYPTD
1446	select CRYPTO_ABLK_HELPER
1447	select CRYPTO_GLUE_HELPER_X86
1448	select CRYPTO_SERPENT
1449	select CRYPTO_LRW
1450	select CRYPTO_XTS
1451	help
1452	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1453
1454	  Keys are allowed to be from 0 to 256 bits in length, in steps
1455	  of 8 bits.
1456
1457	  This module provides Serpent cipher algorithm that processes four
1458	  blocks parallel using SSE2 instruction set.
1459
1460	  See also:
1461	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1462
1463config CRYPTO_SERPENT_AVX_X86_64
1464	tristate "Serpent cipher algorithm (x86_64/AVX)"
1465	depends on X86 && 64BIT
1466	select CRYPTO_ALGAPI
1467	select CRYPTO_CRYPTD
1468	select CRYPTO_ABLK_HELPER
1469	select CRYPTO_GLUE_HELPER_X86
1470	select CRYPTO_SERPENT
1471	select CRYPTO_LRW
1472	select CRYPTO_XTS
1473	help
1474	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1475
1476	  Keys are allowed to be from 0 to 256 bits in length, in steps
1477	  of 8 bits.
1478
1479	  This module provides the Serpent cipher algorithm that processes
1480	  eight blocks parallel using the AVX instruction set.
1481
1482	  See also:
1483	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1484
1485config CRYPTO_SERPENT_AVX2_X86_64
1486	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1487	depends on X86 && 64BIT
1488	select CRYPTO_ALGAPI
1489	select CRYPTO_CRYPTD
1490	select CRYPTO_ABLK_HELPER
1491	select CRYPTO_GLUE_HELPER_X86
1492	select CRYPTO_SERPENT
1493	select CRYPTO_SERPENT_AVX_X86_64
1494	select CRYPTO_LRW
1495	select CRYPTO_XTS
1496	help
1497	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1498
1499	  Keys are allowed to be from 0 to 256 bits in length, in steps
1500	  of 8 bits.
1501
1502	  This module provides Serpent cipher algorithm that processes 16
1503	  blocks parallel using AVX2 instruction set.
1504
1505	  See also:
1506	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1507
1508config CRYPTO_TEA
1509	tristate "TEA, XTEA and XETA cipher algorithms"
1510	select CRYPTO_ALGAPI
1511	help
1512	  TEA cipher algorithm.
1513
1514	  Tiny Encryption Algorithm is a simple cipher that uses
1515	  many rounds for security.  It is very fast and uses
1516	  little memory.
1517
1518	  Xtendend Tiny Encryption Algorithm is a modification to
1519	  the TEA algorithm to address a potential key weakness
1520	  in the TEA algorithm.
1521
1522	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1523	  of the XTEA algorithm for compatibility purposes.
1524
1525config CRYPTO_TWOFISH
1526	tristate "Twofish cipher algorithm"
1527	select CRYPTO_ALGAPI
1528	select CRYPTO_TWOFISH_COMMON
1529	help
1530	  Twofish cipher algorithm.
1531
1532	  Twofish was submitted as an AES (Advanced Encryption Standard)
1533	  candidate cipher by researchers at CounterPane Systems.  It is a
1534	  16 round block cipher supporting key sizes of 128, 192, and 256
1535	  bits.
1536
1537	  See also:
1538	  <http://www.schneier.com/twofish.html>
1539
1540config CRYPTO_TWOFISH_COMMON
1541	tristate
1542	help
1543	  Common parts of the Twofish cipher algorithm shared by the
1544	  generic c and the assembler implementations.
1545
1546config CRYPTO_TWOFISH_586
1547	tristate "Twofish cipher algorithms (i586)"
1548	depends on (X86 || UML_X86) && !64BIT
1549	select CRYPTO_ALGAPI
1550	select CRYPTO_TWOFISH_COMMON
1551	help
1552	  Twofish cipher algorithm.
1553
1554	  Twofish was submitted as an AES (Advanced Encryption Standard)
1555	  candidate cipher by researchers at CounterPane Systems.  It is a
1556	  16 round block cipher supporting key sizes of 128, 192, and 256
1557	  bits.
1558
1559	  See also:
1560	  <http://www.schneier.com/twofish.html>
1561
1562config CRYPTO_TWOFISH_X86_64
1563	tristate "Twofish cipher algorithm (x86_64)"
1564	depends on (X86 || UML_X86) && 64BIT
1565	select CRYPTO_ALGAPI
1566	select CRYPTO_TWOFISH_COMMON
1567	help
1568	  Twofish cipher algorithm (x86_64).
1569
1570	  Twofish was submitted as an AES (Advanced Encryption Standard)
1571	  candidate cipher by researchers at CounterPane Systems.  It is a
1572	  16 round block cipher supporting key sizes of 128, 192, and 256
1573	  bits.
1574
1575	  See also:
1576	  <http://www.schneier.com/twofish.html>
1577
1578config CRYPTO_TWOFISH_X86_64_3WAY
1579	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1580	depends on X86 && 64BIT
1581	select CRYPTO_ALGAPI
1582	select CRYPTO_TWOFISH_COMMON
1583	select CRYPTO_TWOFISH_X86_64
1584	select CRYPTO_GLUE_HELPER_X86
1585	select CRYPTO_LRW
1586	select CRYPTO_XTS
1587	help
1588	  Twofish cipher algorithm (x86_64, 3-way parallel).
1589
1590	  Twofish was submitted as an AES (Advanced Encryption Standard)
1591	  candidate cipher by researchers at CounterPane Systems.  It is a
1592	  16 round block cipher supporting key sizes of 128, 192, and 256
1593	  bits.
1594
1595	  This module provides Twofish cipher algorithm that processes three
1596	  blocks parallel, utilizing resources of out-of-order CPUs better.
1597
1598	  See also:
1599	  <http://www.schneier.com/twofish.html>
1600
1601config CRYPTO_TWOFISH_AVX_X86_64
1602	tristate "Twofish cipher algorithm (x86_64/AVX)"
1603	depends on X86 && 64BIT
1604	select CRYPTO_ALGAPI
1605	select CRYPTO_CRYPTD
1606	select CRYPTO_ABLK_HELPER
1607	select CRYPTO_GLUE_HELPER_X86
1608	select CRYPTO_TWOFISH_COMMON
1609	select CRYPTO_TWOFISH_X86_64
1610	select CRYPTO_TWOFISH_X86_64_3WAY
1611	select CRYPTO_LRW
1612	select CRYPTO_XTS
1613	help
1614	  Twofish cipher algorithm (x86_64/AVX).
1615
1616	  Twofish was submitted as an AES (Advanced Encryption Standard)
1617	  candidate cipher by researchers at CounterPane Systems.  It is a
1618	  16 round block cipher supporting key sizes of 128, 192, and 256
1619	  bits.
1620
1621	  This module provides the Twofish cipher algorithm that processes
1622	  eight blocks parallel using the AVX Instruction Set.
1623
1624	  See also:
1625	  <http://www.schneier.com/twofish.html>
1626
1627comment "Compression"
1628
1629config CRYPTO_DEFLATE
1630	tristate "Deflate compression algorithm"
1631	select CRYPTO_ALGAPI
1632	select CRYPTO_ACOMP2
1633	select ZLIB_INFLATE
1634	select ZLIB_DEFLATE
1635	help
1636	  This is the Deflate algorithm (RFC1951), specified for use in
1637	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1638
1639	  You will most probably want this if using IPSec.
1640
1641config CRYPTO_LZO
1642	tristate "LZO compression algorithm"
1643	select CRYPTO_ALGAPI
1644	select CRYPTO_ACOMP2
1645	select LZO_COMPRESS
1646	select LZO_DECOMPRESS
1647	help
1648	  This is the LZO algorithm.
1649
1650config CRYPTO_842
1651	tristate "842 compression algorithm"
1652	select CRYPTO_ALGAPI
1653	select CRYPTO_ACOMP2
1654	select 842_COMPRESS
1655	select 842_DECOMPRESS
1656	help
1657	  This is the 842 algorithm.
1658
1659config CRYPTO_LZ4
1660	tristate "LZ4 compression algorithm"
1661	select CRYPTO_ALGAPI
1662	select CRYPTO_ACOMP2
1663	select LZ4_COMPRESS
1664	select LZ4_DECOMPRESS
1665	help
1666	  This is the LZ4 algorithm.
1667
1668config CRYPTO_LZ4HC
1669	tristate "LZ4HC compression algorithm"
1670	select CRYPTO_ALGAPI
1671	select CRYPTO_ACOMP2
1672	select LZ4HC_COMPRESS
1673	select LZ4_DECOMPRESS
1674	help
1675	  This is the LZ4 high compression mode algorithm.
1676
1677comment "Random Number Generation"
1678
1679config CRYPTO_ANSI_CPRNG
1680	tristate "Pseudo Random Number Generation for Cryptographic modules"
1681	select CRYPTO_AES
1682	select CRYPTO_RNG
1683	help
1684	  This option enables the generic pseudo random number generator
1685	  for cryptographic modules.  Uses the Algorithm specified in
1686	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1687	  CRYPTO_FIPS is selected
1688
1689menuconfig CRYPTO_DRBG_MENU
1690	tristate "NIST SP800-90A DRBG"
1691	help
1692	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1693	  more of the DRBG types must be selected.
1694
1695if CRYPTO_DRBG_MENU
1696
1697config CRYPTO_DRBG_HMAC
1698	bool
1699	default y
1700	select CRYPTO_HMAC
1701	select CRYPTO_SHA256
1702
1703config CRYPTO_DRBG_HASH
1704	bool "Enable Hash DRBG"
1705	select CRYPTO_SHA256
1706	help
1707	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1708
1709config CRYPTO_DRBG_CTR
1710	bool "Enable CTR DRBG"
1711	select CRYPTO_AES
1712	depends on CRYPTO_CTR
1713	help
1714	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1715
1716config CRYPTO_DRBG
1717	tristate
1718	default CRYPTO_DRBG_MENU
1719	select CRYPTO_RNG
1720	select CRYPTO_JITTERENTROPY
1721
1722endif	# if CRYPTO_DRBG_MENU
1723
1724config CRYPTO_JITTERENTROPY
1725	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1726	select CRYPTO_RNG
1727	help
1728	  The Jitterentropy RNG is a noise that is intended
1729	  to provide seed to another RNG. The RNG does not
1730	  perform any cryptographic whitening of the generated
1731	  random numbers. This Jitterentropy RNG registers with
1732	  the kernel crypto API and can be used by any caller.
1733
1734config CRYPTO_USER_API
1735	tristate
1736
1737config CRYPTO_USER_API_HASH
1738	tristate "User-space interface for hash algorithms"
1739	depends on NET
1740	select CRYPTO_HASH
1741	select CRYPTO_USER_API
1742	help
1743	  This option enables the user-spaces interface for hash
1744	  algorithms.
1745
1746config CRYPTO_USER_API_SKCIPHER
1747	tristate "User-space interface for symmetric key cipher algorithms"
1748	depends on NET
1749	select CRYPTO_BLKCIPHER
1750	select CRYPTO_USER_API
1751	help
1752	  This option enables the user-spaces interface for symmetric
1753	  key cipher algorithms.
1754
1755config CRYPTO_USER_API_RNG
1756	tristate "User-space interface for random number generator algorithms"
1757	depends on NET
1758	select CRYPTO_RNG
1759	select CRYPTO_USER_API
1760	help
1761	  This option enables the user-spaces interface for random
1762	  number generator algorithms.
1763
1764config CRYPTO_USER_API_AEAD
1765	tristate "User-space interface for AEAD cipher algorithms"
1766	depends on NET
1767	select CRYPTO_AEAD
1768	select CRYPTO_BLKCIPHER
1769	select CRYPTO_NULL
1770	select CRYPTO_USER_API
1771	help
1772	  This option enables the user-spaces interface for AEAD
1773	  cipher algorithms.
1774
1775config CRYPTO_HASH_INFO
1776	bool
1777
1778source "drivers/crypto/Kconfig"
1779source crypto/asymmetric_keys/Kconfig
1780source certs/Kconfig
1781
1782endif	# if CRYPTO
1783