xref: /linux/crypto/Kconfig (revision 2470a2b2c33455440d0452c8c0248d113e8502a5) 
11da177e4SLinus Torvalds#
2685784aaSDan Williams# Generic algorithms support
3685784aaSDan Williams#
4685784aaSDan Williamsconfig XOR_BLOCKS
5685784aaSDan Williams	tristate
6685784aaSDan Williams
7685784aaSDan Williams#
89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support
99bc89cd8SDan Williams#
109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig"
119bc89cd8SDan Williams
129bc89cd8SDan Williams#
131da177e4SLinus Torvalds# Cryptographic API Configuration
141da177e4SLinus Torvalds#
152e290f43SJan Engelhardtmenuconfig CRYPTO
16c3715cb9SSebastian Siewior	tristate "Cryptographic API"
171da177e4SLinus Torvalds	help
181da177e4SLinus Torvalds	  This option provides the core Cryptographic API.
191da177e4SLinus Torvalds
20cce9e06dSHerbert Xuif CRYPTO
21cce9e06dSHerbert Xu
22584fffc8SSebastian Siewiorcomment "Crypto core or helper"
23584fffc8SSebastian Siewior
24ccb778e1SNeil Hormanconfig CRYPTO_FIPS
25ccb778e1SNeil Horman	bool "FIPS 200 compliance"
26e84c5480SChuck Ebbert	depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
27ccb778e1SNeil Horman	help
28ccb778e1SNeil Horman	  This options enables the fips boot option which is
29ccb778e1SNeil Horman	  required if you want to system to operate in a FIPS 200
30ccb778e1SNeil Horman	  certification.  You should say no unless you know what
31e84c5480SChuck Ebbert	  this is.
32ccb778e1SNeil Horman
33cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI
34cce9e06dSHerbert Xu	tristate
356a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
36cce9e06dSHerbert Xu	help
37cce9e06dSHerbert Xu	  This option provides the API for cryptographic algorithms.
38cce9e06dSHerbert Xu
396a0fcbb4SHerbert Xuconfig CRYPTO_ALGAPI2
406a0fcbb4SHerbert Xu	tristate
416a0fcbb4SHerbert Xu
421ae97820SHerbert Xuconfig CRYPTO_AEAD
431ae97820SHerbert Xu	tristate
446a0fcbb4SHerbert Xu	select CRYPTO_AEAD2
451ae97820SHerbert Xu	select CRYPTO_ALGAPI
461ae97820SHerbert Xu
476a0fcbb4SHerbert Xuconfig CRYPTO_AEAD2
486a0fcbb4SHerbert Xu	tristate
496a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
506a0fcbb4SHerbert Xu
515cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER
525cde0af2SHerbert Xu	tristate
536a0fcbb4SHerbert Xu	select CRYPTO_BLKCIPHER2
545cde0af2SHerbert Xu	select CRYPTO_ALGAPI
556a0fcbb4SHerbert Xu
566a0fcbb4SHerbert Xuconfig CRYPTO_BLKCIPHER2
576a0fcbb4SHerbert Xu	tristate
586a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
596a0fcbb4SHerbert Xu	select CRYPTO_RNG2
600a2e821dSHuang Ying	select CRYPTO_WORKQUEUE
615cde0af2SHerbert Xu
62055bcee3SHerbert Xuconfig CRYPTO_HASH
63055bcee3SHerbert Xu	tristate
646a0fcbb4SHerbert Xu	select CRYPTO_HASH2
65055bcee3SHerbert Xu	select CRYPTO_ALGAPI
66055bcee3SHerbert Xu
676a0fcbb4SHerbert Xuconfig CRYPTO_HASH2
686a0fcbb4SHerbert Xu	tristate
696a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
706a0fcbb4SHerbert Xu
7117f0f4a4SNeil Hormanconfig CRYPTO_RNG
7217f0f4a4SNeil Horman	tristate
736a0fcbb4SHerbert Xu	select CRYPTO_RNG2
7417f0f4a4SNeil Horman	select CRYPTO_ALGAPI
7517f0f4a4SNeil Horman
766a0fcbb4SHerbert Xuconfig CRYPTO_RNG2
776a0fcbb4SHerbert Xu	tristate
786a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
796a0fcbb4SHerbert Xu
80a1d2f095SGeert Uytterhoevenconfig CRYPTO_PCOMP
81a1d2f095SGeert Uytterhoeven	tristate
82bc94e596SHerbert Xu	select CRYPTO_PCOMP2
83bc94e596SHerbert Xu	select CRYPTO_ALGAPI
84bc94e596SHerbert Xu
85bc94e596SHerbert Xuconfig CRYPTO_PCOMP2
86bc94e596SHerbert Xu	tristate
87a1d2f095SGeert Uytterhoeven	select CRYPTO_ALGAPI2
88a1d2f095SGeert Uytterhoeven
892b8c19dbSHerbert Xuconfig CRYPTO_MANAGER
902b8c19dbSHerbert Xu	tristate "Cryptographic algorithm manager"
916a0fcbb4SHerbert Xu	select CRYPTO_MANAGER2
922b8c19dbSHerbert Xu	help
932b8c19dbSHerbert Xu	  Create default cryptographic template instantiations such as
942b8c19dbSHerbert Xu	  cbc(aes).
952b8c19dbSHerbert Xu
966a0fcbb4SHerbert Xuconfig CRYPTO_MANAGER2
976a0fcbb4SHerbert Xu	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
986a0fcbb4SHerbert Xu	select CRYPTO_AEAD2
996a0fcbb4SHerbert Xu	select CRYPTO_HASH2
1006a0fcbb4SHerbert Xu	select CRYPTO_BLKCIPHER2
101bc94e596SHerbert Xu	select CRYPTO_PCOMP2
1026a0fcbb4SHerbert Xu
103a38f7907SSteffen Klassertconfig CRYPTO_USER
104a38f7907SSteffen Klassert	tristate "Userspace cryptographic algorithm configuration"
1055db017aaSHerbert Xu	depends on NET
106a38f7907SSteffen Klassert	select CRYPTO_MANAGER
107a38f7907SSteffen Klassert	help
108d19978f5SValdis.Kletnieks@vt.edu	  Userspace configuration for cryptographic instantiations such as
109a38f7907SSteffen Klassert	  cbc(aes).
110a38f7907SSteffen Klassert
111326a6346SHerbert Xuconfig CRYPTO_MANAGER_DISABLE_TESTS
112326a6346SHerbert Xu	bool "Disable run-time self tests"
11300ca28a5SHerbert Xu	default y
11400ca28a5SHerbert Xu	depends on CRYPTO_MANAGER2
1150b767f96SAlexander Shishkin	help
116326a6346SHerbert Xu	  Disable run-time self tests that normally take place at
117326a6346SHerbert Xu	  algorithm registration.
1180b767f96SAlexander Shishkin
119584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL
120584fffc8SSebastian Siewior	tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
121584fffc8SSebastian Siewior	help
122584fffc8SSebastian Siewior	  Efficient table driven implementation of multiplications in the
123584fffc8SSebastian Siewior	  field GF(2^128).  This is needed by some cypher modes. This
124584fffc8SSebastian Siewior	  option will be selected automatically if you select such a
125584fffc8SSebastian Siewior	  cipher mode.  Only select this option by hand if you expect to load
126584fffc8SSebastian Siewior	  an external module that requires these functions.
127584fffc8SSebastian Siewior
128584fffc8SSebastian Siewiorconfig CRYPTO_NULL
129584fffc8SSebastian Siewior	tristate "Null algorithms"
130584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
131584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
132d35d2454SHerbert Xu	select CRYPTO_HASH
133584fffc8SSebastian Siewior	help
134584fffc8SSebastian Siewior	  These are 'Null' algorithms, used by IPsec, which do nothing.
135584fffc8SSebastian Siewior
1365068c7a8SSteffen Klassertconfig CRYPTO_PCRYPT
1375068c7a8SSteffen Klassert	tristate "Parallel crypto engine (EXPERIMENTAL)"
1385068c7a8SSteffen Klassert	depends on SMP && EXPERIMENTAL
1395068c7a8SSteffen Klassert	select PADATA
1405068c7a8SSteffen Klassert	select CRYPTO_MANAGER
1415068c7a8SSteffen Klassert	select CRYPTO_AEAD
1425068c7a8SSteffen Klassert	help
1435068c7a8SSteffen Klassert	  This converts an arbitrary crypto algorithm into a parallel
1445068c7a8SSteffen Klassert	  algorithm that executes in kernel threads.
1455068c7a8SSteffen Klassert
14625c38d3fSHuang Yingconfig CRYPTO_WORKQUEUE
14725c38d3fSHuang Ying       tristate
14825c38d3fSHuang Ying
149584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD
150584fffc8SSebastian Siewior	tristate "Software async crypto daemon"
151584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
152b8a28251SLoc Ho	select CRYPTO_HASH
153584fffc8SSebastian Siewior	select CRYPTO_MANAGER
154254eff77SHuang Ying	select CRYPTO_WORKQUEUE
155584fffc8SSebastian Siewior	help
156584fffc8SSebastian Siewior	  This is a generic software asynchronous crypto daemon that
157584fffc8SSebastian Siewior	  converts an arbitrary synchronous software crypto algorithm
158584fffc8SSebastian Siewior	  into an asynchronous algorithm that executes in a kernel thread.
159584fffc8SSebastian Siewior
160584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC
161584fffc8SSebastian Siewior	tristate "Authenc support"
162584fffc8SSebastian Siewior	select CRYPTO_AEAD
163584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
164584fffc8SSebastian Siewior	select CRYPTO_MANAGER
165584fffc8SSebastian Siewior	select CRYPTO_HASH
166584fffc8SSebastian Siewior	help
167584fffc8SSebastian Siewior	  Authenc: Combined mode wrapper for IPsec.
168584fffc8SSebastian Siewior	  This is required for IPSec.
169584fffc8SSebastian Siewior
170584fffc8SSebastian Siewiorconfig CRYPTO_TEST
171584fffc8SSebastian Siewior	tristate "Testing module"
172584fffc8SSebastian Siewior	depends on m
173da7f033dSHerbert Xu	select CRYPTO_MANAGER
174584fffc8SSebastian Siewior	help
175584fffc8SSebastian Siewior	  Quick & dirty crypto test module.
176584fffc8SSebastian Siewior
177584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data"
178584fffc8SSebastian Siewior
179584fffc8SSebastian Siewiorconfig CRYPTO_CCM
180584fffc8SSebastian Siewior	tristate "CCM support"
181584fffc8SSebastian Siewior	select CRYPTO_CTR
182584fffc8SSebastian Siewior	select CRYPTO_AEAD
183584fffc8SSebastian Siewior	help
184584fffc8SSebastian Siewior	  Support for Counter with CBC MAC. Required for IPsec.
185584fffc8SSebastian Siewior
186584fffc8SSebastian Siewiorconfig CRYPTO_GCM
187584fffc8SSebastian Siewior	tristate "GCM/GMAC support"
188584fffc8SSebastian Siewior	select CRYPTO_CTR
189584fffc8SSebastian Siewior	select CRYPTO_AEAD
1909382d97aSHuang Ying	select CRYPTO_GHASH
191584fffc8SSebastian Siewior	help
192584fffc8SSebastian Siewior	  Support for Galois/Counter Mode (GCM) and Galois Message
193584fffc8SSebastian Siewior	  Authentication Code (GMAC). Required for IPSec.
194584fffc8SSebastian Siewior
195584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV
196584fffc8SSebastian Siewior	tristate "Sequence Number IV Generator"
197584fffc8SSebastian Siewior	select CRYPTO_AEAD
198584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
199a0f000ecSHerbert Xu	select CRYPTO_RNG
200584fffc8SSebastian Siewior	help
201584fffc8SSebastian Siewior	  This IV generator generates an IV based on a sequence number by
202584fffc8SSebastian Siewior	  xoring it with a salt.  This algorithm is mainly useful for CTR
203584fffc8SSebastian Siewior
204584fffc8SSebastian Siewiorcomment "Block modes"
205584fffc8SSebastian Siewior
206584fffc8SSebastian Siewiorconfig CRYPTO_CBC
207584fffc8SSebastian Siewior	tristate "CBC support"
208584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
209584fffc8SSebastian Siewior	select CRYPTO_MANAGER
210584fffc8SSebastian Siewior	help
211584fffc8SSebastian Siewior	  CBC: Cipher Block Chaining mode
212584fffc8SSebastian Siewior	  This block cipher algorithm is required for IPSec.
213584fffc8SSebastian Siewior
214584fffc8SSebastian Siewiorconfig CRYPTO_CTR
215584fffc8SSebastian Siewior	tristate "CTR support"
216584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
217584fffc8SSebastian Siewior	select CRYPTO_SEQIV
218584fffc8SSebastian Siewior	select CRYPTO_MANAGER
219584fffc8SSebastian Siewior	help
220584fffc8SSebastian Siewior	  CTR: Counter mode
221584fffc8SSebastian Siewior	  This block cipher algorithm is required for IPSec.
222584fffc8SSebastian Siewior
223584fffc8SSebastian Siewiorconfig CRYPTO_CTS
224584fffc8SSebastian Siewior	tristate "CTS support"
225584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
226584fffc8SSebastian Siewior	help
227584fffc8SSebastian Siewior	  CTS: Cipher Text Stealing
228584fffc8SSebastian Siewior	  This is the Cipher Text Stealing mode as described by
229584fffc8SSebastian Siewior	  Section 8 of rfc2040 and referenced by rfc3962.
230584fffc8SSebastian Siewior	  (rfc3962 includes errata information in its Appendix A)
231584fffc8SSebastian Siewior	  This mode is required for Kerberos gss mechanism support
232584fffc8SSebastian Siewior	  for AES encryption.
233584fffc8SSebastian Siewior
234584fffc8SSebastian Siewiorconfig CRYPTO_ECB
235584fffc8SSebastian Siewior	tristate "ECB support"
236584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
237584fffc8SSebastian Siewior	select CRYPTO_MANAGER
238584fffc8SSebastian Siewior	help
239584fffc8SSebastian Siewior	  ECB: Electronic CodeBook mode
240584fffc8SSebastian Siewior	  This is the simplest block cipher algorithm.  It simply encrypts
241584fffc8SSebastian Siewior	  the input block by block.
242584fffc8SSebastian Siewior
243584fffc8SSebastian Siewiorconfig CRYPTO_LRW
244*2470a2b2SJussi Kivilinna	tristate "LRW support"
245584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
246584fffc8SSebastian Siewior	select CRYPTO_MANAGER
247584fffc8SSebastian Siewior	select CRYPTO_GF128MUL
248584fffc8SSebastian Siewior	help
249584fffc8SSebastian Siewior	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
250584fffc8SSebastian Siewior	  narrow block cipher mode for dm-crypt.  Use it with cipher
251584fffc8SSebastian Siewior	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
252584fffc8SSebastian Siewior	  The first 128, 192 or 256 bits in the key are used for AES and the
253584fffc8SSebastian Siewior	  rest is used to tie each cipher block to its logical position.
254584fffc8SSebastian Siewior
255584fffc8SSebastian Siewiorconfig CRYPTO_PCBC
256584fffc8SSebastian Siewior	tristate "PCBC support"
257584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
258584fffc8SSebastian Siewior	select CRYPTO_MANAGER
259584fffc8SSebastian Siewior	help
260584fffc8SSebastian Siewior	  PCBC: Propagating Cipher Block Chaining mode
261584fffc8SSebastian Siewior	  This block cipher algorithm is required for RxRPC.
262584fffc8SSebastian Siewior
263584fffc8SSebastian Siewiorconfig CRYPTO_XTS
264584fffc8SSebastian Siewior	tristate "XTS support (EXPERIMENTAL)"
265584fffc8SSebastian Siewior	depends on EXPERIMENTAL
266584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
267584fffc8SSebastian Siewior	select CRYPTO_MANAGER
268584fffc8SSebastian Siewior	select CRYPTO_GF128MUL
269584fffc8SSebastian Siewior	help
270584fffc8SSebastian Siewior	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
271584fffc8SSebastian Siewior	  key size 256, 384 or 512 bits. This implementation currently
272584fffc8SSebastian Siewior	  can't handle a sectorsize which is not a multiple of 16 bytes.
273584fffc8SSebastian Siewior
274584fffc8SSebastian Siewiorcomment "Hash modes"
275584fffc8SSebastian Siewior
2761da177e4SLinus Torvaldsconfig CRYPTO_HMAC
2778425165dSHerbert Xu	tristate "HMAC support"
2780796ae06SHerbert Xu	select CRYPTO_HASH
27943518407SHerbert Xu	select CRYPTO_MANAGER
2801da177e4SLinus Torvalds	help
2811da177e4SLinus Torvalds	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
2821da177e4SLinus Torvalds	  This is required for IPSec.
2831da177e4SLinus Torvalds
284333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC
285333b0d7eSKazunori MIYAZAWA	tristate "XCBC support"
286333b0d7eSKazunori MIYAZAWA	depends on EXPERIMENTAL
287333b0d7eSKazunori MIYAZAWA	select CRYPTO_HASH
288333b0d7eSKazunori MIYAZAWA	select CRYPTO_MANAGER
289333b0d7eSKazunori MIYAZAWA	help
290333b0d7eSKazunori MIYAZAWA	  XCBC: Keyed-Hashing with encryption algorithm
291333b0d7eSKazunori MIYAZAWA		http://www.ietf.org/rfc/rfc3566.txt
292333b0d7eSKazunori MIYAZAWA		http://csrc.nist.gov/encryption/modes/proposedmodes/
293333b0d7eSKazunori MIYAZAWA		 xcbc-mac/xcbc-mac-spec.pdf
294333b0d7eSKazunori MIYAZAWA
295f1939f7cSShane Wangconfig CRYPTO_VMAC
296f1939f7cSShane Wang	tristate "VMAC support"
297f1939f7cSShane Wang	depends on EXPERIMENTAL
298f1939f7cSShane Wang	select CRYPTO_HASH
299f1939f7cSShane Wang	select CRYPTO_MANAGER
300f1939f7cSShane Wang	help
301f1939f7cSShane Wang	  VMAC is a message authentication algorithm designed for
302f1939f7cSShane Wang	  very high speed on 64-bit architectures.
303f1939f7cSShane Wang
304f1939f7cSShane Wang	  See also:
305f1939f7cSShane Wang	  <http://fastcrypto.org/vmac>
306f1939f7cSShane Wang
307584fffc8SSebastian Siewiorcomment "Digest"
308584fffc8SSebastian Siewior
309584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C
310584fffc8SSebastian Siewior	tristate "CRC32c CRC algorithm"
3115773a3e6SHerbert Xu	select CRYPTO_HASH
3121da177e4SLinus Torvalds	help
313584fffc8SSebastian Siewior	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
314584fffc8SSebastian Siewior	  by iSCSI for header and data digests and by others.
31569c35efcSHerbert Xu	  See Castagnoli93.  Module will be crc32c.
3161da177e4SLinus Torvalds
3178cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL
3188cb51ba8SAustin Zhang	tristate "CRC32c INTEL hardware acceleration"
3198cb51ba8SAustin Zhang	depends on X86
3208cb51ba8SAustin Zhang	select CRYPTO_HASH
3218cb51ba8SAustin Zhang	help
3228cb51ba8SAustin Zhang	  In Intel processor with SSE4.2 supported, the processor will
3238cb51ba8SAustin Zhang	  support CRC32C implementation using hardware accelerated CRC32
3248cb51ba8SAustin Zhang	  instruction. This option will create 'crc32c-intel' module,
3258cb51ba8SAustin Zhang	  which will enable any routine to use the CRC32 instruction to
3268cb51ba8SAustin Zhang	  gain performance compared with software implementation.
3278cb51ba8SAustin Zhang	  Module will be crc32c-intel.
3288cb51ba8SAustin Zhang
3292cdc6899SHuang Yingconfig CRYPTO_GHASH
3302cdc6899SHuang Ying	tristate "GHASH digest algorithm"
3312cdc6899SHuang Ying	select CRYPTO_SHASH
3322cdc6899SHuang Ying	select CRYPTO_GF128MUL
3332cdc6899SHuang Ying	help
3342cdc6899SHuang Ying	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
3352cdc6899SHuang Ying
3361da177e4SLinus Torvaldsconfig CRYPTO_MD4
3371da177e4SLinus Torvalds	tristate "MD4 digest algorithm"
338808a1763SAdrian-Ken Rueegsegger	select CRYPTO_HASH
3391da177e4SLinus Torvalds	help
3401da177e4SLinus Torvalds	  MD4 message digest algorithm (RFC1320).
3411da177e4SLinus Torvalds
3421da177e4SLinus Torvaldsconfig CRYPTO_MD5
3431da177e4SLinus Torvalds	tristate "MD5 digest algorithm"
34414b75ba7SAdrian-Ken Rueegsegger	select CRYPTO_HASH
3451da177e4SLinus Torvalds	help
3461da177e4SLinus Torvalds	  MD5 message digest algorithm (RFC1321).
3471da177e4SLinus Torvalds
348584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC
349584fffc8SSebastian Siewior	tristate "Michael MIC keyed digest algorithm"
35019e2bf14SAdrian-Ken Rueegsegger	select CRYPTO_HASH
351584fffc8SSebastian Siewior	help
352584fffc8SSebastian Siewior	  Michael MIC is used for message integrity protection in TKIP
353584fffc8SSebastian Siewior	  (IEEE 802.11i). This algorithm is required for TKIP, but it
354584fffc8SSebastian Siewior	  should not be used for other purposes because of the weakness
355584fffc8SSebastian Siewior	  of the algorithm.
356584fffc8SSebastian Siewior
35782798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128
35882798f90SAdrian-Ken Rueegsegger	tristate "RIPEMD-128 digest algorithm"
3597c4468bcSHerbert Xu	select CRYPTO_HASH
36082798f90SAdrian-Ken Rueegsegger	help
36182798f90SAdrian-Ken Rueegsegger	  RIPEMD-128 (ISO/IEC 10118-3:2004).
36282798f90SAdrian-Ken Rueegsegger
36382798f90SAdrian-Ken Rueegsegger	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
36435ed4b35SMichael Witten	  be used as a secure replacement for RIPEMD. For other use cases,
36582798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 should be used.
36682798f90SAdrian-Ken Rueegsegger
36782798f90SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3686d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
36982798f90SAdrian-Ken Rueegsegger
37082798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160
37182798f90SAdrian-Ken Rueegsegger	tristate "RIPEMD-160 digest algorithm"
372e5835fbaSHerbert Xu	select CRYPTO_HASH
37382798f90SAdrian-Ken Rueegsegger	help
37482798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 (ISO/IEC 10118-3:2004).
37582798f90SAdrian-Ken Rueegsegger
37682798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
37782798f90SAdrian-Ken Rueegsegger	  to be used as a secure replacement for the 128-bit hash functions
378b6d44341SAdrian Bunk	  MD4, MD5 and it's predecessor RIPEMD
379b6d44341SAdrian Bunk	  (not to be confused with RIPEMD-128).
38082798f90SAdrian-Ken Rueegsegger
381b6d44341SAdrian Bunk	  It's speed is comparable to SHA1 and there are no known attacks
382b6d44341SAdrian Bunk	  against RIPEMD-160.
383534fe2c1SAdrian-Ken Rueegsegger
384534fe2c1SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3856d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
386534fe2c1SAdrian-Ken Rueegsegger
387534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD256
388534fe2c1SAdrian-Ken Rueegsegger	tristate "RIPEMD-256 digest algorithm"
389d8a5e2e9SHerbert Xu	select CRYPTO_HASH
390534fe2c1SAdrian-Ken Rueegsegger	help
391b6d44341SAdrian Bunk	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
392b6d44341SAdrian Bunk	  256 bit hash. It is intended for applications that require
393b6d44341SAdrian Bunk	  longer hash-results, without needing a larger security level
394b6d44341SAdrian Bunk	  (than RIPEMD-128).
395534fe2c1SAdrian-Ken Rueegsegger
396534fe2c1SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3976d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
398534fe2c1SAdrian-Ken Rueegsegger
399534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD320
400534fe2c1SAdrian-Ken Rueegsegger	tristate "RIPEMD-320 digest algorithm"
4013b8efb4cSHerbert Xu	select CRYPTO_HASH
402534fe2c1SAdrian-Ken Rueegsegger	help
403b6d44341SAdrian Bunk	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
404b6d44341SAdrian Bunk	  320 bit hash. It is intended for applications that require
405b6d44341SAdrian Bunk	  longer hash-results, without needing a larger security level
406b6d44341SAdrian Bunk	  (than RIPEMD-160).
407534fe2c1SAdrian-Ken Rueegsegger
40882798f90SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
4096d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
41082798f90SAdrian-Ken Rueegsegger
4111da177e4SLinus Torvaldsconfig CRYPTO_SHA1
4121da177e4SLinus Torvalds	tristate "SHA1 digest algorithm"
41354ccb367SAdrian-Ken Rueegsegger	select CRYPTO_HASH
4141da177e4SLinus Torvalds	help
4151da177e4SLinus Torvalds	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
4161da177e4SLinus Torvalds
41766be8951SMathias Krauseconfig CRYPTO_SHA1_SSSE3
41866be8951SMathias Krause	tristate "SHA1 digest algorithm (SSSE3/AVX)"
41966be8951SMathias Krause	depends on X86 && 64BIT
42066be8951SMathias Krause	select CRYPTO_SHA1
42166be8951SMathias Krause	select CRYPTO_HASH
42266be8951SMathias Krause	help
42366be8951SMathias Krause	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
42466be8951SMathias Krause	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
42566be8951SMathias Krause	  Extensions (AVX), when available.
42666be8951SMathias Krause
4271da177e4SLinus Torvaldsconfig CRYPTO_SHA256
428cd12fb90SJonathan Lynch	tristate "SHA224 and SHA256 digest algorithm"
42950e109b5SAdrian-Ken Rueegsegger	select CRYPTO_HASH
4301da177e4SLinus Torvalds	help
4311da177e4SLinus Torvalds	  SHA256 secure hash standard (DFIPS 180-2).
4321da177e4SLinus Torvalds
4331da177e4SLinus Torvalds	  This version of SHA implements a 256 bit hash with 128 bits of
4341da177e4SLinus Torvalds	  security against collision attacks.
4351da177e4SLinus Torvalds
436cd12fb90SJonathan Lynch	  This code also includes SHA-224, a 224 bit hash with 112 bits
437cd12fb90SJonathan Lynch	  of security against collision attacks.
438cd12fb90SJonathan Lynch
4391da177e4SLinus Torvaldsconfig CRYPTO_SHA512
4401da177e4SLinus Torvalds	tristate "SHA384 and SHA512 digest algorithms"
441bd9d20dbSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4421da177e4SLinus Torvalds	help
4431da177e4SLinus Torvalds	  SHA512 secure hash standard (DFIPS 180-2).
4441da177e4SLinus Torvalds
4451da177e4SLinus Torvalds	  This version of SHA implements a 512 bit hash with 256 bits of
4461da177e4SLinus Torvalds	  security against collision attacks.
4471da177e4SLinus Torvalds
4481da177e4SLinus Torvalds	  This code also includes SHA-384, a 384 bit hash with 192 bits
4491da177e4SLinus Torvalds	  of security against collision attacks.
4501da177e4SLinus Torvalds
4511da177e4SLinus Torvaldsconfig CRYPTO_TGR192
4521da177e4SLinus Torvalds	tristate "Tiger digest algorithms"
453f63fbd3dSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4541da177e4SLinus Torvalds	help
4551da177e4SLinus Torvalds	  Tiger hash algorithm 192, 160 and 128-bit hashes
4561da177e4SLinus Torvalds
4571da177e4SLinus Torvalds	  Tiger is a hash function optimized for 64-bit processors while
4581da177e4SLinus Torvalds	  still having decent performance on 32-bit processors.
4591da177e4SLinus Torvalds	  Tiger was developed by Ross Anderson and Eli Biham.
4601da177e4SLinus Torvalds
4611da177e4SLinus Torvalds	  See also:
4621da177e4SLinus Torvalds	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
4631da177e4SLinus Torvalds
464584fffc8SSebastian Siewiorconfig CRYPTO_WP512
465584fffc8SSebastian Siewior	tristate "Whirlpool digest algorithms"
4664946510bSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4671da177e4SLinus Torvalds	help
468584fffc8SSebastian Siewior	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
4691da177e4SLinus Torvalds
470584fffc8SSebastian Siewior	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
471584fffc8SSebastian Siewior	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
4721da177e4SLinus Torvalds
4731da177e4SLinus Torvalds	  See also:
4746d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
4751da177e4SLinus Torvalds
4760e1227d3SHuang Yingconfig CRYPTO_GHASH_CLMUL_NI_INTEL
4770e1227d3SHuang Ying	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
4788af00860SRichard Weinberger	depends on X86 && 64BIT
4790e1227d3SHuang Ying	select CRYPTO_SHASH
4800e1227d3SHuang Ying	select CRYPTO_CRYPTD
4810e1227d3SHuang Ying	help
4820e1227d3SHuang Ying	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
4830e1227d3SHuang Ying	  The implementation is accelerated by CLMUL-NI of Intel.
4840e1227d3SHuang Ying
485584fffc8SSebastian Siewiorcomment "Ciphers"
4861da177e4SLinus Torvalds
4871da177e4SLinus Torvaldsconfig CRYPTO_AES
4881da177e4SLinus Torvalds	tristate "AES cipher algorithms"
489cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
4901da177e4SLinus Torvalds	help
4911da177e4SLinus Torvalds	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
4921da177e4SLinus Torvalds	  algorithm.
4931da177e4SLinus Torvalds
4941da177e4SLinus Torvalds	  Rijndael appears to be consistently a very good performer in
4951da177e4SLinus Torvalds	  both hardware and software across a wide range of computing
4961da177e4SLinus Torvalds	  environments regardless of its use in feedback or non-feedback
4971da177e4SLinus Torvalds	  modes. Its key setup time is excellent, and its key agility is
4981da177e4SLinus Torvalds	  good. Rijndael's very low memory requirements make it very well
4991da177e4SLinus Torvalds	  suited for restricted-space environments, in which it also
5001da177e4SLinus Torvalds	  demonstrates excellent performance. Rijndael's operations are
5011da177e4SLinus Torvalds	  among the easiest to defend against power and timing attacks.
5021da177e4SLinus Torvalds
5031da177e4SLinus Torvalds	  The AES specifies three key sizes: 128, 192 and 256 bits
5041da177e4SLinus Torvalds
5051da177e4SLinus Torvalds	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
5061da177e4SLinus Torvalds
5071da177e4SLinus Torvaldsconfig CRYPTO_AES_586
5081da177e4SLinus Torvalds	tristate "AES cipher algorithms (i586)"
509cce9e06dSHerbert Xu	depends on (X86 || UML_X86) && !64BIT
510cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
5115157dea8SSebastian Siewior	select CRYPTO_AES
5121da177e4SLinus Torvalds	help
5131da177e4SLinus Torvalds	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
5141da177e4SLinus Torvalds	  algorithm.
5151da177e4SLinus Torvalds
5161da177e4SLinus Torvalds	  Rijndael appears to be consistently a very good performer in
5171da177e4SLinus Torvalds	  both hardware and software across a wide range of computing
5181da177e4SLinus Torvalds	  environments regardless of its use in feedback or non-feedback
5191da177e4SLinus Torvalds	  modes. Its key setup time is excellent, and its key agility is
5201da177e4SLinus Torvalds	  good. Rijndael's very low memory requirements make it very well
5211da177e4SLinus Torvalds	  suited for restricted-space environments, in which it also
5221da177e4SLinus Torvalds	  demonstrates excellent performance. Rijndael's operations are
5231da177e4SLinus Torvalds	  among the easiest to defend against power and timing attacks.
5241da177e4SLinus Torvalds
5251da177e4SLinus Torvalds	  The AES specifies three key sizes: 128, 192 and 256 bits
5261da177e4SLinus Torvalds
5271da177e4SLinus Torvalds	  See <http://csrc.nist.gov/encryption/aes/> for more information.
5281da177e4SLinus Torvalds
529a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64
530a2a892a2SAndreas Steinmetz	tristate "AES cipher algorithms (x86_64)"
531cce9e06dSHerbert Xu	depends on (X86 || UML_X86) && 64BIT
532cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
53381190b32SSebastian Siewior	select CRYPTO_AES
534a2a892a2SAndreas Steinmetz	help
535a2a892a2SAndreas Steinmetz	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
536a2a892a2SAndreas Steinmetz	  algorithm.
537a2a892a2SAndreas Steinmetz
538a2a892a2SAndreas Steinmetz	  Rijndael appears to be consistently a very good performer in
539a2a892a2SAndreas Steinmetz	  both hardware and software across a wide range of computing
540a2a892a2SAndreas Steinmetz	  environments regardless of its use in feedback or non-feedback
541a2a892a2SAndreas Steinmetz	  modes. Its key setup time is excellent, and its key agility is
542a2a892a2SAndreas Steinmetz	  good. Rijndael's very low memory requirements make it very well
543a2a892a2SAndreas Steinmetz	  suited for restricted-space environments, in which it also
544a2a892a2SAndreas Steinmetz	  demonstrates excellent performance. Rijndael's operations are
545a2a892a2SAndreas Steinmetz	  among the easiest to defend against power and timing attacks.
546a2a892a2SAndreas Steinmetz
547a2a892a2SAndreas Steinmetz	  The AES specifies three key sizes: 128, 192 and 256 bits
548a2a892a2SAndreas Steinmetz
549a2a892a2SAndreas Steinmetz	  See <http://csrc.nist.gov/encryption/aes/> for more information.
550a2a892a2SAndreas Steinmetz
55154b6a1bdSHuang Yingconfig CRYPTO_AES_NI_INTEL
55254b6a1bdSHuang Ying	tristate "AES cipher algorithms (AES-NI)"
5538af00860SRichard Weinberger	depends on X86
5540d258efbSMathias Krause	select CRYPTO_AES_X86_64 if 64BIT
5550d258efbSMathias Krause	select CRYPTO_AES_586 if !64BIT
55654b6a1bdSHuang Ying	select CRYPTO_CRYPTD
55754b6a1bdSHuang Ying	select CRYPTO_ALGAPI
55854b6a1bdSHuang Ying	help
55954b6a1bdSHuang Ying	  Use Intel AES-NI instructions for AES algorithm.
56054b6a1bdSHuang Ying
56154b6a1bdSHuang Ying	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
56254b6a1bdSHuang Ying	  algorithm.
56354b6a1bdSHuang Ying
56454b6a1bdSHuang Ying	  Rijndael appears to be consistently a very good performer in
56554b6a1bdSHuang Ying	  both hardware and software across a wide range of computing
56654b6a1bdSHuang Ying	  environments regardless of its use in feedback or non-feedback
56754b6a1bdSHuang Ying	  modes. Its key setup time is excellent, and its key agility is
56854b6a1bdSHuang Ying	  good. Rijndael's very low memory requirements make it very well
56954b6a1bdSHuang Ying	  suited for restricted-space environments, in which it also
57054b6a1bdSHuang Ying	  demonstrates excellent performance. Rijndael's operations are
57154b6a1bdSHuang Ying	  among the easiest to defend against power and timing attacks.
57254b6a1bdSHuang Ying
57354b6a1bdSHuang Ying	  The AES specifies three key sizes: 128, 192 and 256 bits
57454b6a1bdSHuang Ying
57554b6a1bdSHuang Ying	  See <http://csrc.nist.gov/encryption/aes/> for more information.
57654b6a1bdSHuang Ying
5770d258efbSMathias Krause	  In addition to AES cipher algorithm support, the acceleration
5780d258efbSMathias Krause	  for some popular block cipher mode is supported too, including
5790d258efbSMathias Krause	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
5800d258efbSMathias Krause	  acceleration for CTR.
5812cf4ac8bSHuang Ying
5821da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS
5831da177e4SLinus Torvalds	tristate "Anubis cipher algorithm"
584cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
5851da177e4SLinus Torvalds	help
5861da177e4SLinus Torvalds	  Anubis cipher algorithm.
5871da177e4SLinus Torvalds
5881da177e4SLinus Torvalds	  Anubis is a variable key length cipher which can use keys from
5891da177e4SLinus Torvalds	  128 bits to 320 bits in length.  It was evaluated as a entrant
5901da177e4SLinus Torvalds	  in the NESSIE competition.
5911da177e4SLinus Torvalds
5921da177e4SLinus Torvalds	  See also:
5936d8de74cSJustin P. Mattock	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
5946d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
5951da177e4SLinus Torvalds
596584fffc8SSebastian Siewiorconfig CRYPTO_ARC4
597584fffc8SSebastian Siewior	tristate "ARC4 cipher algorithm"
598e2ee95b8SHye-Shik Chang	select CRYPTO_ALGAPI
599e2ee95b8SHye-Shik Chang	help
600584fffc8SSebastian Siewior	  ARC4 cipher algorithm.
601e2ee95b8SHye-Shik Chang
602584fffc8SSebastian Siewior	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
603584fffc8SSebastian Siewior	  bits in length.  This algorithm is required for driver-based
604584fffc8SSebastian Siewior	  WEP, but it should not be for other purposes because of the
605584fffc8SSebastian Siewior	  weakness of the algorithm.
606584fffc8SSebastian Siewior
607584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH
608584fffc8SSebastian Siewior	tristate "Blowfish cipher algorithm"
609584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
61052ba867cSJussi Kivilinna	select CRYPTO_BLOWFISH_COMMON
611584fffc8SSebastian Siewior	help
612584fffc8SSebastian Siewior	  Blowfish cipher algorithm, by Bruce Schneier.
613584fffc8SSebastian Siewior
614584fffc8SSebastian Siewior	  This is a variable key length cipher which can use keys from 32
615584fffc8SSebastian Siewior	  bits to 448 bits in length.  It's fast, simple and specifically
616584fffc8SSebastian Siewior	  designed for use on "large microprocessors".
617e2ee95b8SHye-Shik Chang
618e2ee95b8SHye-Shik Chang	  See also:
619584fffc8SSebastian Siewior	  <http://www.schneier.com/blowfish.html>
620584fffc8SSebastian Siewior
62152ba867cSJussi Kivilinnaconfig CRYPTO_BLOWFISH_COMMON
62252ba867cSJussi Kivilinna	tristate
62352ba867cSJussi Kivilinna	help
62452ba867cSJussi Kivilinna	  Common parts of the Blowfish cipher algorithm shared by the
62552ba867cSJussi Kivilinna	  generic c and the assembler implementations.
62652ba867cSJussi Kivilinna
62752ba867cSJussi Kivilinna	  See also:
62852ba867cSJussi Kivilinna	  <http://www.schneier.com/blowfish.html>
62952ba867cSJussi Kivilinna
63064b94ceaSJussi Kivilinnaconfig CRYPTO_BLOWFISH_X86_64
63164b94ceaSJussi Kivilinna	tristate "Blowfish cipher algorithm (x86_64)"
63264b94ceaSJussi Kivilinna	depends on (X86 || UML_X86) && 64BIT
63364b94ceaSJussi Kivilinna	select CRYPTO_ALGAPI
63464b94ceaSJussi Kivilinna	select CRYPTO_BLOWFISH_COMMON
63564b94ceaSJussi Kivilinna	help
63664b94ceaSJussi Kivilinna	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
63764b94ceaSJussi Kivilinna
63864b94ceaSJussi Kivilinna	  This is a variable key length cipher which can use keys from 32
63964b94ceaSJussi Kivilinna	  bits to 448 bits in length.  It's fast, simple and specifically
64064b94ceaSJussi Kivilinna	  designed for use on "large microprocessors".
64164b94ceaSJussi Kivilinna
64264b94ceaSJussi Kivilinna	  See also:
64364b94ceaSJussi Kivilinna	  <http://www.schneier.com/blowfish.html>
64464b94ceaSJussi Kivilinna
645584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA
646584fffc8SSebastian Siewior	tristate "Camellia cipher algorithms"
647584fffc8SSebastian Siewior	depends on CRYPTO
648584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
649584fffc8SSebastian Siewior	help
650584fffc8SSebastian Siewior	  Camellia cipher algorithms module.
651584fffc8SSebastian Siewior
652584fffc8SSebastian Siewior	  Camellia is a symmetric key block cipher developed jointly
653584fffc8SSebastian Siewior	  at NTT and Mitsubishi Electric Corporation.
654584fffc8SSebastian Siewior
655584fffc8SSebastian Siewior	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
656584fffc8SSebastian Siewior
657584fffc8SSebastian Siewior	  See also:
658584fffc8SSebastian Siewior	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
659584fffc8SSebastian Siewior
660584fffc8SSebastian Siewiorconfig CRYPTO_CAST5
661584fffc8SSebastian Siewior	tristate "CAST5 (CAST-128) cipher algorithm"
662584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
663584fffc8SSebastian Siewior	help
664584fffc8SSebastian Siewior	  The CAST5 encryption algorithm (synonymous with CAST-128) is
665584fffc8SSebastian Siewior	  described in RFC2144.
666584fffc8SSebastian Siewior
667584fffc8SSebastian Siewiorconfig CRYPTO_CAST6
668584fffc8SSebastian Siewior	tristate "CAST6 (CAST-256) cipher algorithm"
669584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
670584fffc8SSebastian Siewior	help
671584fffc8SSebastian Siewior	  The CAST6 encryption algorithm (synonymous with CAST-256) is
672584fffc8SSebastian Siewior	  described in RFC2612.
673584fffc8SSebastian Siewior
674584fffc8SSebastian Siewiorconfig CRYPTO_DES
675584fffc8SSebastian Siewior	tristate "DES and Triple DES EDE cipher algorithms"
676584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
677584fffc8SSebastian Siewior	help
678584fffc8SSebastian Siewior	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
679584fffc8SSebastian Siewior
680584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT
681584fffc8SSebastian Siewior	tristate "FCrypt cipher algorithm"
682584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
683584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
684584fffc8SSebastian Siewior	help
685584fffc8SSebastian Siewior	  FCrypt algorithm used by RxRPC.
686584fffc8SSebastian Siewior
687584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD
688584fffc8SSebastian Siewior	tristate "Khazad cipher algorithm"
689584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
690584fffc8SSebastian Siewior	help
691584fffc8SSebastian Siewior	  Khazad cipher algorithm.
692584fffc8SSebastian Siewior
693584fffc8SSebastian Siewior	  Khazad was a finalist in the initial NESSIE competition.  It is
694584fffc8SSebastian Siewior	  an algorithm optimized for 64-bit processors with good performance
695584fffc8SSebastian Siewior	  on 32-bit processors.  Khazad uses an 128 bit key size.
696584fffc8SSebastian Siewior
697584fffc8SSebastian Siewior	  See also:
6986d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
699e2ee95b8SHye-Shik Chang
7002407d608STan Swee Hengconfig CRYPTO_SALSA20
7012407d608STan Swee Heng	tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
7022407d608STan Swee Heng	depends on EXPERIMENTAL
7032407d608STan Swee Heng	select CRYPTO_BLKCIPHER
7042407d608STan Swee Heng	help
7052407d608STan Swee Heng	  Salsa20 stream cipher algorithm.
7062407d608STan Swee Heng
7072407d608STan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
7082407d608STan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
7092407d608STan Swee Heng
7102407d608STan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
7112407d608STan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
7121da177e4SLinus Torvalds
713974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586
714974e4b75STan Swee Heng	tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
715974e4b75STan Swee Heng	depends on (X86 || UML_X86) && !64BIT
716974e4b75STan Swee Heng	depends on EXPERIMENTAL
717974e4b75STan Swee Heng	select CRYPTO_BLKCIPHER
718974e4b75STan Swee Heng	help
719974e4b75STan Swee Heng	  Salsa20 stream cipher algorithm.
720974e4b75STan Swee Heng
721974e4b75STan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
722974e4b75STan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
723974e4b75STan Swee Heng
724974e4b75STan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
725974e4b75STan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
726974e4b75STan Swee Heng
7279a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64
7289a7dafbbSTan Swee Heng	tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
7299a7dafbbSTan Swee Heng	depends on (X86 || UML_X86) && 64BIT
7309a7dafbbSTan Swee Heng	depends on EXPERIMENTAL
7319a7dafbbSTan Swee Heng	select CRYPTO_BLKCIPHER
7329a7dafbbSTan Swee Heng	help
7339a7dafbbSTan Swee Heng	  Salsa20 stream cipher algorithm.
7349a7dafbbSTan Swee Heng
7359a7dafbbSTan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
7369a7dafbbSTan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
7379a7dafbbSTan Swee Heng
7389a7dafbbSTan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
7399a7dafbbSTan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
7409a7dafbbSTan Swee Heng
741584fffc8SSebastian Siewiorconfig CRYPTO_SEED
742584fffc8SSebastian Siewior	tristate "SEED cipher algorithm"
743584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
744584fffc8SSebastian Siewior	help
745584fffc8SSebastian Siewior	  SEED cipher algorithm (RFC4269).
746584fffc8SSebastian Siewior
747584fffc8SSebastian Siewior	  SEED is a 128-bit symmetric key block cipher that has been
748584fffc8SSebastian Siewior	  developed by KISA (Korea Information Security Agency) as a
749584fffc8SSebastian Siewior	  national standard encryption algorithm of the Republic of Korea.
750584fffc8SSebastian Siewior	  It is a 16 round block cipher with the key size of 128 bit.
751584fffc8SSebastian Siewior
752584fffc8SSebastian Siewior	  See also:
753584fffc8SSebastian Siewior	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
754584fffc8SSebastian Siewior
755584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT
756584fffc8SSebastian Siewior	tristate "Serpent cipher algorithm"
757584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
758584fffc8SSebastian Siewior	help
759584fffc8SSebastian Siewior	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
760584fffc8SSebastian Siewior
761584fffc8SSebastian Siewior	  Keys are allowed to be from 0 to 256 bits in length, in steps
762584fffc8SSebastian Siewior	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
763584fffc8SSebastian Siewior	  variant of Serpent for compatibility with old kerneli.org code.
764584fffc8SSebastian Siewior
765584fffc8SSebastian Siewior	  See also:
766584fffc8SSebastian Siewior	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
767584fffc8SSebastian Siewior
768937c30d7SJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_X86_64
769937c30d7SJussi Kivilinna	tristate "Serpent cipher algorithm (x86_64/SSE2)"
770937c30d7SJussi Kivilinna	depends on X86 && 64BIT
771937c30d7SJussi Kivilinna	select CRYPTO_ALGAPI
772341975bfSJussi Kivilinna	select CRYPTO_CRYPTD
773937c30d7SJussi Kivilinna	select CRYPTO_SERPENT
774937c30d7SJussi Kivilinna	help
775937c30d7SJussi Kivilinna	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
776937c30d7SJussi Kivilinna
777937c30d7SJussi Kivilinna	  Keys are allowed to be from 0 to 256 bits in length, in steps
778937c30d7SJussi Kivilinna	  of 8 bits.
779937c30d7SJussi Kivilinna
780937c30d7SJussi Kivilinna	  This module provides Serpent cipher algorithm that processes eigth
781937c30d7SJussi Kivilinna	  blocks parallel using SSE2 instruction set.
782937c30d7SJussi Kivilinna
783937c30d7SJussi Kivilinna	  See also:
784937c30d7SJussi Kivilinna	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
785937c30d7SJussi Kivilinna
786251496dbSJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_586
787251496dbSJussi Kivilinna	tristate "Serpent cipher algorithm (i586/SSE2)"
788251496dbSJussi Kivilinna	depends on X86 && !64BIT
789251496dbSJussi Kivilinna	select CRYPTO_ALGAPI
790341975bfSJussi Kivilinna	select CRYPTO_CRYPTD
791251496dbSJussi Kivilinna	select CRYPTO_SERPENT
792251496dbSJussi Kivilinna	help
793251496dbSJussi Kivilinna	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
794251496dbSJussi Kivilinna
795251496dbSJussi Kivilinna	  Keys are allowed to be from 0 to 256 bits in length, in steps
796251496dbSJussi Kivilinna	  of 8 bits.
797251496dbSJussi Kivilinna
798251496dbSJussi Kivilinna	  This module provides Serpent cipher algorithm that processes four
799251496dbSJussi Kivilinna	  blocks parallel using SSE2 instruction set.
800251496dbSJussi Kivilinna
801251496dbSJussi Kivilinna	  See also:
802251496dbSJussi Kivilinna	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
803251496dbSJussi Kivilinna
804584fffc8SSebastian Siewiorconfig CRYPTO_TEA
805584fffc8SSebastian Siewior	tristate "TEA, XTEA and XETA cipher algorithms"
806584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
807584fffc8SSebastian Siewior	help
808584fffc8SSebastian Siewior	  TEA cipher algorithm.
809584fffc8SSebastian Siewior
810584fffc8SSebastian Siewior	  Tiny Encryption Algorithm is a simple cipher that uses
811584fffc8SSebastian Siewior	  many rounds for security.  It is very fast and uses
812584fffc8SSebastian Siewior	  little memory.
813584fffc8SSebastian Siewior
814584fffc8SSebastian Siewior	  Xtendend Tiny Encryption Algorithm is a modification to
815584fffc8SSebastian Siewior	  the TEA algorithm to address a potential key weakness
816584fffc8SSebastian Siewior	  in the TEA algorithm.
817584fffc8SSebastian Siewior
818584fffc8SSebastian Siewior	  Xtendend Encryption Tiny Algorithm is a mis-implementation
819584fffc8SSebastian Siewior	  of the XTEA algorithm for compatibility purposes.
820584fffc8SSebastian Siewior
821584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH
822584fffc8SSebastian Siewior	tristate "Twofish cipher algorithm"
823584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
824584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
825584fffc8SSebastian Siewior	help
826584fffc8SSebastian Siewior	  Twofish cipher algorithm.
827584fffc8SSebastian Siewior
828584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
829584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
830584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
831584fffc8SSebastian Siewior	  bits.
832584fffc8SSebastian Siewior
833584fffc8SSebastian Siewior	  See also:
834584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
835584fffc8SSebastian Siewior
836584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON
837584fffc8SSebastian Siewior	tristate
838584fffc8SSebastian Siewior	help
839584fffc8SSebastian Siewior	  Common parts of the Twofish cipher algorithm shared by the
840584fffc8SSebastian Siewior	  generic c and the assembler implementations.
841584fffc8SSebastian Siewior
842584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586
843584fffc8SSebastian Siewior	tristate "Twofish cipher algorithms (i586)"
844584fffc8SSebastian Siewior	depends on (X86 || UML_X86) && !64BIT
845584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
846584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
847584fffc8SSebastian Siewior	help
848584fffc8SSebastian Siewior	  Twofish cipher algorithm.
849584fffc8SSebastian Siewior
850584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
851584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
852584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
853584fffc8SSebastian Siewior	  bits.
854584fffc8SSebastian Siewior
855584fffc8SSebastian Siewior	  See also:
856584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
857584fffc8SSebastian Siewior
858584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64
859584fffc8SSebastian Siewior	tristate "Twofish cipher algorithm (x86_64)"
860584fffc8SSebastian Siewior	depends on (X86 || UML_X86) && 64BIT
861584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
862584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
863584fffc8SSebastian Siewior	help
864584fffc8SSebastian Siewior	  Twofish cipher algorithm (x86_64).
865584fffc8SSebastian Siewior
866584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
867584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
868584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
869584fffc8SSebastian Siewior	  bits.
870584fffc8SSebastian Siewior
871584fffc8SSebastian Siewior	  See also:
872584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
873584fffc8SSebastian Siewior
8748280daadSJussi Kivilinnaconfig CRYPTO_TWOFISH_X86_64_3WAY
8758280daadSJussi Kivilinna	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
8768280daadSJussi Kivilinna	depends on (X86 || UML_X86) && 64BIT
8778280daadSJussi Kivilinna	select CRYPTO_ALGAPI
8788280daadSJussi Kivilinna	select CRYPTO_TWOFISH_COMMON
8798280daadSJussi Kivilinna	select CRYPTO_TWOFISH_X86_64
8808280daadSJussi Kivilinna	help
8818280daadSJussi Kivilinna	  Twofish cipher algorithm (x86_64, 3-way parallel).
8828280daadSJussi Kivilinna
8838280daadSJussi Kivilinna	  Twofish was submitted as an AES (Advanced Encryption Standard)
8848280daadSJussi Kivilinna	  candidate cipher by researchers at CounterPane Systems.  It is a
8858280daadSJussi Kivilinna	  16 round block cipher supporting key sizes of 128, 192, and 256
8868280daadSJussi Kivilinna	  bits.
8878280daadSJussi Kivilinna
8888280daadSJussi Kivilinna	  This module provides Twofish cipher algorithm that processes three
8898280daadSJussi Kivilinna	  blocks parallel, utilizing resources of out-of-order CPUs better.
8908280daadSJussi Kivilinna
8918280daadSJussi Kivilinna	  See also:
8928280daadSJussi Kivilinna	  <http://www.schneier.com/twofish.html>
8938280daadSJussi Kivilinna
894584fffc8SSebastian Siewiorcomment "Compression"
895584fffc8SSebastian Siewior
8961da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE
8971da177e4SLinus Torvalds	tristate "Deflate compression algorithm"
898cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
8991da177e4SLinus Torvalds	select ZLIB_INFLATE
9001da177e4SLinus Torvalds	select ZLIB_DEFLATE
9011da177e4SLinus Torvalds	help
9021da177e4SLinus Torvalds	  This is the Deflate algorithm (RFC1951), specified for use in
9031da177e4SLinus Torvalds	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
9041da177e4SLinus Torvalds
9051da177e4SLinus Torvalds	  You will most probably want this if using IPSec.
9061da177e4SLinus Torvalds
907bf68e65eSGeert Uytterhoevenconfig CRYPTO_ZLIB
908bf68e65eSGeert Uytterhoeven	tristate "Zlib compression algorithm"
909bf68e65eSGeert Uytterhoeven	select CRYPTO_PCOMP
910bf68e65eSGeert Uytterhoeven	select ZLIB_INFLATE
911bf68e65eSGeert Uytterhoeven	select ZLIB_DEFLATE
912bf68e65eSGeert Uytterhoeven	select NLATTR
913bf68e65eSGeert Uytterhoeven	help
914bf68e65eSGeert Uytterhoeven	  This is the zlib algorithm.
915bf68e65eSGeert Uytterhoeven
9160b77abb3SZoltan Sogorconfig CRYPTO_LZO
9170b77abb3SZoltan Sogor	tristate "LZO compression algorithm"
9180b77abb3SZoltan Sogor	select CRYPTO_ALGAPI
9190b77abb3SZoltan Sogor	select LZO_COMPRESS
9200b77abb3SZoltan Sogor	select LZO_DECOMPRESS
9210b77abb3SZoltan Sogor	help
9220b77abb3SZoltan Sogor	  This is the LZO algorithm.
9230b77abb3SZoltan Sogor
92417f0f4a4SNeil Hormancomment "Random Number Generation"
92517f0f4a4SNeil Horman
92617f0f4a4SNeil Hormanconfig CRYPTO_ANSI_CPRNG
92717f0f4a4SNeil Horman	tristate "Pseudo Random Number Generation for Cryptographic modules"
9284e4ed83bSNeil Horman	default m
92917f0f4a4SNeil Horman	select CRYPTO_AES
93017f0f4a4SNeil Horman	select CRYPTO_RNG
93117f0f4a4SNeil Horman	help
93217f0f4a4SNeil Horman	  This option enables the generic pseudo random number generator
93317f0f4a4SNeil Horman	  for cryptographic modules.  Uses the Algorithm specified in
9347dd607e8SJiri Kosina	  ANSI X9.31 A.2.4. Note that this option must be enabled if
9357dd607e8SJiri Kosina	  CRYPTO_FIPS is selected
93617f0f4a4SNeil Horman
93703c8efc1SHerbert Xuconfig CRYPTO_USER_API
93803c8efc1SHerbert Xu	tristate
93903c8efc1SHerbert Xu
940fe869cdbSHerbert Xuconfig CRYPTO_USER_API_HASH
941fe869cdbSHerbert Xu	tristate "User-space interface for hash algorithms"
9427451708fSHerbert Xu	depends on NET
943fe869cdbSHerbert Xu	select CRYPTO_HASH
944fe869cdbSHerbert Xu	select CRYPTO_USER_API
945fe869cdbSHerbert Xu	help
946fe869cdbSHerbert Xu	  This option enables the user-spaces interface for hash
947fe869cdbSHerbert Xu	  algorithms.
948fe869cdbSHerbert Xu
9498ff59090SHerbert Xuconfig CRYPTO_USER_API_SKCIPHER
9508ff59090SHerbert Xu	tristate "User-space interface for symmetric key cipher algorithms"
9517451708fSHerbert Xu	depends on NET
9528ff59090SHerbert Xu	select CRYPTO_BLKCIPHER
9538ff59090SHerbert Xu	select CRYPTO_USER_API
9548ff59090SHerbert Xu	help
9558ff59090SHerbert Xu	  This option enables the user-spaces interface for symmetric
9568ff59090SHerbert Xu	  key cipher algorithms.
9578ff59090SHerbert Xu
9581da177e4SLinus Torvaldssource "drivers/crypto/Kconfig"
9591da177e4SLinus Torvalds
960cce9e06dSHerbert Xuendif	# if CRYPTO
961