xref: /linux/crypto/Kconfig (revision 5bcf8e6dd49fec57b5dd96a643c53a048272b625) 
11da177e4SLinus Torvalds#
2685784aaSDan Williams# Generic algorithms support
3685784aaSDan Williams#
4685784aaSDan Williamsconfig XOR_BLOCKS
5685784aaSDan Williams	tristate
6685784aaSDan Williams
7685784aaSDan Williams#
89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support
99bc89cd8SDan Williams#
109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig"
119bc89cd8SDan Williams
129bc89cd8SDan Williams#
131da177e4SLinus Torvalds# Cryptographic API Configuration
141da177e4SLinus Torvalds#
152e290f43SJan Engelhardtmenuconfig CRYPTO
16c3715cb9SSebastian Siewior	tristate "Cryptographic API"
171da177e4SLinus Torvalds	help
181da177e4SLinus Torvalds	  This option provides the core Cryptographic API.
191da177e4SLinus Torvalds
20cce9e06dSHerbert Xuif CRYPTO
21cce9e06dSHerbert Xu
22584fffc8SSebastian Siewiorcomment "Crypto core or helper"
23584fffc8SSebastian Siewior
24ccb778e1SNeil Hormanconfig CRYPTO_FIPS
25ccb778e1SNeil Horman	bool "FIPS 200 compliance"
26e84c5480SChuck Ebbert	depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
27ccb778e1SNeil Horman	help
28ccb778e1SNeil Horman	  This options enables the fips boot option which is
29ccb778e1SNeil Horman	  required if you want to system to operate in a FIPS 200
30ccb778e1SNeil Horman	  certification.  You should say no unless you know what
31e84c5480SChuck Ebbert	  this is.
32ccb778e1SNeil Horman
33cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI
34cce9e06dSHerbert Xu	tristate
356a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
36cce9e06dSHerbert Xu	help
37cce9e06dSHerbert Xu	  This option provides the API for cryptographic algorithms.
38cce9e06dSHerbert Xu
396a0fcbb4SHerbert Xuconfig CRYPTO_ALGAPI2
406a0fcbb4SHerbert Xu	tristate
416a0fcbb4SHerbert Xu
421ae97820SHerbert Xuconfig CRYPTO_AEAD
431ae97820SHerbert Xu	tristate
446a0fcbb4SHerbert Xu	select CRYPTO_AEAD2
451ae97820SHerbert Xu	select CRYPTO_ALGAPI
461ae97820SHerbert Xu
476a0fcbb4SHerbert Xuconfig CRYPTO_AEAD2
486a0fcbb4SHerbert Xu	tristate
496a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
506a0fcbb4SHerbert Xu
515cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER
525cde0af2SHerbert Xu	tristate
536a0fcbb4SHerbert Xu	select CRYPTO_BLKCIPHER2
545cde0af2SHerbert Xu	select CRYPTO_ALGAPI
556a0fcbb4SHerbert Xu
566a0fcbb4SHerbert Xuconfig CRYPTO_BLKCIPHER2
576a0fcbb4SHerbert Xu	tristate
586a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
596a0fcbb4SHerbert Xu	select CRYPTO_RNG2
600a2e821dSHuang Ying	select CRYPTO_WORKQUEUE
615cde0af2SHerbert Xu
62055bcee3SHerbert Xuconfig CRYPTO_HASH
63055bcee3SHerbert Xu	tristate
646a0fcbb4SHerbert Xu	select CRYPTO_HASH2
65055bcee3SHerbert Xu	select CRYPTO_ALGAPI
66055bcee3SHerbert Xu
676a0fcbb4SHerbert Xuconfig CRYPTO_HASH2
686a0fcbb4SHerbert Xu	tristate
696a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
706a0fcbb4SHerbert Xu
7117f0f4a4SNeil Hormanconfig CRYPTO_RNG
7217f0f4a4SNeil Horman	tristate
736a0fcbb4SHerbert Xu	select CRYPTO_RNG2
7417f0f4a4SNeil Horman	select CRYPTO_ALGAPI
7517f0f4a4SNeil Horman
766a0fcbb4SHerbert Xuconfig CRYPTO_RNG2
776a0fcbb4SHerbert Xu	tristate
786a0fcbb4SHerbert Xu	select CRYPTO_ALGAPI2
796a0fcbb4SHerbert Xu
80a1d2f095SGeert Uytterhoevenconfig CRYPTO_PCOMP
81a1d2f095SGeert Uytterhoeven	tristate
82bc94e596SHerbert Xu	select CRYPTO_PCOMP2
83bc94e596SHerbert Xu	select CRYPTO_ALGAPI
84bc94e596SHerbert Xu
85bc94e596SHerbert Xuconfig CRYPTO_PCOMP2
86bc94e596SHerbert Xu	tristate
87a1d2f095SGeert Uytterhoeven	select CRYPTO_ALGAPI2
88a1d2f095SGeert Uytterhoeven
892b8c19dbSHerbert Xuconfig CRYPTO_MANAGER
902b8c19dbSHerbert Xu	tristate "Cryptographic algorithm manager"
916a0fcbb4SHerbert Xu	select CRYPTO_MANAGER2
922b8c19dbSHerbert Xu	help
932b8c19dbSHerbert Xu	  Create default cryptographic template instantiations such as
942b8c19dbSHerbert Xu	  cbc(aes).
952b8c19dbSHerbert Xu
966a0fcbb4SHerbert Xuconfig CRYPTO_MANAGER2
976a0fcbb4SHerbert Xu	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
986a0fcbb4SHerbert Xu	select CRYPTO_AEAD2
996a0fcbb4SHerbert Xu	select CRYPTO_HASH2
1006a0fcbb4SHerbert Xu	select CRYPTO_BLKCIPHER2
101bc94e596SHerbert Xu	select CRYPTO_PCOMP2
1026a0fcbb4SHerbert Xu
103a38f7907SSteffen Klassertconfig CRYPTO_USER
104a38f7907SSteffen Klassert	tristate "Userspace cryptographic algorithm configuration"
1055db017aaSHerbert Xu	depends on NET
106a38f7907SSteffen Klassert	select CRYPTO_MANAGER
107a38f7907SSteffen Klassert	help
108d19978f5SValdis.Kletnieks@vt.edu	  Userspace configuration for cryptographic instantiations such as
109a38f7907SSteffen Klassert	  cbc(aes).
110a38f7907SSteffen Klassert
111326a6346SHerbert Xuconfig CRYPTO_MANAGER_DISABLE_TESTS
112326a6346SHerbert Xu	bool "Disable run-time self tests"
11300ca28a5SHerbert Xu	default y
11400ca28a5SHerbert Xu	depends on CRYPTO_MANAGER2
1150b767f96SAlexander Shishkin	help
116326a6346SHerbert Xu	  Disable run-time self tests that normally take place at
117326a6346SHerbert Xu	  algorithm registration.
1180b767f96SAlexander Shishkin
119584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL
120584fffc8SSebastian Siewior	tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
121584fffc8SSebastian Siewior	help
122584fffc8SSebastian Siewior	  Efficient table driven implementation of multiplications in the
123584fffc8SSebastian Siewior	  field GF(2^128).  This is needed by some cypher modes. This
124584fffc8SSebastian Siewior	  option will be selected automatically if you select such a
125584fffc8SSebastian Siewior	  cipher mode.  Only select this option by hand if you expect to load
126584fffc8SSebastian Siewior	  an external module that requires these functions.
127584fffc8SSebastian Siewior
128584fffc8SSebastian Siewiorconfig CRYPTO_NULL
129584fffc8SSebastian Siewior	tristate "Null algorithms"
130584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
131584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
132d35d2454SHerbert Xu	select CRYPTO_HASH
133584fffc8SSebastian Siewior	help
134584fffc8SSebastian Siewior	  These are 'Null' algorithms, used by IPsec, which do nothing.
135584fffc8SSebastian Siewior
1365068c7a8SSteffen Klassertconfig CRYPTO_PCRYPT
1375068c7a8SSteffen Klassert	tristate "Parallel crypto engine (EXPERIMENTAL)"
1385068c7a8SSteffen Klassert	depends on SMP && EXPERIMENTAL
1395068c7a8SSteffen Klassert	select PADATA
1405068c7a8SSteffen Klassert	select CRYPTO_MANAGER
1415068c7a8SSteffen Klassert	select CRYPTO_AEAD
1425068c7a8SSteffen Klassert	help
1435068c7a8SSteffen Klassert	  This converts an arbitrary crypto algorithm into a parallel
1445068c7a8SSteffen Klassert	  algorithm that executes in kernel threads.
1455068c7a8SSteffen Klassert
14625c38d3fSHuang Yingconfig CRYPTO_WORKQUEUE
14725c38d3fSHuang Ying       tristate
14825c38d3fSHuang Ying
149584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD
150584fffc8SSebastian Siewior	tristate "Software async crypto daemon"
151584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
152b8a28251SLoc Ho	select CRYPTO_HASH
153584fffc8SSebastian Siewior	select CRYPTO_MANAGER
154254eff77SHuang Ying	select CRYPTO_WORKQUEUE
155584fffc8SSebastian Siewior	help
156584fffc8SSebastian Siewior	  This is a generic software asynchronous crypto daemon that
157584fffc8SSebastian Siewior	  converts an arbitrary synchronous software crypto algorithm
158584fffc8SSebastian Siewior	  into an asynchronous algorithm that executes in a kernel thread.
159584fffc8SSebastian Siewior
160584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC
161584fffc8SSebastian Siewior	tristate "Authenc support"
162584fffc8SSebastian Siewior	select CRYPTO_AEAD
163584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
164584fffc8SSebastian Siewior	select CRYPTO_MANAGER
165584fffc8SSebastian Siewior	select CRYPTO_HASH
166584fffc8SSebastian Siewior	help
167584fffc8SSebastian Siewior	  Authenc: Combined mode wrapper for IPsec.
168584fffc8SSebastian Siewior	  This is required for IPSec.
169584fffc8SSebastian Siewior
170584fffc8SSebastian Siewiorconfig CRYPTO_TEST
171584fffc8SSebastian Siewior	tristate "Testing module"
172584fffc8SSebastian Siewior	depends on m
173da7f033dSHerbert Xu	select CRYPTO_MANAGER
174584fffc8SSebastian Siewior	help
175584fffc8SSebastian Siewior	  Quick & dirty crypto test module.
176584fffc8SSebastian Siewior
177584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data"
178584fffc8SSebastian Siewior
179584fffc8SSebastian Siewiorconfig CRYPTO_CCM
180584fffc8SSebastian Siewior	tristate "CCM support"
181584fffc8SSebastian Siewior	select CRYPTO_CTR
182584fffc8SSebastian Siewior	select CRYPTO_AEAD
183584fffc8SSebastian Siewior	help
184584fffc8SSebastian Siewior	  Support for Counter with CBC MAC. Required for IPsec.
185584fffc8SSebastian Siewior
186584fffc8SSebastian Siewiorconfig CRYPTO_GCM
187584fffc8SSebastian Siewior	tristate "GCM/GMAC support"
188584fffc8SSebastian Siewior	select CRYPTO_CTR
189584fffc8SSebastian Siewior	select CRYPTO_AEAD
1909382d97aSHuang Ying	select CRYPTO_GHASH
191584fffc8SSebastian Siewior	help
192584fffc8SSebastian Siewior	  Support for Galois/Counter Mode (GCM) and Galois Message
193584fffc8SSebastian Siewior	  Authentication Code (GMAC). Required for IPSec.
194584fffc8SSebastian Siewior
195584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV
196584fffc8SSebastian Siewior	tristate "Sequence Number IV Generator"
197584fffc8SSebastian Siewior	select CRYPTO_AEAD
198584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
199a0f000ecSHerbert Xu	select CRYPTO_RNG
200584fffc8SSebastian Siewior	help
201584fffc8SSebastian Siewior	  This IV generator generates an IV based on a sequence number by
202584fffc8SSebastian Siewior	  xoring it with a salt.  This algorithm is mainly useful for CTR
203584fffc8SSebastian Siewior
204584fffc8SSebastian Siewiorcomment "Block modes"
205584fffc8SSebastian Siewior
206584fffc8SSebastian Siewiorconfig CRYPTO_CBC
207584fffc8SSebastian Siewior	tristate "CBC support"
208584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
209584fffc8SSebastian Siewior	select CRYPTO_MANAGER
210584fffc8SSebastian Siewior	help
211584fffc8SSebastian Siewior	  CBC: Cipher Block Chaining mode
212584fffc8SSebastian Siewior	  This block cipher algorithm is required for IPSec.
213584fffc8SSebastian Siewior
214584fffc8SSebastian Siewiorconfig CRYPTO_CTR
215584fffc8SSebastian Siewior	tristate "CTR support"
216584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
217584fffc8SSebastian Siewior	select CRYPTO_SEQIV
218584fffc8SSebastian Siewior	select CRYPTO_MANAGER
219584fffc8SSebastian Siewior	help
220584fffc8SSebastian Siewior	  CTR: Counter mode
221584fffc8SSebastian Siewior	  This block cipher algorithm is required for IPSec.
222584fffc8SSebastian Siewior
223584fffc8SSebastian Siewiorconfig CRYPTO_CTS
224584fffc8SSebastian Siewior	tristate "CTS support"
225584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
226584fffc8SSebastian Siewior	help
227584fffc8SSebastian Siewior	  CTS: Cipher Text Stealing
228584fffc8SSebastian Siewior	  This is the Cipher Text Stealing mode as described by
229584fffc8SSebastian Siewior	  Section 8 of rfc2040 and referenced by rfc3962.
230584fffc8SSebastian Siewior	  (rfc3962 includes errata information in its Appendix A)
231584fffc8SSebastian Siewior	  This mode is required for Kerberos gss mechanism support
232584fffc8SSebastian Siewior	  for AES encryption.
233584fffc8SSebastian Siewior
234584fffc8SSebastian Siewiorconfig CRYPTO_ECB
235584fffc8SSebastian Siewior	tristate "ECB support"
236584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
237584fffc8SSebastian Siewior	select CRYPTO_MANAGER
238584fffc8SSebastian Siewior	help
239584fffc8SSebastian Siewior	  ECB: Electronic CodeBook mode
240584fffc8SSebastian Siewior	  This is the simplest block cipher algorithm.  It simply encrypts
241584fffc8SSebastian Siewior	  the input block by block.
242584fffc8SSebastian Siewior
243584fffc8SSebastian Siewiorconfig CRYPTO_LRW
2442470a2b2SJussi Kivilinna	tristate "LRW support"
245584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
246584fffc8SSebastian Siewior	select CRYPTO_MANAGER
247584fffc8SSebastian Siewior	select CRYPTO_GF128MUL
248584fffc8SSebastian Siewior	help
249584fffc8SSebastian Siewior	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
250584fffc8SSebastian Siewior	  narrow block cipher mode for dm-crypt.  Use it with cipher
251584fffc8SSebastian Siewior	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
252584fffc8SSebastian Siewior	  The first 128, 192 or 256 bits in the key are used for AES and the
253584fffc8SSebastian Siewior	  rest is used to tie each cipher block to its logical position.
254584fffc8SSebastian Siewior
255584fffc8SSebastian Siewiorconfig CRYPTO_PCBC
256584fffc8SSebastian Siewior	tristate "PCBC support"
257584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
258584fffc8SSebastian Siewior	select CRYPTO_MANAGER
259584fffc8SSebastian Siewior	help
260584fffc8SSebastian Siewior	  PCBC: Propagating Cipher Block Chaining mode
261584fffc8SSebastian Siewior	  This block cipher algorithm is required for RxRPC.
262584fffc8SSebastian Siewior
263584fffc8SSebastian Siewiorconfig CRYPTO_XTS
264*5bcf8e6dSJussi Kivilinna	tristate "XTS support"
265584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
266584fffc8SSebastian Siewior	select CRYPTO_MANAGER
267584fffc8SSebastian Siewior	select CRYPTO_GF128MUL
268584fffc8SSebastian Siewior	help
269584fffc8SSebastian Siewior	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
270584fffc8SSebastian Siewior	  key size 256, 384 or 512 bits. This implementation currently
271584fffc8SSebastian Siewior	  can't handle a sectorsize which is not a multiple of 16 bytes.
272584fffc8SSebastian Siewior
273584fffc8SSebastian Siewiorcomment "Hash modes"
274584fffc8SSebastian Siewior
2751da177e4SLinus Torvaldsconfig CRYPTO_HMAC
2768425165dSHerbert Xu	tristate "HMAC support"
2770796ae06SHerbert Xu	select CRYPTO_HASH
27843518407SHerbert Xu	select CRYPTO_MANAGER
2791da177e4SLinus Torvalds	help
2801da177e4SLinus Torvalds	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
2811da177e4SLinus Torvalds	  This is required for IPSec.
2821da177e4SLinus Torvalds
283333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC
284333b0d7eSKazunori MIYAZAWA	tristate "XCBC support"
285333b0d7eSKazunori MIYAZAWA	depends on EXPERIMENTAL
286333b0d7eSKazunori MIYAZAWA	select CRYPTO_HASH
287333b0d7eSKazunori MIYAZAWA	select CRYPTO_MANAGER
288333b0d7eSKazunori MIYAZAWA	help
289333b0d7eSKazunori MIYAZAWA	  XCBC: Keyed-Hashing with encryption algorithm
290333b0d7eSKazunori MIYAZAWA		http://www.ietf.org/rfc/rfc3566.txt
291333b0d7eSKazunori MIYAZAWA		http://csrc.nist.gov/encryption/modes/proposedmodes/
292333b0d7eSKazunori MIYAZAWA		 xcbc-mac/xcbc-mac-spec.pdf
293333b0d7eSKazunori MIYAZAWA
294f1939f7cSShane Wangconfig CRYPTO_VMAC
295f1939f7cSShane Wang	tristate "VMAC support"
296f1939f7cSShane Wang	depends on EXPERIMENTAL
297f1939f7cSShane Wang	select CRYPTO_HASH
298f1939f7cSShane Wang	select CRYPTO_MANAGER
299f1939f7cSShane Wang	help
300f1939f7cSShane Wang	  VMAC is a message authentication algorithm designed for
301f1939f7cSShane Wang	  very high speed on 64-bit architectures.
302f1939f7cSShane Wang
303f1939f7cSShane Wang	  See also:
304f1939f7cSShane Wang	  <http://fastcrypto.org/vmac>
305f1939f7cSShane Wang
306584fffc8SSebastian Siewiorcomment "Digest"
307584fffc8SSebastian Siewior
308584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C
309584fffc8SSebastian Siewior	tristate "CRC32c CRC algorithm"
3105773a3e6SHerbert Xu	select CRYPTO_HASH
3111da177e4SLinus Torvalds	help
312584fffc8SSebastian Siewior	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
313584fffc8SSebastian Siewior	  by iSCSI for header and data digests and by others.
31469c35efcSHerbert Xu	  See Castagnoli93.  Module will be crc32c.
3151da177e4SLinus Torvalds
3168cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL
3178cb51ba8SAustin Zhang	tristate "CRC32c INTEL hardware acceleration"
3188cb51ba8SAustin Zhang	depends on X86
3198cb51ba8SAustin Zhang	select CRYPTO_HASH
3208cb51ba8SAustin Zhang	help
3218cb51ba8SAustin Zhang	  In Intel processor with SSE4.2 supported, the processor will
3228cb51ba8SAustin Zhang	  support CRC32C implementation using hardware accelerated CRC32
3238cb51ba8SAustin Zhang	  instruction. This option will create 'crc32c-intel' module,
3248cb51ba8SAustin Zhang	  which will enable any routine to use the CRC32 instruction to
3258cb51ba8SAustin Zhang	  gain performance compared with software implementation.
3268cb51ba8SAustin Zhang	  Module will be crc32c-intel.
3278cb51ba8SAustin Zhang
3282cdc6899SHuang Yingconfig CRYPTO_GHASH
3292cdc6899SHuang Ying	tristate "GHASH digest algorithm"
3302cdc6899SHuang Ying	select CRYPTO_SHASH
3312cdc6899SHuang Ying	select CRYPTO_GF128MUL
3322cdc6899SHuang Ying	help
3332cdc6899SHuang Ying	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
3342cdc6899SHuang Ying
3351da177e4SLinus Torvaldsconfig CRYPTO_MD4
3361da177e4SLinus Torvalds	tristate "MD4 digest algorithm"
337808a1763SAdrian-Ken Rueegsegger	select CRYPTO_HASH
3381da177e4SLinus Torvalds	help
3391da177e4SLinus Torvalds	  MD4 message digest algorithm (RFC1320).
3401da177e4SLinus Torvalds
3411da177e4SLinus Torvaldsconfig CRYPTO_MD5
3421da177e4SLinus Torvalds	tristate "MD5 digest algorithm"
34314b75ba7SAdrian-Ken Rueegsegger	select CRYPTO_HASH
3441da177e4SLinus Torvalds	help
3451da177e4SLinus Torvalds	  MD5 message digest algorithm (RFC1321).
3461da177e4SLinus Torvalds
347584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC
348584fffc8SSebastian Siewior	tristate "Michael MIC keyed digest algorithm"
34919e2bf14SAdrian-Ken Rueegsegger	select CRYPTO_HASH
350584fffc8SSebastian Siewior	help
351584fffc8SSebastian Siewior	  Michael MIC is used for message integrity protection in TKIP
352584fffc8SSebastian Siewior	  (IEEE 802.11i). This algorithm is required for TKIP, but it
353584fffc8SSebastian Siewior	  should not be used for other purposes because of the weakness
354584fffc8SSebastian Siewior	  of the algorithm.
355584fffc8SSebastian Siewior
35682798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128
35782798f90SAdrian-Ken Rueegsegger	tristate "RIPEMD-128 digest algorithm"
3587c4468bcSHerbert Xu	select CRYPTO_HASH
35982798f90SAdrian-Ken Rueegsegger	help
36082798f90SAdrian-Ken Rueegsegger	  RIPEMD-128 (ISO/IEC 10118-3:2004).
36182798f90SAdrian-Ken Rueegsegger
36282798f90SAdrian-Ken Rueegsegger	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
36335ed4b35SMichael Witten	  be used as a secure replacement for RIPEMD. For other use cases,
36482798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 should be used.
36582798f90SAdrian-Ken Rueegsegger
36682798f90SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3676d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
36882798f90SAdrian-Ken Rueegsegger
36982798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160
37082798f90SAdrian-Ken Rueegsegger	tristate "RIPEMD-160 digest algorithm"
371e5835fbaSHerbert Xu	select CRYPTO_HASH
37282798f90SAdrian-Ken Rueegsegger	help
37382798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 (ISO/IEC 10118-3:2004).
37482798f90SAdrian-Ken Rueegsegger
37582798f90SAdrian-Ken Rueegsegger	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
37682798f90SAdrian-Ken Rueegsegger	  to be used as a secure replacement for the 128-bit hash functions
377b6d44341SAdrian Bunk	  MD4, MD5 and it's predecessor RIPEMD
378b6d44341SAdrian Bunk	  (not to be confused with RIPEMD-128).
37982798f90SAdrian-Ken Rueegsegger
380b6d44341SAdrian Bunk	  It's speed is comparable to SHA1 and there are no known attacks
381b6d44341SAdrian Bunk	  against RIPEMD-160.
382534fe2c1SAdrian-Ken Rueegsegger
383534fe2c1SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3846d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
385534fe2c1SAdrian-Ken Rueegsegger
386534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD256
387534fe2c1SAdrian-Ken Rueegsegger	tristate "RIPEMD-256 digest algorithm"
388d8a5e2e9SHerbert Xu	select CRYPTO_HASH
389534fe2c1SAdrian-Ken Rueegsegger	help
390b6d44341SAdrian Bunk	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
391b6d44341SAdrian Bunk	  256 bit hash. It is intended for applications that require
392b6d44341SAdrian Bunk	  longer hash-results, without needing a larger security level
393b6d44341SAdrian Bunk	  (than RIPEMD-128).
394534fe2c1SAdrian-Ken Rueegsegger
395534fe2c1SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
3966d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
397534fe2c1SAdrian-Ken Rueegsegger
398534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD320
399534fe2c1SAdrian-Ken Rueegsegger	tristate "RIPEMD-320 digest algorithm"
4003b8efb4cSHerbert Xu	select CRYPTO_HASH
401534fe2c1SAdrian-Ken Rueegsegger	help
402b6d44341SAdrian Bunk	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
403b6d44341SAdrian Bunk	  320 bit hash. It is intended for applications that require
404b6d44341SAdrian Bunk	  longer hash-results, without needing a larger security level
405b6d44341SAdrian Bunk	  (than RIPEMD-160).
406534fe2c1SAdrian-Ken Rueegsegger
40782798f90SAdrian-Ken Rueegsegger	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
4086d8de74cSJustin P. Mattock	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
40982798f90SAdrian-Ken Rueegsegger
4101da177e4SLinus Torvaldsconfig CRYPTO_SHA1
4111da177e4SLinus Torvalds	tristate "SHA1 digest algorithm"
41254ccb367SAdrian-Ken Rueegsegger	select CRYPTO_HASH
4131da177e4SLinus Torvalds	help
4141da177e4SLinus Torvalds	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
4151da177e4SLinus Torvalds
41666be8951SMathias Krauseconfig CRYPTO_SHA1_SSSE3
41766be8951SMathias Krause	tristate "SHA1 digest algorithm (SSSE3/AVX)"
41866be8951SMathias Krause	depends on X86 && 64BIT
41966be8951SMathias Krause	select CRYPTO_SHA1
42066be8951SMathias Krause	select CRYPTO_HASH
42166be8951SMathias Krause	help
42266be8951SMathias Krause	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
42366be8951SMathias Krause	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
42466be8951SMathias Krause	  Extensions (AVX), when available.
42566be8951SMathias Krause
4261da177e4SLinus Torvaldsconfig CRYPTO_SHA256
427cd12fb90SJonathan Lynch	tristate "SHA224 and SHA256 digest algorithm"
42850e109b5SAdrian-Ken Rueegsegger	select CRYPTO_HASH
4291da177e4SLinus Torvalds	help
4301da177e4SLinus Torvalds	  SHA256 secure hash standard (DFIPS 180-2).
4311da177e4SLinus Torvalds
4321da177e4SLinus Torvalds	  This version of SHA implements a 256 bit hash with 128 bits of
4331da177e4SLinus Torvalds	  security against collision attacks.
4341da177e4SLinus Torvalds
435cd12fb90SJonathan Lynch	  This code also includes SHA-224, a 224 bit hash with 112 bits
436cd12fb90SJonathan Lynch	  of security against collision attacks.
437cd12fb90SJonathan Lynch
4381da177e4SLinus Torvaldsconfig CRYPTO_SHA512
4391da177e4SLinus Torvalds	tristate "SHA384 and SHA512 digest algorithms"
440bd9d20dbSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4411da177e4SLinus Torvalds	help
4421da177e4SLinus Torvalds	  SHA512 secure hash standard (DFIPS 180-2).
4431da177e4SLinus Torvalds
4441da177e4SLinus Torvalds	  This version of SHA implements a 512 bit hash with 256 bits of
4451da177e4SLinus Torvalds	  security against collision attacks.
4461da177e4SLinus Torvalds
4471da177e4SLinus Torvalds	  This code also includes SHA-384, a 384 bit hash with 192 bits
4481da177e4SLinus Torvalds	  of security against collision attacks.
4491da177e4SLinus Torvalds
4501da177e4SLinus Torvaldsconfig CRYPTO_TGR192
4511da177e4SLinus Torvalds	tristate "Tiger digest algorithms"
452f63fbd3dSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4531da177e4SLinus Torvalds	help
4541da177e4SLinus Torvalds	  Tiger hash algorithm 192, 160 and 128-bit hashes
4551da177e4SLinus Torvalds
4561da177e4SLinus Torvalds	  Tiger is a hash function optimized for 64-bit processors while
4571da177e4SLinus Torvalds	  still having decent performance on 32-bit processors.
4581da177e4SLinus Torvalds	  Tiger was developed by Ross Anderson and Eli Biham.
4591da177e4SLinus Torvalds
4601da177e4SLinus Torvalds	  See also:
4611da177e4SLinus Torvalds	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
4621da177e4SLinus Torvalds
463584fffc8SSebastian Siewiorconfig CRYPTO_WP512
464584fffc8SSebastian Siewior	tristate "Whirlpool digest algorithms"
4654946510bSAdrian-Ken Rueegsegger	select CRYPTO_HASH
4661da177e4SLinus Torvalds	help
467584fffc8SSebastian Siewior	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
4681da177e4SLinus Torvalds
469584fffc8SSebastian Siewior	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
470584fffc8SSebastian Siewior	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
4711da177e4SLinus Torvalds
4721da177e4SLinus Torvalds	  See also:
4736d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
4741da177e4SLinus Torvalds
4750e1227d3SHuang Yingconfig CRYPTO_GHASH_CLMUL_NI_INTEL
4760e1227d3SHuang Ying	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
4778af00860SRichard Weinberger	depends on X86 && 64BIT
4780e1227d3SHuang Ying	select CRYPTO_SHASH
4790e1227d3SHuang Ying	select CRYPTO_CRYPTD
4800e1227d3SHuang Ying	help
4810e1227d3SHuang Ying	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
4820e1227d3SHuang Ying	  The implementation is accelerated by CLMUL-NI of Intel.
4830e1227d3SHuang Ying
484584fffc8SSebastian Siewiorcomment "Ciphers"
4851da177e4SLinus Torvalds
4861da177e4SLinus Torvaldsconfig CRYPTO_AES
4871da177e4SLinus Torvalds	tristate "AES cipher algorithms"
488cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
4891da177e4SLinus Torvalds	help
4901da177e4SLinus Torvalds	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
4911da177e4SLinus Torvalds	  algorithm.
4921da177e4SLinus Torvalds
4931da177e4SLinus Torvalds	  Rijndael appears to be consistently a very good performer in
4941da177e4SLinus Torvalds	  both hardware and software across a wide range of computing
4951da177e4SLinus Torvalds	  environments regardless of its use in feedback or non-feedback
4961da177e4SLinus Torvalds	  modes. Its key setup time is excellent, and its key agility is
4971da177e4SLinus Torvalds	  good. Rijndael's very low memory requirements make it very well
4981da177e4SLinus Torvalds	  suited for restricted-space environments, in which it also
4991da177e4SLinus Torvalds	  demonstrates excellent performance. Rijndael's operations are
5001da177e4SLinus Torvalds	  among the easiest to defend against power and timing attacks.
5011da177e4SLinus Torvalds
5021da177e4SLinus Torvalds	  The AES specifies three key sizes: 128, 192 and 256 bits
5031da177e4SLinus Torvalds
5041da177e4SLinus Torvalds	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
5051da177e4SLinus Torvalds
5061da177e4SLinus Torvaldsconfig CRYPTO_AES_586
5071da177e4SLinus Torvalds	tristate "AES cipher algorithms (i586)"
508cce9e06dSHerbert Xu	depends on (X86 || UML_X86) && !64BIT
509cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
5105157dea8SSebastian Siewior	select CRYPTO_AES
5111da177e4SLinus Torvalds	help
5121da177e4SLinus Torvalds	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
5131da177e4SLinus Torvalds	  algorithm.
5141da177e4SLinus Torvalds
5151da177e4SLinus Torvalds	  Rijndael appears to be consistently a very good performer in
5161da177e4SLinus Torvalds	  both hardware and software across a wide range of computing
5171da177e4SLinus Torvalds	  environments regardless of its use in feedback or non-feedback
5181da177e4SLinus Torvalds	  modes. Its key setup time is excellent, and its key agility is
5191da177e4SLinus Torvalds	  good. Rijndael's very low memory requirements make it very well
5201da177e4SLinus Torvalds	  suited for restricted-space environments, in which it also
5211da177e4SLinus Torvalds	  demonstrates excellent performance. Rijndael's operations are
5221da177e4SLinus Torvalds	  among the easiest to defend against power and timing attacks.
5231da177e4SLinus Torvalds
5241da177e4SLinus Torvalds	  The AES specifies three key sizes: 128, 192 and 256 bits
5251da177e4SLinus Torvalds
5261da177e4SLinus Torvalds	  See <http://csrc.nist.gov/encryption/aes/> for more information.
5271da177e4SLinus Torvalds
528a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64
529a2a892a2SAndreas Steinmetz	tristate "AES cipher algorithms (x86_64)"
530cce9e06dSHerbert Xu	depends on (X86 || UML_X86) && 64BIT
531cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
53281190b32SSebastian Siewior	select CRYPTO_AES
533a2a892a2SAndreas Steinmetz	help
534a2a892a2SAndreas Steinmetz	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
535a2a892a2SAndreas Steinmetz	  algorithm.
536a2a892a2SAndreas Steinmetz
537a2a892a2SAndreas Steinmetz	  Rijndael appears to be consistently a very good performer in
538a2a892a2SAndreas Steinmetz	  both hardware and software across a wide range of computing
539a2a892a2SAndreas Steinmetz	  environments regardless of its use in feedback or non-feedback
540a2a892a2SAndreas Steinmetz	  modes. Its key setup time is excellent, and its key agility is
541a2a892a2SAndreas Steinmetz	  good. Rijndael's very low memory requirements make it very well
542a2a892a2SAndreas Steinmetz	  suited for restricted-space environments, in which it also
543a2a892a2SAndreas Steinmetz	  demonstrates excellent performance. Rijndael's operations are
544a2a892a2SAndreas Steinmetz	  among the easiest to defend against power and timing attacks.
545a2a892a2SAndreas Steinmetz
546a2a892a2SAndreas Steinmetz	  The AES specifies three key sizes: 128, 192 and 256 bits
547a2a892a2SAndreas Steinmetz
548a2a892a2SAndreas Steinmetz	  See <http://csrc.nist.gov/encryption/aes/> for more information.
549a2a892a2SAndreas Steinmetz
55054b6a1bdSHuang Yingconfig CRYPTO_AES_NI_INTEL
55154b6a1bdSHuang Ying	tristate "AES cipher algorithms (AES-NI)"
5528af00860SRichard Weinberger	depends on X86
5530d258efbSMathias Krause	select CRYPTO_AES_X86_64 if 64BIT
5540d258efbSMathias Krause	select CRYPTO_AES_586 if !64BIT
55554b6a1bdSHuang Ying	select CRYPTO_CRYPTD
55654b6a1bdSHuang Ying	select CRYPTO_ALGAPI
55754b6a1bdSHuang Ying	help
55854b6a1bdSHuang Ying	  Use Intel AES-NI instructions for AES algorithm.
55954b6a1bdSHuang Ying
56054b6a1bdSHuang Ying	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
56154b6a1bdSHuang Ying	  algorithm.
56254b6a1bdSHuang Ying
56354b6a1bdSHuang Ying	  Rijndael appears to be consistently a very good performer in
56454b6a1bdSHuang Ying	  both hardware and software across a wide range of computing
56554b6a1bdSHuang Ying	  environments regardless of its use in feedback or non-feedback
56654b6a1bdSHuang Ying	  modes. Its key setup time is excellent, and its key agility is
56754b6a1bdSHuang Ying	  good. Rijndael's very low memory requirements make it very well
56854b6a1bdSHuang Ying	  suited for restricted-space environments, in which it also
56954b6a1bdSHuang Ying	  demonstrates excellent performance. Rijndael's operations are
57054b6a1bdSHuang Ying	  among the easiest to defend against power and timing attacks.
57154b6a1bdSHuang Ying
57254b6a1bdSHuang Ying	  The AES specifies three key sizes: 128, 192 and 256 bits
57354b6a1bdSHuang Ying
57454b6a1bdSHuang Ying	  See <http://csrc.nist.gov/encryption/aes/> for more information.
57554b6a1bdSHuang Ying
5760d258efbSMathias Krause	  In addition to AES cipher algorithm support, the acceleration
5770d258efbSMathias Krause	  for some popular block cipher mode is supported too, including
5780d258efbSMathias Krause	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
5790d258efbSMathias Krause	  acceleration for CTR.
5802cf4ac8bSHuang Ying
5811da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS
5821da177e4SLinus Torvalds	tristate "Anubis cipher algorithm"
583cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
5841da177e4SLinus Torvalds	help
5851da177e4SLinus Torvalds	  Anubis cipher algorithm.
5861da177e4SLinus Torvalds
5871da177e4SLinus Torvalds	  Anubis is a variable key length cipher which can use keys from
5881da177e4SLinus Torvalds	  128 bits to 320 bits in length.  It was evaluated as a entrant
5891da177e4SLinus Torvalds	  in the NESSIE competition.
5901da177e4SLinus Torvalds
5911da177e4SLinus Torvalds	  See also:
5926d8de74cSJustin P. Mattock	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
5936d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
5941da177e4SLinus Torvalds
595584fffc8SSebastian Siewiorconfig CRYPTO_ARC4
596584fffc8SSebastian Siewior	tristate "ARC4 cipher algorithm"
597e2ee95b8SHye-Shik Chang	select CRYPTO_ALGAPI
598e2ee95b8SHye-Shik Chang	help
599584fffc8SSebastian Siewior	  ARC4 cipher algorithm.
600e2ee95b8SHye-Shik Chang
601584fffc8SSebastian Siewior	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
602584fffc8SSebastian Siewior	  bits in length.  This algorithm is required for driver-based
603584fffc8SSebastian Siewior	  WEP, but it should not be for other purposes because of the
604584fffc8SSebastian Siewior	  weakness of the algorithm.
605584fffc8SSebastian Siewior
606584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH
607584fffc8SSebastian Siewior	tristate "Blowfish cipher algorithm"
608584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
60952ba867cSJussi Kivilinna	select CRYPTO_BLOWFISH_COMMON
610584fffc8SSebastian Siewior	help
611584fffc8SSebastian Siewior	  Blowfish cipher algorithm, by Bruce Schneier.
612584fffc8SSebastian Siewior
613584fffc8SSebastian Siewior	  This is a variable key length cipher which can use keys from 32
614584fffc8SSebastian Siewior	  bits to 448 bits in length.  It's fast, simple and specifically
615584fffc8SSebastian Siewior	  designed for use on "large microprocessors".
616e2ee95b8SHye-Shik Chang
617e2ee95b8SHye-Shik Chang	  See also:
618584fffc8SSebastian Siewior	  <http://www.schneier.com/blowfish.html>
619584fffc8SSebastian Siewior
62052ba867cSJussi Kivilinnaconfig CRYPTO_BLOWFISH_COMMON
62152ba867cSJussi Kivilinna	tristate
62252ba867cSJussi Kivilinna	help
62352ba867cSJussi Kivilinna	  Common parts of the Blowfish cipher algorithm shared by the
62452ba867cSJussi Kivilinna	  generic c and the assembler implementations.
62552ba867cSJussi Kivilinna
62652ba867cSJussi Kivilinna	  See also:
62752ba867cSJussi Kivilinna	  <http://www.schneier.com/blowfish.html>
62852ba867cSJussi Kivilinna
62964b94ceaSJussi Kivilinnaconfig CRYPTO_BLOWFISH_X86_64
63064b94ceaSJussi Kivilinna	tristate "Blowfish cipher algorithm (x86_64)"
63164b94ceaSJussi Kivilinna	depends on (X86 || UML_X86) && 64BIT
63264b94ceaSJussi Kivilinna	select CRYPTO_ALGAPI
63364b94ceaSJussi Kivilinna	select CRYPTO_BLOWFISH_COMMON
63464b94ceaSJussi Kivilinna	help
63564b94ceaSJussi Kivilinna	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
63664b94ceaSJussi Kivilinna
63764b94ceaSJussi Kivilinna	  This is a variable key length cipher which can use keys from 32
63864b94ceaSJussi Kivilinna	  bits to 448 bits in length.  It's fast, simple and specifically
63964b94ceaSJussi Kivilinna	  designed for use on "large microprocessors".
64064b94ceaSJussi Kivilinna
64164b94ceaSJussi Kivilinna	  See also:
64264b94ceaSJussi Kivilinna	  <http://www.schneier.com/blowfish.html>
64364b94ceaSJussi Kivilinna
644584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA
645584fffc8SSebastian Siewior	tristate "Camellia cipher algorithms"
646584fffc8SSebastian Siewior	depends on CRYPTO
647584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
648584fffc8SSebastian Siewior	help
649584fffc8SSebastian Siewior	  Camellia cipher algorithms module.
650584fffc8SSebastian Siewior
651584fffc8SSebastian Siewior	  Camellia is a symmetric key block cipher developed jointly
652584fffc8SSebastian Siewior	  at NTT and Mitsubishi Electric Corporation.
653584fffc8SSebastian Siewior
654584fffc8SSebastian Siewior	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
655584fffc8SSebastian Siewior
656584fffc8SSebastian Siewior	  See also:
657584fffc8SSebastian Siewior	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
658584fffc8SSebastian Siewior
659584fffc8SSebastian Siewiorconfig CRYPTO_CAST5
660584fffc8SSebastian Siewior	tristate "CAST5 (CAST-128) cipher algorithm"
661584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
662584fffc8SSebastian Siewior	help
663584fffc8SSebastian Siewior	  The CAST5 encryption algorithm (synonymous with CAST-128) is
664584fffc8SSebastian Siewior	  described in RFC2144.
665584fffc8SSebastian Siewior
666584fffc8SSebastian Siewiorconfig CRYPTO_CAST6
667584fffc8SSebastian Siewior	tristate "CAST6 (CAST-256) cipher algorithm"
668584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
669584fffc8SSebastian Siewior	help
670584fffc8SSebastian Siewior	  The CAST6 encryption algorithm (synonymous with CAST-256) is
671584fffc8SSebastian Siewior	  described in RFC2612.
672584fffc8SSebastian Siewior
673584fffc8SSebastian Siewiorconfig CRYPTO_DES
674584fffc8SSebastian Siewior	tristate "DES and Triple DES EDE cipher algorithms"
675584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
676584fffc8SSebastian Siewior	help
677584fffc8SSebastian Siewior	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
678584fffc8SSebastian Siewior
679584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT
680584fffc8SSebastian Siewior	tristate "FCrypt cipher algorithm"
681584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
682584fffc8SSebastian Siewior	select CRYPTO_BLKCIPHER
683584fffc8SSebastian Siewior	help
684584fffc8SSebastian Siewior	  FCrypt algorithm used by RxRPC.
685584fffc8SSebastian Siewior
686584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD
687584fffc8SSebastian Siewior	tristate "Khazad cipher algorithm"
688584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
689584fffc8SSebastian Siewior	help
690584fffc8SSebastian Siewior	  Khazad cipher algorithm.
691584fffc8SSebastian Siewior
692584fffc8SSebastian Siewior	  Khazad was a finalist in the initial NESSIE competition.  It is
693584fffc8SSebastian Siewior	  an algorithm optimized for 64-bit processors with good performance
694584fffc8SSebastian Siewior	  on 32-bit processors.  Khazad uses an 128 bit key size.
695584fffc8SSebastian Siewior
696584fffc8SSebastian Siewior	  See also:
6976d8de74cSJustin P. Mattock	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
698e2ee95b8SHye-Shik Chang
6992407d608STan Swee Hengconfig CRYPTO_SALSA20
7002407d608STan Swee Heng	tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
7012407d608STan Swee Heng	depends on EXPERIMENTAL
7022407d608STan Swee Heng	select CRYPTO_BLKCIPHER
7032407d608STan Swee Heng	help
7042407d608STan Swee Heng	  Salsa20 stream cipher algorithm.
7052407d608STan Swee Heng
7062407d608STan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
7072407d608STan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
7082407d608STan Swee Heng
7092407d608STan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
7102407d608STan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
7111da177e4SLinus Torvalds
712974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586
713974e4b75STan Swee Heng	tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
714974e4b75STan Swee Heng	depends on (X86 || UML_X86) && !64BIT
715974e4b75STan Swee Heng	depends on EXPERIMENTAL
716974e4b75STan Swee Heng	select CRYPTO_BLKCIPHER
717974e4b75STan Swee Heng	help
718974e4b75STan Swee Heng	  Salsa20 stream cipher algorithm.
719974e4b75STan Swee Heng
720974e4b75STan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
721974e4b75STan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
722974e4b75STan Swee Heng
723974e4b75STan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
724974e4b75STan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
725974e4b75STan Swee Heng
7269a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64
7279a7dafbbSTan Swee Heng	tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
7289a7dafbbSTan Swee Heng	depends on (X86 || UML_X86) && 64BIT
7299a7dafbbSTan Swee Heng	depends on EXPERIMENTAL
7309a7dafbbSTan Swee Heng	select CRYPTO_BLKCIPHER
7319a7dafbbSTan Swee Heng	help
7329a7dafbbSTan Swee Heng	  Salsa20 stream cipher algorithm.
7339a7dafbbSTan Swee Heng
7349a7dafbbSTan Swee Heng	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
7359a7dafbbSTan Swee Heng	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
7369a7dafbbSTan Swee Heng
7379a7dafbbSTan Swee Heng	  The Salsa20 stream cipher algorithm is designed by Daniel J.
7389a7dafbbSTan Swee Heng	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
7399a7dafbbSTan Swee Heng
740584fffc8SSebastian Siewiorconfig CRYPTO_SEED
741584fffc8SSebastian Siewior	tristate "SEED cipher algorithm"
742584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
743584fffc8SSebastian Siewior	help
744584fffc8SSebastian Siewior	  SEED cipher algorithm (RFC4269).
745584fffc8SSebastian Siewior
746584fffc8SSebastian Siewior	  SEED is a 128-bit symmetric key block cipher that has been
747584fffc8SSebastian Siewior	  developed by KISA (Korea Information Security Agency) as a
748584fffc8SSebastian Siewior	  national standard encryption algorithm of the Republic of Korea.
749584fffc8SSebastian Siewior	  It is a 16 round block cipher with the key size of 128 bit.
750584fffc8SSebastian Siewior
751584fffc8SSebastian Siewior	  See also:
752584fffc8SSebastian Siewior	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
753584fffc8SSebastian Siewior
754584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT
755584fffc8SSebastian Siewior	tristate "Serpent cipher algorithm"
756584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
757584fffc8SSebastian Siewior	help
758584fffc8SSebastian Siewior	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
759584fffc8SSebastian Siewior
760584fffc8SSebastian Siewior	  Keys are allowed to be from 0 to 256 bits in length, in steps
761584fffc8SSebastian Siewior	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
762584fffc8SSebastian Siewior	  variant of Serpent for compatibility with old kerneli.org code.
763584fffc8SSebastian Siewior
764584fffc8SSebastian Siewior	  See also:
765584fffc8SSebastian Siewior	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
766584fffc8SSebastian Siewior
767937c30d7SJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_X86_64
768937c30d7SJussi Kivilinna	tristate "Serpent cipher algorithm (x86_64/SSE2)"
769937c30d7SJussi Kivilinna	depends on X86 && 64BIT
770937c30d7SJussi Kivilinna	select CRYPTO_ALGAPI
771341975bfSJussi Kivilinna	select CRYPTO_CRYPTD
772937c30d7SJussi Kivilinna	select CRYPTO_SERPENT
773937c30d7SJussi Kivilinna	help
774937c30d7SJussi Kivilinna	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
775937c30d7SJussi Kivilinna
776937c30d7SJussi Kivilinna	  Keys are allowed to be from 0 to 256 bits in length, in steps
777937c30d7SJussi Kivilinna	  of 8 bits.
778937c30d7SJussi Kivilinna
779937c30d7SJussi Kivilinna	  This module provides Serpent cipher algorithm that processes eigth
780937c30d7SJussi Kivilinna	  blocks parallel using SSE2 instruction set.
781937c30d7SJussi Kivilinna
782937c30d7SJussi Kivilinna	  See also:
783937c30d7SJussi Kivilinna	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
784937c30d7SJussi Kivilinna
785251496dbSJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_586
786251496dbSJussi Kivilinna	tristate "Serpent cipher algorithm (i586/SSE2)"
787251496dbSJussi Kivilinna	depends on X86 && !64BIT
788251496dbSJussi Kivilinna	select CRYPTO_ALGAPI
789341975bfSJussi Kivilinna	select CRYPTO_CRYPTD
790251496dbSJussi Kivilinna	select CRYPTO_SERPENT
791251496dbSJussi Kivilinna	help
792251496dbSJussi Kivilinna	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
793251496dbSJussi Kivilinna
794251496dbSJussi Kivilinna	  Keys are allowed to be from 0 to 256 bits in length, in steps
795251496dbSJussi Kivilinna	  of 8 bits.
796251496dbSJussi Kivilinna
797251496dbSJussi Kivilinna	  This module provides Serpent cipher algorithm that processes four
798251496dbSJussi Kivilinna	  blocks parallel using SSE2 instruction set.
799251496dbSJussi Kivilinna
800251496dbSJussi Kivilinna	  See also:
801251496dbSJussi Kivilinna	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
802251496dbSJussi Kivilinna
803584fffc8SSebastian Siewiorconfig CRYPTO_TEA
804584fffc8SSebastian Siewior	tristate "TEA, XTEA and XETA cipher algorithms"
805584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
806584fffc8SSebastian Siewior	help
807584fffc8SSebastian Siewior	  TEA cipher algorithm.
808584fffc8SSebastian Siewior
809584fffc8SSebastian Siewior	  Tiny Encryption Algorithm is a simple cipher that uses
810584fffc8SSebastian Siewior	  many rounds for security.  It is very fast and uses
811584fffc8SSebastian Siewior	  little memory.
812584fffc8SSebastian Siewior
813584fffc8SSebastian Siewior	  Xtendend Tiny Encryption Algorithm is a modification to
814584fffc8SSebastian Siewior	  the TEA algorithm to address a potential key weakness
815584fffc8SSebastian Siewior	  in the TEA algorithm.
816584fffc8SSebastian Siewior
817584fffc8SSebastian Siewior	  Xtendend Encryption Tiny Algorithm is a mis-implementation
818584fffc8SSebastian Siewior	  of the XTEA algorithm for compatibility purposes.
819584fffc8SSebastian Siewior
820584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH
821584fffc8SSebastian Siewior	tristate "Twofish cipher algorithm"
822584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
823584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
824584fffc8SSebastian Siewior	help
825584fffc8SSebastian Siewior	  Twofish cipher algorithm.
826584fffc8SSebastian Siewior
827584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
828584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
829584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
830584fffc8SSebastian Siewior	  bits.
831584fffc8SSebastian Siewior
832584fffc8SSebastian Siewior	  See also:
833584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
834584fffc8SSebastian Siewior
835584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON
836584fffc8SSebastian Siewior	tristate
837584fffc8SSebastian Siewior	help
838584fffc8SSebastian Siewior	  Common parts of the Twofish cipher algorithm shared by the
839584fffc8SSebastian Siewior	  generic c and the assembler implementations.
840584fffc8SSebastian Siewior
841584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586
842584fffc8SSebastian Siewior	tristate "Twofish cipher algorithms (i586)"
843584fffc8SSebastian Siewior	depends on (X86 || UML_X86) && !64BIT
844584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
845584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
846584fffc8SSebastian Siewior	help
847584fffc8SSebastian Siewior	  Twofish cipher algorithm.
848584fffc8SSebastian Siewior
849584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
850584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
851584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
852584fffc8SSebastian Siewior	  bits.
853584fffc8SSebastian Siewior
854584fffc8SSebastian Siewior	  See also:
855584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
856584fffc8SSebastian Siewior
857584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64
858584fffc8SSebastian Siewior	tristate "Twofish cipher algorithm (x86_64)"
859584fffc8SSebastian Siewior	depends on (X86 || UML_X86) && 64BIT
860584fffc8SSebastian Siewior	select CRYPTO_ALGAPI
861584fffc8SSebastian Siewior	select CRYPTO_TWOFISH_COMMON
862584fffc8SSebastian Siewior	help
863584fffc8SSebastian Siewior	  Twofish cipher algorithm (x86_64).
864584fffc8SSebastian Siewior
865584fffc8SSebastian Siewior	  Twofish was submitted as an AES (Advanced Encryption Standard)
866584fffc8SSebastian Siewior	  candidate cipher by researchers at CounterPane Systems.  It is a
867584fffc8SSebastian Siewior	  16 round block cipher supporting key sizes of 128, 192, and 256
868584fffc8SSebastian Siewior	  bits.
869584fffc8SSebastian Siewior
870584fffc8SSebastian Siewior	  See also:
871584fffc8SSebastian Siewior	  <http://www.schneier.com/twofish.html>
872584fffc8SSebastian Siewior
8738280daadSJussi Kivilinnaconfig CRYPTO_TWOFISH_X86_64_3WAY
8748280daadSJussi Kivilinna	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
8758280daadSJussi Kivilinna	depends on (X86 || UML_X86) && 64BIT
8768280daadSJussi Kivilinna	select CRYPTO_ALGAPI
8778280daadSJussi Kivilinna	select CRYPTO_TWOFISH_COMMON
8788280daadSJussi Kivilinna	select CRYPTO_TWOFISH_X86_64
8798280daadSJussi Kivilinna	help
8808280daadSJussi Kivilinna	  Twofish cipher algorithm (x86_64, 3-way parallel).
8818280daadSJussi Kivilinna
8828280daadSJussi Kivilinna	  Twofish was submitted as an AES (Advanced Encryption Standard)
8838280daadSJussi Kivilinna	  candidate cipher by researchers at CounterPane Systems.  It is a
8848280daadSJussi Kivilinna	  16 round block cipher supporting key sizes of 128, 192, and 256
8858280daadSJussi Kivilinna	  bits.
8868280daadSJussi Kivilinna
8878280daadSJussi Kivilinna	  This module provides Twofish cipher algorithm that processes three
8888280daadSJussi Kivilinna	  blocks parallel, utilizing resources of out-of-order CPUs better.
8898280daadSJussi Kivilinna
8908280daadSJussi Kivilinna	  See also:
8918280daadSJussi Kivilinna	  <http://www.schneier.com/twofish.html>
8928280daadSJussi Kivilinna
893584fffc8SSebastian Siewiorcomment "Compression"
894584fffc8SSebastian Siewior
8951da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE
8961da177e4SLinus Torvalds	tristate "Deflate compression algorithm"
897cce9e06dSHerbert Xu	select CRYPTO_ALGAPI
8981da177e4SLinus Torvalds	select ZLIB_INFLATE
8991da177e4SLinus Torvalds	select ZLIB_DEFLATE
9001da177e4SLinus Torvalds	help
9011da177e4SLinus Torvalds	  This is the Deflate algorithm (RFC1951), specified for use in
9021da177e4SLinus Torvalds	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
9031da177e4SLinus Torvalds
9041da177e4SLinus Torvalds	  You will most probably want this if using IPSec.
9051da177e4SLinus Torvalds
906bf68e65eSGeert Uytterhoevenconfig CRYPTO_ZLIB
907bf68e65eSGeert Uytterhoeven	tristate "Zlib compression algorithm"
908bf68e65eSGeert Uytterhoeven	select CRYPTO_PCOMP
909bf68e65eSGeert Uytterhoeven	select ZLIB_INFLATE
910bf68e65eSGeert Uytterhoeven	select ZLIB_DEFLATE
911bf68e65eSGeert Uytterhoeven	select NLATTR
912bf68e65eSGeert Uytterhoeven	help
913bf68e65eSGeert Uytterhoeven	  This is the zlib algorithm.
914bf68e65eSGeert Uytterhoeven
9150b77abb3SZoltan Sogorconfig CRYPTO_LZO
9160b77abb3SZoltan Sogor	tristate "LZO compression algorithm"
9170b77abb3SZoltan Sogor	select CRYPTO_ALGAPI
9180b77abb3SZoltan Sogor	select LZO_COMPRESS
9190b77abb3SZoltan Sogor	select LZO_DECOMPRESS
9200b77abb3SZoltan Sogor	help
9210b77abb3SZoltan Sogor	  This is the LZO algorithm.
9220b77abb3SZoltan Sogor
92317f0f4a4SNeil Hormancomment "Random Number Generation"
92417f0f4a4SNeil Horman
92517f0f4a4SNeil Hormanconfig CRYPTO_ANSI_CPRNG
92617f0f4a4SNeil Horman	tristate "Pseudo Random Number Generation for Cryptographic modules"
9274e4ed83bSNeil Horman	default m
92817f0f4a4SNeil Horman	select CRYPTO_AES
92917f0f4a4SNeil Horman	select CRYPTO_RNG
93017f0f4a4SNeil Horman	help
93117f0f4a4SNeil Horman	  This option enables the generic pseudo random number generator
93217f0f4a4SNeil Horman	  for cryptographic modules.  Uses the Algorithm specified in
9337dd607e8SJiri Kosina	  ANSI X9.31 A.2.4. Note that this option must be enabled if
9347dd607e8SJiri Kosina	  CRYPTO_FIPS is selected
93517f0f4a4SNeil Horman
93603c8efc1SHerbert Xuconfig CRYPTO_USER_API
93703c8efc1SHerbert Xu	tristate
93803c8efc1SHerbert Xu
939fe869cdbSHerbert Xuconfig CRYPTO_USER_API_HASH
940fe869cdbSHerbert Xu	tristate "User-space interface for hash algorithms"
9417451708fSHerbert Xu	depends on NET
942fe869cdbSHerbert Xu	select CRYPTO_HASH
943fe869cdbSHerbert Xu	select CRYPTO_USER_API
944fe869cdbSHerbert Xu	help
945fe869cdbSHerbert Xu	  This option enables the user-spaces interface for hash
946fe869cdbSHerbert Xu	  algorithms.
947fe869cdbSHerbert Xu
9488ff59090SHerbert Xuconfig CRYPTO_USER_API_SKCIPHER
9498ff59090SHerbert Xu	tristate "User-space interface for symmetric key cipher algorithms"
9507451708fSHerbert Xu	depends on NET
9518ff59090SHerbert Xu	select CRYPTO_BLKCIPHER
9528ff59090SHerbert Xu	select CRYPTO_USER_API
9538ff59090SHerbert Xu	help
9548ff59090SHerbert Xu	  This option enables the user-spaces interface for symmetric
9558ff59090SHerbert Xu	  key cipher algorithms.
9568ff59090SHerbert Xu
9571da177e4SLinus Torvaldssource "drivers/crypto/Kconfig"
9581da177e4SLinus Torvalds
959cce9e06dSHerbert Xuendif	# if CRYPTO
960