1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 21da177e4SLinus Torvalds# 3685784aaSDan Williams# Generic algorithms support 4685784aaSDan Williams# 5685784aaSDan Williamsconfig XOR_BLOCKS 6685784aaSDan Williams tristate 7685784aaSDan Williams 8685784aaSDan Williams# 99bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 109bc89cd8SDan Williams# 119bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 129bc89cd8SDan Williams 139bc89cd8SDan Williams# 141da177e4SLinus Torvalds# Cryptographic API Configuration 151da177e4SLinus Torvalds# 162e290f43SJan Engelhardtmenuconfig CRYPTO 17c3715cb9SSebastian Siewior tristate "Cryptographic API" 181da177e4SLinus Torvalds help 191da177e4SLinus Torvalds This option provides the core Cryptographic API. 201da177e4SLinus Torvalds 21cce9e06dSHerbert Xuif CRYPTO 22cce9e06dSHerbert Xu 23584fffc8SSebastian Siewiorcomment "Crypto core or helper" 24584fffc8SSebastian Siewior 25ccb778e1SNeil Hormanconfig CRYPTO_FIPS 26ccb778e1SNeil Horman bool "FIPS 200 compliance" 27f2c89a10SHerbert Xu depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 281f696097SAlec Ari depends on (MODULE_SIG || !MODULES) 29ccb778e1SNeil Horman help 30d99324c2SGeert Uytterhoeven This option enables the fips boot option which is 31d99324c2SGeert Uytterhoeven required if you want the system to operate in a FIPS 200 32ccb778e1SNeil Horman certification. You should say no unless you know what 33e84c5480SChuck Ebbert this is. 34ccb778e1SNeil Horman 35cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 36cce9e06dSHerbert Xu tristate 376a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 38cce9e06dSHerbert Xu help 39cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 40cce9e06dSHerbert Xu 416a0fcbb4SHerbert Xuconfig CRYPTO_ALGAPI2 426a0fcbb4SHerbert Xu tristate 436a0fcbb4SHerbert Xu 441ae97820SHerbert Xuconfig CRYPTO_AEAD 451ae97820SHerbert Xu tristate 466a0fcbb4SHerbert Xu select CRYPTO_AEAD2 471ae97820SHerbert Xu select CRYPTO_ALGAPI 481ae97820SHerbert Xu 496a0fcbb4SHerbert Xuconfig CRYPTO_AEAD2 506a0fcbb4SHerbert Xu tristate 516a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 52149a3971SHerbert Xu select CRYPTO_NULL2 53149a3971SHerbert Xu select CRYPTO_RNG2 546a0fcbb4SHerbert Xu 555cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER 565cde0af2SHerbert Xu tristate 576a0fcbb4SHerbert Xu select CRYPTO_BLKCIPHER2 585cde0af2SHerbert Xu select CRYPTO_ALGAPI 596a0fcbb4SHerbert Xu 606a0fcbb4SHerbert Xuconfig CRYPTO_BLKCIPHER2 616a0fcbb4SHerbert Xu tristate 626a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 636a0fcbb4SHerbert Xu select CRYPTO_RNG2 645cde0af2SHerbert Xu 65055bcee3SHerbert Xuconfig CRYPTO_HASH 66055bcee3SHerbert Xu tristate 676a0fcbb4SHerbert Xu select CRYPTO_HASH2 68055bcee3SHerbert Xu select CRYPTO_ALGAPI 69055bcee3SHerbert Xu 706a0fcbb4SHerbert Xuconfig CRYPTO_HASH2 716a0fcbb4SHerbert Xu tristate 726a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 736a0fcbb4SHerbert Xu 7417f0f4a4SNeil Hormanconfig CRYPTO_RNG 7517f0f4a4SNeil Horman tristate 766a0fcbb4SHerbert Xu select CRYPTO_RNG2 7717f0f4a4SNeil Horman select CRYPTO_ALGAPI 7817f0f4a4SNeil Horman 796a0fcbb4SHerbert Xuconfig CRYPTO_RNG2 806a0fcbb4SHerbert Xu tristate 816a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 826a0fcbb4SHerbert Xu 83401e4238SHerbert Xuconfig CRYPTO_RNG_DEFAULT 84401e4238SHerbert Xu tristate 85401e4238SHerbert Xu select CRYPTO_DRBG_MENU 86401e4238SHerbert Xu 873c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER2 883c339ab8STadeusz Struk tristate 893c339ab8STadeusz Struk select CRYPTO_ALGAPI2 903c339ab8STadeusz Struk 913c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER 923c339ab8STadeusz Struk tristate 933c339ab8STadeusz Struk select CRYPTO_AKCIPHER2 943c339ab8STadeusz Struk select CRYPTO_ALGAPI 953c339ab8STadeusz Struk 964e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP2 974e5f2c40SSalvatore Benedetto tristate 984e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI2 994e5f2c40SSalvatore Benedetto 1004e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP 1014e5f2c40SSalvatore Benedetto tristate 1024e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI 1034e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1044e5f2c40SSalvatore Benedetto 1052ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP2 1062ebda74fSGiovanni Cabiddu tristate 1072ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI2 1088cd579d2SBart Van Assche select SGL_ALLOC 1092ebda74fSGiovanni Cabiddu 1102ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP 1112ebda74fSGiovanni Cabiddu tristate 1122ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI 1132ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1142ebda74fSGiovanni Cabiddu 1152b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 1162b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 1176a0fcbb4SHerbert Xu select CRYPTO_MANAGER2 1182b8c19dbSHerbert Xu help 1192b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 1202b8c19dbSHerbert Xu cbc(aes). 1212b8c19dbSHerbert Xu 1226a0fcbb4SHerbert Xuconfig CRYPTO_MANAGER2 1236a0fcbb4SHerbert Xu def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 1246a0fcbb4SHerbert Xu select CRYPTO_AEAD2 1256a0fcbb4SHerbert Xu select CRYPTO_HASH2 1266a0fcbb4SHerbert Xu select CRYPTO_BLKCIPHER2 127946cc463STadeusz Struk select CRYPTO_AKCIPHER2 1284e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1292ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1306a0fcbb4SHerbert Xu 131a38f7907SSteffen Klassertconfig CRYPTO_USER 132a38f7907SSteffen Klassert tristate "Userspace cryptographic algorithm configuration" 1335db017aaSHerbert Xu depends on NET 134a38f7907SSteffen Klassert select CRYPTO_MANAGER 135a38f7907SSteffen Klassert help 136d19978f5SValdis.Kletnieks@vt.edu Userspace configuration for cryptographic instantiations such as 137a38f7907SSteffen Klassert cbc(aes). 138a38f7907SSteffen Klassert 139929d34caSEric Biggersif CRYPTO_MANAGER2 140929d34caSEric Biggers 141326a6346SHerbert Xuconfig CRYPTO_MANAGER_DISABLE_TESTS 142326a6346SHerbert Xu bool "Disable run-time self tests" 14300ca28a5SHerbert Xu default y 1440b767f96SAlexander Shishkin help 145326a6346SHerbert Xu Disable run-time self tests that normally take place at 146326a6346SHerbert Xu algorithm registration. 1470b767f96SAlexander Shishkin 1485b2706a4SEric Biggersconfig CRYPTO_MANAGER_EXTRA_TESTS 1495b2706a4SEric Biggers bool "Enable extra run-time crypto self tests" 1505b2706a4SEric Biggers depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 1515b2706a4SEric Biggers help 1525b2706a4SEric Biggers Enable extra run-time self tests of registered crypto algorithms, 1535b2706a4SEric Biggers including randomized fuzz tests. 1545b2706a4SEric Biggers 1555b2706a4SEric Biggers This is intended for developer use only, as these tests take much 1565b2706a4SEric Biggers longer to run than the normal self tests. 1575b2706a4SEric Biggers 158929d34caSEric Biggersendif # if CRYPTO_MANAGER2 159929d34caSEric Biggers 160584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 161e590e132SEric Biggers tristate 162584fffc8SSebastian Siewior 163584fffc8SSebastian Siewiorconfig CRYPTO_NULL 164584fffc8SSebastian Siewior tristate "Null algorithms" 165149a3971SHerbert Xu select CRYPTO_NULL2 166584fffc8SSebastian Siewior help 167584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 168584fffc8SSebastian Siewior 169149a3971SHerbert Xuconfig CRYPTO_NULL2 170dd43c4e9SHerbert Xu tristate 171149a3971SHerbert Xu select CRYPTO_ALGAPI2 172149a3971SHerbert Xu select CRYPTO_BLKCIPHER2 173149a3971SHerbert Xu select CRYPTO_HASH2 174149a3971SHerbert Xu 1755068c7a8SSteffen Klassertconfig CRYPTO_PCRYPT 1763b4afaf2SKees Cook tristate "Parallel crypto engine" 1773b4afaf2SKees Cook depends on SMP 1785068c7a8SSteffen Klassert select PADATA 1795068c7a8SSteffen Klassert select CRYPTO_MANAGER 1805068c7a8SSteffen Klassert select CRYPTO_AEAD 1815068c7a8SSteffen Klassert help 1825068c7a8SSteffen Klassert This converts an arbitrary crypto algorithm into a parallel 1835068c7a8SSteffen Klassert algorithm that executes in kernel threads. 1845068c7a8SSteffen Klassert 185584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 186584fffc8SSebastian Siewior tristate "Software async crypto daemon" 187584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 188b8a28251SLoc Ho select CRYPTO_HASH 189584fffc8SSebastian Siewior select CRYPTO_MANAGER 190584fffc8SSebastian Siewior help 191584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 192584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 193584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 194584fffc8SSebastian Siewior 195584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 196584fffc8SSebastian Siewior tristate "Authenc support" 197584fffc8SSebastian Siewior select CRYPTO_AEAD 198584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 199584fffc8SSebastian Siewior select CRYPTO_MANAGER 200584fffc8SSebastian Siewior select CRYPTO_HASH 201e94c6a7aSHerbert Xu select CRYPTO_NULL 202584fffc8SSebastian Siewior help 203584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 204584fffc8SSebastian Siewior This is required for IPSec. 205584fffc8SSebastian Siewior 206584fffc8SSebastian Siewiorconfig CRYPTO_TEST 207584fffc8SSebastian Siewior tristate "Testing module" 208584fffc8SSebastian Siewior depends on m 209da7f033dSHerbert Xu select CRYPTO_MANAGER 210584fffc8SSebastian Siewior help 211584fffc8SSebastian Siewior Quick & dirty crypto test module. 212584fffc8SSebastian Siewior 213266d0516SHerbert Xuconfig CRYPTO_SIMD 214266d0516SHerbert Xu tristate 215266d0516SHerbert Xu select CRYPTO_CRYPTD 216266d0516SHerbert Xu 217596d8750SJussi Kivilinnaconfig CRYPTO_GLUE_HELPER_X86 218596d8750SJussi Kivilinna tristate 219596d8750SJussi Kivilinna depends on X86 220065ce327SHerbert Xu select CRYPTO_BLKCIPHER 221596d8750SJussi Kivilinna 222735d37b5SBaolin Wangconfig CRYPTO_ENGINE 223735d37b5SBaolin Wang tristate 224735d37b5SBaolin Wang 2253d6228a5SVitaly Chikunovcomment "Public-key cryptography" 2263d6228a5SVitaly Chikunov 2273d6228a5SVitaly Chikunovconfig CRYPTO_RSA 2283d6228a5SVitaly Chikunov tristate "RSA algorithm" 2293d6228a5SVitaly Chikunov select CRYPTO_AKCIPHER 2303d6228a5SVitaly Chikunov select CRYPTO_MANAGER 2313d6228a5SVitaly Chikunov select MPILIB 2323d6228a5SVitaly Chikunov select ASN1 2333d6228a5SVitaly Chikunov help 2343d6228a5SVitaly Chikunov Generic implementation of the RSA public key algorithm. 2353d6228a5SVitaly Chikunov 2363d6228a5SVitaly Chikunovconfig CRYPTO_DH 2373d6228a5SVitaly Chikunov tristate "Diffie-Hellman algorithm" 2383d6228a5SVitaly Chikunov select CRYPTO_KPP 2393d6228a5SVitaly Chikunov select MPILIB 2403d6228a5SVitaly Chikunov help 2413d6228a5SVitaly Chikunov Generic implementation of the Diffie-Hellman algorithm. 2423d6228a5SVitaly Chikunov 2434a2289daSVitaly Chikunovconfig CRYPTO_ECC 2444a2289daSVitaly Chikunov tristate 2454a2289daSVitaly Chikunov 2463d6228a5SVitaly Chikunovconfig CRYPTO_ECDH 2473d6228a5SVitaly Chikunov tristate "ECDH algorithm" 2484a2289daSVitaly Chikunov select CRYPTO_ECC 2493d6228a5SVitaly Chikunov select CRYPTO_KPP 2503d6228a5SVitaly Chikunov select CRYPTO_RNG_DEFAULT 2513d6228a5SVitaly Chikunov help 2523d6228a5SVitaly Chikunov Generic implementation of the ECDH algorithm 2533d6228a5SVitaly Chikunov 2540d7a7864SVitaly Chikunovconfig CRYPTO_ECRDSA 2550d7a7864SVitaly Chikunov tristate "EC-RDSA (GOST 34.10) algorithm" 2560d7a7864SVitaly Chikunov select CRYPTO_ECC 2570d7a7864SVitaly Chikunov select CRYPTO_AKCIPHER 2580d7a7864SVitaly Chikunov select CRYPTO_STREEBOG 2591036633eSVitaly Chikunov select OID_REGISTRY 2601036633eSVitaly Chikunov select ASN1 2610d7a7864SVitaly Chikunov help 2620d7a7864SVitaly Chikunov Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 2630d7a7864SVitaly Chikunov RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 2640d7a7864SVitaly Chikunov standard algorithms (called GOST algorithms). Only signature verification 2650d7a7864SVitaly Chikunov is implemented. 2660d7a7864SVitaly Chikunov 267584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 268584fffc8SSebastian Siewior 269584fffc8SSebastian Siewiorconfig CRYPTO_CCM 270584fffc8SSebastian Siewior tristate "CCM support" 271584fffc8SSebastian Siewior select CRYPTO_CTR 272f15f05b0SArd Biesheuvel select CRYPTO_HASH 273584fffc8SSebastian Siewior select CRYPTO_AEAD 274c8a3315aSEric Biggers select CRYPTO_MANAGER 275584fffc8SSebastian Siewior help 276584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 277584fffc8SSebastian Siewior 278584fffc8SSebastian Siewiorconfig CRYPTO_GCM 279584fffc8SSebastian Siewior tristate "GCM/GMAC support" 280584fffc8SSebastian Siewior select CRYPTO_CTR 281584fffc8SSebastian Siewior select CRYPTO_AEAD 2829382d97aSHuang Ying select CRYPTO_GHASH 2839489667dSJussi Kivilinna select CRYPTO_NULL 284c8a3315aSEric Biggers select CRYPTO_MANAGER 285584fffc8SSebastian Siewior help 286584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 287584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 288584fffc8SSebastian Siewior 28971ebc4d1SMartin Williconfig CRYPTO_CHACHA20POLY1305 29071ebc4d1SMartin Willi tristate "ChaCha20-Poly1305 AEAD support" 29171ebc4d1SMartin Willi select CRYPTO_CHACHA20 29271ebc4d1SMartin Willi select CRYPTO_POLY1305 29371ebc4d1SMartin Willi select CRYPTO_AEAD 294c8a3315aSEric Biggers select CRYPTO_MANAGER 29571ebc4d1SMartin Willi help 29671ebc4d1SMartin Willi ChaCha20-Poly1305 AEAD support, RFC7539. 29771ebc4d1SMartin Willi 29871ebc4d1SMartin Willi Support for the AEAD wrapper using the ChaCha20 stream cipher combined 29971ebc4d1SMartin Willi with the Poly1305 authenticator. It is defined in RFC7539 for use in 30071ebc4d1SMartin Willi IETF protocols. 30171ebc4d1SMartin Willi 302f606a88eSOndrej Mosnacekconfig CRYPTO_AEGIS128 303f606a88eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm" 304f606a88eSOndrej Mosnacek select CRYPTO_AEAD 305f606a88eSOndrej Mosnacek select CRYPTO_AES # for AES S-box tables 306f606a88eSOndrej Mosnacek help 307f606a88eSOndrej Mosnacek Support for the AEGIS-128 dedicated AEAD algorithm. 308f606a88eSOndrej Mosnacek 309f606a88eSOndrej Mosnacekconfig CRYPTO_AEGIS128L 310f606a88eSOndrej Mosnacek tristate "AEGIS-128L AEAD algorithm" 311f606a88eSOndrej Mosnacek select CRYPTO_AEAD 312f606a88eSOndrej Mosnacek select CRYPTO_AES # for AES S-box tables 313f606a88eSOndrej Mosnacek help 314f606a88eSOndrej Mosnacek Support for the AEGIS-128L dedicated AEAD algorithm. 315f606a88eSOndrej Mosnacek 316f606a88eSOndrej Mosnacekconfig CRYPTO_AEGIS256 317f606a88eSOndrej Mosnacek tristate "AEGIS-256 AEAD algorithm" 318f606a88eSOndrej Mosnacek select CRYPTO_AEAD 319f606a88eSOndrej Mosnacek select CRYPTO_AES # for AES S-box tables 320f606a88eSOndrej Mosnacek help 321f606a88eSOndrej Mosnacek Support for the AEGIS-256 dedicated AEAD algorithm. 322f606a88eSOndrej Mosnacek 3231d373d4eSOndrej Mosnacekconfig CRYPTO_AEGIS128_AESNI_SSE2 3241d373d4eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 3251d373d4eSOndrej Mosnacek depends on X86 && 64BIT 3261d373d4eSOndrej Mosnacek select CRYPTO_AEAD 327de272ca7SEric Biggers select CRYPTO_SIMD 3281d373d4eSOndrej Mosnacek help 3294e5180ebSOndrej Mosnacek AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 3301d373d4eSOndrej Mosnacek 3311d373d4eSOndrej Mosnacekconfig CRYPTO_AEGIS128L_AESNI_SSE2 3321d373d4eSOndrej Mosnacek tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 3331d373d4eSOndrej Mosnacek depends on X86 && 64BIT 3341d373d4eSOndrej Mosnacek select CRYPTO_AEAD 335d628132aSEric Biggers select CRYPTO_SIMD 3361d373d4eSOndrej Mosnacek help 3374e5180ebSOndrej Mosnacek AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm. 3381d373d4eSOndrej Mosnacek 3391d373d4eSOndrej Mosnacekconfig CRYPTO_AEGIS256_AESNI_SSE2 3401d373d4eSOndrej Mosnacek tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 3411d373d4eSOndrej Mosnacek depends on X86 && 64BIT 3421d373d4eSOndrej Mosnacek select CRYPTO_AEAD 343b6708c2dSEric Biggers select CRYPTO_SIMD 3441d373d4eSOndrej Mosnacek help 3454e5180ebSOndrej Mosnacek AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm. 3461d373d4eSOndrej Mosnacek 347396be41fSOndrej Mosnacekconfig CRYPTO_MORUS640 348396be41fSOndrej Mosnacek tristate "MORUS-640 AEAD algorithm" 349396be41fSOndrej Mosnacek select CRYPTO_AEAD 350396be41fSOndrej Mosnacek help 351396be41fSOndrej Mosnacek Support for the MORUS-640 dedicated AEAD algorithm. 352396be41fSOndrej Mosnacek 35356e8e57fSOndrej Mosnacekconfig CRYPTO_MORUS640_GLUE 3542808f173SOndrej Mosnacek tristate 3552808f173SOndrej Mosnacek depends on X86 35656e8e57fSOndrej Mosnacek select CRYPTO_AEAD 35747730958SEric Biggers select CRYPTO_SIMD 35856e8e57fSOndrej Mosnacek help 35956e8e57fSOndrej Mosnacek Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD 36056e8e57fSOndrej Mosnacek algorithm. 36156e8e57fSOndrej Mosnacek 3626ecc9d9fSOndrej Mosnacekconfig CRYPTO_MORUS640_SSE2 3636ecc9d9fSOndrej Mosnacek tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)" 3646ecc9d9fSOndrej Mosnacek depends on X86 && 64BIT 3656ecc9d9fSOndrej Mosnacek select CRYPTO_AEAD 3666ecc9d9fSOndrej Mosnacek select CRYPTO_MORUS640_GLUE 3676ecc9d9fSOndrej Mosnacek help 3686ecc9d9fSOndrej Mosnacek SSE2 implementation of the MORUS-640 dedicated AEAD algorithm. 3696ecc9d9fSOndrej Mosnacek 370396be41fSOndrej Mosnacekconfig CRYPTO_MORUS1280 371396be41fSOndrej Mosnacek tristate "MORUS-1280 AEAD algorithm" 372396be41fSOndrej Mosnacek select CRYPTO_AEAD 373396be41fSOndrej Mosnacek help 374396be41fSOndrej Mosnacek Support for the MORUS-1280 dedicated AEAD algorithm. 375396be41fSOndrej Mosnacek 37656e8e57fSOndrej Mosnacekconfig CRYPTO_MORUS1280_GLUE 3772808f173SOndrej Mosnacek tristate 3782808f173SOndrej Mosnacek depends on X86 37956e8e57fSOndrej Mosnacek select CRYPTO_AEAD 380e151a8d2SEric Biggers select CRYPTO_SIMD 38156e8e57fSOndrej Mosnacek help 38256e8e57fSOndrej Mosnacek Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD 38356e8e57fSOndrej Mosnacek algorithm. 38456e8e57fSOndrej Mosnacek 3856ecc9d9fSOndrej Mosnacekconfig CRYPTO_MORUS1280_SSE2 3866ecc9d9fSOndrej Mosnacek tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)" 3876ecc9d9fSOndrej Mosnacek depends on X86 && 64BIT 3886ecc9d9fSOndrej Mosnacek select CRYPTO_AEAD 3896ecc9d9fSOndrej Mosnacek select CRYPTO_MORUS1280_GLUE 3906ecc9d9fSOndrej Mosnacek help 3916ecc9d9fSOndrej Mosnacek SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD 3926ecc9d9fSOndrej Mosnacek algorithm. 3936ecc9d9fSOndrej Mosnacek 3946ecc9d9fSOndrej Mosnacekconfig CRYPTO_MORUS1280_AVX2 3956ecc9d9fSOndrej Mosnacek tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)" 3966ecc9d9fSOndrej Mosnacek depends on X86 && 64BIT 3976ecc9d9fSOndrej Mosnacek select CRYPTO_AEAD 3986ecc9d9fSOndrej Mosnacek select CRYPTO_MORUS1280_GLUE 3996ecc9d9fSOndrej Mosnacek help 4006ecc9d9fSOndrej Mosnacek AVX2 optimized implementation of the MORUS-1280 dedicated AEAD 4016ecc9d9fSOndrej Mosnacek algorithm. 4026ecc9d9fSOndrej Mosnacek 403584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 404584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 405584fffc8SSebastian Siewior select CRYPTO_AEAD 406584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 407856e3f40SHerbert Xu select CRYPTO_NULL 408401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 409c8a3315aSEric Biggers select CRYPTO_MANAGER 410584fffc8SSebastian Siewior help 411584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 412584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 413584fffc8SSebastian Siewior 414a10f554fSHerbert Xuconfig CRYPTO_ECHAINIV 415a10f554fSHerbert Xu tristate "Encrypted Chain IV Generator" 416a10f554fSHerbert Xu select CRYPTO_AEAD 417a10f554fSHerbert Xu select CRYPTO_NULL 418401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 419c8a3315aSEric Biggers select CRYPTO_MANAGER 420a10f554fSHerbert Xu help 421a10f554fSHerbert Xu This IV generator generates an IV based on the encryption of 422a10f554fSHerbert Xu a sequence number xored with a salt. This is the default 423a10f554fSHerbert Xu algorithm for CBC. 424a10f554fSHerbert Xu 425584fffc8SSebastian Siewiorcomment "Block modes" 426584fffc8SSebastian Siewior 427584fffc8SSebastian Siewiorconfig CRYPTO_CBC 428584fffc8SSebastian Siewior tristate "CBC support" 429584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 430584fffc8SSebastian Siewior select CRYPTO_MANAGER 431584fffc8SSebastian Siewior help 432584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 433584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 434584fffc8SSebastian Siewior 435a7d85e06SJames Bottomleyconfig CRYPTO_CFB 436a7d85e06SJames Bottomley tristate "CFB support" 437a7d85e06SJames Bottomley select CRYPTO_BLKCIPHER 438a7d85e06SJames Bottomley select CRYPTO_MANAGER 439a7d85e06SJames Bottomley help 440a7d85e06SJames Bottomley CFB: Cipher FeedBack mode 441a7d85e06SJames Bottomley This block cipher algorithm is required for TPM2 Cryptography. 442a7d85e06SJames Bottomley 443584fffc8SSebastian Siewiorconfig CRYPTO_CTR 444584fffc8SSebastian Siewior tristate "CTR support" 445584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 446584fffc8SSebastian Siewior select CRYPTO_SEQIV 447584fffc8SSebastian Siewior select CRYPTO_MANAGER 448584fffc8SSebastian Siewior help 449584fffc8SSebastian Siewior CTR: Counter mode 450584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 451584fffc8SSebastian Siewior 452584fffc8SSebastian Siewiorconfig CRYPTO_CTS 453584fffc8SSebastian Siewior tristate "CTS support" 454584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 455c8a3315aSEric Biggers select CRYPTO_MANAGER 456584fffc8SSebastian Siewior help 457584fffc8SSebastian Siewior CTS: Cipher Text Stealing 458584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 459ecd6d5c9SGilad Ben-Yossef Section 8 of rfc2040 and referenced by rfc3962 460ecd6d5c9SGilad Ben-Yossef (rfc3962 includes errata information in its Appendix A) or 461ecd6d5c9SGilad Ben-Yossef CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 462584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 463584fffc8SSebastian Siewior for AES encryption. 464584fffc8SSebastian Siewior 465ecd6d5c9SGilad Ben-Yossef See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 466ecd6d5c9SGilad Ben-Yossef 467584fffc8SSebastian Siewiorconfig CRYPTO_ECB 468584fffc8SSebastian Siewior tristate "ECB support" 469584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 470584fffc8SSebastian Siewior select CRYPTO_MANAGER 471584fffc8SSebastian Siewior help 472584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 473584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 474584fffc8SSebastian Siewior the input block by block. 475584fffc8SSebastian Siewior 476584fffc8SSebastian Siewiorconfig CRYPTO_LRW 4772470a2b2SJussi Kivilinna tristate "LRW support" 478584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 479584fffc8SSebastian Siewior select CRYPTO_MANAGER 480584fffc8SSebastian Siewior select CRYPTO_GF128MUL 481584fffc8SSebastian Siewior help 482584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 483584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 484584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 485584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 486584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 487584fffc8SSebastian Siewior 488e497c518SGilad Ben-Yossefconfig CRYPTO_OFB 489e497c518SGilad Ben-Yossef tristate "OFB support" 490e497c518SGilad Ben-Yossef select CRYPTO_BLKCIPHER 491e497c518SGilad Ben-Yossef select CRYPTO_MANAGER 492e497c518SGilad Ben-Yossef help 493e497c518SGilad Ben-Yossef OFB: the Output Feedback mode makes a block cipher into a synchronous 494e497c518SGilad Ben-Yossef stream cipher. It generates keystream blocks, which are then XORed 495e497c518SGilad Ben-Yossef with the plaintext blocks to get the ciphertext. Flipping a bit in the 496e497c518SGilad Ben-Yossef ciphertext produces a flipped bit in the plaintext at the same 497e497c518SGilad Ben-Yossef location. This property allows many error correcting codes to function 498e497c518SGilad Ben-Yossef normally even when applied before encryption. 499e497c518SGilad Ben-Yossef 500584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 501584fffc8SSebastian Siewior tristate "PCBC support" 502584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 503584fffc8SSebastian Siewior select CRYPTO_MANAGER 504584fffc8SSebastian Siewior help 505584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 506584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 507584fffc8SSebastian Siewior 508584fffc8SSebastian Siewiorconfig CRYPTO_XTS 5095bcf8e6dSJussi Kivilinna tristate "XTS support" 510584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 511584fffc8SSebastian Siewior select CRYPTO_MANAGER 51212cb3a1cSMilan Broz select CRYPTO_ECB 513584fffc8SSebastian Siewior help 514584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 515584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 516584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 517584fffc8SSebastian Siewior 5181c49678eSStephan Muellerconfig CRYPTO_KEYWRAP 5191c49678eSStephan Mueller tristate "Key wrapping support" 5201c49678eSStephan Mueller select CRYPTO_BLKCIPHER 521c8a3315aSEric Biggers select CRYPTO_MANAGER 5221c49678eSStephan Mueller help 5231c49678eSStephan Mueller Support for key wrapping (NIST SP800-38F / RFC3394) without 5241c49678eSStephan Mueller padding. 5251c49678eSStephan Mueller 52626609a21SEric Biggersconfig CRYPTO_NHPOLY1305 52726609a21SEric Biggers tristate 52826609a21SEric Biggers select CRYPTO_HASH 52926609a21SEric Biggers select CRYPTO_POLY1305 53026609a21SEric Biggers 531012c8238SEric Biggersconfig CRYPTO_NHPOLY1305_SSE2 532012c8238SEric Biggers tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 533012c8238SEric Biggers depends on X86 && 64BIT 534012c8238SEric Biggers select CRYPTO_NHPOLY1305 535012c8238SEric Biggers help 536012c8238SEric Biggers SSE2 optimized implementation of the hash function used by the 537012c8238SEric Biggers Adiantum encryption mode. 538012c8238SEric Biggers 5390f961f9fSEric Biggersconfig CRYPTO_NHPOLY1305_AVX2 5400f961f9fSEric Biggers tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 5410f961f9fSEric Biggers depends on X86 && 64BIT 5420f961f9fSEric Biggers select CRYPTO_NHPOLY1305 5430f961f9fSEric Biggers help 5440f961f9fSEric Biggers AVX2 optimized implementation of the hash function used by the 5450f961f9fSEric Biggers Adiantum encryption mode. 5460f961f9fSEric Biggers 547059c2a4dSEric Biggersconfig CRYPTO_ADIANTUM 548059c2a4dSEric Biggers tristate "Adiantum support" 549059c2a4dSEric Biggers select CRYPTO_CHACHA20 550059c2a4dSEric Biggers select CRYPTO_POLY1305 551059c2a4dSEric Biggers select CRYPTO_NHPOLY1305 552c8a3315aSEric Biggers select CRYPTO_MANAGER 553059c2a4dSEric Biggers help 554059c2a4dSEric Biggers Adiantum is a tweakable, length-preserving encryption mode 555059c2a4dSEric Biggers designed for fast and secure disk encryption, especially on 556059c2a4dSEric Biggers CPUs without dedicated crypto instructions. It encrypts 557059c2a4dSEric Biggers each sector using the XChaCha12 stream cipher, two passes of 558059c2a4dSEric Biggers an ε-almost-∆-universal hash function, and an invocation of 559059c2a4dSEric Biggers the AES-256 block cipher on a single 16-byte block. On CPUs 560059c2a4dSEric Biggers without AES instructions, Adiantum is much faster than 561059c2a4dSEric Biggers AES-XTS. 562059c2a4dSEric Biggers 563059c2a4dSEric Biggers Adiantum's security is provably reducible to that of its 564059c2a4dSEric Biggers underlying stream and block ciphers, subject to a security 565059c2a4dSEric Biggers bound. Unlike XTS, Adiantum is a true wide-block encryption 566059c2a4dSEric Biggers mode, so it actually provides an even stronger notion of 567059c2a4dSEric Biggers security than XTS, subject to the security bound. 568059c2a4dSEric Biggers 569059c2a4dSEric Biggers If unsure, say N. 570059c2a4dSEric Biggers 571*be1eb7f7SArd Biesheuvelconfig CRYPTO_ESSIV 572*be1eb7f7SArd Biesheuvel tristate "ESSIV support for block encryption" 573*be1eb7f7SArd Biesheuvel select CRYPTO_AUTHENC 574*be1eb7f7SArd Biesheuvel help 575*be1eb7f7SArd Biesheuvel Encrypted salt-sector initialization vector (ESSIV) is an IV 576*be1eb7f7SArd Biesheuvel generation method that is used in some cases by fscrypt and/or 577*be1eb7f7SArd Biesheuvel dm-crypt. It uses the hash of the block encryption key as the 578*be1eb7f7SArd Biesheuvel symmetric key for a block encryption pass applied to the input 579*be1eb7f7SArd Biesheuvel IV, making low entropy IV sources more suitable for block 580*be1eb7f7SArd Biesheuvel encryption. 581*be1eb7f7SArd Biesheuvel 582*be1eb7f7SArd Biesheuvel This driver implements a crypto API template that can be 583*be1eb7f7SArd Biesheuvel instantiated either as a skcipher or as a aead (depending on the 584*be1eb7f7SArd Biesheuvel type of the first template argument), and which defers encryption 585*be1eb7f7SArd Biesheuvel and decryption requests to the encapsulated cipher after applying 586*be1eb7f7SArd Biesheuvel ESSIV to the input IV. Note that in the aead case, it is assumed 587*be1eb7f7SArd Biesheuvel that the keys are presented in the same format used by the authenc 588*be1eb7f7SArd Biesheuvel template, and that the IV appears at the end of the authenticated 589*be1eb7f7SArd Biesheuvel associated data (AAD) region (which is how dm-crypt uses it.) 590*be1eb7f7SArd Biesheuvel 591*be1eb7f7SArd Biesheuvel Note that the use of ESSIV is not recommended for new deployments, 592*be1eb7f7SArd Biesheuvel and so this only needs to be enabled when interoperability with 593*be1eb7f7SArd Biesheuvel existing encrypted volumes of filesystems is required, or when 594*be1eb7f7SArd Biesheuvel building for a particular system that requires it (e.g., when 595*be1eb7f7SArd Biesheuvel the SoC in question has accelerated CBC but not XTS, making CBC 596*be1eb7f7SArd Biesheuvel combined with ESSIV the only feasible mode for h/w accelerated 597*be1eb7f7SArd Biesheuvel block encryption) 598*be1eb7f7SArd Biesheuvel 599584fffc8SSebastian Siewiorcomment "Hash modes" 600584fffc8SSebastian Siewior 60193b5e86aSJussi Kivilinnaconfig CRYPTO_CMAC 60293b5e86aSJussi Kivilinna tristate "CMAC support" 60393b5e86aSJussi Kivilinna select CRYPTO_HASH 60493b5e86aSJussi Kivilinna select CRYPTO_MANAGER 60593b5e86aSJussi Kivilinna help 60693b5e86aSJussi Kivilinna Cipher-based Message Authentication Code (CMAC) specified by 60793b5e86aSJussi Kivilinna The National Institute of Standards and Technology (NIST). 60893b5e86aSJussi Kivilinna 60993b5e86aSJussi Kivilinna https://tools.ietf.org/html/rfc4493 61093b5e86aSJussi Kivilinna http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 61193b5e86aSJussi Kivilinna 6121da177e4SLinus Torvaldsconfig CRYPTO_HMAC 6138425165dSHerbert Xu tristate "HMAC support" 6140796ae06SHerbert Xu select CRYPTO_HASH 61543518407SHerbert Xu select CRYPTO_MANAGER 6161da177e4SLinus Torvalds help 6171da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 6181da177e4SLinus Torvalds This is required for IPSec. 6191da177e4SLinus Torvalds 620333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 621333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 622333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 623333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 624333b0d7eSKazunori MIYAZAWA help 625333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 626333b0d7eSKazunori MIYAZAWA http://www.ietf.org/rfc/rfc3566.txt 627333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 628333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 629333b0d7eSKazunori MIYAZAWA 630f1939f7cSShane Wangconfig CRYPTO_VMAC 631f1939f7cSShane Wang tristate "VMAC support" 632f1939f7cSShane Wang select CRYPTO_HASH 633f1939f7cSShane Wang select CRYPTO_MANAGER 634f1939f7cSShane Wang help 635f1939f7cSShane Wang VMAC is a message authentication algorithm designed for 636f1939f7cSShane Wang very high speed on 64-bit architectures. 637f1939f7cSShane Wang 638f1939f7cSShane Wang See also: 639f1939f7cSShane Wang <http://fastcrypto.org/vmac> 640f1939f7cSShane Wang 641584fffc8SSebastian Siewiorcomment "Digest" 642584fffc8SSebastian Siewior 643584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 644584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 6455773a3e6SHerbert Xu select CRYPTO_HASH 6466a0962b2SDarrick J. Wong select CRC32 6471da177e4SLinus Torvalds help 648584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 649584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 65069c35efcSHerbert Xu See Castagnoli93. Module will be crc32c. 6511da177e4SLinus Torvalds 6528cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL 6538cb51ba8SAustin Zhang tristate "CRC32c INTEL hardware acceleration" 6548cb51ba8SAustin Zhang depends on X86 6558cb51ba8SAustin Zhang select CRYPTO_HASH 6568cb51ba8SAustin Zhang help 6578cb51ba8SAustin Zhang In Intel processor with SSE4.2 supported, the processor will 6588cb51ba8SAustin Zhang support CRC32C implementation using hardware accelerated CRC32 6598cb51ba8SAustin Zhang instruction. This option will create 'crc32c-intel' module, 6608cb51ba8SAustin Zhang which will enable any routine to use the CRC32 instruction to 6618cb51ba8SAustin Zhang gain performance compared with software implementation. 6628cb51ba8SAustin Zhang Module will be crc32c-intel. 6638cb51ba8SAustin Zhang 6647cf31864SJean Delvareconfig CRYPTO_CRC32C_VPMSUM 6656dd7a82cSAnton Blanchard tristate "CRC32c CRC algorithm (powerpc64)" 666c12abf34SMichael Ellerman depends on PPC64 && ALTIVEC 6676dd7a82cSAnton Blanchard select CRYPTO_HASH 6686dd7a82cSAnton Blanchard select CRC32 6696dd7a82cSAnton Blanchard help 6706dd7a82cSAnton Blanchard CRC32c algorithm implemented using vector polynomial multiply-sum 6716dd7a82cSAnton Blanchard (vpmsum) instructions, introduced in POWER8. Enable on POWER8 6726dd7a82cSAnton Blanchard and newer processors for improved performance. 6736dd7a82cSAnton Blanchard 6746dd7a82cSAnton Blanchard 675442a7c40SDavid S. Millerconfig CRYPTO_CRC32C_SPARC64 676442a7c40SDavid S. Miller tristate "CRC32c CRC algorithm (SPARC64)" 677442a7c40SDavid S. Miller depends on SPARC64 678442a7c40SDavid S. Miller select CRYPTO_HASH 679442a7c40SDavid S. Miller select CRC32 680442a7c40SDavid S. Miller help 681442a7c40SDavid S. Miller CRC32c CRC algorithm implemented using sparc64 crypto instructions, 682442a7c40SDavid S. Miller when available. 683442a7c40SDavid S. Miller 68478c37d19SAlexander Boykoconfig CRYPTO_CRC32 68578c37d19SAlexander Boyko tristate "CRC32 CRC algorithm" 68678c37d19SAlexander Boyko select CRYPTO_HASH 68778c37d19SAlexander Boyko select CRC32 68878c37d19SAlexander Boyko help 68978c37d19SAlexander Boyko CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 69078c37d19SAlexander Boyko Shash crypto api wrappers to crc32_le function. 69178c37d19SAlexander Boyko 69278c37d19SAlexander Boykoconfig CRYPTO_CRC32_PCLMUL 69378c37d19SAlexander Boyko tristate "CRC32 PCLMULQDQ hardware acceleration" 69478c37d19SAlexander Boyko depends on X86 69578c37d19SAlexander Boyko select CRYPTO_HASH 69678c37d19SAlexander Boyko select CRC32 69778c37d19SAlexander Boyko help 69878c37d19SAlexander Boyko From Intel Westmere and AMD Bulldozer processor with SSE4.2 69978c37d19SAlexander Boyko and PCLMULQDQ supported, the processor will support 70078c37d19SAlexander Boyko CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 701af8cb01fShaco instruction. This option will create 'crc32-pclmul' module, 70278c37d19SAlexander Boyko which will enable any routine to use the CRC-32-IEEE 802.3 checksum 70378c37d19SAlexander Boyko and gain better performance as compared with the table implementation. 70478c37d19SAlexander Boyko 7054a5dc51eSMarcin Nowakowskiconfig CRYPTO_CRC32_MIPS 7064a5dc51eSMarcin Nowakowski tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 7074a5dc51eSMarcin Nowakowski depends on MIPS_CRC_SUPPORT 7084a5dc51eSMarcin Nowakowski select CRYPTO_HASH 7094a5dc51eSMarcin Nowakowski help 7104a5dc51eSMarcin Nowakowski CRC32c and CRC32 CRC algorithms implemented using mips crypto 7114a5dc51eSMarcin Nowakowski instructions, when available. 7124a5dc51eSMarcin Nowakowski 7134a5dc51eSMarcin Nowakowski 71467882e76SNikolay Borisovconfig CRYPTO_XXHASH 71567882e76SNikolay Borisov tristate "xxHash hash algorithm" 71667882e76SNikolay Borisov select CRYPTO_HASH 71767882e76SNikolay Borisov select XXHASH 71867882e76SNikolay Borisov help 71967882e76SNikolay Borisov xxHash non-cryptographic hash algorithm. Extremely fast, working at 72067882e76SNikolay Borisov speeds close to RAM limits. 72167882e76SNikolay Borisov 72268411521SHerbert Xuconfig CRYPTO_CRCT10DIF 72368411521SHerbert Xu tristate "CRCT10DIF algorithm" 72468411521SHerbert Xu select CRYPTO_HASH 72568411521SHerbert Xu help 72668411521SHerbert Xu CRC T10 Data Integrity Field computation is being cast as 72768411521SHerbert Xu a crypto transform. This allows for faster crc t10 diff 72868411521SHerbert Xu transforms to be used if they are available. 72968411521SHerbert Xu 73068411521SHerbert Xuconfig CRYPTO_CRCT10DIF_PCLMUL 73168411521SHerbert Xu tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 73268411521SHerbert Xu depends on X86 && 64BIT && CRC_T10DIF 73368411521SHerbert Xu select CRYPTO_HASH 73468411521SHerbert Xu help 73568411521SHerbert Xu For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 73668411521SHerbert Xu CRC T10 DIF PCLMULQDQ computation can be hardware 73768411521SHerbert Xu accelerated PCLMULQDQ instruction. This option will create 738af8cb01fShaco 'crct10dif-pclmul' module, which is faster when computing the 73968411521SHerbert Xu crct10dif checksum as compared with the generic table implementation. 74068411521SHerbert Xu 741b01df1c1SDaniel Axtensconfig CRYPTO_CRCT10DIF_VPMSUM 742b01df1c1SDaniel Axtens tristate "CRC32T10DIF powerpc64 hardware acceleration" 743b01df1c1SDaniel Axtens depends on PPC64 && ALTIVEC && CRC_T10DIF 744b01df1c1SDaniel Axtens select CRYPTO_HASH 745b01df1c1SDaniel Axtens help 746b01df1c1SDaniel Axtens CRC10T10DIF algorithm implemented using vector polynomial 747b01df1c1SDaniel Axtens multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 748b01df1c1SDaniel Axtens POWER8 and newer processors for improved performance. 749b01df1c1SDaniel Axtens 750146c8688SDaniel Axtensconfig CRYPTO_VPMSUM_TESTER 751146c8688SDaniel Axtens tristate "Powerpc64 vpmsum hardware acceleration tester" 752146c8688SDaniel Axtens depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 753146c8688SDaniel Axtens help 754146c8688SDaniel Axtens Stress test for CRC32c and CRC-T10DIF algorithms implemented with 755146c8688SDaniel Axtens POWER8 vpmsum instructions. 756146c8688SDaniel Axtens Unless you are testing these algorithms, you don't need this. 757146c8688SDaniel Axtens 7582cdc6899SHuang Yingconfig CRYPTO_GHASH 7592cdc6899SHuang Ying tristate "GHASH digest algorithm" 7602cdc6899SHuang Ying select CRYPTO_GF128MUL 761578c60fbSArnd Bergmann select CRYPTO_HASH 7622cdc6899SHuang Ying help 7632cdc6899SHuang Ying GHASH is message digest algorithm for GCM (Galois/Counter Mode). 7642cdc6899SHuang Ying 765f979e014SMartin Williconfig CRYPTO_POLY1305 766f979e014SMartin Willi tristate "Poly1305 authenticator algorithm" 767578c60fbSArnd Bergmann select CRYPTO_HASH 768f979e014SMartin Willi help 769f979e014SMartin Willi Poly1305 authenticator algorithm, RFC7539. 770f979e014SMartin Willi 771f979e014SMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 772f979e014SMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 773f979e014SMartin Willi in IETF protocols. This is the portable C implementation of Poly1305. 774f979e014SMartin Willi 775c70f4abeSMartin Williconfig CRYPTO_POLY1305_X86_64 776b1ccc8f4SMartin Willi tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 777c70f4abeSMartin Willi depends on X86 && 64BIT 778c70f4abeSMartin Willi select CRYPTO_POLY1305 779c70f4abeSMartin Willi help 780c70f4abeSMartin Willi Poly1305 authenticator algorithm, RFC7539. 781c70f4abeSMartin Willi 782c70f4abeSMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 783c70f4abeSMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 784c70f4abeSMartin Willi in IETF protocols. This is the x86_64 assembler implementation using SIMD 785c70f4abeSMartin Willi instructions. 786c70f4abeSMartin Willi 7871da177e4SLinus Torvaldsconfig CRYPTO_MD4 7881da177e4SLinus Torvalds tristate "MD4 digest algorithm" 789808a1763SAdrian-Ken Rueegsegger select CRYPTO_HASH 7901da177e4SLinus Torvalds help 7911da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 7921da177e4SLinus Torvalds 7931da177e4SLinus Torvaldsconfig CRYPTO_MD5 7941da177e4SLinus Torvalds tristate "MD5 digest algorithm" 79514b75ba7SAdrian-Ken Rueegsegger select CRYPTO_HASH 7961da177e4SLinus Torvalds help 7971da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 7981da177e4SLinus Torvalds 799d69e75deSAaro Koskinenconfig CRYPTO_MD5_OCTEON 800d69e75deSAaro Koskinen tristate "MD5 digest algorithm (OCTEON)" 801d69e75deSAaro Koskinen depends on CPU_CAVIUM_OCTEON 802d69e75deSAaro Koskinen select CRYPTO_MD5 803d69e75deSAaro Koskinen select CRYPTO_HASH 804d69e75deSAaro Koskinen help 805d69e75deSAaro Koskinen MD5 message digest algorithm (RFC1321) implemented 806d69e75deSAaro Koskinen using OCTEON crypto instructions, when available. 807d69e75deSAaro Koskinen 808e8e59953SMarkus Stockhausenconfig CRYPTO_MD5_PPC 809e8e59953SMarkus Stockhausen tristate "MD5 digest algorithm (PPC)" 810e8e59953SMarkus Stockhausen depends on PPC 811e8e59953SMarkus Stockhausen select CRYPTO_HASH 812e8e59953SMarkus Stockhausen help 813e8e59953SMarkus Stockhausen MD5 message digest algorithm (RFC1321) implemented 814e8e59953SMarkus Stockhausen in PPC assembler. 815e8e59953SMarkus Stockhausen 816fa4dfedcSDavid S. Millerconfig CRYPTO_MD5_SPARC64 817fa4dfedcSDavid S. Miller tristate "MD5 digest algorithm (SPARC64)" 818fa4dfedcSDavid S. Miller depends on SPARC64 819fa4dfedcSDavid S. Miller select CRYPTO_MD5 820fa4dfedcSDavid S. Miller select CRYPTO_HASH 821fa4dfedcSDavid S. Miller help 822fa4dfedcSDavid S. Miller MD5 message digest algorithm (RFC1321) implemented 823fa4dfedcSDavid S. Miller using sparc64 crypto instructions, when available. 824fa4dfedcSDavid S. Miller 825584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 826584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 82719e2bf14SAdrian-Ken Rueegsegger select CRYPTO_HASH 828584fffc8SSebastian Siewior help 829584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 830584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 831584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 832584fffc8SSebastian Siewior of the algorithm. 833584fffc8SSebastian Siewior 83482798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128 83582798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-128 digest algorithm" 8367c4468bcSHerbert Xu select CRYPTO_HASH 83782798f90SAdrian-Ken Rueegsegger help 83882798f90SAdrian-Ken Rueegsegger RIPEMD-128 (ISO/IEC 10118-3:2004). 83982798f90SAdrian-Ken Rueegsegger 84082798f90SAdrian-Ken Rueegsegger RIPEMD-128 is a 128-bit cryptographic hash function. It should only 84135ed4b35SMichael Witten be used as a secure replacement for RIPEMD. For other use cases, 84282798f90SAdrian-Ken Rueegsegger RIPEMD-160 should be used. 84382798f90SAdrian-Ken Rueegsegger 84482798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8456d8de74cSJustin P. Mattock See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 84682798f90SAdrian-Ken Rueegsegger 84782798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 84882798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 849e5835fbaSHerbert Xu select CRYPTO_HASH 85082798f90SAdrian-Ken Rueegsegger help 85182798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 85282798f90SAdrian-Ken Rueegsegger 85382798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 85482798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 855b6d44341SAdrian Bunk MD4, MD5 and it's predecessor RIPEMD 856b6d44341SAdrian Bunk (not to be confused with RIPEMD-128). 85782798f90SAdrian-Ken Rueegsegger 858b6d44341SAdrian Bunk It's speed is comparable to SHA1 and there are no known attacks 859b6d44341SAdrian Bunk against RIPEMD-160. 860534fe2c1SAdrian-Ken Rueegsegger 861534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8626d8de74cSJustin P. Mattock See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 863534fe2c1SAdrian-Ken Rueegsegger 864534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD256 865534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-256 digest algorithm" 866d8a5e2e9SHerbert Xu select CRYPTO_HASH 867534fe2c1SAdrian-Ken Rueegsegger help 868b6d44341SAdrian Bunk RIPEMD-256 is an optional extension of RIPEMD-128 with a 869b6d44341SAdrian Bunk 256 bit hash. It is intended for applications that require 870b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 871b6d44341SAdrian Bunk (than RIPEMD-128). 872534fe2c1SAdrian-Ken Rueegsegger 873534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8746d8de74cSJustin P. Mattock See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 875534fe2c1SAdrian-Ken Rueegsegger 876534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD320 877534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-320 digest algorithm" 8783b8efb4cSHerbert Xu select CRYPTO_HASH 879534fe2c1SAdrian-Ken Rueegsegger help 880b6d44341SAdrian Bunk RIPEMD-320 is an optional extension of RIPEMD-160 with a 881b6d44341SAdrian Bunk 320 bit hash. It is intended for applications that require 882b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 883b6d44341SAdrian Bunk (than RIPEMD-160). 884534fe2c1SAdrian-Ken Rueegsegger 88582798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8866d8de74cSJustin P. Mattock See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 88782798f90SAdrian-Ken Rueegsegger 8881da177e4SLinus Torvaldsconfig CRYPTO_SHA1 8891da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 89054ccb367SAdrian-Ken Rueegsegger select CRYPTO_HASH 8911da177e4SLinus Torvalds help 8921da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 8931da177e4SLinus Torvalds 89466be8951SMathias Krauseconfig CRYPTO_SHA1_SSSE3 895e38b6b7fStim tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 89666be8951SMathias Krause depends on X86 && 64BIT 89766be8951SMathias Krause select CRYPTO_SHA1 89866be8951SMathias Krause select CRYPTO_HASH 89966be8951SMathias Krause help 90066be8951SMathias Krause SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 90166be8951SMathias Krause using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 902e38b6b7fStim Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 903e38b6b7fStim when available. 90466be8951SMathias Krause 9058275d1aaSTim Chenconfig CRYPTO_SHA256_SSSE3 906e38b6b7fStim tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 9078275d1aaSTim Chen depends on X86 && 64BIT 9088275d1aaSTim Chen select CRYPTO_SHA256 9098275d1aaSTim Chen select CRYPTO_HASH 9108275d1aaSTim Chen help 9118275d1aaSTim Chen SHA-256 secure hash standard (DFIPS 180-2) implemented 9128275d1aaSTim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 9138275d1aaSTim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 914e38b6b7fStim version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 915e38b6b7fStim Instructions) when available. 9168275d1aaSTim Chen 91787de4579STim Chenconfig CRYPTO_SHA512_SSSE3 91887de4579STim Chen tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 91987de4579STim Chen depends on X86 && 64BIT 92087de4579STim Chen select CRYPTO_SHA512 92187de4579STim Chen select CRYPTO_HASH 92287de4579STim Chen help 92387de4579STim Chen SHA-512 secure hash standard (DFIPS 180-2) implemented 92487de4579STim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 92587de4579STim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 92687de4579STim Chen version 2 (AVX2) instructions, when available. 92787de4579STim Chen 928efdb6f6eSAaro Koskinenconfig CRYPTO_SHA1_OCTEON 929efdb6f6eSAaro Koskinen tristate "SHA1 digest algorithm (OCTEON)" 930efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 931efdb6f6eSAaro Koskinen select CRYPTO_SHA1 932efdb6f6eSAaro Koskinen select CRYPTO_HASH 933efdb6f6eSAaro Koskinen help 934efdb6f6eSAaro Koskinen SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 935efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 936efdb6f6eSAaro Koskinen 9374ff28d4cSDavid S. Millerconfig CRYPTO_SHA1_SPARC64 9384ff28d4cSDavid S. Miller tristate "SHA1 digest algorithm (SPARC64)" 9394ff28d4cSDavid S. Miller depends on SPARC64 9404ff28d4cSDavid S. Miller select CRYPTO_SHA1 9414ff28d4cSDavid S. Miller select CRYPTO_HASH 9424ff28d4cSDavid S. Miller help 9434ff28d4cSDavid S. Miller SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 9444ff28d4cSDavid S. Miller using sparc64 crypto instructions, when available. 9454ff28d4cSDavid S. Miller 946323a6bf1SMichael Ellermanconfig CRYPTO_SHA1_PPC 947323a6bf1SMichael Ellerman tristate "SHA1 digest algorithm (powerpc)" 948323a6bf1SMichael Ellerman depends on PPC 949323a6bf1SMichael Ellerman help 950323a6bf1SMichael Ellerman This is the powerpc hardware accelerated implementation of the 951323a6bf1SMichael Ellerman SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 952323a6bf1SMichael Ellerman 953d9850fc5SMarkus Stockhausenconfig CRYPTO_SHA1_PPC_SPE 954d9850fc5SMarkus Stockhausen tristate "SHA1 digest algorithm (PPC SPE)" 955d9850fc5SMarkus Stockhausen depends on PPC && SPE 956d9850fc5SMarkus Stockhausen help 957d9850fc5SMarkus Stockhausen SHA-1 secure hash standard (DFIPS 180-4) implemented 958d9850fc5SMarkus Stockhausen using powerpc SPE SIMD instruction set. 959d9850fc5SMarkus Stockhausen 9601da177e4SLinus Torvaldsconfig CRYPTO_SHA256 961cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 96250e109b5SAdrian-Ken Rueegsegger select CRYPTO_HASH 9631da177e4SLinus Torvalds help 9641da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 9651da177e4SLinus Torvalds 9661da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 9671da177e4SLinus Torvalds security against collision attacks. 9681da177e4SLinus Torvalds 969cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 970cd12fb90SJonathan Lynch of security against collision attacks. 971cd12fb90SJonathan Lynch 9722ecc1e95SMarkus Stockhausenconfig CRYPTO_SHA256_PPC_SPE 9732ecc1e95SMarkus Stockhausen tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 9742ecc1e95SMarkus Stockhausen depends on PPC && SPE 9752ecc1e95SMarkus Stockhausen select CRYPTO_SHA256 9762ecc1e95SMarkus Stockhausen select CRYPTO_HASH 9772ecc1e95SMarkus Stockhausen help 9782ecc1e95SMarkus Stockhausen SHA224 and SHA256 secure hash standard (DFIPS 180-2) 9792ecc1e95SMarkus Stockhausen implemented using powerpc SPE SIMD instruction set. 9802ecc1e95SMarkus Stockhausen 981efdb6f6eSAaro Koskinenconfig CRYPTO_SHA256_OCTEON 982efdb6f6eSAaro Koskinen tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 983efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 984efdb6f6eSAaro Koskinen select CRYPTO_SHA256 985efdb6f6eSAaro Koskinen select CRYPTO_HASH 986efdb6f6eSAaro Koskinen help 987efdb6f6eSAaro Koskinen SHA-256 secure hash standard (DFIPS 180-2) implemented 988efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 989efdb6f6eSAaro Koskinen 99086c93b24SDavid S. Millerconfig CRYPTO_SHA256_SPARC64 99186c93b24SDavid S. Miller tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 99286c93b24SDavid S. Miller depends on SPARC64 99386c93b24SDavid S. Miller select CRYPTO_SHA256 99486c93b24SDavid S. Miller select CRYPTO_HASH 99586c93b24SDavid S. Miller help 99686c93b24SDavid S. Miller SHA-256 secure hash standard (DFIPS 180-2) implemented 99786c93b24SDavid S. Miller using sparc64 crypto instructions, when available. 99886c93b24SDavid S. Miller 9991da177e4SLinus Torvaldsconfig CRYPTO_SHA512 10001da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 1001bd9d20dbSAdrian-Ken Rueegsegger select CRYPTO_HASH 10021da177e4SLinus Torvalds help 10031da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 10041da177e4SLinus Torvalds 10051da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 10061da177e4SLinus Torvalds security against collision attacks. 10071da177e4SLinus Torvalds 10081da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 10091da177e4SLinus Torvalds of security against collision attacks. 10101da177e4SLinus Torvalds 1011efdb6f6eSAaro Koskinenconfig CRYPTO_SHA512_OCTEON 1012efdb6f6eSAaro Koskinen tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1013efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 1014efdb6f6eSAaro Koskinen select CRYPTO_SHA512 1015efdb6f6eSAaro Koskinen select CRYPTO_HASH 1016efdb6f6eSAaro Koskinen help 1017efdb6f6eSAaro Koskinen SHA-512 secure hash standard (DFIPS 180-2) implemented 1018efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 1019efdb6f6eSAaro Koskinen 1020775e0c69SDavid S. Millerconfig CRYPTO_SHA512_SPARC64 1021775e0c69SDavid S. Miller tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1022775e0c69SDavid S. Miller depends on SPARC64 1023775e0c69SDavid S. Miller select CRYPTO_SHA512 1024775e0c69SDavid S. Miller select CRYPTO_HASH 1025775e0c69SDavid S. Miller help 1026775e0c69SDavid S. Miller SHA-512 secure hash standard (DFIPS 180-2) implemented 1027775e0c69SDavid S. Miller using sparc64 crypto instructions, when available. 1028775e0c69SDavid S. Miller 102953964b9eSJeff Garzikconfig CRYPTO_SHA3 103053964b9eSJeff Garzik tristate "SHA3 digest algorithm" 103153964b9eSJeff Garzik select CRYPTO_HASH 103253964b9eSJeff Garzik help 103353964b9eSJeff Garzik SHA-3 secure hash standard (DFIPS 202). It's based on 103453964b9eSJeff Garzik cryptographic sponge function family called Keccak. 103553964b9eSJeff Garzik 103653964b9eSJeff Garzik References: 103753964b9eSJeff Garzik http://keccak.noekeon.org/ 103853964b9eSJeff Garzik 10394f0fc160SGilad Ben-Yossefconfig CRYPTO_SM3 10404f0fc160SGilad Ben-Yossef tristate "SM3 digest algorithm" 10414f0fc160SGilad Ben-Yossef select CRYPTO_HASH 10424f0fc160SGilad Ben-Yossef help 10434f0fc160SGilad Ben-Yossef SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 10444f0fc160SGilad Ben-Yossef It is part of the Chinese Commercial Cryptography suite. 10454f0fc160SGilad Ben-Yossef 10464f0fc160SGilad Ben-Yossef References: 10474f0fc160SGilad Ben-Yossef http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 10484f0fc160SGilad Ben-Yossef https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 10494f0fc160SGilad Ben-Yossef 1050fe18957eSVitaly Chikunovconfig CRYPTO_STREEBOG 1051fe18957eSVitaly Chikunov tristate "Streebog Hash Function" 1052fe18957eSVitaly Chikunov select CRYPTO_HASH 1053fe18957eSVitaly Chikunov help 1054fe18957eSVitaly Chikunov Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1055fe18957eSVitaly Chikunov cryptographic standard algorithms (called GOST algorithms). 1056fe18957eSVitaly Chikunov This setting enables two hash algorithms with 256 and 512 bits output. 1057fe18957eSVitaly Chikunov 1058fe18957eSVitaly Chikunov References: 1059fe18957eSVitaly Chikunov https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1060fe18957eSVitaly Chikunov https://tools.ietf.org/html/rfc6986 1061fe18957eSVitaly Chikunov 10621da177e4SLinus Torvaldsconfig CRYPTO_TGR192 10631da177e4SLinus Torvalds tristate "Tiger digest algorithms" 1064f63fbd3dSAdrian-Ken Rueegsegger select CRYPTO_HASH 10651da177e4SLinus Torvalds help 10661da177e4SLinus Torvalds Tiger hash algorithm 192, 160 and 128-bit hashes 10671da177e4SLinus Torvalds 10681da177e4SLinus Torvalds Tiger is a hash function optimized for 64-bit processors while 10691da177e4SLinus Torvalds still having decent performance on 32-bit processors. 10701da177e4SLinus Torvalds Tiger was developed by Ross Anderson and Eli Biham. 10711da177e4SLinus Torvalds 10721da177e4SLinus Torvalds See also: 10731da177e4SLinus Torvalds <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 10741da177e4SLinus Torvalds 1075584fffc8SSebastian Siewiorconfig CRYPTO_WP512 1076584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 10774946510bSAdrian-Ken Rueegsegger select CRYPTO_HASH 10781da177e4SLinus Torvalds help 1079584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 10801da177e4SLinus Torvalds 1081584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 1082584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 10831da177e4SLinus Torvalds 10841da177e4SLinus Torvalds See also: 10856d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 10861da177e4SLinus Torvalds 10870e1227d3SHuang Yingconfig CRYPTO_GHASH_CLMUL_NI_INTEL 10880e1227d3SHuang Ying tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 10898af00860SRichard Weinberger depends on X86 && 64BIT 10900e1227d3SHuang Ying select CRYPTO_CRYPTD 10910e1227d3SHuang Ying help 10920e1227d3SHuang Ying GHASH is message digest algorithm for GCM (Galois/Counter Mode). 10930e1227d3SHuang Ying The implementation is accelerated by CLMUL-NI of Intel. 10940e1227d3SHuang Ying 1095584fffc8SSebastian Siewiorcomment "Ciphers" 10961da177e4SLinus Torvalds 10971da177e4SLinus Torvaldsconfig CRYPTO_AES 10981da177e4SLinus Torvalds tristate "AES cipher algorithms" 1099cce9e06dSHerbert Xu select CRYPTO_ALGAPI 11001da177e4SLinus Torvalds help 11011da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 11021da177e4SLinus Torvalds algorithm. 11031da177e4SLinus Torvalds 11041da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 11051da177e4SLinus Torvalds both hardware and software across a wide range of computing 11061da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 11071da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 11081da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 11091da177e4SLinus Torvalds suited for restricted-space environments, in which it also 11101da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 11111da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 11121da177e4SLinus Torvalds 11131da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 11141da177e4SLinus Torvalds 11151da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 11161da177e4SLinus Torvalds 1117b5e0b032SArd Biesheuvelconfig CRYPTO_AES_TI 1118b5e0b032SArd Biesheuvel tristate "Fixed time AES cipher" 1119b5e0b032SArd Biesheuvel select CRYPTO_ALGAPI 1120b5e0b032SArd Biesheuvel help 1121b5e0b032SArd Biesheuvel This is a generic implementation of AES that attempts to eliminate 1122b5e0b032SArd Biesheuvel data dependent latencies as much as possible without affecting 1123b5e0b032SArd Biesheuvel performance too much. It is intended for use by the generic CCM 1124b5e0b032SArd Biesheuvel and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1125b5e0b032SArd Biesheuvel solely on encryption (although decryption is supported as well, but 1126b5e0b032SArd Biesheuvel with a more dramatic performance hit) 1127b5e0b032SArd Biesheuvel 1128b5e0b032SArd Biesheuvel Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1129b5e0b032SArd Biesheuvel 8 for decryption), this implementation only uses just two S-boxes of 1130b5e0b032SArd Biesheuvel 256 bytes each, and attempts to eliminate data dependent latencies by 1131b5e0b032SArd Biesheuvel prefetching the entire table into the cache at the start of each 11320a6a40c2SEric Biggers block. Interrupts are also disabled to avoid races where cachelines 11330a6a40c2SEric Biggers are evicted when the CPU is interrupted to do something else. 1134b5e0b032SArd Biesheuvel 11351da177e4SLinus Torvaldsconfig CRYPTO_AES_586 11361da177e4SLinus Torvalds tristate "AES cipher algorithms (i586)" 1137cce9e06dSHerbert Xu depends on (X86 || UML_X86) && !64BIT 1138cce9e06dSHerbert Xu select CRYPTO_ALGAPI 11395157dea8SSebastian Siewior select CRYPTO_AES 11401da177e4SLinus Torvalds help 11411da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 11421da177e4SLinus Torvalds algorithm. 11431da177e4SLinus Torvalds 11441da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 11451da177e4SLinus Torvalds both hardware and software across a wide range of computing 11461da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 11471da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 11481da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 11491da177e4SLinus Torvalds suited for restricted-space environments, in which it also 11501da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 11511da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 11521da177e4SLinus Torvalds 11531da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 11541da177e4SLinus Torvalds 11551da177e4SLinus Torvalds See <http://csrc.nist.gov/encryption/aes/> for more information. 11561da177e4SLinus Torvalds 1157a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64 1158a2a892a2SAndreas Steinmetz tristate "AES cipher algorithms (x86_64)" 1159cce9e06dSHerbert Xu depends on (X86 || UML_X86) && 64BIT 1160cce9e06dSHerbert Xu select CRYPTO_ALGAPI 116181190b32SSebastian Siewior select CRYPTO_AES 1162a2a892a2SAndreas Steinmetz help 1163a2a892a2SAndreas Steinmetz AES cipher algorithms (FIPS-197). AES uses the Rijndael 1164a2a892a2SAndreas Steinmetz algorithm. 1165a2a892a2SAndreas Steinmetz 1166a2a892a2SAndreas Steinmetz Rijndael appears to be consistently a very good performer in 1167a2a892a2SAndreas Steinmetz both hardware and software across a wide range of computing 1168a2a892a2SAndreas Steinmetz environments regardless of its use in feedback or non-feedback 1169a2a892a2SAndreas Steinmetz modes. Its key setup time is excellent, and its key agility is 1170a2a892a2SAndreas Steinmetz good. Rijndael's very low memory requirements make it very well 1171a2a892a2SAndreas Steinmetz suited for restricted-space environments, in which it also 1172a2a892a2SAndreas Steinmetz demonstrates excellent performance. Rijndael's operations are 1173a2a892a2SAndreas Steinmetz among the easiest to defend against power and timing attacks. 1174a2a892a2SAndreas Steinmetz 1175a2a892a2SAndreas Steinmetz The AES specifies three key sizes: 128, 192 and 256 bits 1176a2a892a2SAndreas Steinmetz 1177a2a892a2SAndreas Steinmetz See <http://csrc.nist.gov/encryption/aes/> for more information. 1178a2a892a2SAndreas Steinmetz 117954b6a1bdSHuang Yingconfig CRYPTO_AES_NI_INTEL 118054b6a1bdSHuang Ying tristate "AES cipher algorithms (AES-NI)" 11818af00860SRichard Weinberger depends on X86 118285671860SHerbert Xu select CRYPTO_AEAD 11830d258efbSMathias Krause select CRYPTO_AES_X86_64 if 64BIT 11840d258efbSMathias Krause select CRYPTO_AES_586 if !64BIT 118554b6a1bdSHuang Ying select CRYPTO_ALGAPI 118685671860SHerbert Xu select CRYPTO_BLKCIPHER 11877643a11aSJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 if 64BIT 118885671860SHerbert Xu select CRYPTO_SIMD 118954b6a1bdSHuang Ying help 119054b6a1bdSHuang Ying Use Intel AES-NI instructions for AES algorithm. 119154b6a1bdSHuang Ying 119254b6a1bdSHuang Ying AES cipher algorithms (FIPS-197). AES uses the Rijndael 119354b6a1bdSHuang Ying algorithm. 119454b6a1bdSHuang Ying 119554b6a1bdSHuang Ying Rijndael appears to be consistently a very good performer in 119654b6a1bdSHuang Ying both hardware and software across a wide range of computing 119754b6a1bdSHuang Ying environments regardless of its use in feedback or non-feedback 119854b6a1bdSHuang Ying modes. Its key setup time is excellent, and its key agility is 119954b6a1bdSHuang Ying good. Rijndael's very low memory requirements make it very well 120054b6a1bdSHuang Ying suited for restricted-space environments, in which it also 120154b6a1bdSHuang Ying demonstrates excellent performance. Rijndael's operations are 120254b6a1bdSHuang Ying among the easiest to defend against power and timing attacks. 120354b6a1bdSHuang Ying 120454b6a1bdSHuang Ying The AES specifies three key sizes: 128, 192 and 256 bits 120554b6a1bdSHuang Ying 120654b6a1bdSHuang Ying See <http://csrc.nist.gov/encryption/aes/> for more information. 120754b6a1bdSHuang Ying 12080d258efbSMathias Krause In addition to AES cipher algorithm support, the acceleration 12090d258efbSMathias Krause for some popular block cipher mode is supported too, including 1210944585a6SArd Biesheuvel ECB, CBC, LRW, XTS. The 64 bit version has additional 12110d258efbSMathias Krause acceleration for CTR. 12122cf4ac8bSHuang Ying 12139bf4852dSDavid S. Millerconfig CRYPTO_AES_SPARC64 12149bf4852dSDavid S. Miller tristate "AES cipher algorithms (SPARC64)" 12159bf4852dSDavid S. Miller depends on SPARC64 12169bf4852dSDavid S. Miller select CRYPTO_CRYPTD 12179bf4852dSDavid S. Miller select CRYPTO_ALGAPI 12189bf4852dSDavid S. Miller help 12199bf4852dSDavid S. Miller Use SPARC64 crypto opcodes for AES algorithm. 12209bf4852dSDavid S. Miller 12219bf4852dSDavid S. Miller AES cipher algorithms (FIPS-197). AES uses the Rijndael 12229bf4852dSDavid S. Miller algorithm. 12239bf4852dSDavid S. Miller 12249bf4852dSDavid S. Miller Rijndael appears to be consistently a very good performer in 12259bf4852dSDavid S. Miller both hardware and software across a wide range of computing 12269bf4852dSDavid S. Miller environments regardless of its use in feedback or non-feedback 12279bf4852dSDavid S. Miller modes. Its key setup time is excellent, and its key agility is 12289bf4852dSDavid S. Miller good. Rijndael's very low memory requirements make it very well 12299bf4852dSDavid S. Miller suited for restricted-space environments, in which it also 12309bf4852dSDavid S. Miller demonstrates excellent performance. Rijndael's operations are 12319bf4852dSDavid S. Miller among the easiest to defend against power and timing attacks. 12329bf4852dSDavid S. Miller 12339bf4852dSDavid S. Miller The AES specifies three key sizes: 128, 192 and 256 bits 12349bf4852dSDavid S. Miller 12359bf4852dSDavid S. Miller See <http://csrc.nist.gov/encryption/aes/> for more information. 12369bf4852dSDavid S. Miller 12379bf4852dSDavid S. Miller In addition to AES cipher algorithm support, the acceleration 12389bf4852dSDavid S. Miller for some popular block cipher mode is supported too, including 12399bf4852dSDavid S. Miller ECB and CBC. 12409bf4852dSDavid S. Miller 1241504c6143SMarkus Stockhausenconfig CRYPTO_AES_PPC_SPE 1242504c6143SMarkus Stockhausen tristate "AES cipher algorithms (PPC SPE)" 1243504c6143SMarkus Stockhausen depends on PPC && SPE 1244504c6143SMarkus Stockhausen help 1245504c6143SMarkus Stockhausen AES cipher algorithms (FIPS-197). Additionally the acceleration 1246504c6143SMarkus Stockhausen for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1247504c6143SMarkus Stockhausen This module should only be used for low power (router) devices 1248504c6143SMarkus Stockhausen without hardware AES acceleration (e.g. caam crypto). It reduces the 1249504c6143SMarkus Stockhausen size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1250504c6143SMarkus Stockhausen timining attacks. Nevertheless it might be not as secure as other 1251504c6143SMarkus Stockhausen architecture specific assembler implementations that work on 1KB 1252504c6143SMarkus Stockhausen tables or 256 bytes S-boxes. 1253504c6143SMarkus Stockhausen 12541da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 12551da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 1256cce9e06dSHerbert Xu select CRYPTO_ALGAPI 12571da177e4SLinus Torvalds help 12581da177e4SLinus Torvalds Anubis cipher algorithm. 12591da177e4SLinus Torvalds 12601da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 12611da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 12621da177e4SLinus Torvalds in the NESSIE competition. 12631da177e4SLinus Torvalds 12641da177e4SLinus Torvalds See also: 12656d8de74cSJustin P. Mattock <https://www.cosic.esat.kuleuven.be/nessie/reports/> 12666d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 12671da177e4SLinus Torvalds 1268dc51f257SArd Biesheuvelconfig CRYPTO_LIB_ARC4 1269dc51f257SArd Biesheuvel tristate 1270dc51f257SArd Biesheuvel 1271584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 1272584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 1273b9b0f080SSebastian Andrzej Siewior select CRYPTO_BLKCIPHER 1274dc51f257SArd Biesheuvel select CRYPTO_LIB_ARC4 1275e2ee95b8SHye-Shik Chang help 1276584fffc8SSebastian Siewior ARC4 cipher algorithm. 1277e2ee95b8SHye-Shik Chang 1278584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1279584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 1280584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 1281584fffc8SSebastian Siewior weakness of the algorithm. 1282584fffc8SSebastian Siewior 1283584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 1284584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 1285584fffc8SSebastian Siewior select CRYPTO_ALGAPI 128652ba867cSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 1287584fffc8SSebastian Siewior help 1288584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 1289584fffc8SSebastian Siewior 1290584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 1291584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 1292584fffc8SSebastian Siewior designed for use on "large microprocessors". 1293e2ee95b8SHye-Shik Chang 1294e2ee95b8SHye-Shik Chang See also: 1295584fffc8SSebastian Siewior <http://www.schneier.com/blowfish.html> 1296584fffc8SSebastian Siewior 129752ba867cSJussi Kivilinnaconfig CRYPTO_BLOWFISH_COMMON 129852ba867cSJussi Kivilinna tristate 129952ba867cSJussi Kivilinna help 130052ba867cSJussi Kivilinna Common parts of the Blowfish cipher algorithm shared by the 130152ba867cSJussi Kivilinna generic c and the assembler implementations. 130252ba867cSJussi Kivilinna 130352ba867cSJussi Kivilinna See also: 130452ba867cSJussi Kivilinna <http://www.schneier.com/blowfish.html> 130552ba867cSJussi Kivilinna 130664b94ceaSJussi Kivilinnaconfig CRYPTO_BLOWFISH_X86_64 130764b94ceaSJussi Kivilinna tristate "Blowfish cipher algorithm (x86_64)" 1308f21a7c19SAl Viro depends on X86 && 64BIT 1309c1679171SEric Biggers select CRYPTO_BLKCIPHER 131064b94ceaSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 131164b94ceaSJussi Kivilinna help 131264b94ceaSJussi Kivilinna Blowfish cipher algorithm (x86_64), by Bruce Schneier. 131364b94ceaSJussi Kivilinna 131464b94ceaSJussi Kivilinna This is a variable key length cipher which can use keys from 32 131564b94ceaSJussi Kivilinna bits to 448 bits in length. It's fast, simple and specifically 131664b94ceaSJussi Kivilinna designed for use on "large microprocessors". 131764b94ceaSJussi Kivilinna 131864b94ceaSJussi Kivilinna See also: 131964b94ceaSJussi Kivilinna <http://www.schneier.com/blowfish.html> 132064b94ceaSJussi Kivilinna 1321584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 1322584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 1323584fffc8SSebastian Siewior depends on CRYPTO 1324584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1325584fffc8SSebastian Siewior help 1326584fffc8SSebastian Siewior Camellia cipher algorithms module. 1327584fffc8SSebastian Siewior 1328584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 1329584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 1330584fffc8SSebastian Siewior 1331584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 1332584fffc8SSebastian Siewior 1333584fffc8SSebastian Siewior See also: 1334584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1335584fffc8SSebastian Siewior 13360b95ec56SJussi Kivilinnaconfig CRYPTO_CAMELLIA_X86_64 13370b95ec56SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64)" 1338f21a7c19SAl Viro depends on X86 && 64BIT 13390b95ec56SJussi Kivilinna depends on CRYPTO 13401af6d037SEric Biggers select CRYPTO_BLKCIPHER 1341964263afSJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 13420b95ec56SJussi Kivilinna help 13430b95ec56SJussi Kivilinna Camellia cipher algorithm module (x86_64). 13440b95ec56SJussi Kivilinna 13450b95ec56SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 13460b95ec56SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 13470b95ec56SJussi Kivilinna 13480b95ec56SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 13490b95ec56SJussi Kivilinna 13500b95ec56SJussi Kivilinna See also: 13510b95ec56SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 13520b95ec56SJussi Kivilinna 1353d9b1d2e7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1354d9b1d2e7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1355d9b1d2e7SJussi Kivilinna depends on X86 && 64BIT 1356d9b1d2e7SJussi Kivilinna depends on CRYPTO 135744893bc2SEric Biggers select CRYPTO_BLKCIPHER 1358d9b1d2e7SJussi Kivilinna select CRYPTO_CAMELLIA_X86_64 135944893bc2SEric Biggers select CRYPTO_GLUE_HELPER_X86 136044893bc2SEric Biggers select CRYPTO_SIMD 1361d9b1d2e7SJussi Kivilinna select CRYPTO_XTS 1362d9b1d2e7SJussi Kivilinna help 1363d9b1d2e7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1364d9b1d2e7SJussi Kivilinna 1365d9b1d2e7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1366d9b1d2e7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1367d9b1d2e7SJussi Kivilinna 1368d9b1d2e7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1369d9b1d2e7SJussi Kivilinna 1370d9b1d2e7SJussi Kivilinna See also: 1371d9b1d2e7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1372d9b1d2e7SJussi Kivilinna 1373f3f935a7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1374f3f935a7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1375f3f935a7SJussi Kivilinna depends on X86 && 64BIT 1376f3f935a7SJussi Kivilinna depends on CRYPTO 1377f3f935a7SJussi Kivilinna select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1378f3f935a7SJussi Kivilinna help 1379f3f935a7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1380f3f935a7SJussi Kivilinna 1381f3f935a7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1382f3f935a7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1383f3f935a7SJussi Kivilinna 1384f3f935a7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1385f3f935a7SJussi Kivilinna 1386f3f935a7SJussi Kivilinna See also: 1387f3f935a7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1388f3f935a7SJussi Kivilinna 138981658ad0SDavid S. Millerconfig CRYPTO_CAMELLIA_SPARC64 139081658ad0SDavid S. Miller tristate "Camellia cipher algorithm (SPARC64)" 139181658ad0SDavid S. Miller depends on SPARC64 139281658ad0SDavid S. Miller depends on CRYPTO 139381658ad0SDavid S. Miller select CRYPTO_ALGAPI 139481658ad0SDavid S. Miller help 139581658ad0SDavid S. Miller Camellia cipher algorithm module (SPARC64). 139681658ad0SDavid S. Miller 139781658ad0SDavid S. Miller Camellia is a symmetric key block cipher developed jointly 139881658ad0SDavid S. Miller at NTT and Mitsubishi Electric Corporation. 139981658ad0SDavid S. Miller 140081658ad0SDavid S. Miller The Camellia specifies three key sizes: 128, 192 and 256 bits. 140181658ad0SDavid S. Miller 140281658ad0SDavid S. Miller See also: 140381658ad0SDavid S. Miller <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 140481658ad0SDavid S. Miller 1405044ab525SJussi Kivilinnaconfig CRYPTO_CAST_COMMON 1406044ab525SJussi Kivilinna tristate 1407044ab525SJussi Kivilinna help 1408044ab525SJussi Kivilinna Common parts of the CAST cipher algorithms shared by the 1409044ab525SJussi Kivilinna generic c and the assembler implementations. 1410044ab525SJussi Kivilinna 1411584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 1412584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 1413584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1414044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1415584fffc8SSebastian Siewior help 1416584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 1417584fffc8SSebastian Siewior described in RFC2144. 1418584fffc8SSebastian Siewior 14194d6d6a2cSJohannes Goetzfriedconfig CRYPTO_CAST5_AVX_X86_64 14204d6d6a2cSJohannes Goetzfried tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 14214d6d6a2cSJohannes Goetzfried depends on X86 && 64BIT 14221e63183aSEric Biggers select CRYPTO_BLKCIPHER 14234d6d6a2cSJohannes Goetzfried select CRYPTO_CAST5 14241e63183aSEric Biggers select CRYPTO_CAST_COMMON 14251e63183aSEric Biggers select CRYPTO_SIMD 14264d6d6a2cSJohannes Goetzfried help 14274d6d6a2cSJohannes Goetzfried The CAST5 encryption algorithm (synonymous with CAST-128) is 14284d6d6a2cSJohannes Goetzfried described in RFC2144. 14294d6d6a2cSJohannes Goetzfried 14304d6d6a2cSJohannes Goetzfried This module provides the Cast5 cipher algorithm that processes 14314d6d6a2cSJohannes Goetzfried sixteen blocks parallel using the AVX instruction set. 14324d6d6a2cSJohannes Goetzfried 1433584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 1434584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 1435584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1436044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1437584fffc8SSebastian Siewior help 1438584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 1439584fffc8SSebastian Siewior described in RFC2612. 1440584fffc8SSebastian Siewior 14414ea1277dSJohannes Goetzfriedconfig CRYPTO_CAST6_AVX_X86_64 14424ea1277dSJohannes Goetzfried tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 14434ea1277dSJohannes Goetzfried depends on X86 && 64BIT 14444bd96924SEric Biggers select CRYPTO_BLKCIPHER 14454ea1277dSJohannes Goetzfried select CRYPTO_CAST6 14464bd96924SEric Biggers select CRYPTO_CAST_COMMON 14474bd96924SEric Biggers select CRYPTO_GLUE_HELPER_X86 14484bd96924SEric Biggers select CRYPTO_SIMD 14494ea1277dSJohannes Goetzfried select CRYPTO_XTS 14504ea1277dSJohannes Goetzfried help 14514ea1277dSJohannes Goetzfried The CAST6 encryption algorithm (synonymous with CAST-256) is 14524ea1277dSJohannes Goetzfried described in RFC2612. 14534ea1277dSJohannes Goetzfried 14544ea1277dSJohannes Goetzfried This module provides the Cast6 cipher algorithm that processes 14554ea1277dSJohannes Goetzfried eight blocks parallel using the AVX instruction set. 14564ea1277dSJohannes Goetzfried 1457584fffc8SSebastian Siewiorconfig CRYPTO_DES 1458584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 1459584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1460584fffc8SSebastian Siewior help 1461584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1462584fffc8SSebastian Siewior 1463c5aac2dfSDavid S. Millerconfig CRYPTO_DES_SPARC64 1464c5aac2dfSDavid S. Miller tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 146597da37b3SDave Jones depends on SPARC64 1466c5aac2dfSDavid S. Miller select CRYPTO_ALGAPI 1467c5aac2dfSDavid S. Miller select CRYPTO_DES 1468c5aac2dfSDavid S. Miller help 1469c5aac2dfSDavid S. Miller DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1470c5aac2dfSDavid S. Miller optimized using SPARC64 crypto opcodes. 1471c5aac2dfSDavid S. Miller 14726574e6c6SJussi Kivilinnaconfig CRYPTO_DES3_EDE_X86_64 14736574e6c6SJussi Kivilinna tristate "Triple DES EDE cipher algorithm (x86-64)" 14746574e6c6SJussi Kivilinna depends on X86 && 64BIT 147509c0f03bSEric Biggers select CRYPTO_BLKCIPHER 14766574e6c6SJussi Kivilinna select CRYPTO_DES 14776574e6c6SJussi Kivilinna help 14786574e6c6SJussi Kivilinna Triple DES EDE (FIPS 46-3) algorithm. 14796574e6c6SJussi Kivilinna 14806574e6c6SJussi Kivilinna This module provides implementation of the Triple DES EDE cipher 14816574e6c6SJussi Kivilinna algorithm that is optimized for x86-64 processors. Two versions of 14826574e6c6SJussi Kivilinna algorithm are provided; regular processing one input block and 14836574e6c6SJussi Kivilinna one that processes three blocks parallel. 14846574e6c6SJussi Kivilinna 1485584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 1486584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 1487584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1488584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 1489584fffc8SSebastian Siewior help 1490584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 1491584fffc8SSebastian Siewior 1492584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 1493584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 1494584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1495584fffc8SSebastian Siewior help 1496584fffc8SSebastian Siewior Khazad cipher algorithm. 1497584fffc8SSebastian Siewior 1498584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 1499584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 1500584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 1501584fffc8SSebastian Siewior 1502584fffc8SSebastian Siewior See also: 15036d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1504e2ee95b8SHye-Shik Chang 15052407d608STan Swee Hengconfig CRYPTO_SALSA20 15063b4afaf2SKees Cook tristate "Salsa20 stream cipher algorithm" 15072407d608STan Swee Heng select CRYPTO_BLKCIPHER 15082407d608STan Swee Heng help 15092407d608STan Swee Heng Salsa20 stream cipher algorithm. 15102407d608STan Swee Heng 15112407d608STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 15122407d608STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 15132407d608STan Swee Heng 15142407d608STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 15152407d608STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 15161da177e4SLinus Torvalds 1517c08d0e64SMartin Williconfig CRYPTO_CHACHA20 1518aa762409SEric Biggers tristate "ChaCha stream cipher algorithms" 1519c08d0e64SMartin Willi select CRYPTO_BLKCIPHER 1520c08d0e64SMartin Willi help 1521aa762409SEric Biggers The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1522c08d0e64SMartin Willi 1523c08d0e64SMartin Willi ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1524c08d0e64SMartin Willi Bernstein and further specified in RFC7539 for use in IETF protocols. 1525de61d7aeSEric Biggers This is the portable C implementation of ChaCha20. See also: 1526c08d0e64SMartin Willi <http://cr.yp.to/chacha/chacha-20080128.pdf> 1527c08d0e64SMartin Willi 1528de61d7aeSEric Biggers XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1529de61d7aeSEric Biggers rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1530de61d7aeSEric Biggers from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1531de61d7aeSEric Biggers while provably retaining ChaCha20's security. See also: 1532de61d7aeSEric Biggers <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1533de61d7aeSEric Biggers 1534aa762409SEric Biggers XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1535aa762409SEric Biggers reduced security margin but increased performance. It can be needed 1536aa762409SEric Biggers in some performance-sensitive scenarios. 1537aa762409SEric Biggers 1538c9320b6dSMartin Williconfig CRYPTO_CHACHA20_X86_64 15394af78261SEric Biggers tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1540c9320b6dSMartin Willi depends on X86 && 64BIT 1541c9320b6dSMartin Willi select CRYPTO_BLKCIPHER 1542c9320b6dSMartin Willi select CRYPTO_CHACHA20 1543c9320b6dSMartin Willi help 15447a507d62SEric Biggers SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 15457a507d62SEric Biggers XChaCha20, and XChaCha12 stream ciphers. 1546c9320b6dSMartin Willi 1547584fffc8SSebastian Siewiorconfig CRYPTO_SEED 1548584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 1549584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1550584fffc8SSebastian Siewior help 1551584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 1552584fffc8SSebastian Siewior 1553584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 1554584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 1555584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 1556584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 1557584fffc8SSebastian Siewior 1558584fffc8SSebastian Siewior See also: 1559584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1560584fffc8SSebastian Siewior 1561584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 1562584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 1563584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1564584fffc8SSebastian Siewior help 1565584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1566584fffc8SSebastian Siewior 1567584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 1568584fffc8SSebastian Siewior of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1569584fffc8SSebastian Siewior variant of Serpent for compatibility with old kerneli.org code. 1570584fffc8SSebastian Siewior 1571584fffc8SSebastian Siewior See also: 1572584fffc8SSebastian Siewior <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1573584fffc8SSebastian Siewior 1574937c30d7SJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_X86_64 1575937c30d7SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/SSE2)" 1576937c30d7SJussi Kivilinna depends on X86 && 64BIT 1577e0f409dcSEric Biggers select CRYPTO_BLKCIPHER 1578596d8750SJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 1579937c30d7SJussi Kivilinna select CRYPTO_SERPENT 1580e0f409dcSEric Biggers select CRYPTO_SIMD 1581937c30d7SJussi Kivilinna help 1582937c30d7SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1583937c30d7SJussi Kivilinna 1584937c30d7SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1585937c30d7SJussi Kivilinna of 8 bits. 1586937c30d7SJussi Kivilinna 15871e6232f8SMasanari Iida This module provides Serpent cipher algorithm that processes eight 1588937c30d7SJussi Kivilinna blocks parallel using SSE2 instruction set. 1589937c30d7SJussi Kivilinna 1590937c30d7SJussi Kivilinna See also: 1591937c30d7SJussi Kivilinna <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1592937c30d7SJussi Kivilinna 1593251496dbSJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_586 1594251496dbSJussi Kivilinna tristate "Serpent cipher algorithm (i586/SSE2)" 1595251496dbSJussi Kivilinna depends on X86 && !64BIT 1596e0f409dcSEric Biggers select CRYPTO_BLKCIPHER 1597596d8750SJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 1598251496dbSJussi Kivilinna select CRYPTO_SERPENT 1599e0f409dcSEric Biggers select CRYPTO_SIMD 1600251496dbSJussi Kivilinna help 1601251496dbSJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1602251496dbSJussi Kivilinna 1603251496dbSJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1604251496dbSJussi Kivilinna of 8 bits. 1605251496dbSJussi Kivilinna 1606251496dbSJussi Kivilinna This module provides Serpent cipher algorithm that processes four 1607251496dbSJussi Kivilinna blocks parallel using SSE2 instruction set. 1608251496dbSJussi Kivilinna 1609251496dbSJussi Kivilinna See also: 1610251496dbSJussi Kivilinna <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1611251496dbSJussi Kivilinna 16127efe4076SJohannes Goetzfriedconfig CRYPTO_SERPENT_AVX_X86_64 16137efe4076SJohannes Goetzfried tristate "Serpent cipher algorithm (x86_64/AVX)" 16147efe4076SJohannes Goetzfried depends on X86 && 64BIT 1615e16bf974SEric Biggers select CRYPTO_BLKCIPHER 16161d0debbdSJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 16177efe4076SJohannes Goetzfried select CRYPTO_SERPENT 1618e16bf974SEric Biggers select CRYPTO_SIMD 16197efe4076SJohannes Goetzfried select CRYPTO_XTS 16207efe4076SJohannes Goetzfried help 16217efe4076SJohannes Goetzfried Serpent cipher algorithm, by Anderson, Biham & Knudsen. 16227efe4076SJohannes Goetzfried 16237efe4076SJohannes Goetzfried Keys are allowed to be from 0 to 256 bits in length, in steps 16247efe4076SJohannes Goetzfried of 8 bits. 16257efe4076SJohannes Goetzfried 16267efe4076SJohannes Goetzfried This module provides the Serpent cipher algorithm that processes 16277efe4076SJohannes Goetzfried eight blocks parallel using the AVX instruction set. 16287efe4076SJohannes Goetzfried 16297efe4076SJohannes Goetzfried See also: 16307efe4076SJohannes Goetzfried <http://www.cl.cam.ac.uk/~rja14/serpent.html> 16317efe4076SJohannes Goetzfried 163256d76c96SJussi Kivilinnaconfig CRYPTO_SERPENT_AVX2_X86_64 163356d76c96SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/AVX2)" 163456d76c96SJussi Kivilinna depends on X86 && 64BIT 163556d76c96SJussi Kivilinna select CRYPTO_SERPENT_AVX_X86_64 163656d76c96SJussi Kivilinna help 163756d76c96SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 163856d76c96SJussi Kivilinna 163956d76c96SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 164056d76c96SJussi Kivilinna of 8 bits. 164156d76c96SJussi Kivilinna 164256d76c96SJussi Kivilinna This module provides Serpent cipher algorithm that processes 16 164356d76c96SJussi Kivilinna blocks parallel using AVX2 instruction set. 164456d76c96SJussi Kivilinna 164556d76c96SJussi Kivilinna See also: 164656d76c96SJussi Kivilinna <http://www.cl.cam.ac.uk/~rja14/serpent.html> 164756d76c96SJussi Kivilinna 1648747c8ce4SGilad Ben-Yossefconfig CRYPTO_SM4 1649747c8ce4SGilad Ben-Yossef tristate "SM4 cipher algorithm" 1650747c8ce4SGilad Ben-Yossef select CRYPTO_ALGAPI 1651747c8ce4SGilad Ben-Yossef help 1652747c8ce4SGilad Ben-Yossef SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1653747c8ce4SGilad Ben-Yossef 1654747c8ce4SGilad Ben-Yossef SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1655747c8ce4SGilad Ben-Yossef Organization of State Commercial Administration of China (OSCCA) 1656747c8ce4SGilad Ben-Yossef as an authorized cryptographic algorithms for the use within China. 1657747c8ce4SGilad Ben-Yossef 1658747c8ce4SGilad Ben-Yossef SMS4 was originally created for use in protecting wireless 1659747c8ce4SGilad Ben-Yossef networks, and is mandated in the Chinese National Standard for 1660747c8ce4SGilad Ben-Yossef Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1661747c8ce4SGilad Ben-Yossef (GB.15629.11-2003). 1662747c8ce4SGilad Ben-Yossef 1663747c8ce4SGilad Ben-Yossef The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1664747c8ce4SGilad Ben-Yossef standardized through TC 260 of the Standardization Administration 1665747c8ce4SGilad Ben-Yossef of the People's Republic of China (SAC). 1666747c8ce4SGilad Ben-Yossef 1667747c8ce4SGilad Ben-Yossef The input, output, and key of SMS4 are each 128 bits. 1668747c8ce4SGilad Ben-Yossef 1669747c8ce4SGilad Ben-Yossef See also: <https://eprint.iacr.org/2008/329.pdf> 1670747c8ce4SGilad Ben-Yossef 1671747c8ce4SGilad Ben-Yossef If unsure, say N. 1672747c8ce4SGilad Ben-Yossef 1673584fffc8SSebastian Siewiorconfig CRYPTO_TEA 1674584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 1675584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1676584fffc8SSebastian Siewior help 1677584fffc8SSebastian Siewior TEA cipher algorithm. 1678584fffc8SSebastian Siewior 1679584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 1680584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 1681584fffc8SSebastian Siewior little memory. 1682584fffc8SSebastian Siewior 1683584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 1684584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 1685584fffc8SSebastian Siewior in the TEA algorithm. 1686584fffc8SSebastian Siewior 1687584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 1688584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 1689584fffc8SSebastian Siewior 1690584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 1691584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 1692584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1693584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1694584fffc8SSebastian Siewior help 1695584fffc8SSebastian Siewior Twofish cipher algorithm. 1696584fffc8SSebastian Siewior 1697584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1698584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1699584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1700584fffc8SSebastian Siewior bits. 1701584fffc8SSebastian Siewior 1702584fffc8SSebastian Siewior See also: 1703584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 1704584fffc8SSebastian Siewior 1705584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 1706584fffc8SSebastian Siewior tristate 1707584fffc8SSebastian Siewior help 1708584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 1709584fffc8SSebastian Siewior generic c and the assembler implementations. 1710584fffc8SSebastian Siewior 1711584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 1712584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 1713584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 1714584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1715584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1716584fffc8SSebastian Siewior help 1717584fffc8SSebastian Siewior Twofish cipher algorithm. 1718584fffc8SSebastian Siewior 1719584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1720584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1721584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1722584fffc8SSebastian Siewior bits. 1723584fffc8SSebastian Siewior 1724584fffc8SSebastian Siewior See also: 1725584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 1726584fffc8SSebastian Siewior 1727584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 1728584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 1729584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 1730584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1731584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1732584fffc8SSebastian Siewior help 1733584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 1734584fffc8SSebastian Siewior 1735584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1736584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1737584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1738584fffc8SSebastian Siewior bits. 1739584fffc8SSebastian Siewior 1740584fffc8SSebastian Siewior See also: 1741584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 1742584fffc8SSebastian Siewior 17438280daadSJussi Kivilinnaconfig CRYPTO_TWOFISH_X86_64_3WAY 17448280daadSJussi Kivilinna tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1745f21a7c19SAl Viro depends on X86 && 64BIT 174637992fa4SEric Biggers select CRYPTO_BLKCIPHER 17478280daadSJussi Kivilinna select CRYPTO_TWOFISH_COMMON 17488280daadSJussi Kivilinna select CRYPTO_TWOFISH_X86_64 1749414cb5e7SJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 17508280daadSJussi Kivilinna help 17518280daadSJussi Kivilinna Twofish cipher algorithm (x86_64, 3-way parallel). 17528280daadSJussi Kivilinna 17538280daadSJussi Kivilinna Twofish was submitted as an AES (Advanced Encryption Standard) 17548280daadSJussi Kivilinna candidate cipher by researchers at CounterPane Systems. It is a 17558280daadSJussi Kivilinna 16 round block cipher supporting key sizes of 128, 192, and 256 17568280daadSJussi Kivilinna bits. 17578280daadSJussi Kivilinna 17588280daadSJussi Kivilinna This module provides Twofish cipher algorithm that processes three 17598280daadSJussi Kivilinna blocks parallel, utilizing resources of out-of-order CPUs better. 17608280daadSJussi Kivilinna 17618280daadSJussi Kivilinna See also: 17628280daadSJussi Kivilinna <http://www.schneier.com/twofish.html> 17638280daadSJussi Kivilinna 1764107778b5SJohannes Goetzfriedconfig CRYPTO_TWOFISH_AVX_X86_64 1765107778b5SJohannes Goetzfried tristate "Twofish cipher algorithm (x86_64/AVX)" 1766107778b5SJohannes Goetzfried depends on X86 && 64BIT 17670e6ab46dSEric Biggers select CRYPTO_BLKCIPHER 1768a7378d4eSJussi Kivilinna select CRYPTO_GLUE_HELPER_X86 17690e6ab46dSEric Biggers select CRYPTO_SIMD 1770107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_COMMON 1771107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64 1772107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64_3WAY 1773107778b5SJohannes Goetzfried help 1774107778b5SJohannes Goetzfried Twofish cipher algorithm (x86_64/AVX). 1775107778b5SJohannes Goetzfried 1776107778b5SJohannes Goetzfried Twofish was submitted as an AES (Advanced Encryption Standard) 1777107778b5SJohannes Goetzfried candidate cipher by researchers at CounterPane Systems. It is a 1778107778b5SJohannes Goetzfried 16 round block cipher supporting key sizes of 128, 192, and 256 1779107778b5SJohannes Goetzfried bits. 1780107778b5SJohannes Goetzfried 1781107778b5SJohannes Goetzfried This module provides the Twofish cipher algorithm that processes 1782107778b5SJohannes Goetzfried eight blocks parallel using the AVX Instruction Set. 1783107778b5SJohannes Goetzfried 1784107778b5SJohannes Goetzfried See also: 1785107778b5SJohannes Goetzfried <http://www.schneier.com/twofish.html> 1786107778b5SJohannes Goetzfried 1787584fffc8SSebastian Siewiorcomment "Compression" 1788584fffc8SSebastian Siewior 17891da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 17901da177e4SLinus Torvalds tristate "Deflate compression algorithm" 1791cce9e06dSHerbert Xu select CRYPTO_ALGAPI 1792f6ded09dSGiovanni Cabiddu select CRYPTO_ACOMP2 17931da177e4SLinus Torvalds select ZLIB_INFLATE 17941da177e4SLinus Torvalds select ZLIB_DEFLATE 17951da177e4SLinus Torvalds help 17961da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 17971da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 17981da177e4SLinus Torvalds 17991da177e4SLinus Torvalds You will most probably want this if using IPSec. 18001da177e4SLinus Torvalds 18010b77abb3SZoltan Sogorconfig CRYPTO_LZO 18020b77abb3SZoltan Sogor tristate "LZO compression algorithm" 18030b77abb3SZoltan Sogor select CRYPTO_ALGAPI 1804ac9d2c4bSGiovanni Cabiddu select CRYPTO_ACOMP2 18050b77abb3SZoltan Sogor select LZO_COMPRESS 18060b77abb3SZoltan Sogor select LZO_DECOMPRESS 18070b77abb3SZoltan Sogor help 18080b77abb3SZoltan Sogor This is the LZO algorithm. 18090b77abb3SZoltan Sogor 181035a1fc18SSeth Jenningsconfig CRYPTO_842 181135a1fc18SSeth Jennings tristate "842 compression algorithm" 18122062c5b6SDan Streetman select CRYPTO_ALGAPI 18136a8de3aeSGiovanni Cabiddu select CRYPTO_ACOMP2 18142062c5b6SDan Streetman select 842_COMPRESS 18152062c5b6SDan Streetman select 842_DECOMPRESS 181635a1fc18SSeth Jennings help 181735a1fc18SSeth Jennings This is the 842 algorithm. 181835a1fc18SSeth Jennings 18190ea8530dSChanho Minconfig CRYPTO_LZ4 18200ea8530dSChanho Min tristate "LZ4 compression algorithm" 18210ea8530dSChanho Min select CRYPTO_ALGAPI 18228cd9330eSGiovanni Cabiddu select CRYPTO_ACOMP2 18230ea8530dSChanho Min select LZ4_COMPRESS 18240ea8530dSChanho Min select LZ4_DECOMPRESS 18250ea8530dSChanho Min help 18260ea8530dSChanho Min This is the LZ4 algorithm. 18270ea8530dSChanho Min 18280ea8530dSChanho Minconfig CRYPTO_LZ4HC 18290ea8530dSChanho Min tristate "LZ4HC compression algorithm" 18300ea8530dSChanho Min select CRYPTO_ALGAPI 183191d53d96SGiovanni Cabiddu select CRYPTO_ACOMP2 18320ea8530dSChanho Min select LZ4HC_COMPRESS 18330ea8530dSChanho Min select LZ4_DECOMPRESS 18340ea8530dSChanho Min help 18350ea8530dSChanho Min This is the LZ4 high compression mode algorithm. 18360ea8530dSChanho Min 1837d28fc3dbSNick Terrellconfig CRYPTO_ZSTD 1838d28fc3dbSNick Terrell tristate "Zstd compression algorithm" 1839d28fc3dbSNick Terrell select CRYPTO_ALGAPI 1840d28fc3dbSNick Terrell select CRYPTO_ACOMP2 1841d28fc3dbSNick Terrell select ZSTD_COMPRESS 1842d28fc3dbSNick Terrell select ZSTD_DECOMPRESS 1843d28fc3dbSNick Terrell help 1844d28fc3dbSNick Terrell This is the zstd algorithm. 1845d28fc3dbSNick Terrell 184617f0f4a4SNeil Hormancomment "Random Number Generation" 184717f0f4a4SNeil Horman 184817f0f4a4SNeil Hormanconfig CRYPTO_ANSI_CPRNG 184917f0f4a4SNeil Horman tristate "Pseudo Random Number Generation for Cryptographic modules" 185017f0f4a4SNeil Horman select CRYPTO_AES 185117f0f4a4SNeil Horman select CRYPTO_RNG 185217f0f4a4SNeil Horman help 185317f0f4a4SNeil Horman This option enables the generic pseudo random number generator 185417f0f4a4SNeil Horman for cryptographic modules. Uses the Algorithm specified in 18557dd607e8SJiri Kosina ANSI X9.31 A.2.4. Note that this option must be enabled if 18567dd607e8SJiri Kosina CRYPTO_FIPS is selected 185717f0f4a4SNeil Horman 1858f2c89a10SHerbert Xumenuconfig CRYPTO_DRBG_MENU 1859419090c6SStephan Mueller tristate "NIST SP800-90A DRBG" 1860419090c6SStephan Mueller help 1861419090c6SStephan Mueller NIST SP800-90A compliant DRBG. In the following submenu, one or 1862419090c6SStephan Mueller more of the DRBG types must be selected. 1863419090c6SStephan Mueller 1864f2c89a10SHerbert Xuif CRYPTO_DRBG_MENU 1865419090c6SStephan Mueller 1866419090c6SStephan Muellerconfig CRYPTO_DRBG_HMAC 1867401e4238SHerbert Xu bool 1868419090c6SStephan Mueller default y 1869419090c6SStephan Mueller select CRYPTO_HMAC 1870826775bbSHerbert Xu select CRYPTO_SHA256 1871419090c6SStephan Mueller 1872419090c6SStephan Muellerconfig CRYPTO_DRBG_HASH 1873419090c6SStephan Mueller bool "Enable Hash DRBG" 1874826775bbSHerbert Xu select CRYPTO_SHA256 1875419090c6SStephan Mueller help 1876419090c6SStephan Mueller Enable the Hash DRBG variant as defined in NIST SP800-90A. 1877419090c6SStephan Mueller 1878419090c6SStephan Muellerconfig CRYPTO_DRBG_CTR 1879419090c6SStephan Mueller bool "Enable CTR DRBG" 1880419090c6SStephan Mueller select CRYPTO_AES 188135591285SStephan Mueller depends on CRYPTO_CTR 1882419090c6SStephan Mueller help 1883419090c6SStephan Mueller Enable the CTR DRBG variant as defined in NIST SP800-90A. 1884419090c6SStephan Mueller 1885f2c89a10SHerbert Xuconfig CRYPTO_DRBG 1886f2c89a10SHerbert Xu tristate 1887401e4238SHerbert Xu default CRYPTO_DRBG_MENU 1888f2c89a10SHerbert Xu select CRYPTO_RNG 1889bb5530e4SStephan Mueller select CRYPTO_JITTERENTROPY 1890f2c89a10SHerbert Xu 1891f2c89a10SHerbert Xuendif # if CRYPTO_DRBG_MENU 1892419090c6SStephan Mueller 1893bb5530e4SStephan Muellerconfig CRYPTO_JITTERENTROPY 1894bb5530e4SStephan Mueller tristate "Jitterentropy Non-Deterministic Random Number Generator" 18952f313e02SArnd Bergmann select CRYPTO_RNG 1896bb5530e4SStephan Mueller help 1897bb5530e4SStephan Mueller The Jitterentropy RNG is a noise that is intended 1898bb5530e4SStephan Mueller to provide seed to another RNG. The RNG does not 1899bb5530e4SStephan Mueller perform any cryptographic whitening of the generated 1900bb5530e4SStephan Mueller random numbers. This Jitterentropy RNG registers with 1901bb5530e4SStephan Mueller the kernel crypto API and can be used by any caller. 1902bb5530e4SStephan Mueller 190303c8efc1SHerbert Xuconfig CRYPTO_USER_API 190403c8efc1SHerbert Xu tristate 190503c8efc1SHerbert Xu 1906fe869cdbSHerbert Xuconfig CRYPTO_USER_API_HASH 1907fe869cdbSHerbert Xu tristate "User-space interface for hash algorithms" 19087451708fSHerbert Xu depends on NET 1909fe869cdbSHerbert Xu select CRYPTO_HASH 1910fe869cdbSHerbert Xu select CRYPTO_USER_API 1911fe869cdbSHerbert Xu help 1912fe869cdbSHerbert Xu This option enables the user-spaces interface for hash 1913fe869cdbSHerbert Xu algorithms. 1914fe869cdbSHerbert Xu 19158ff59090SHerbert Xuconfig CRYPTO_USER_API_SKCIPHER 19168ff59090SHerbert Xu tristate "User-space interface for symmetric key cipher algorithms" 19177451708fSHerbert Xu depends on NET 19188ff59090SHerbert Xu select CRYPTO_BLKCIPHER 19198ff59090SHerbert Xu select CRYPTO_USER_API 19208ff59090SHerbert Xu help 19218ff59090SHerbert Xu This option enables the user-spaces interface for symmetric 19228ff59090SHerbert Xu key cipher algorithms. 19238ff59090SHerbert Xu 19242f375538SStephan Muellerconfig CRYPTO_USER_API_RNG 19252f375538SStephan Mueller tristate "User-space interface for random number generator algorithms" 19262f375538SStephan Mueller depends on NET 19272f375538SStephan Mueller select CRYPTO_RNG 19282f375538SStephan Mueller select CRYPTO_USER_API 19292f375538SStephan Mueller help 19302f375538SStephan Mueller This option enables the user-spaces interface for random 19312f375538SStephan Mueller number generator algorithms. 19322f375538SStephan Mueller 1933b64a2d95SHerbert Xuconfig CRYPTO_USER_API_AEAD 1934b64a2d95SHerbert Xu tristate "User-space interface for AEAD cipher algorithms" 1935b64a2d95SHerbert Xu depends on NET 1936b64a2d95SHerbert Xu select CRYPTO_AEAD 193772548b09SStephan Mueller select CRYPTO_BLKCIPHER 193872548b09SStephan Mueller select CRYPTO_NULL 1939b64a2d95SHerbert Xu select CRYPTO_USER_API 1940b64a2d95SHerbert Xu help 1941b64a2d95SHerbert Xu This option enables the user-spaces interface for AEAD 1942b64a2d95SHerbert Xu cipher algorithms. 1943b64a2d95SHerbert Xu 1944cac5818cSCorentin Labbeconfig CRYPTO_STATS 1945cac5818cSCorentin Labbe bool "Crypto usage statistics for User-space" 1946a6a31385SCorentin Labbe depends on CRYPTO_USER 1947cac5818cSCorentin Labbe help 1948cac5818cSCorentin Labbe This option enables the gathering of crypto stats. 1949cac5818cSCorentin Labbe This will collect: 1950cac5818cSCorentin Labbe - encrypt/decrypt size and numbers of symmeric operations 1951cac5818cSCorentin Labbe - compress/decompress size and numbers of compress operations 1952cac5818cSCorentin Labbe - size and numbers of hash operations 1953cac5818cSCorentin Labbe - encrypt/decrypt/sign/verify numbers for asymmetric operations 1954cac5818cSCorentin Labbe - generate/seed numbers for rng operations 1955cac5818cSCorentin Labbe 1956ee08997fSDmitry Kasatkinconfig CRYPTO_HASH_INFO 1957ee08997fSDmitry Kasatkin bool 1958ee08997fSDmitry Kasatkin 19591da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 19608636a1f9SMasahiro Yamadasource "crypto/asymmetric_keys/Kconfig" 19618636a1f9SMasahiro Yamadasource "certs/Kconfig" 19621da177e4SLinus Torvalds 1963cce9e06dSHerbert Xuendif # if CRYPTO 1964