1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_RSA 117 tristate "RSA algorithm" 118 select CRYPTO_AKCIPHER 119 select CRYPTO_MANAGER 120 select MPILIB 121 select ASN1 122 help 123 Generic implementation of the RSA public key algorithm. 124 125config CRYPTO_DH 126 tristate "Diffie-Hellman algorithm" 127 select CRYPTO_KPP 128 select MPILIB 129 help 130 Generic implementation of the Diffie-Hellman algorithm. 131 132config CRYPTO_ECDH 133 tristate "ECDH algorithm" 134 select CRYPTO_KPP 135 select CRYPTO_RNG_DEFAULT 136 help 137 Generic implementation of the ECDH algorithm 138 139config CRYPTO_MANAGER 140 tristate "Cryptographic algorithm manager" 141 select CRYPTO_MANAGER2 142 help 143 Create default cryptographic template instantiations such as 144 cbc(aes). 145 146config CRYPTO_MANAGER2 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 148 select CRYPTO_AEAD2 149 select CRYPTO_HASH2 150 select CRYPTO_BLKCIPHER2 151 select CRYPTO_AKCIPHER2 152 select CRYPTO_KPP2 153 select CRYPTO_ACOMP2 154 155config CRYPTO_USER 156 tristate "Userspace cryptographic algorithm configuration" 157 depends on NET 158 select CRYPTO_MANAGER 159 help 160 Userspace configuration for cryptographic instantiations such as 161 cbc(aes). 162 163config CRYPTO_MANAGER_DISABLE_TESTS 164 bool "Disable run-time self tests" 165 default y 166 depends on CRYPTO_MANAGER2 167 help 168 Disable run-time self tests that normally take place at 169 algorithm registration. 170 171config CRYPTO_GF128MUL 172 tristate "GF(2^128) multiplication functions" 173 help 174 Efficient table driven implementation of multiplications in the 175 field GF(2^128). This is needed by some cypher modes. This 176 option will be selected automatically if you select such a 177 cipher mode. Only select this option by hand if you expect to load 178 an external module that requires these functions. 179 180config CRYPTO_NULL 181 tristate "Null algorithms" 182 select CRYPTO_NULL2 183 help 184 These are 'Null' algorithms, used by IPsec, which do nothing. 185 186config CRYPTO_NULL2 187 tristate 188 select CRYPTO_ALGAPI2 189 select CRYPTO_BLKCIPHER2 190 select CRYPTO_HASH2 191 192config CRYPTO_PCRYPT 193 tristate "Parallel crypto engine" 194 depends on SMP 195 select PADATA 196 select CRYPTO_MANAGER 197 select CRYPTO_AEAD 198 help 199 This converts an arbitrary crypto algorithm into a parallel 200 algorithm that executes in kernel threads. 201 202config CRYPTO_WORKQUEUE 203 tristate 204 205config CRYPTO_CRYPTD 206 tristate "Software async crypto daemon" 207 select CRYPTO_BLKCIPHER 208 select CRYPTO_HASH 209 select CRYPTO_MANAGER 210 select CRYPTO_WORKQUEUE 211 help 212 This is a generic software asynchronous crypto daemon that 213 converts an arbitrary synchronous software crypto algorithm 214 into an asynchronous algorithm that executes in a kernel thread. 215 216config CRYPTO_AUTHENC 217 tristate "Authenc support" 218 select CRYPTO_AEAD 219 select CRYPTO_BLKCIPHER 220 select CRYPTO_MANAGER 221 select CRYPTO_HASH 222 select CRYPTO_NULL 223 help 224 Authenc: Combined mode wrapper for IPsec. 225 This is required for IPSec. 226 227config CRYPTO_TEST 228 tristate "Testing module" 229 depends on m 230 select CRYPTO_MANAGER 231 help 232 Quick & dirty crypto test module. 233 234config CRYPTO_SIMD 235 tristate 236 select CRYPTO_CRYPTD 237 238config CRYPTO_GLUE_HELPER_X86 239 tristate 240 depends on X86 241 select CRYPTO_BLKCIPHER 242 243config CRYPTO_ENGINE 244 tristate 245 246comment "Authenticated Encryption with Associated Data" 247 248config CRYPTO_CCM 249 tristate "CCM support" 250 select CRYPTO_CTR 251 select CRYPTO_HASH 252 select CRYPTO_AEAD 253 help 254 Support for Counter with CBC MAC. Required for IPsec. 255 256config CRYPTO_GCM 257 tristate "GCM/GMAC support" 258 select CRYPTO_CTR 259 select CRYPTO_AEAD 260 select CRYPTO_GHASH 261 select CRYPTO_NULL 262 help 263 Support for Galois/Counter Mode (GCM) and Galois Message 264 Authentication Code (GMAC). Required for IPSec. 265 266config CRYPTO_CHACHA20POLY1305 267 tristate "ChaCha20-Poly1305 AEAD support" 268 select CRYPTO_CHACHA20 269 select CRYPTO_POLY1305 270 select CRYPTO_AEAD 271 help 272 ChaCha20-Poly1305 AEAD support, RFC7539. 273 274 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 275 with the Poly1305 authenticator. It is defined in RFC7539 for use in 276 IETF protocols. 277 278config CRYPTO_AEGIS128 279 tristate "AEGIS-128 AEAD algorithm" 280 select CRYPTO_AEAD 281 select CRYPTO_AES # for AES S-box tables 282 help 283 Support for the AEGIS-128 dedicated AEAD algorithm. 284 285config CRYPTO_AEGIS128L 286 tristate "AEGIS-128L AEAD algorithm" 287 select CRYPTO_AEAD 288 select CRYPTO_AES # for AES S-box tables 289 help 290 Support for the AEGIS-128L dedicated AEAD algorithm. 291 292config CRYPTO_AEGIS256 293 tristate "AEGIS-256 AEAD algorithm" 294 select CRYPTO_AEAD 295 select CRYPTO_AES # for AES S-box tables 296 help 297 Support for the AEGIS-256 dedicated AEAD algorithm. 298 299config CRYPTO_AEGIS128_AESNI_SSE2 300 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 301 depends on X86 && 64BIT 302 select CRYPTO_AEAD 303 select CRYPTO_CRYPTD 304 help 305 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm. 306 307config CRYPTO_AEGIS128L_AESNI_SSE2 308 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 309 depends on X86 && 64BIT 310 select CRYPTO_AEAD 311 select CRYPTO_CRYPTD 312 help 313 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm. 314 315config CRYPTO_AEGIS256_AESNI_SSE2 316 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 317 depends on X86 && 64BIT 318 select CRYPTO_AEAD 319 select CRYPTO_CRYPTD 320 help 321 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm. 322 323config CRYPTO_MORUS640 324 tristate "MORUS-640 AEAD algorithm" 325 select CRYPTO_AEAD 326 help 327 Support for the MORUS-640 dedicated AEAD algorithm. 328 329config CRYPTO_MORUS640_GLUE 330 tristate 331 depends on X86 332 select CRYPTO_AEAD 333 select CRYPTO_CRYPTD 334 help 335 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD 336 algorithm. 337 338config CRYPTO_MORUS640_SSE2 339 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)" 340 depends on X86 && 64BIT 341 select CRYPTO_AEAD 342 select CRYPTO_MORUS640_GLUE 343 help 344 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm. 345 346config CRYPTO_MORUS1280 347 tristate "MORUS-1280 AEAD algorithm" 348 select CRYPTO_AEAD 349 help 350 Support for the MORUS-1280 dedicated AEAD algorithm. 351 352config CRYPTO_MORUS1280_GLUE 353 tristate 354 depends on X86 355 select CRYPTO_AEAD 356 select CRYPTO_CRYPTD 357 help 358 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD 359 algorithm. 360 361config CRYPTO_MORUS1280_SSE2 362 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)" 363 depends on X86 && 64BIT 364 select CRYPTO_AEAD 365 select CRYPTO_MORUS1280_GLUE 366 help 367 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD 368 algorithm. 369 370config CRYPTO_MORUS1280_AVX2 371 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)" 372 depends on X86 && 64BIT 373 select CRYPTO_AEAD 374 select CRYPTO_MORUS1280_GLUE 375 help 376 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD 377 algorithm. 378 379config CRYPTO_SEQIV 380 tristate "Sequence Number IV Generator" 381 select CRYPTO_AEAD 382 select CRYPTO_BLKCIPHER 383 select CRYPTO_NULL 384 select CRYPTO_RNG_DEFAULT 385 help 386 This IV generator generates an IV based on a sequence number by 387 xoring it with a salt. This algorithm is mainly useful for CTR 388 389config CRYPTO_ECHAINIV 390 tristate "Encrypted Chain IV Generator" 391 select CRYPTO_AEAD 392 select CRYPTO_NULL 393 select CRYPTO_RNG_DEFAULT 394 default m 395 help 396 This IV generator generates an IV based on the encryption of 397 a sequence number xored with a salt. This is the default 398 algorithm for CBC. 399 400comment "Block modes" 401 402config CRYPTO_CBC 403 tristate "CBC support" 404 select CRYPTO_BLKCIPHER 405 select CRYPTO_MANAGER 406 help 407 CBC: Cipher Block Chaining mode 408 This block cipher algorithm is required for IPSec. 409 410config CRYPTO_CFB 411 tristate "CFB support" 412 select CRYPTO_BLKCIPHER 413 select CRYPTO_MANAGER 414 help 415 CFB: Cipher FeedBack mode 416 This block cipher algorithm is required for TPM2 Cryptography. 417 418config CRYPTO_CTR 419 tristate "CTR support" 420 select CRYPTO_BLKCIPHER 421 select CRYPTO_SEQIV 422 select CRYPTO_MANAGER 423 help 424 CTR: Counter mode 425 This block cipher algorithm is required for IPSec. 426 427config CRYPTO_CTS 428 tristate "CTS support" 429 select CRYPTO_BLKCIPHER 430 help 431 CTS: Cipher Text Stealing 432 This is the Cipher Text Stealing mode as described by 433 Section 8 of rfc2040 and referenced by rfc3962. 434 (rfc3962 includes errata information in its Appendix A) 435 This mode is required for Kerberos gss mechanism support 436 for AES encryption. 437 438config CRYPTO_ECB 439 tristate "ECB support" 440 select CRYPTO_BLKCIPHER 441 select CRYPTO_MANAGER 442 help 443 ECB: Electronic CodeBook mode 444 This is the simplest block cipher algorithm. It simply encrypts 445 the input block by block. 446 447config CRYPTO_LRW 448 tristate "LRW support" 449 select CRYPTO_BLKCIPHER 450 select CRYPTO_MANAGER 451 select CRYPTO_GF128MUL 452 help 453 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 454 narrow block cipher mode for dm-crypt. Use it with cipher 455 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 456 The first 128, 192 or 256 bits in the key are used for AES and the 457 rest is used to tie each cipher block to its logical position. 458 459config CRYPTO_PCBC 460 tristate "PCBC support" 461 select CRYPTO_BLKCIPHER 462 select CRYPTO_MANAGER 463 help 464 PCBC: Propagating Cipher Block Chaining mode 465 This block cipher algorithm is required for RxRPC. 466 467config CRYPTO_XTS 468 tristate "XTS support" 469 select CRYPTO_BLKCIPHER 470 select CRYPTO_MANAGER 471 select CRYPTO_ECB 472 help 473 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 474 key size 256, 384 or 512 bits. This implementation currently 475 can't handle a sectorsize which is not a multiple of 16 bytes. 476 477config CRYPTO_KEYWRAP 478 tristate "Key wrapping support" 479 select CRYPTO_BLKCIPHER 480 help 481 Support for key wrapping (NIST SP800-38F / RFC3394) without 482 padding. 483 484comment "Hash modes" 485 486config CRYPTO_CMAC 487 tristate "CMAC support" 488 select CRYPTO_HASH 489 select CRYPTO_MANAGER 490 help 491 Cipher-based Message Authentication Code (CMAC) specified by 492 The National Institute of Standards and Technology (NIST). 493 494 https://tools.ietf.org/html/rfc4493 495 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 496 497config CRYPTO_HMAC 498 tristate "HMAC support" 499 select CRYPTO_HASH 500 select CRYPTO_MANAGER 501 help 502 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 503 This is required for IPSec. 504 505config CRYPTO_XCBC 506 tristate "XCBC support" 507 select CRYPTO_HASH 508 select CRYPTO_MANAGER 509 help 510 XCBC: Keyed-Hashing with encryption algorithm 511 http://www.ietf.org/rfc/rfc3566.txt 512 http://csrc.nist.gov/encryption/modes/proposedmodes/ 513 xcbc-mac/xcbc-mac-spec.pdf 514 515config CRYPTO_VMAC 516 tristate "VMAC support" 517 select CRYPTO_HASH 518 select CRYPTO_MANAGER 519 help 520 VMAC is a message authentication algorithm designed for 521 very high speed on 64-bit architectures. 522 523 See also: 524 <http://fastcrypto.org/vmac> 525 526comment "Digest" 527 528config CRYPTO_CRC32C 529 tristate "CRC32c CRC algorithm" 530 select CRYPTO_HASH 531 select CRC32 532 help 533 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 534 by iSCSI for header and data digests and by others. 535 See Castagnoli93. Module will be crc32c. 536 537config CRYPTO_CRC32C_INTEL 538 tristate "CRC32c INTEL hardware acceleration" 539 depends on X86 540 select CRYPTO_HASH 541 help 542 In Intel processor with SSE4.2 supported, the processor will 543 support CRC32C implementation using hardware accelerated CRC32 544 instruction. This option will create 'crc32c-intel' module, 545 which will enable any routine to use the CRC32 instruction to 546 gain performance compared with software implementation. 547 Module will be crc32c-intel. 548 549config CRYPTO_CRC32C_VPMSUM 550 tristate "CRC32c CRC algorithm (powerpc64)" 551 depends on PPC64 && ALTIVEC 552 select CRYPTO_HASH 553 select CRC32 554 help 555 CRC32c algorithm implemented using vector polynomial multiply-sum 556 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 557 and newer processors for improved performance. 558 559 560config CRYPTO_CRC32C_SPARC64 561 tristate "CRC32c CRC algorithm (SPARC64)" 562 depends on SPARC64 563 select CRYPTO_HASH 564 select CRC32 565 help 566 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 567 when available. 568 569config CRYPTO_CRC32 570 tristate "CRC32 CRC algorithm" 571 select CRYPTO_HASH 572 select CRC32 573 help 574 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 575 Shash crypto api wrappers to crc32_le function. 576 577config CRYPTO_CRC32_PCLMUL 578 tristate "CRC32 PCLMULQDQ hardware acceleration" 579 depends on X86 580 select CRYPTO_HASH 581 select CRC32 582 help 583 From Intel Westmere and AMD Bulldozer processor with SSE4.2 584 and PCLMULQDQ supported, the processor will support 585 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 586 instruction. This option will create 'crc32-plcmul' module, 587 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 588 and gain better performance as compared with the table implementation. 589 590config CRYPTO_CRC32_MIPS 591 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 592 depends on MIPS_CRC_SUPPORT 593 select CRYPTO_HASH 594 help 595 CRC32c and CRC32 CRC algorithms implemented using mips crypto 596 instructions, when available. 597 598 599config CRYPTO_CRCT10DIF 600 tristate "CRCT10DIF algorithm" 601 select CRYPTO_HASH 602 help 603 CRC T10 Data Integrity Field computation is being cast as 604 a crypto transform. This allows for faster crc t10 diff 605 transforms to be used if they are available. 606 607config CRYPTO_CRCT10DIF_PCLMUL 608 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 609 depends on X86 && 64BIT && CRC_T10DIF 610 select CRYPTO_HASH 611 help 612 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 613 CRC T10 DIF PCLMULQDQ computation can be hardware 614 accelerated PCLMULQDQ instruction. This option will create 615 'crct10dif-plcmul' module, which is faster when computing the 616 crct10dif checksum as compared with the generic table implementation. 617 618config CRYPTO_CRCT10DIF_VPMSUM 619 tristate "CRC32T10DIF powerpc64 hardware acceleration" 620 depends on PPC64 && ALTIVEC && CRC_T10DIF 621 select CRYPTO_HASH 622 help 623 CRC10T10DIF algorithm implemented using vector polynomial 624 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 625 POWER8 and newer processors for improved performance. 626 627config CRYPTO_VPMSUM_TESTER 628 tristate "Powerpc64 vpmsum hardware acceleration tester" 629 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 630 help 631 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 632 POWER8 vpmsum instructions. 633 Unless you are testing these algorithms, you don't need this. 634 635config CRYPTO_GHASH 636 tristate "GHASH digest algorithm" 637 select CRYPTO_GF128MUL 638 select CRYPTO_HASH 639 help 640 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 641 642config CRYPTO_POLY1305 643 tristate "Poly1305 authenticator algorithm" 644 select CRYPTO_HASH 645 help 646 Poly1305 authenticator algorithm, RFC7539. 647 648 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 649 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 650 in IETF protocols. This is the portable C implementation of Poly1305. 651 652config CRYPTO_POLY1305_X86_64 653 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 654 depends on X86 && 64BIT 655 select CRYPTO_POLY1305 656 help 657 Poly1305 authenticator algorithm, RFC7539. 658 659 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 660 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 661 in IETF protocols. This is the x86_64 assembler implementation using SIMD 662 instructions. 663 664config CRYPTO_MD4 665 tristate "MD4 digest algorithm" 666 select CRYPTO_HASH 667 help 668 MD4 message digest algorithm (RFC1320). 669 670config CRYPTO_MD5 671 tristate "MD5 digest algorithm" 672 select CRYPTO_HASH 673 help 674 MD5 message digest algorithm (RFC1321). 675 676config CRYPTO_MD5_OCTEON 677 tristate "MD5 digest algorithm (OCTEON)" 678 depends on CPU_CAVIUM_OCTEON 679 select CRYPTO_MD5 680 select CRYPTO_HASH 681 help 682 MD5 message digest algorithm (RFC1321) implemented 683 using OCTEON crypto instructions, when available. 684 685config CRYPTO_MD5_PPC 686 tristate "MD5 digest algorithm (PPC)" 687 depends on PPC 688 select CRYPTO_HASH 689 help 690 MD5 message digest algorithm (RFC1321) implemented 691 in PPC assembler. 692 693config CRYPTO_MD5_SPARC64 694 tristate "MD5 digest algorithm (SPARC64)" 695 depends on SPARC64 696 select CRYPTO_MD5 697 select CRYPTO_HASH 698 help 699 MD5 message digest algorithm (RFC1321) implemented 700 using sparc64 crypto instructions, when available. 701 702config CRYPTO_MICHAEL_MIC 703 tristate "Michael MIC keyed digest algorithm" 704 select CRYPTO_HASH 705 help 706 Michael MIC is used for message integrity protection in TKIP 707 (IEEE 802.11i). This algorithm is required for TKIP, but it 708 should not be used for other purposes because of the weakness 709 of the algorithm. 710 711config CRYPTO_RMD128 712 tristate "RIPEMD-128 digest algorithm" 713 select CRYPTO_HASH 714 help 715 RIPEMD-128 (ISO/IEC 10118-3:2004). 716 717 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 718 be used as a secure replacement for RIPEMD. For other use cases, 719 RIPEMD-160 should be used. 720 721 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 722 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 723 724config CRYPTO_RMD160 725 tristate "RIPEMD-160 digest algorithm" 726 select CRYPTO_HASH 727 help 728 RIPEMD-160 (ISO/IEC 10118-3:2004). 729 730 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 731 to be used as a secure replacement for the 128-bit hash functions 732 MD4, MD5 and it's predecessor RIPEMD 733 (not to be confused with RIPEMD-128). 734 735 It's speed is comparable to SHA1 and there are no known attacks 736 against RIPEMD-160. 737 738 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 739 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 740 741config CRYPTO_RMD256 742 tristate "RIPEMD-256 digest algorithm" 743 select CRYPTO_HASH 744 help 745 RIPEMD-256 is an optional extension of RIPEMD-128 with a 746 256 bit hash. It is intended for applications that require 747 longer hash-results, without needing a larger security level 748 (than RIPEMD-128). 749 750 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 751 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 752 753config CRYPTO_RMD320 754 tristate "RIPEMD-320 digest algorithm" 755 select CRYPTO_HASH 756 help 757 RIPEMD-320 is an optional extension of RIPEMD-160 with a 758 320 bit hash. It is intended for applications that require 759 longer hash-results, without needing a larger security level 760 (than RIPEMD-160). 761 762 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 763 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 764 765config CRYPTO_SHA1 766 tristate "SHA1 digest algorithm" 767 select CRYPTO_HASH 768 help 769 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 770 771config CRYPTO_SHA1_SSSE3 772 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 773 depends on X86 && 64BIT 774 select CRYPTO_SHA1 775 select CRYPTO_HASH 776 help 777 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 778 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 779 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 780 when available. 781 782config CRYPTO_SHA256_SSSE3 783 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 784 depends on X86 && 64BIT 785 select CRYPTO_SHA256 786 select CRYPTO_HASH 787 help 788 SHA-256 secure hash standard (DFIPS 180-2) implemented 789 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 790 Extensions version 1 (AVX1), or Advanced Vector Extensions 791 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 792 Instructions) when available. 793 794config CRYPTO_SHA512_SSSE3 795 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 796 depends on X86 && 64BIT 797 select CRYPTO_SHA512 798 select CRYPTO_HASH 799 help 800 SHA-512 secure hash standard (DFIPS 180-2) implemented 801 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 802 Extensions version 1 (AVX1), or Advanced Vector Extensions 803 version 2 (AVX2) instructions, when available. 804 805config CRYPTO_SHA1_OCTEON 806 tristate "SHA1 digest algorithm (OCTEON)" 807 depends on CPU_CAVIUM_OCTEON 808 select CRYPTO_SHA1 809 select CRYPTO_HASH 810 help 811 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 812 using OCTEON crypto instructions, when available. 813 814config CRYPTO_SHA1_SPARC64 815 tristate "SHA1 digest algorithm (SPARC64)" 816 depends on SPARC64 817 select CRYPTO_SHA1 818 select CRYPTO_HASH 819 help 820 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 821 using sparc64 crypto instructions, when available. 822 823config CRYPTO_SHA1_PPC 824 tristate "SHA1 digest algorithm (powerpc)" 825 depends on PPC 826 help 827 This is the powerpc hardware accelerated implementation of the 828 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 829 830config CRYPTO_SHA1_PPC_SPE 831 tristate "SHA1 digest algorithm (PPC SPE)" 832 depends on PPC && SPE 833 help 834 SHA-1 secure hash standard (DFIPS 180-4) implemented 835 using powerpc SPE SIMD instruction set. 836 837config CRYPTO_SHA256 838 tristate "SHA224 and SHA256 digest algorithm" 839 select CRYPTO_HASH 840 help 841 SHA256 secure hash standard (DFIPS 180-2). 842 843 This version of SHA implements a 256 bit hash with 128 bits of 844 security against collision attacks. 845 846 This code also includes SHA-224, a 224 bit hash with 112 bits 847 of security against collision attacks. 848 849config CRYPTO_SHA256_PPC_SPE 850 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 851 depends on PPC && SPE 852 select CRYPTO_SHA256 853 select CRYPTO_HASH 854 help 855 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 856 implemented using powerpc SPE SIMD instruction set. 857 858config CRYPTO_SHA256_OCTEON 859 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 860 depends on CPU_CAVIUM_OCTEON 861 select CRYPTO_SHA256 862 select CRYPTO_HASH 863 help 864 SHA-256 secure hash standard (DFIPS 180-2) implemented 865 using OCTEON crypto instructions, when available. 866 867config CRYPTO_SHA256_SPARC64 868 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 869 depends on SPARC64 870 select CRYPTO_SHA256 871 select CRYPTO_HASH 872 help 873 SHA-256 secure hash standard (DFIPS 180-2) implemented 874 using sparc64 crypto instructions, when available. 875 876config CRYPTO_SHA512 877 tristate "SHA384 and SHA512 digest algorithms" 878 select CRYPTO_HASH 879 help 880 SHA512 secure hash standard (DFIPS 180-2). 881 882 This version of SHA implements a 512 bit hash with 256 bits of 883 security against collision attacks. 884 885 This code also includes SHA-384, a 384 bit hash with 192 bits 886 of security against collision attacks. 887 888config CRYPTO_SHA512_OCTEON 889 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 890 depends on CPU_CAVIUM_OCTEON 891 select CRYPTO_SHA512 892 select CRYPTO_HASH 893 help 894 SHA-512 secure hash standard (DFIPS 180-2) implemented 895 using OCTEON crypto instructions, when available. 896 897config CRYPTO_SHA512_SPARC64 898 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 899 depends on SPARC64 900 select CRYPTO_SHA512 901 select CRYPTO_HASH 902 help 903 SHA-512 secure hash standard (DFIPS 180-2) implemented 904 using sparc64 crypto instructions, when available. 905 906config CRYPTO_SHA3 907 tristate "SHA3 digest algorithm" 908 select CRYPTO_HASH 909 help 910 SHA-3 secure hash standard (DFIPS 202). It's based on 911 cryptographic sponge function family called Keccak. 912 913 References: 914 http://keccak.noekeon.org/ 915 916config CRYPTO_SM3 917 tristate "SM3 digest algorithm" 918 select CRYPTO_HASH 919 help 920 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 921 It is part of the Chinese Commercial Cryptography suite. 922 923 References: 924 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 925 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 926 927config CRYPTO_TGR192 928 tristate "Tiger digest algorithms" 929 select CRYPTO_HASH 930 help 931 Tiger hash algorithm 192, 160 and 128-bit hashes 932 933 Tiger is a hash function optimized for 64-bit processors while 934 still having decent performance on 32-bit processors. 935 Tiger was developed by Ross Anderson and Eli Biham. 936 937 See also: 938 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 939 940config CRYPTO_WP512 941 tristate "Whirlpool digest algorithms" 942 select CRYPTO_HASH 943 help 944 Whirlpool hash algorithm 512, 384 and 256-bit hashes 945 946 Whirlpool-512 is part of the NESSIE cryptographic primitives. 947 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 948 949 See also: 950 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 951 952config CRYPTO_GHASH_CLMUL_NI_INTEL 953 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 954 depends on X86 && 64BIT 955 select CRYPTO_CRYPTD 956 help 957 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 958 The implementation is accelerated by CLMUL-NI of Intel. 959 960comment "Ciphers" 961 962config CRYPTO_AES 963 tristate "AES cipher algorithms" 964 select CRYPTO_ALGAPI 965 help 966 AES cipher algorithms (FIPS-197). AES uses the Rijndael 967 algorithm. 968 969 Rijndael appears to be consistently a very good performer in 970 both hardware and software across a wide range of computing 971 environments regardless of its use in feedback or non-feedback 972 modes. Its key setup time is excellent, and its key agility is 973 good. Rijndael's very low memory requirements make it very well 974 suited for restricted-space environments, in which it also 975 demonstrates excellent performance. Rijndael's operations are 976 among the easiest to defend against power and timing attacks. 977 978 The AES specifies three key sizes: 128, 192 and 256 bits 979 980 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 981 982config CRYPTO_AES_TI 983 tristate "Fixed time AES cipher" 984 select CRYPTO_ALGAPI 985 help 986 This is a generic implementation of AES that attempts to eliminate 987 data dependent latencies as much as possible without affecting 988 performance too much. It is intended for use by the generic CCM 989 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 990 solely on encryption (although decryption is supported as well, but 991 with a more dramatic performance hit) 992 993 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 994 8 for decryption), this implementation only uses just two S-boxes of 995 256 bytes each, and attempts to eliminate data dependent latencies by 996 prefetching the entire table into the cache at the start of each 997 block. 998 999config CRYPTO_AES_586 1000 tristate "AES cipher algorithms (i586)" 1001 depends on (X86 || UML_X86) && !64BIT 1002 select CRYPTO_ALGAPI 1003 select CRYPTO_AES 1004 help 1005 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1006 algorithm. 1007 1008 Rijndael appears to be consistently a very good performer in 1009 both hardware and software across a wide range of computing 1010 environments regardless of its use in feedback or non-feedback 1011 modes. Its key setup time is excellent, and its key agility is 1012 good. Rijndael's very low memory requirements make it very well 1013 suited for restricted-space environments, in which it also 1014 demonstrates excellent performance. Rijndael's operations are 1015 among the easiest to defend against power and timing attacks. 1016 1017 The AES specifies three key sizes: 128, 192 and 256 bits 1018 1019 See <http://csrc.nist.gov/encryption/aes/> for more information. 1020 1021config CRYPTO_AES_X86_64 1022 tristate "AES cipher algorithms (x86_64)" 1023 depends on (X86 || UML_X86) && 64BIT 1024 select CRYPTO_ALGAPI 1025 select CRYPTO_AES 1026 help 1027 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1028 algorithm. 1029 1030 Rijndael appears to be consistently a very good performer in 1031 both hardware and software across a wide range of computing 1032 environments regardless of its use in feedback or non-feedback 1033 modes. Its key setup time is excellent, and its key agility is 1034 good. Rijndael's very low memory requirements make it very well 1035 suited for restricted-space environments, in which it also 1036 demonstrates excellent performance. Rijndael's operations are 1037 among the easiest to defend against power and timing attacks. 1038 1039 The AES specifies three key sizes: 128, 192 and 256 bits 1040 1041 See <http://csrc.nist.gov/encryption/aes/> for more information. 1042 1043config CRYPTO_AES_NI_INTEL 1044 tristate "AES cipher algorithms (AES-NI)" 1045 depends on X86 1046 select CRYPTO_AEAD 1047 select CRYPTO_AES_X86_64 if 64BIT 1048 select CRYPTO_AES_586 if !64BIT 1049 select CRYPTO_ALGAPI 1050 select CRYPTO_BLKCIPHER 1051 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1052 select CRYPTO_SIMD 1053 help 1054 Use Intel AES-NI instructions for AES algorithm. 1055 1056 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1057 algorithm. 1058 1059 Rijndael appears to be consistently a very good performer in 1060 both hardware and software across a wide range of computing 1061 environments regardless of its use in feedback or non-feedback 1062 modes. Its key setup time is excellent, and its key agility is 1063 good. Rijndael's very low memory requirements make it very well 1064 suited for restricted-space environments, in which it also 1065 demonstrates excellent performance. Rijndael's operations are 1066 among the easiest to defend against power and timing attacks. 1067 1068 The AES specifies three key sizes: 128, 192 and 256 bits 1069 1070 See <http://csrc.nist.gov/encryption/aes/> for more information. 1071 1072 In addition to AES cipher algorithm support, the acceleration 1073 for some popular block cipher mode is supported too, including 1074 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1075 acceleration for CTR. 1076 1077config CRYPTO_AES_SPARC64 1078 tristate "AES cipher algorithms (SPARC64)" 1079 depends on SPARC64 1080 select CRYPTO_CRYPTD 1081 select CRYPTO_ALGAPI 1082 help 1083 Use SPARC64 crypto opcodes for AES algorithm. 1084 1085 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1086 algorithm. 1087 1088 Rijndael appears to be consistently a very good performer in 1089 both hardware and software across a wide range of computing 1090 environments regardless of its use in feedback or non-feedback 1091 modes. Its key setup time is excellent, and its key agility is 1092 good. Rijndael's very low memory requirements make it very well 1093 suited for restricted-space environments, in which it also 1094 demonstrates excellent performance. Rijndael's operations are 1095 among the easiest to defend against power and timing attacks. 1096 1097 The AES specifies three key sizes: 128, 192 and 256 bits 1098 1099 See <http://csrc.nist.gov/encryption/aes/> for more information. 1100 1101 In addition to AES cipher algorithm support, the acceleration 1102 for some popular block cipher mode is supported too, including 1103 ECB and CBC. 1104 1105config CRYPTO_AES_PPC_SPE 1106 tristate "AES cipher algorithms (PPC SPE)" 1107 depends on PPC && SPE 1108 help 1109 AES cipher algorithms (FIPS-197). Additionally the acceleration 1110 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1111 This module should only be used for low power (router) devices 1112 without hardware AES acceleration (e.g. caam crypto). It reduces the 1113 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1114 timining attacks. Nevertheless it might be not as secure as other 1115 architecture specific assembler implementations that work on 1KB 1116 tables or 256 bytes S-boxes. 1117 1118config CRYPTO_ANUBIS 1119 tristate "Anubis cipher algorithm" 1120 select CRYPTO_ALGAPI 1121 help 1122 Anubis cipher algorithm. 1123 1124 Anubis is a variable key length cipher which can use keys from 1125 128 bits to 320 bits in length. It was evaluated as a entrant 1126 in the NESSIE competition. 1127 1128 See also: 1129 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1130 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1131 1132config CRYPTO_ARC4 1133 tristate "ARC4 cipher algorithm" 1134 select CRYPTO_BLKCIPHER 1135 help 1136 ARC4 cipher algorithm. 1137 1138 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1139 bits in length. This algorithm is required for driver-based 1140 WEP, but it should not be for other purposes because of the 1141 weakness of the algorithm. 1142 1143config CRYPTO_BLOWFISH 1144 tristate "Blowfish cipher algorithm" 1145 select CRYPTO_ALGAPI 1146 select CRYPTO_BLOWFISH_COMMON 1147 help 1148 Blowfish cipher algorithm, by Bruce Schneier. 1149 1150 This is a variable key length cipher which can use keys from 32 1151 bits to 448 bits in length. It's fast, simple and specifically 1152 designed for use on "large microprocessors". 1153 1154 See also: 1155 <http://www.schneier.com/blowfish.html> 1156 1157config CRYPTO_BLOWFISH_COMMON 1158 tristate 1159 help 1160 Common parts of the Blowfish cipher algorithm shared by the 1161 generic c and the assembler implementations. 1162 1163 See also: 1164 <http://www.schneier.com/blowfish.html> 1165 1166config CRYPTO_BLOWFISH_X86_64 1167 tristate "Blowfish cipher algorithm (x86_64)" 1168 depends on X86 && 64BIT 1169 select CRYPTO_BLKCIPHER 1170 select CRYPTO_BLOWFISH_COMMON 1171 help 1172 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1173 1174 This is a variable key length cipher which can use keys from 32 1175 bits to 448 bits in length. It's fast, simple and specifically 1176 designed for use on "large microprocessors". 1177 1178 See also: 1179 <http://www.schneier.com/blowfish.html> 1180 1181config CRYPTO_CAMELLIA 1182 tristate "Camellia cipher algorithms" 1183 depends on CRYPTO 1184 select CRYPTO_ALGAPI 1185 help 1186 Camellia cipher algorithms module. 1187 1188 Camellia is a symmetric key block cipher developed jointly 1189 at NTT and Mitsubishi Electric Corporation. 1190 1191 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1192 1193 See also: 1194 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1195 1196config CRYPTO_CAMELLIA_X86_64 1197 tristate "Camellia cipher algorithm (x86_64)" 1198 depends on X86 && 64BIT 1199 depends on CRYPTO 1200 select CRYPTO_BLKCIPHER 1201 select CRYPTO_GLUE_HELPER_X86 1202 help 1203 Camellia cipher algorithm module (x86_64). 1204 1205 Camellia is a symmetric key block cipher developed jointly 1206 at NTT and Mitsubishi Electric Corporation. 1207 1208 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1209 1210 See also: 1211 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1212 1213config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1214 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1215 depends on X86 && 64BIT 1216 depends on CRYPTO 1217 select CRYPTO_BLKCIPHER 1218 select CRYPTO_CAMELLIA_X86_64 1219 select CRYPTO_GLUE_HELPER_X86 1220 select CRYPTO_SIMD 1221 select CRYPTO_XTS 1222 help 1223 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1224 1225 Camellia is a symmetric key block cipher developed jointly 1226 at NTT and Mitsubishi Electric Corporation. 1227 1228 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1229 1230 See also: 1231 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1232 1233config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1234 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1235 depends on X86 && 64BIT 1236 depends on CRYPTO 1237 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1238 help 1239 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1240 1241 Camellia is a symmetric key block cipher developed jointly 1242 at NTT and Mitsubishi Electric Corporation. 1243 1244 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1245 1246 See also: 1247 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1248 1249config CRYPTO_CAMELLIA_SPARC64 1250 tristate "Camellia cipher algorithm (SPARC64)" 1251 depends on SPARC64 1252 depends on CRYPTO 1253 select CRYPTO_ALGAPI 1254 help 1255 Camellia cipher algorithm module (SPARC64). 1256 1257 Camellia is a symmetric key block cipher developed jointly 1258 at NTT and Mitsubishi Electric Corporation. 1259 1260 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1261 1262 See also: 1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1264 1265config CRYPTO_CAST_COMMON 1266 tristate 1267 help 1268 Common parts of the CAST cipher algorithms shared by the 1269 generic c and the assembler implementations. 1270 1271config CRYPTO_CAST5 1272 tristate "CAST5 (CAST-128) cipher algorithm" 1273 select CRYPTO_ALGAPI 1274 select CRYPTO_CAST_COMMON 1275 help 1276 The CAST5 encryption algorithm (synonymous with CAST-128) is 1277 described in RFC2144. 1278 1279config CRYPTO_CAST5_AVX_X86_64 1280 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1281 depends on X86 && 64BIT 1282 select CRYPTO_BLKCIPHER 1283 select CRYPTO_CAST5 1284 select CRYPTO_CAST_COMMON 1285 select CRYPTO_SIMD 1286 help 1287 The CAST5 encryption algorithm (synonymous with CAST-128) is 1288 described in RFC2144. 1289 1290 This module provides the Cast5 cipher algorithm that processes 1291 sixteen blocks parallel using the AVX instruction set. 1292 1293config CRYPTO_CAST6 1294 tristate "CAST6 (CAST-256) cipher algorithm" 1295 select CRYPTO_ALGAPI 1296 select CRYPTO_CAST_COMMON 1297 help 1298 The CAST6 encryption algorithm (synonymous with CAST-256) is 1299 described in RFC2612. 1300 1301config CRYPTO_CAST6_AVX_X86_64 1302 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1303 depends on X86 && 64BIT 1304 select CRYPTO_BLKCIPHER 1305 select CRYPTO_CAST6 1306 select CRYPTO_CAST_COMMON 1307 select CRYPTO_GLUE_HELPER_X86 1308 select CRYPTO_SIMD 1309 select CRYPTO_XTS 1310 help 1311 The CAST6 encryption algorithm (synonymous with CAST-256) is 1312 described in RFC2612. 1313 1314 This module provides the Cast6 cipher algorithm that processes 1315 eight blocks parallel using the AVX instruction set. 1316 1317config CRYPTO_DES 1318 tristate "DES and Triple DES EDE cipher algorithms" 1319 select CRYPTO_ALGAPI 1320 help 1321 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1322 1323config CRYPTO_DES_SPARC64 1324 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1325 depends on SPARC64 1326 select CRYPTO_ALGAPI 1327 select CRYPTO_DES 1328 help 1329 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1330 optimized using SPARC64 crypto opcodes. 1331 1332config CRYPTO_DES3_EDE_X86_64 1333 tristate "Triple DES EDE cipher algorithm (x86-64)" 1334 depends on X86 && 64BIT 1335 select CRYPTO_BLKCIPHER 1336 select CRYPTO_DES 1337 help 1338 Triple DES EDE (FIPS 46-3) algorithm. 1339 1340 This module provides implementation of the Triple DES EDE cipher 1341 algorithm that is optimized for x86-64 processors. Two versions of 1342 algorithm are provided; regular processing one input block and 1343 one that processes three blocks parallel. 1344 1345config CRYPTO_FCRYPT 1346 tristate "FCrypt cipher algorithm" 1347 select CRYPTO_ALGAPI 1348 select CRYPTO_BLKCIPHER 1349 help 1350 FCrypt algorithm used by RxRPC. 1351 1352config CRYPTO_KHAZAD 1353 tristate "Khazad cipher algorithm" 1354 select CRYPTO_ALGAPI 1355 help 1356 Khazad cipher algorithm. 1357 1358 Khazad was a finalist in the initial NESSIE competition. It is 1359 an algorithm optimized for 64-bit processors with good performance 1360 on 32-bit processors. Khazad uses an 128 bit key size. 1361 1362 See also: 1363 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1364 1365config CRYPTO_SALSA20 1366 tristate "Salsa20 stream cipher algorithm" 1367 select CRYPTO_BLKCIPHER 1368 help 1369 Salsa20 stream cipher algorithm. 1370 1371 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1372 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1373 1374 The Salsa20 stream cipher algorithm is designed by Daniel J. 1375 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1376 1377config CRYPTO_CHACHA20 1378 tristate "ChaCha20 cipher algorithm" 1379 select CRYPTO_BLKCIPHER 1380 help 1381 ChaCha20 cipher algorithm, RFC7539. 1382 1383 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1384 Bernstein and further specified in RFC7539 for use in IETF protocols. 1385 This is the portable C implementation of ChaCha20. 1386 1387 See also: 1388 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1389 1390config CRYPTO_CHACHA20_X86_64 1391 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1392 depends on X86 && 64BIT 1393 select CRYPTO_BLKCIPHER 1394 select CRYPTO_CHACHA20 1395 help 1396 ChaCha20 cipher algorithm, RFC7539. 1397 1398 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1399 Bernstein and further specified in RFC7539 for use in IETF protocols. 1400 This is the x86_64 assembler implementation using SIMD instructions. 1401 1402 See also: 1403 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1404 1405config CRYPTO_SEED 1406 tristate "SEED cipher algorithm" 1407 select CRYPTO_ALGAPI 1408 help 1409 SEED cipher algorithm (RFC4269). 1410 1411 SEED is a 128-bit symmetric key block cipher that has been 1412 developed by KISA (Korea Information Security Agency) as a 1413 national standard encryption algorithm of the Republic of Korea. 1414 It is a 16 round block cipher with the key size of 128 bit. 1415 1416 See also: 1417 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1418 1419config CRYPTO_SERPENT 1420 tristate "Serpent cipher algorithm" 1421 select CRYPTO_ALGAPI 1422 help 1423 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1424 1425 Keys are allowed to be from 0 to 256 bits in length, in steps 1426 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1427 variant of Serpent for compatibility with old kerneli.org code. 1428 1429 See also: 1430 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1431 1432config CRYPTO_SERPENT_SSE2_X86_64 1433 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1434 depends on X86 && 64BIT 1435 select CRYPTO_BLKCIPHER 1436 select CRYPTO_GLUE_HELPER_X86 1437 select CRYPTO_SERPENT 1438 select CRYPTO_SIMD 1439 help 1440 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1441 1442 Keys are allowed to be from 0 to 256 bits in length, in steps 1443 of 8 bits. 1444 1445 This module provides Serpent cipher algorithm that processes eight 1446 blocks parallel using SSE2 instruction set. 1447 1448 See also: 1449 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1450 1451config CRYPTO_SERPENT_SSE2_586 1452 tristate "Serpent cipher algorithm (i586/SSE2)" 1453 depends on X86 && !64BIT 1454 select CRYPTO_BLKCIPHER 1455 select CRYPTO_GLUE_HELPER_X86 1456 select CRYPTO_SERPENT 1457 select CRYPTO_SIMD 1458 help 1459 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1460 1461 Keys are allowed to be from 0 to 256 bits in length, in steps 1462 of 8 bits. 1463 1464 This module provides Serpent cipher algorithm that processes four 1465 blocks parallel using SSE2 instruction set. 1466 1467 See also: 1468 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1469 1470config CRYPTO_SERPENT_AVX_X86_64 1471 tristate "Serpent cipher algorithm (x86_64/AVX)" 1472 depends on X86 && 64BIT 1473 select CRYPTO_BLKCIPHER 1474 select CRYPTO_GLUE_HELPER_X86 1475 select CRYPTO_SERPENT 1476 select CRYPTO_SIMD 1477 select CRYPTO_XTS 1478 help 1479 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1480 1481 Keys are allowed to be from 0 to 256 bits in length, in steps 1482 of 8 bits. 1483 1484 This module provides the Serpent cipher algorithm that processes 1485 eight blocks parallel using the AVX instruction set. 1486 1487 See also: 1488 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1489 1490config CRYPTO_SERPENT_AVX2_X86_64 1491 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1492 depends on X86 && 64BIT 1493 select CRYPTO_SERPENT_AVX_X86_64 1494 help 1495 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1496 1497 Keys are allowed to be from 0 to 256 bits in length, in steps 1498 of 8 bits. 1499 1500 This module provides Serpent cipher algorithm that processes 16 1501 blocks parallel using AVX2 instruction set. 1502 1503 See also: 1504 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1505 1506config CRYPTO_SM4 1507 tristate "SM4 cipher algorithm" 1508 select CRYPTO_ALGAPI 1509 help 1510 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1511 1512 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1513 Organization of State Commercial Administration of China (OSCCA) 1514 as an authorized cryptographic algorithms for the use within China. 1515 1516 SMS4 was originally created for use in protecting wireless 1517 networks, and is mandated in the Chinese National Standard for 1518 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1519 (GB.15629.11-2003). 1520 1521 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1522 standardized through TC 260 of the Standardization Administration 1523 of the People's Republic of China (SAC). 1524 1525 The input, output, and key of SMS4 are each 128 bits. 1526 1527 See also: <https://eprint.iacr.org/2008/329.pdf> 1528 1529 If unsure, say N. 1530 1531config CRYPTO_TEA 1532 tristate "TEA, XTEA and XETA cipher algorithms" 1533 select CRYPTO_ALGAPI 1534 help 1535 TEA cipher algorithm. 1536 1537 Tiny Encryption Algorithm is a simple cipher that uses 1538 many rounds for security. It is very fast and uses 1539 little memory. 1540 1541 Xtendend Tiny Encryption Algorithm is a modification to 1542 the TEA algorithm to address a potential key weakness 1543 in the TEA algorithm. 1544 1545 Xtendend Encryption Tiny Algorithm is a mis-implementation 1546 of the XTEA algorithm for compatibility purposes. 1547 1548config CRYPTO_TWOFISH 1549 tristate "Twofish cipher algorithm" 1550 select CRYPTO_ALGAPI 1551 select CRYPTO_TWOFISH_COMMON 1552 help 1553 Twofish cipher algorithm. 1554 1555 Twofish was submitted as an AES (Advanced Encryption Standard) 1556 candidate cipher by researchers at CounterPane Systems. It is a 1557 16 round block cipher supporting key sizes of 128, 192, and 256 1558 bits. 1559 1560 See also: 1561 <http://www.schneier.com/twofish.html> 1562 1563config CRYPTO_TWOFISH_COMMON 1564 tristate 1565 help 1566 Common parts of the Twofish cipher algorithm shared by the 1567 generic c and the assembler implementations. 1568 1569config CRYPTO_TWOFISH_586 1570 tristate "Twofish cipher algorithms (i586)" 1571 depends on (X86 || UML_X86) && !64BIT 1572 select CRYPTO_ALGAPI 1573 select CRYPTO_TWOFISH_COMMON 1574 help 1575 Twofish cipher algorithm. 1576 1577 Twofish was submitted as an AES (Advanced Encryption Standard) 1578 candidate cipher by researchers at CounterPane Systems. It is a 1579 16 round block cipher supporting key sizes of 128, 192, and 256 1580 bits. 1581 1582 See also: 1583 <http://www.schneier.com/twofish.html> 1584 1585config CRYPTO_TWOFISH_X86_64 1586 tristate "Twofish cipher algorithm (x86_64)" 1587 depends on (X86 || UML_X86) && 64BIT 1588 select CRYPTO_ALGAPI 1589 select CRYPTO_TWOFISH_COMMON 1590 help 1591 Twofish cipher algorithm (x86_64). 1592 1593 Twofish was submitted as an AES (Advanced Encryption Standard) 1594 candidate cipher by researchers at CounterPane Systems. It is a 1595 16 round block cipher supporting key sizes of 128, 192, and 256 1596 bits. 1597 1598 See also: 1599 <http://www.schneier.com/twofish.html> 1600 1601config CRYPTO_TWOFISH_X86_64_3WAY 1602 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1603 depends on X86 && 64BIT 1604 select CRYPTO_BLKCIPHER 1605 select CRYPTO_TWOFISH_COMMON 1606 select CRYPTO_TWOFISH_X86_64 1607 select CRYPTO_GLUE_HELPER_X86 1608 help 1609 Twofish cipher algorithm (x86_64, 3-way parallel). 1610 1611 Twofish was submitted as an AES (Advanced Encryption Standard) 1612 candidate cipher by researchers at CounterPane Systems. It is a 1613 16 round block cipher supporting key sizes of 128, 192, and 256 1614 bits. 1615 1616 This module provides Twofish cipher algorithm that processes three 1617 blocks parallel, utilizing resources of out-of-order CPUs better. 1618 1619 See also: 1620 <http://www.schneier.com/twofish.html> 1621 1622config CRYPTO_TWOFISH_AVX_X86_64 1623 tristate "Twofish cipher algorithm (x86_64/AVX)" 1624 depends on X86 && 64BIT 1625 select CRYPTO_BLKCIPHER 1626 select CRYPTO_GLUE_HELPER_X86 1627 select CRYPTO_SIMD 1628 select CRYPTO_TWOFISH_COMMON 1629 select CRYPTO_TWOFISH_X86_64 1630 select CRYPTO_TWOFISH_X86_64_3WAY 1631 help 1632 Twofish cipher algorithm (x86_64/AVX). 1633 1634 Twofish was submitted as an AES (Advanced Encryption Standard) 1635 candidate cipher by researchers at CounterPane Systems. It is a 1636 16 round block cipher supporting key sizes of 128, 192, and 256 1637 bits. 1638 1639 This module provides the Twofish cipher algorithm that processes 1640 eight blocks parallel using the AVX Instruction Set. 1641 1642 See also: 1643 <http://www.schneier.com/twofish.html> 1644 1645comment "Compression" 1646 1647config CRYPTO_DEFLATE 1648 tristate "Deflate compression algorithm" 1649 select CRYPTO_ALGAPI 1650 select CRYPTO_ACOMP2 1651 select ZLIB_INFLATE 1652 select ZLIB_DEFLATE 1653 help 1654 This is the Deflate algorithm (RFC1951), specified for use in 1655 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1656 1657 You will most probably want this if using IPSec. 1658 1659config CRYPTO_LZO 1660 tristate "LZO compression algorithm" 1661 select CRYPTO_ALGAPI 1662 select CRYPTO_ACOMP2 1663 select LZO_COMPRESS 1664 select LZO_DECOMPRESS 1665 help 1666 This is the LZO algorithm. 1667 1668config CRYPTO_842 1669 tristate "842 compression algorithm" 1670 select CRYPTO_ALGAPI 1671 select CRYPTO_ACOMP2 1672 select 842_COMPRESS 1673 select 842_DECOMPRESS 1674 help 1675 This is the 842 algorithm. 1676 1677config CRYPTO_LZ4 1678 tristate "LZ4 compression algorithm" 1679 select CRYPTO_ALGAPI 1680 select CRYPTO_ACOMP2 1681 select LZ4_COMPRESS 1682 select LZ4_DECOMPRESS 1683 help 1684 This is the LZ4 algorithm. 1685 1686config CRYPTO_LZ4HC 1687 tristate "LZ4HC compression algorithm" 1688 select CRYPTO_ALGAPI 1689 select CRYPTO_ACOMP2 1690 select LZ4HC_COMPRESS 1691 select LZ4_DECOMPRESS 1692 help 1693 This is the LZ4 high compression mode algorithm. 1694 1695config CRYPTO_ZSTD 1696 tristate "Zstd compression algorithm" 1697 select CRYPTO_ALGAPI 1698 select CRYPTO_ACOMP2 1699 select ZSTD_COMPRESS 1700 select ZSTD_DECOMPRESS 1701 help 1702 This is the zstd algorithm. 1703 1704comment "Random Number Generation" 1705 1706config CRYPTO_ANSI_CPRNG 1707 tristate "Pseudo Random Number Generation for Cryptographic modules" 1708 select CRYPTO_AES 1709 select CRYPTO_RNG 1710 help 1711 This option enables the generic pseudo random number generator 1712 for cryptographic modules. Uses the Algorithm specified in 1713 ANSI X9.31 A.2.4. Note that this option must be enabled if 1714 CRYPTO_FIPS is selected 1715 1716menuconfig CRYPTO_DRBG_MENU 1717 tristate "NIST SP800-90A DRBG" 1718 help 1719 NIST SP800-90A compliant DRBG. In the following submenu, one or 1720 more of the DRBG types must be selected. 1721 1722if CRYPTO_DRBG_MENU 1723 1724config CRYPTO_DRBG_HMAC 1725 bool 1726 default y 1727 select CRYPTO_HMAC 1728 select CRYPTO_SHA256 1729 1730config CRYPTO_DRBG_HASH 1731 bool "Enable Hash DRBG" 1732 select CRYPTO_SHA256 1733 help 1734 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1735 1736config CRYPTO_DRBG_CTR 1737 bool "Enable CTR DRBG" 1738 select CRYPTO_AES 1739 depends on CRYPTO_CTR 1740 help 1741 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1742 1743config CRYPTO_DRBG 1744 tristate 1745 default CRYPTO_DRBG_MENU 1746 select CRYPTO_RNG 1747 select CRYPTO_JITTERENTROPY 1748 1749endif # if CRYPTO_DRBG_MENU 1750 1751config CRYPTO_JITTERENTROPY 1752 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1753 select CRYPTO_RNG 1754 help 1755 The Jitterentropy RNG is a noise that is intended 1756 to provide seed to another RNG. The RNG does not 1757 perform any cryptographic whitening of the generated 1758 random numbers. This Jitterentropy RNG registers with 1759 the kernel crypto API and can be used by any caller. 1760 1761config CRYPTO_USER_API 1762 tristate 1763 1764config CRYPTO_USER_API_HASH 1765 tristate "User-space interface for hash algorithms" 1766 depends on NET 1767 select CRYPTO_HASH 1768 select CRYPTO_USER_API 1769 help 1770 This option enables the user-spaces interface for hash 1771 algorithms. 1772 1773config CRYPTO_USER_API_SKCIPHER 1774 tristate "User-space interface for symmetric key cipher algorithms" 1775 depends on NET 1776 select CRYPTO_BLKCIPHER 1777 select CRYPTO_USER_API 1778 help 1779 This option enables the user-spaces interface for symmetric 1780 key cipher algorithms. 1781 1782config CRYPTO_USER_API_RNG 1783 tristate "User-space interface for random number generator algorithms" 1784 depends on NET 1785 select CRYPTO_RNG 1786 select CRYPTO_USER_API 1787 help 1788 This option enables the user-spaces interface for random 1789 number generator algorithms. 1790 1791config CRYPTO_USER_API_AEAD 1792 tristate "User-space interface for AEAD cipher algorithms" 1793 depends on NET 1794 select CRYPTO_AEAD 1795 select CRYPTO_BLKCIPHER 1796 select CRYPTO_NULL 1797 select CRYPTO_USER_API 1798 help 1799 This option enables the user-spaces interface for AEAD 1800 cipher algorithms. 1801 1802config CRYPTO_STATS 1803 bool "Crypto usage statistics for User-space" 1804 help 1805 This option enables the gathering of crypto stats. 1806 This will collect: 1807 - encrypt/decrypt size and numbers of symmeric operations 1808 - compress/decompress size and numbers of compress operations 1809 - size and numbers of hash operations 1810 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1811 - generate/seed numbers for rng operations 1812 1813config CRYPTO_HASH_INFO 1814 bool 1815 1816source "drivers/crypto/Kconfig" 1817source crypto/asymmetric_keys/Kconfig 1818source certs/Kconfig 1819 1820endif # if CRYPTO 1821