xref: /linux/crypto/Kconfig (revision cc1e6315e83db0e517dd9279050b88adc83a7eba)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_RSA
117	tristate "RSA algorithm"
118	select CRYPTO_AKCIPHER
119	select CRYPTO_MANAGER
120	select MPILIB
121	select ASN1
122	help
123	  Generic implementation of the RSA public key algorithm.
124
125config CRYPTO_DH
126	tristate "Diffie-Hellman algorithm"
127	select CRYPTO_KPP
128	select MPILIB
129	help
130	  Generic implementation of the Diffie-Hellman algorithm.
131
132config CRYPTO_ECDH
133	tristate "ECDH algorithm"
134	select CRYPTO_KPP
135	select CRYPTO_RNG_DEFAULT
136	help
137	  Generic implementation of the ECDH algorithm
138
139config CRYPTO_MANAGER
140	tristate "Cryptographic algorithm manager"
141	select CRYPTO_MANAGER2
142	help
143	  Create default cryptographic template instantiations such as
144	  cbc(aes).
145
146config CRYPTO_MANAGER2
147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148	select CRYPTO_AEAD2
149	select CRYPTO_HASH2
150	select CRYPTO_BLKCIPHER2
151	select CRYPTO_AKCIPHER2
152	select CRYPTO_KPP2
153	select CRYPTO_ACOMP2
154
155config CRYPTO_USER
156	tristate "Userspace cryptographic algorithm configuration"
157	depends on NET
158	select CRYPTO_MANAGER
159	help
160	  Userspace configuration for cryptographic instantiations such as
161	  cbc(aes).
162
163config CRYPTO_MANAGER_DISABLE_TESTS
164	bool "Disable run-time self tests"
165	default y
166	depends on CRYPTO_MANAGER2
167	help
168	  Disable run-time self tests that normally take place at
169	  algorithm registration.
170
171config CRYPTO_GF128MUL
172	tristate "GF(2^128) multiplication functions"
173	help
174	  Efficient table driven implementation of multiplications in the
175	  field GF(2^128).  This is needed by some cypher modes. This
176	  option will be selected automatically if you select such a
177	  cipher mode.  Only select this option by hand if you expect to load
178	  an external module that requires these functions.
179
180config CRYPTO_NULL
181	tristate "Null algorithms"
182	select CRYPTO_NULL2
183	help
184	  These are 'Null' algorithms, used by IPsec, which do nothing.
185
186config CRYPTO_NULL2
187	tristate
188	select CRYPTO_ALGAPI2
189	select CRYPTO_BLKCIPHER2
190	select CRYPTO_HASH2
191
192config CRYPTO_PCRYPT
193	tristate "Parallel crypto engine"
194	depends on SMP
195	select PADATA
196	select CRYPTO_MANAGER
197	select CRYPTO_AEAD
198	help
199	  This converts an arbitrary crypto algorithm into a parallel
200	  algorithm that executes in kernel threads.
201
202config CRYPTO_WORKQUEUE
203       tristate
204
205config CRYPTO_CRYPTD
206	tristate "Software async crypto daemon"
207	select CRYPTO_BLKCIPHER
208	select CRYPTO_HASH
209	select CRYPTO_MANAGER
210	select CRYPTO_WORKQUEUE
211	help
212	  This is a generic software asynchronous crypto daemon that
213	  converts an arbitrary synchronous software crypto algorithm
214	  into an asynchronous algorithm that executes in a kernel thread.
215
216config CRYPTO_MCRYPTD
217	tristate "Software async multi-buffer crypto daemon"
218	select CRYPTO_BLKCIPHER
219	select CRYPTO_HASH
220	select CRYPTO_MANAGER
221	select CRYPTO_WORKQUEUE
222	help
223	  This is a generic software asynchronous crypto daemon that
224	  provides the kernel thread to assist multi-buffer crypto
225	  algorithms for submitting jobs and flushing jobs in multi-buffer
226	  crypto algorithms.  Multi-buffer crypto algorithms are executed
227	  in the context of this kernel thread and drivers can post
228	  their crypto request asynchronously to be processed by this daemon.
229
230config CRYPTO_AUTHENC
231	tristate "Authenc support"
232	select CRYPTO_AEAD
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	select CRYPTO_HASH
236	select CRYPTO_NULL
237	help
238	  Authenc: Combined mode wrapper for IPsec.
239	  This is required for IPSec.
240
241config CRYPTO_TEST
242	tristate "Testing module"
243	depends on m
244	select CRYPTO_MANAGER
245	help
246	  Quick & dirty crypto test module.
247
248config CRYPTO_SIMD
249	tristate
250	select CRYPTO_CRYPTD
251
252config CRYPTO_GLUE_HELPER_X86
253	tristate
254	depends on X86
255	select CRYPTO_BLKCIPHER
256
257config CRYPTO_ENGINE
258	tristate
259
260comment "Authenticated Encryption with Associated Data"
261
262config CRYPTO_CCM
263	tristate "CCM support"
264	select CRYPTO_CTR
265	select CRYPTO_HASH
266	select CRYPTO_AEAD
267	help
268	  Support for Counter with CBC MAC. Required for IPsec.
269
270config CRYPTO_GCM
271	tristate "GCM/GMAC support"
272	select CRYPTO_CTR
273	select CRYPTO_AEAD
274	select CRYPTO_GHASH
275	select CRYPTO_NULL
276	help
277	  Support for Galois/Counter Mode (GCM) and Galois Message
278	  Authentication Code (GMAC). Required for IPSec.
279
280config CRYPTO_CHACHA20POLY1305
281	tristate "ChaCha20-Poly1305 AEAD support"
282	select CRYPTO_CHACHA20
283	select CRYPTO_POLY1305
284	select CRYPTO_AEAD
285	help
286	  ChaCha20-Poly1305 AEAD support, RFC7539.
287
288	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
289	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
290	  IETF protocols.
291
292config CRYPTO_AEGIS128
293	tristate "AEGIS-128 AEAD algorithm"
294	select CRYPTO_AEAD
295	select CRYPTO_AES  # for AES S-box tables
296	help
297	 Support for the AEGIS-128 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128L
300	tristate "AEGIS-128L AEAD algorithm"
301	select CRYPTO_AEAD
302	select CRYPTO_AES  # for AES S-box tables
303	help
304	 Support for the AEGIS-128L dedicated AEAD algorithm.
305
306config CRYPTO_AEGIS256
307	tristate "AEGIS-256 AEAD algorithm"
308	select CRYPTO_AEAD
309	select CRYPTO_AES  # for AES S-box tables
310	help
311	 Support for the AEGIS-256 dedicated AEAD algorithm.
312
313config CRYPTO_AEGIS128_AESNI_SSE2
314	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
315	depends on X86 && 64BIT
316	select CRYPTO_AEAD
317	select CRYPTO_CRYPTD
318	help
319	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
320
321config CRYPTO_AEGIS128L_AESNI_SSE2
322	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
323	depends on X86 && 64BIT
324	select CRYPTO_AEAD
325	select CRYPTO_CRYPTD
326	help
327	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
328
329config CRYPTO_AEGIS256_AESNI_SSE2
330	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
331	depends on X86 && 64BIT
332	select CRYPTO_AEAD
333	select CRYPTO_CRYPTD
334	help
335	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
336
337config CRYPTO_MORUS640
338	tristate "MORUS-640 AEAD algorithm"
339	select CRYPTO_AEAD
340	help
341	  Support for the MORUS-640 dedicated AEAD algorithm.
342
343config CRYPTO_MORUS640_GLUE
344	tristate
345	depends on X86
346	select CRYPTO_AEAD
347	select CRYPTO_CRYPTD
348	help
349	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
350	  algorithm.
351
352config CRYPTO_MORUS640_SSE2
353	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
354	depends on X86 && 64BIT
355	select CRYPTO_AEAD
356	select CRYPTO_MORUS640_GLUE
357	help
358	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
359
360config CRYPTO_MORUS1280
361	tristate "MORUS-1280 AEAD algorithm"
362	select CRYPTO_AEAD
363	help
364	  Support for the MORUS-1280 dedicated AEAD algorithm.
365
366config CRYPTO_MORUS1280_GLUE
367	tristate
368	depends on X86
369	select CRYPTO_AEAD
370	select CRYPTO_CRYPTD
371	help
372	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
373	  algorithm.
374
375config CRYPTO_MORUS1280_SSE2
376	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
377	depends on X86 && 64BIT
378	select CRYPTO_AEAD
379	select CRYPTO_MORUS1280_GLUE
380	help
381	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
382	  algorithm.
383
384config CRYPTO_MORUS1280_AVX2
385	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
386	depends on X86 && 64BIT
387	select CRYPTO_AEAD
388	select CRYPTO_MORUS1280_GLUE
389	help
390	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
391	  algorithm.
392
393config CRYPTO_SEQIV
394	tristate "Sequence Number IV Generator"
395	select CRYPTO_AEAD
396	select CRYPTO_BLKCIPHER
397	select CRYPTO_NULL
398	select CRYPTO_RNG_DEFAULT
399	help
400	  This IV generator generates an IV based on a sequence number by
401	  xoring it with a salt.  This algorithm is mainly useful for CTR
402
403config CRYPTO_ECHAINIV
404	tristate "Encrypted Chain IV Generator"
405	select CRYPTO_AEAD
406	select CRYPTO_NULL
407	select CRYPTO_RNG_DEFAULT
408	default m
409	help
410	  This IV generator generates an IV based on the encryption of
411	  a sequence number xored with a salt.  This is the default
412	  algorithm for CBC.
413
414comment "Block modes"
415
416config CRYPTO_CBC
417	tristate "CBC support"
418	select CRYPTO_BLKCIPHER
419	select CRYPTO_MANAGER
420	help
421	  CBC: Cipher Block Chaining mode
422	  This block cipher algorithm is required for IPSec.
423
424config CRYPTO_CFB
425	tristate "CFB support"
426	select CRYPTO_BLKCIPHER
427	select CRYPTO_MANAGER
428	help
429	  CFB: Cipher FeedBack mode
430	  This block cipher algorithm is required for TPM2 Cryptography.
431
432config CRYPTO_CTR
433	tristate "CTR support"
434	select CRYPTO_BLKCIPHER
435	select CRYPTO_SEQIV
436	select CRYPTO_MANAGER
437	help
438	  CTR: Counter mode
439	  This block cipher algorithm is required for IPSec.
440
441config CRYPTO_CTS
442	tristate "CTS support"
443	select CRYPTO_BLKCIPHER
444	help
445	  CTS: Cipher Text Stealing
446	  This is the Cipher Text Stealing mode as described by
447	  Section 8 of rfc2040 and referenced by rfc3962.
448	  (rfc3962 includes errata information in its Appendix A)
449	  This mode is required for Kerberos gss mechanism support
450	  for AES encryption.
451
452config CRYPTO_ECB
453	tristate "ECB support"
454	select CRYPTO_BLKCIPHER
455	select CRYPTO_MANAGER
456	help
457	  ECB: Electronic CodeBook mode
458	  This is the simplest block cipher algorithm.  It simply encrypts
459	  the input block by block.
460
461config CRYPTO_LRW
462	tristate "LRW support"
463	select CRYPTO_BLKCIPHER
464	select CRYPTO_MANAGER
465	select CRYPTO_GF128MUL
466	help
467	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
468	  narrow block cipher mode for dm-crypt.  Use it with cipher
469	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
470	  The first 128, 192 or 256 bits in the key are used for AES and the
471	  rest is used to tie each cipher block to its logical position.
472
473config CRYPTO_PCBC
474	tristate "PCBC support"
475	select CRYPTO_BLKCIPHER
476	select CRYPTO_MANAGER
477	help
478	  PCBC: Propagating Cipher Block Chaining mode
479	  This block cipher algorithm is required for RxRPC.
480
481config CRYPTO_XTS
482	tristate "XTS support"
483	select CRYPTO_BLKCIPHER
484	select CRYPTO_MANAGER
485	select CRYPTO_ECB
486	help
487	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
488	  key size 256, 384 or 512 bits. This implementation currently
489	  can't handle a sectorsize which is not a multiple of 16 bytes.
490
491config CRYPTO_KEYWRAP
492	tristate "Key wrapping support"
493	select CRYPTO_BLKCIPHER
494	help
495	  Support for key wrapping (NIST SP800-38F / RFC3394) without
496	  padding.
497
498comment "Hash modes"
499
500config CRYPTO_CMAC
501	tristate "CMAC support"
502	select CRYPTO_HASH
503	select CRYPTO_MANAGER
504	help
505	  Cipher-based Message Authentication Code (CMAC) specified by
506	  The National Institute of Standards and Technology (NIST).
507
508	  https://tools.ietf.org/html/rfc4493
509	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
510
511config CRYPTO_HMAC
512	tristate "HMAC support"
513	select CRYPTO_HASH
514	select CRYPTO_MANAGER
515	help
516	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
517	  This is required for IPSec.
518
519config CRYPTO_XCBC
520	tristate "XCBC support"
521	select CRYPTO_HASH
522	select CRYPTO_MANAGER
523	help
524	  XCBC: Keyed-Hashing with encryption algorithm
525		http://www.ietf.org/rfc/rfc3566.txt
526		http://csrc.nist.gov/encryption/modes/proposedmodes/
527		 xcbc-mac/xcbc-mac-spec.pdf
528
529config CRYPTO_VMAC
530	tristate "VMAC support"
531	select CRYPTO_HASH
532	select CRYPTO_MANAGER
533	help
534	  VMAC is a message authentication algorithm designed for
535	  very high speed on 64-bit architectures.
536
537	  See also:
538	  <http://fastcrypto.org/vmac>
539
540comment "Digest"
541
542config CRYPTO_CRC32C
543	tristate "CRC32c CRC algorithm"
544	select CRYPTO_HASH
545	select CRC32
546	help
547	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
548	  by iSCSI for header and data digests and by others.
549	  See Castagnoli93.  Module will be crc32c.
550
551config CRYPTO_CRC32C_INTEL
552	tristate "CRC32c INTEL hardware acceleration"
553	depends on X86
554	select CRYPTO_HASH
555	help
556	  In Intel processor with SSE4.2 supported, the processor will
557	  support CRC32C implementation using hardware accelerated CRC32
558	  instruction. This option will create 'crc32c-intel' module,
559	  which will enable any routine to use the CRC32 instruction to
560	  gain performance compared with software implementation.
561	  Module will be crc32c-intel.
562
563config CRYPTO_CRC32C_VPMSUM
564	tristate "CRC32c CRC algorithm (powerpc64)"
565	depends on PPC64 && ALTIVEC
566	select CRYPTO_HASH
567	select CRC32
568	help
569	  CRC32c algorithm implemented using vector polynomial multiply-sum
570	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
571	  and newer processors for improved performance.
572
573
574config CRYPTO_CRC32C_SPARC64
575	tristate "CRC32c CRC algorithm (SPARC64)"
576	depends on SPARC64
577	select CRYPTO_HASH
578	select CRC32
579	help
580	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
581	  when available.
582
583config CRYPTO_CRC32
584	tristate "CRC32 CRC algorithm"
585	select CRYPTO_HASH
586	select CRC32
587	help
588	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
589	  Shash crypto api wrappers to crc32_le function.
590
591config CRYPTO_CRC32_PCLMUL
592	tristate "CRC32 PCLMULQDQ hardware acceleration"
593	depends on X86
594	select CRYPTO_HASH
595	select CRC32
596	help
597	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
598	  and PCLMULQDQ supported, the processor will support
599	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
600	  instruction. This option will create 'crc32-plcmul' module,
601	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
602	  and gain better performance as compared with the table implementation.
603
604config CRYPTO_CRC32_MIPS
605	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
606	depends on MIPS_CRC_SUPPORT
607	select CRYPTO_HASH
608	help
609	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
610	  instructions, when available.
611
612
613config CRYPTO_CRCT10DIF
614	tristate "CRCT10DIF algorithm"
615	select CRYPTO_HASH
616	help
617	  CRC T10 Data Integrity Field computation is being cast as
618	  a crypto transform.  This allows for faster crc t10 diff
619	  transforms to be used if they are available.
620
621config CRYPTO_CRCT10DIF_PCLMUL
622	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
623	depends on X86 && 64BIT && CRC_T10DIF
624	select CRYPTO_HASH
625	help
626	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
627	  CRC T10 DIF PCLMULQDQ computation can be hardware
628	  accelerated PCLMULQDQ instruction. This option will create
629	  'crct10dif-plcmul' module, which is faster when computing the
630	  crct10dif checksum as compared with the generic table implementation.
631
632config CRYPTO_CRCT10DIF_VPMSUM
633	tristate "CRC32T10DIF powerpc64 hardware acceleration"
634	depends on PPC64 && ALTIVEC && CRC_T10DIF
635	select CRYPTO_HASH
636	help
637	  CRC10T10DIF algorithm implemented using vector polynomial
638	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
639	  POWER8 and newer processors for improved performance.
640
641config CRYPTO_VPMSUM_TESTER
642	tristate "Powerpc64 vpmsum hardware acceleration tester"
643	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
644	help
645	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
646	  POWER8 vpmsum instructions.
647	  Unless you are testing these algorithms, you don't need this.
648
649config CRYPTO_GHASH
650	tristate "GHASH digest algorithm"
651	select CRYPTO_GF128MUL
652	select CRYPTO_HASH
653	help
654	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
655
656config CRYPTO_POLY1305
657	tristate "Poly1305 authenticator algorithm"
658	select CRYPTO_HASH
659	help
660	  Poly1305 authenticator algorithm, RFC7539.
661
662	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
663	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
664	  in IETF protocols. This is the portable C implementation of Poly1305.
665
666config CRYPTO_POLY1305_X86_64
667	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
668	depends on X86 && 64BIT
669	select CRYPTO_POLY1305
670	help
671	  Poly1305 authenticator algorithm, RFC7539.
672
673	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
674	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
675	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
676	  instructions.
677
678config CRYPTO_MD4
679	tristate "MD4 digest algorithm"
680	select CRYPTO_HASH
681	help
682	  MD4 message digest algorithm (RFC1320).
683
684config CRYPTO_MD5
685	tristate "MD5 digest algorithm"
686	select CRYPTO_HASH
687	help
688	  MD5 message digest algorithm (RFC1321).
689
690config CRYPTO_MD5_OCTEON
691	tristate "MD5 digest algorithm (OCTEON)"
692	depends on CPU_CAVIUM_OCTEON
693	select CRYPTO_MD5
694	select CRYPTO_HASH
695	help
696	  MD5 message digest algorithm (RFC1321) implemented
697	  using OCTEON crypto instructions, when available.
698
699config CRYPTO_MD5_PPC
700	tristate "MD5 digest algorithm (PPC)"
701	depends on PPC
702	select CRYPTO_HASH
703	help
704	  MD5 message digest algorithm (RFC1321) implemented
705	  in PPC assembler.
706
707config CRYPTO_MD5_SPARC64
708	tristate "MD5 digest algorithm (SPARC64)"
709	depends on SPARC64
710	select CRYPTO_MD5
711	select CRYPTO_HASH
712	help
713	  MD5 message digest algorithm (RFC1321) implemented
714	  using sparc64 crypto instructions, when available.
715
716config CRYPTO_MICHAEL_MIC
717	tristate "Michael MIC keyed digest algorithm"
718	select CRYPTO_HASH
719	help
720	  Michael MIC is used for message integrity protection in TKIP
721	  (IEEE 802.11i). This algorithm is required for TKIP, but it
722	  should not be used for other purposes because of the weakness
723	  of the algorithm.
724
725config CRYPTO_RMD128
726	tristate "RIPEMD-128 digest algorithm"
727	select CRYPTO_HASH
728	help
729	  RIPEMD-128 (ISO/IEC 10118-3:2004).
730
731	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
732	  be used as a secure replacement for RIPEMD. For other use cases,
733	  RIPEMD-160 should be used.
734
735	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
736	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
737
738config CRYPTO_RMD160
739	tristate "RIPEMD-160 digest algorithm"
740	select CRYPTO_HASH
741	help
742	  RIPEMD-160 (ISO/IEC 10118-3:2004).
743
744	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
745	  to be used as a secure replacement for the 128-bit hash functions
746	  MD4, MD5 and it's predecessor RIPEMD
747	  (not to be confused with RIPEMD-128).
748
749	  It's speed is comparable to SHA1 and there are no known attacks
750	  against RIPEMD-160.
751
752	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
753	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
754
755config CRYPTO_RMD256
756	tristate "RIPEMD-256 digest algorithm"
757	select CRYPTO_HASH
758	help
759	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
760	  256 bit hash. It is intended for applications that require
761	  longer hash-results, without needing a larger security level
762	  (than RIPEMD-128).
763
764	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
765	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
766
767config CRYPTO_RMD320
768	tristate "RIPEMD-320 digest algorithm"
769	select CRYPTO_HASH
770	help
771	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
772	  320 bit hash. It is intended for applications that require
773	  longer hash-results, without needing a larger security level
774	  (than RIPEMD-160).
775
776	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
777	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
778
779config CRYPTO_SHA1
780	tristate "SHA1 digest algorithm"
781	select CRYPTO_HASH
782	help
783	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
784
785config CRYPTO_SHA1_SSSE3
786	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
787	depends on X86 && 64BIT
788	select CRYPTO_SHA1
789	select CRYPTO_HASH
790	help
791	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
792	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
793	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
794	  when available.
795
796config CRYPTO_SHA256_SSSE3
797	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
798	depends on X86 && 64BIT
799	select CRYPTO_SHA256
800	select CRYPTO_HASH
801	help
802	  SHA-256 secure hash standard (DFIPS 180-2) implemented
803	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
804	  Extensions version 1 (AVX1), or Advanced Vector Extensions
805	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
806	  Instructions) when available.
807
808config CRYPTO_SHA512_SSSE3
809	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
810	depends on X86 && 64BIT
811	select CRYPTO_SHA512
812	select CRYPTO_HASH
813	help
814	  SHA-512 secure hash standard (DFIPS 180-2) implemented
815	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
816	  Extensions version 1 (AVX1), or Advanced Vector Extensions
817	  version 2 (AVX2) instructions, when available.
818
819config CRYPTO_SHA1_OCTEON
820	tristate "SHA1 digest algorithm (OCTEON)"
821	depends on CPU_CAVIUM_OCTEON
822	select CRYPTO_SHA1
823	select CRYPTO_HASH
824	help
825	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
826	  using OCTEON crypto instructions, when available.
827
828config CRYPTO_SHA1_SPARC64
829	tristate "SHA1 digest algorithm (SPARC64)"
830	depends on SPARC64
831	select CRYPTO_SHA1
832	select CRYPTO_HASH
833	help
834	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
835	  using sparc64 crypto instructions, when available.
836
837config CRYPTO_SHA1_PPC
838	tristate "SHA1 digest algorithm (powerpc)"
839	depends on PPC
840	help
841	  This is the powerpc hardware accelerated implementation of the
842	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
843
844config CRYPTO_SHA1_PPC_SPE
845	tristate "SHA1 digest algorithm (PPC SPE)"
846	depends on PPC && SPE
847	help
848	  SHA-1 secure hash standard (DFIPS 180-4) implemented
849	  using powerpc SPE SIMD instruction set.
850
851config CRYPTO_SHA1_MB
852	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
853	depends on X86 && 64BIT
854	select CRYPTO_SHA1
855	select CRYPTO_HASH
856	select CRYPTO_MCRYPTD
857	help
858	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
859	  using multi-buffer technique.  This algorithm computes on
860	  multiple data lanes concurrently with SIMD instructions for
861	  better throughput.  It should not be enabled by default but
862	  used when there is significant amount of work to keep the keep
863	  the data lanes filled to get performance benefit.  If the data
864	  lanes remain unfilled, a flush operation will be initiated to
865	  process the crypto jobs, adding a slight latency.
866
867config CRYPTO_SHA256_MB
868	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
869	depends on X86 && 64BIT
870	select CRYPTO_SHA256
871	select CRYPTO_HASH
872	select CRYPTO_MCRYPTD
873	help
874	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
875	  using multi-buffer technique.  This algorithm computes on
876	  multiple data lanes concurrently with SIMD instructions for
877	  better throughput.  It should not be enabled by default but
878	  used when there is significant amount of work to keep the keep
879	  the data lanes filled to get performance benefit.  If the data
880	  lanes remain unfilled, a flush operation will be initiated to
881	  process the crypto jobs, adding a slight latency.
882
883config CRYPTO_SHA512_MB
884        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
885        depends on X86 && 64BIT
886        select CRYPTO_SHA512
887        select CRYPTO_HASH
888        select CRYPTO_MCRYPTD
889        help
890          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
891          using multi-buffer technique.  This algorithm computes on
892          multiple data lanes concurrently with SIMD instructions for
893          better throughput.  It should not be enabled by default but
894          used when there is significant amount of work to keep the keep
895          the data lanes filled to get performance benefit.  If the data
896          lanes remain unfilled, a flush operation will be initiated to
897          process the crypto jobs, adding a slight latency.
898
899config CRYPTO_SHA256
900	tristate "SHA224 and SHA256 digest algorithm"
901	select CRYPTO_HASH
902	help
903	  SHA256 secure hash standard (DFIPS 180-2).
904
905	  This version of SHA implements a 256 bit hash with 128 bits of
906	  security against collision attacks.
907
908	  This code also includes SHA-224, a 224 bit hash with 112 bits
909	  of security against collision attacks.
910
911config CRYPTO_SHA256_PPC_SPE
912	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
913	depends on PPC && SPE
914	select CRYPTO_SHA256
915	select CRYPTO_HASH
916	help
917	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
918	  implemented using powerpc SPE SIMD instruction set.
919
920config CRYPTO_SHA256_OCTEON
921	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
922	depends on CPU_CAVIUM_OCTEON
923	select CRYPTO_SHA256
924	select CRYPTO_HASH
925	help
926	  SHA-256 secure hash standard (DFIPS 180-2) implemented
927	  using OCTEON crypto instructions, when available.
928
929config CRYPTO_SHA256_SPARC64
930	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
931	depends on SPARC64
932	select CRYPTO_SHA256
933	select CRYPTO_HASH
934	help
935	  SHA-256 secure hash standard (DFIPS 180-2) implemented
936	  using sparc64 crypto instructions, when available.
937
938config CRYPTO_SHA512
939	tristate "SHA384 and SHA512 digest algorithms"
940	select CRYPTO_HASH
941	help
942	  SHA512 secure hash standard (DFIPS 180-2).
943
944	  This version of SHA implements a 512 bit hash with 256 bits of
945	  security against collision attacks.
946
947	  This code also includes SHA-384, a 384 bit hash with 192 bits
948	  of security against collision attacks.
949
950config CRYPTO_SHA512_OCTEON
951	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
952	depends on CPU_CAVIUM_OCTEON
953	select CRYPTO_SHA512
954	select CRYPTO_HASH
955	help
956	  SHA-512 secure hash standard (DFIPS 180-2) implemented
957	  using OCTEON crypto instructions, when available.
958
959config CRYPTO_SHA512_SPARC64
960	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
961	depends on SPARC64
962	select CRYPTO_SHA512
963	select CRYPTO_HASH
964	help
965	  SHA-512 secure hash standard (DFIPS 180-2) implemented
966	  using sparc64 crypto instructions, when available.
967
968config CRYPTO_SHA3
969	tristate "SHA3 digest algorithm"
970	select CRYPTO_HASH
971	help
972	  SHA-3 secure hash standard (DFIPS 202). It's based on
973	  cryptographic sponge function family called Keccak.
974
975	  References:
976	  http://keccak.noekeon.org/
977
978config CRYPTO_SM3
979	tristate "SM3 digest algorithm"
980	select CRYPTO_HASH
981	help
982	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
983	  It is part of the Chinese Commercial Cryptography suite.
984
985	  References:
986	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
987	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
988
989config CRYPTO_TGR192
990	tristate "Tiger digest algorithms"
991	select CRYPTO_HASH
992	help
993	  Tiger hash algorithm 192, 160 and 128-bit hashes
994
995	  Tiger is a hash function optimized for 64-bit processors while
996	  still having decent performance on 32-bit processors.
997	  Tiger was developed by Ross Anderson and Eli Biham.
998
999	  See also:
1000	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1001
1002config CRYPTO_WP512
1003	tristate "Whirlpool digest algorithms"
1004	select CRYPTO_HASH
1005	help
1006	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1007
1008	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1009	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1010
1011	  See also:
1012	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1013
1014config CRYPTO_GHASH_CLMUL_NI_INTEL
1015	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1016	depends on X86 && 64BIT
1017	select CRYPTO_CRYPTD
1018	help
1019	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1020	  The implementation is accelerated by CLMUL-NI of Intel.
1021
1022comment "Ciphers"
1023
1024config CRYPTO_AES
1025	tristate "AES cipher algorithms"
1026	select CRYPTO_ALGAPI
1027	help
1028	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1029	  algorithm.
1030
1031	  Rijndael appears to be consistently a very good performer in
1032	  both hardware and software across a wide range of computing
1033	  environments regardless of its use in feedback or non-feedback
1034	  modes. Its key setup time is excellent, and its key agility is
1035	  good. Rijndael's very low memory requirements make it very well
1036	  suited for restricted-space environments, in which it also
1037	  demonstrates excellent performance. Rijndael's operations are
1038	  among the easiest to defend against power and timing attacks.
1039
1040	  The AES specifies three key sizes: 128, 192 and 256 bits
1041
1042	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1043
1044config CRYPTO_AES_TI
1045	tristate "Fixed time AES cipher"
1046	select CRYPTO_ALGAPI
1047	help
1048	  This is a generic implementation of AES that attempts to eliminate
1049	  data dependent latencies as much as possible without affecting
1050	  performance too much. It is intended for use by the generic CCM
1051	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1052	  solely on encryption (although decryption is supported as well, but
1053	  with a more dramatic performance hit)
1054
1055	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1056	  8 for decryption), this implementation only uses just two S-boxes of
1057	  256 bytes each, and attempts to eliminate data dependent latencies by
1058	  prefetching the entire table into the cache at the start of each
1059	  block.
1060
1061config CRYPTO_AES_586
1062	tristate "AES cipher algorithms (i586)"
1063	depends on (X86 || UML_X86) && !64BIT
1064	select CRYPTO_ALGAPI
1065	select CRYPTO_AES
1066	help
1067	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1068	  algorithm.
1069
1070	  Rijndael appears to be consistently a very good performer in
1071	  both hardware and software across a wide range of computing
1072	  environments regardless of its use in feedback or non-feedback
1073	  modes. Its key setup time is excellent, and its key agility is
1074	  good. Rijndael's very low memory requirements make it very well
1075	  suited for restricted-space environments, in which it also
1076	  demonstrates excellent performance. Rijndael's operations are
1077	  among the easiest to defend against power and timing attacks.
1078
1079	  The AES specifies three key sizes: 128, 192 and 256 bits
1080
1081	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1082
1083config CRYPTO_AES_X86_64
1084	tristate "AES cipher algorithms (x86_64)"
1085	depends on (X86 || UML_X86) && 64BIT
1086	select CRYPTO_ALGAPI
1087	select CRYPTO_AES
1088	help
1089	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1090	  algorithm.
1091
1092	  Rijndael appears to be consistently a very good performer in
1093	  both hardware and software across a wide range of computing
1094	  environments regardless of its use in feedback or non-feedback
1095	  modes. Its key setup time is excellent, and its key agility is
1096	  good. Rijndael's very low memory requirements make it very well
1097	  suited for restricted-space environments, in which it also
1098	  demonstrates excellent performance. Rijndael's operations are
1099	  among the easiest to defend against power and timing attacks.
1100
1101	  The AES specifies three key sizes: 128, 192 and 256 bits
1102
1103	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1104
1105config CRYPTO_AES_NI_INTEL
1106	tristate "AES cipher algorithms (AES-NI)"
1107	depends on X86
1108	select CRYPTO_AEAD
1109	select CRYPTO_AES_X86_64 if 64BIT
1110	select CRYPTO_AES_586 if !64BIT
1111	select CRYPTO_ALGAPI
1112	select CRYPTO_BLKCIPHER
1113	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1114	select CRYPTO_SIMD
1115	help
1116	  Use Intel AES-NI instructions for AES algorithm.
1117
1118	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1119	  algorithm.
1120
1121	  Rijndael appears to be consistently a very good performer in
1122	  both hardware and software across a wide range of computing
1123	  environments regardless of its use in feedback or non-feedback
1124	  modes. Its key setup time is excellent, and its key agility is
1125	  good. Rijndael's very low memory requirements make it very well
1126	  suited for restricted-space environments, in which it also
1127	  demonstrates excellent performance. Rijndael's operations are
1128	  among the easiest to defend against power and timing attacks.
1129
1130	  The AES specifies three key sizes: 128, 192 and 256 bits
1131
1132	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1133
1134	  In addition to AES cipher algorithm support, the acceleration
1135	  for some popular block cipher mode is supported too, including
1136	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1137	  acceleration for CTR.
1138
1139config CRYPTO_AES_SPARC64
1140	tristate "AES cipher algorithms (SPARC64)"
1141	depends on SPARC64
1142	select CRYPTO_CRYPTD
1143	select CRYPTO_ALGAPI
1144	help
1145	  Use SPARC64 crypto opcodes for AES algorithm.
1146
1147	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1148	  algorithm.
1149
1150	  Rijndael appears to be consistently a very good performer in
1151	  both hardware and software across a wide range of computing
1152	  environments regardless of its use in feedback or non-feedback
1153	  modes. Its key setup time is excellent, and its key agility is
1154	  good. Rijndael's very low memory requirements make it very well
1155	  suited for restricted-space environments, in which it also
1156	  demonstrates excellent performance. Rijndael's operations are
1157	  among the easiest to defend against power and timing attacks.
1158
1159	  The AES specifies three key sizes: 128, 192 and 256 bits
1160
1161	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1162
1163	  In addition to AES cipher algorithm support, the acceleration
1164	  for some popular block cipher mode is supported too, including
1165	  ECB and CBC.
1166
1167config CRYPTO_AES_PPC_SPE
1168	tristate "AES cipher algorithms (PPC SPE)"
1169	depends on PPC && SPE
1170	help
1171	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1172	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1173	  This module should only be used for low power (router) devices
1174	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1175	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1176	  timining attacks. Nevertheless it might be not as secure as other
1177	  architecture specific assembler implementations that work on 1KB
1178	  tables or 256 bytes S-boxes.
1179
1180config CRYPTO_ANUBIS
1181	tristate "Anubis cipher algorithm"
1182	select CRYPTO_ALGAPI
1183	help
1184	  Anubis cipher algorithm.
1185
1186	  Anubis is a variable key length cipher which can use keys from
1187	  128 bits to 320 bits in length.  It was evaluated as a entrant
1188	  in the NESSIE competition.
1189
1190	  See also:
1191	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1192	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1193
1194config CRYPTO_ARC4
1195	tristate "ARC4 cipher algorithm"
1196	select CRYPTO_BLKCIPHER
1197	help
1198	  ARC4 cipher algorithm.
1199
1200	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1201	  bits in length.  This algorithm is required for driver-based
1202	  WEP, but it should not be for other purposes because of the
1203	  weakness of the algorithm.
1204
1205config CRYPTO_BLOWFISH
1206	tristate "Blowfish cipher algorithm"
1207	select CRYPTO_ALGAPI
1208	select CRYPTO_BLOWFISH_COMMON
1209	help
1210	  Blowfish cipher algorithm, by Bruce Schneier.
1211
1212	  This is a variable key length cipher which can use keys from 32
1213	  bits to 448 bits in length.  It's fast, simple and specifically
1214	  designed for use on "large microprocessors".
1215
1216	  See also:
1217	  <http://www.schneier.com/blowfish.html>
1218
1219config CRYPTO_BLOWFISH_COMMON
1220	tristate
1221	help
1222	  Common parts of the Blowfish cipher algorithm shared by the
1223	  generic c and the assembler implementations.
1224
1225	  See also:
1226	  <http://www.schneier.com/blowfish.html>
1227
1228config CRYPTO_BLOWFISH_X86_64
1229	tristate "Blowfish cipher algorithm (x86_64)"
1230	depends on X86 && 64BIT
1231	select CRYPTO_BLKCIPHER
1232	select CRYPTO_BLOWFISH_COMMON
1233	help
1234	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1235
1236	  This is a variable key length cipher which can use keys from 32
1237	  bits to 448 bits in length.  It's fast, simple and specifically
1238	  designed for use on "large microprocessors".
1239
1240	  See also:
1241	  <http://www.schneier.com/blowfish.html>
1242
1243config CRYPTO_CAMELLIA
1244	tristate "Camellia cipher algorithms"
1245	depends on CRYPTO
1246	select CRYPTO_ALGAPI
1247	help
1248	  Camellia cipher algorithms module.
1249
1250	  Camellia is a symmetric key block cipher developed jointly
1251	  at NTT and Mitsubishi Electric Corporation.
1252
1253	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1254
1255	  See also:
1256	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1257
1258config CRYPTO_CAMELLIA_X86_64
1259	tristate "Camellia cipher algorithm (x86_64)"
1260	depends on X86 && 64BIT
1261	depends on CRYPTO
1262	select CRYPTO_BLKCIPHER
1263	select CRYPTO_GLUE_HELPER_X86
1264	help
1265	  Camellia cipher algorithm module (x86_64).
1266
1267	  Camellia is a symmetric key block cipher developed jointly
1268	  at NTT and Mitsubishi Electric Corporation.
1269
1270	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1271
1272	  See also:
1273	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1274
1275config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1276	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1277	depends on X86 && 64BIT
1278	depends on CRYPTO
1279	select CRYPTO_BLKCIPHER
1280	select CRYPTO_CAMELLIA_X86_64
1281	select CRYPTO_GLUE_HELPER_X86
1282	select CRYPTO_SIMD
1283	select CRYPTO_XTS
1284	help
1285	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1286
1287	  Camellia is a symmetric key block cipher developed jointly
1288	  at NTT and Mitsubishi Electric Corporation.
1289
1290	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1291
1292	  See also:
1293	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1294
1295config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1296	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1297	depends on X86 && 64BIT
1298	depends on CRYPTO
1299	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1300	help
1301	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1302
1303	  Camellia is a symmetric key block cipher developed jointly
1304	  at NTT and Mitsubishi Electric Corporation.
1305
1306	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1307
1308	  See also:
1309	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1310
1311config CRYPTO_CAMELLIA_SPARC64
1312	tristate "Camellia cipher algorithm (SPARC64)"
1313	depends on SPARC64
1314	depends on CRYPTO
1315	select CRYPTO_ALGAPI
1316	help
1317	  Camellia cipher algorithm module (SPARC64).
1318
1319	  Camellia is a symmetric key block cipher developed jointly
1320	  at NTT and Mitsubishi Electric Corporation.
1321
1322	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1323
1324	  See also:
1325	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1326
1327config CRYPTO_CAST_COMMON
1328	tristate
1329	help
1330	  Common parts of the CAST cipher algorithms shared by the
1331	  generic c and the assembler implementations.
1332
1333config CRYPTO_CAST5
1334	tristate "CAST5 (CAST-128) cipher algorithm"
1335	select CRYPTO_ALGAPI
1336	select CRYPTO_CAST_COMMON
1337	help
1338	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1339	  described in RFC2144.
1340
1341config CRYPTO_CAST5_AVX_X86_64
1342	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1343	depends on X86 && 64BIT
1344	select CRYPTO_BLKCIPHER
1345	select CRYPTO_CAST5
1346	select CRYPTO_CAST_COMMON
1347	select CRYPTO_SIMD
1348	help
1349	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1350	  described in RFC2144.
1351
1352	  This module provides the Cast5 cipher algorithm that processes
1353	  sixteen blocks parallel using the AVX instruction set.
1354
1355config CRYPTO_CAST6
1356	tristate "CAST6 (CAST-256) cipher algorithm"
1357	select CRYPTO_ALGAPI
1358	select CRYPTO_CAST_COMMON
1359	help
1360	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1361	  described in RFC2612.
1362
1363config CRYPTO_CAST6_AVX_X86_64
1364	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1365	depends on X86 && 64BIT
1366	select CRYPTO_BLKCIPHER
1367	select CRYPTO_CAST6
1368	select CRYPTO_CAST_COMMON
1369	select CRYPTO_GLUE_HELPER_X86
1370	select CRYPTO_SIMD
1371	select CRYPTO_XTS
1372	help
1373	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1374	  described in RFC2612.
1375
1376	  This module provides the Cast6 cipher algorithm that processes
1377	  eight blocks parallel using the AVX instruction set.
1378
1379config CRYPTO_DES
1380	tristate "DES and Triple DES EDE cipher algorithms"
1381	select CRYPTO_ALGAPI
1382	help
1383	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1384
1385config CRYPTO_DES_SPARC64
1386	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1387	depends on SPARC64
1388	select CRYPTO_ALGAPI
1389	select CRYPTO_DES
1390	help
1391	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1392	  optimized using SPARC64 crypto opcodes.
1393
1394config CRYPTO_DES3_EDE_X86_64
1395	tristate "Triple DES EDE cipher algorithm (x86-64)"
1396	depends on X86 && 64BIT
1397	select CRYPTO_BLKCIPHER
1398	select CRYPTO_DES
1399	help
1400	  Triple DES EDE (FIPS 46-3) algorithm.
1401
1402	  This module provides implementation of the Triple DES EDE cipher
1403	  algorithm that is optimized for x86-64 processors. Two versions of
1404	  algorithm are provided; regular processing one input block and
1405	  one that processes three blocks parallel.
1406
1407config CRYPTO_FCRYPT
1408	tristate "FCrypt cipher algorithm"
1409	select CRYPTO_ALGAPI
1410	select CRYPTO_BLKCIPHER
1411	help
1412	  FCrypt algorithm used by RxRPC.
1413
1414config CRYPTO_KHAZAD
1415	tristate "Khazad cipher algorithm"
1416	select CRYPTO_ALGAPI
1417	help
1418	  Khazad cipher algorithm.
1419
1420	  Khazad was a finalist in the initial NESSIE competition.  It is
1421	  an algorithm optimized for 64-bit processors with good performance
1422	  on 32-bit processors.  Khazad uses an 128 bit key size.
1423
1424	  See also:
1425	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1426
1427config CRYPTO_SALSA20
1428	tristate "Salsa20 stream cipher algorithm"
1429	select CRYPTO_BLKCIPHER
1430	help
1431	  Salsa20 stream cipher algorithm.
1432
1433	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1434	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1435
1436	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1437	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1438
1439config CRYPTO_CHACHA20
1440	tristate "ChaCha20 cipher algorithm"
1441	select CRYPTO_BLKCIPHER
1442	help
1443	  ChaCha20 cipher algorithm, RFC7539.
1444
1445	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1446	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1447	  This is the portable C implementation of ChaCha20.
1448
1449	  See also:
1450	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1451
1452config CRYPTO_CHACHA20_X86_64
1453	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1454	depends on X86 && 64BIT
1455	select CRYPTO_BLKCIPHER
1456	select CRYPTO_CHACHA20
1457	help
1458	  ChaCha20 cipher algorithm, RFC7539.
1459
1460	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1461	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1462	  This is the x86_64 assembler implementation using SIMD instructions.
1463
1464	  See also:
1465	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1466
1467config CRYPTO_SEED
1468	tristate "SEED cipher algorithm"
1469	select CRYPTO_ALGAPI
1470	help
1471	  SEED cipher algorithm (RFC4269).
1472
1473	  SEED is a 128-bit symmetric key block cipher that has been
1474	  developed by KISA (Korea Information Security Agency) as a
1475	  national standard encryption algorithm of the Republic of Korea.
1476	  It is a 16 round block cipher with the key size of 128 bit.
1477
1478	  See also:
1479	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1480
1481config CRYPTO_SERPENT
1482	tristate "Serpent cipher algorithm"
1483	select CRYPTO_ALGAPI
1484	help
1485	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1486
1487	  Keys are allowed to be from 0 to 256 bits in length, in steps
1488	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1489	  variant of Serpent for compatibility with old kerneli.org code.
1490
1491	  See also:
1492	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1493
1494config CRYPTO_SERPENT_SSE2_X86_64
1495	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1496	depends on X86 && 64BIT
1497	select CRYPTO_BLKCIPHER
1498	select CRYPTO_GLUE_HELPER_X86
1499	select CRYPTO_SERPENT
1500	select CRYPTO_SIMD
1501	help
1502	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1503
1504	  Keys are allowed to be from 0 to 256 bits in length, in steps
1505	  of 8 bits.
1506
1507	  This module provides Serpent cipher algorithm that processes eight
1508	  blocks parallel using SSE2 instruction set.
1509
1510	  See also:
1511	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1512
1513config CRYPTO_SERPENT_SSE2_586
1514	tristate "Serpent cipher algorithm (i586/SSE2)"
1515	depends on X86 && !64BIT
1516	select CRYPTO_BLKCIPHER
1517	select CRYPTO_GLUE_HELPER_X86
1518	select CRYPTO_SERPENT
1519	select CRYPTO_SIMD
1520	help
1521	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1522
1523	  Keys are allowed to be from 0 to 256 bits in length, in steps
1524	  of 8 bits.
1525
1526	  This module provides Serpent cipher algorithm that processes four
1527	  blocks parallel using SSE2 instruction set.
1528
1529	  See also:
1530	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1531
1532config CRYPTO_SERPENT_AVX_X86_64
1533	tristate "Serpent cipher algorithm (x86_64/AVX)"
1534	depends on X86 && 64BIT
1535	select CRYPTO_BLKCIPHER
1536	select CRYPTO_GLUE_HELPER_X86
1537	select CRYPTO_SERPENT
1538	select CRYPTO_SIMD
1539	select CRYPTO_XTS
1540	help
1541	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1542
1543	  Keys are allowed to be from 0 to 256 bits in length, in steps
1544	  of 8 bits.
1545
1546	  This module provides the Serpent cipher algorithm that processes
1547	  eight blocks parallel using the AVX instruction set.
1548
1549	  See also:
1550	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1551
1552config CRYPTO_SERPENT_AVX2_X86_64
1553	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1554	depends on X86 && 64BIT
1555	select CRYPTO_SERPENT_AVX_X86_64
1556	help
1557	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1558
1559	  Keys are allowed to be from 0 to 256 bits in length, in steps
1560	  of 8 bits.
1561
1562	  This module provides Serpent cipher algorithm that processes 16
1563	  blocks parallel using AVX2 instruction set.
1564
1565	  See also:
1566	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1567
1568config CRYPTO_SM4
1569	tristate "SM4 cipher algorithm"
1570	select CRYPTO_ALGAPI
1571	help
1572	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1573
1574	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1575	  Organization of State Commercial Administration of China (OSCCA)
1576	  as an authorized cryptographic algorithms for the use within China.
1577
1578	  SMS4 was originally created for use in protecting wireless
1579	  networks, and is mandated in the Chinese National Standard for
1580	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1581	  (GB.15629.11-2003).
1582
1583	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1584	  standardized through TC 260 of the Standardization Administration
1585	  of the People's Republic of China (SAC).
1586
1587	  The input, output, and key of SMS4 are each 128 bits.
1588
1589	  See also: <https://eprint.iacr.org/2008/329.pdf>
1590
1591	  If unsure, say N.
1592
1593config CRYPTO_SPECK
1594	tristate "Speck cipher algorithm"
1595	select CRYPTO_ALGAPI
1596	help
1597	  Speck is a lightweight block cipher that is tuned for optimal
1598	  performance in software (rather than hardware).
1599
1600	  Speck may not be as secure as AES, and should only be used on systems
1601	  where AES is not fast enough.
1602
1603	  See also: <https://eprint.iacr.org/2013/404.pdf>
1604
1605	  If unsure, say N.
1606
1607config CRYPTO_TEA
1608	tristate "TEA, XTEA and XETA cipher algorithms"
1609	select CRYPTO_ALGAPI
1610	help
1611	  TEA cipher algorithm.
1612
1613	  Tiny Encryption Algorithm is a simple cipher that uses
1614	  many rounds for security.  It is very fast and uses
1615	  little memory.
1616
1617	  Xtendend Tiny Encryption Algorithm is a modification to
1618	  the TEA algorithm to address a potential key weakness
1619	  in the TEA algorithm.
1620
1621	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1622	  of the XTEA algorithm for compatibility purposes.
1623
1624config CRYPTO_TWOFISH
1625	tristate "Twofish cipher algorithm"
1626	select CRYPTO_ALGAPI
1627	select CRYPTO_TWOFISH_COMMON
1628	help
1629	  Twofish cipher algorithm.
1630
1631	  Twofish was submitted as an AES (Advanced Encryption Standard)
1632	  candidate cipher by researchers at CounterPane Systems.  It is a
1633	  16 round block cipher supporting key sizes of 128, 192, and 256
1634	  bits.
1635
1636	  See also:
1637	  <http://www.schneier.com/twofish.html>
1638
1639config CRYPTO_TWOFISH_COMMON
1640	tristate
1641	help
1642	  Common parts of the Twofish cipher algorithm shared by the
1643	  generic c and the assembler implementations.
1644
1645config CRYPTO_TWOFISH_586
1646	tristate "Twofish cipher algorithms (i586)"
1647	depends on (X86 || UML_X86) && !64BIT
1648	select CRYPTO_ALGAPI
1649	select CRYPTO_TWOFISH_COMMON
1650	help
1651	  Twofish cipher algorithm.
1652
1653	  Twofish was submitted as an AES (Advanced Encryption Standard)
1654	  candidate cipher by researchers at CounterPane Systems.  It is a
1655	  16 round block cipher supporting key sizes of 128, 192, and 256
1656	  bits.
1657
1658	  See also:
1659	  <http://www.schneier.com/twofish.html>
1660
1661config CRYPTO_TWOFISH_X86_64
1662	tristate "Twofish cipher algorithm (x86_64)"
1663	depends on (X86 || UML_X86) && 64BIT
1664	select CRYPTO_ALGAPI
1665	select CRYPTO_TWOFISH_COMMON
1666	help
1667	  Twofish cipher algorithm (x86_64).
1668
1669	  Twofish was submitted as an AES (Advanced Encryption Standard)
1670	  candidate cipher by researchers at CounterPane Systems.  It is a
1671	  16 round block cipher supporting key sizes of 128, 192, and 256
1672	  bits.
1673
1674	  See also:
1675	  <http://www.schneier.com/twofish.html>
1676
1677config CRYPTO_TWOFISH_X86_64_3WAY
1678	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1679	depends on X86 && 64BIT
1680	select CRYPTO_BLKCIPHER
1681	select CRYPTO_TWOFISH_COMMON
1682	select CRYPTO_TWOFISH_X86_64
1683	select CRYPTO_GLUE_HELPER_X86
1684	help
1685	  Twofish cipher algorithm (x86_64, 3-way parallel).
1686
1687	  Twofish was submitted as an AES (Advanced Encryption Standard)
1688	  candidate cipher by researchers at CounterPane Systems.  It is a
1689	  16 round block cipher supporting key sizes of 128, 192, and 256
1690	  bits.
1691
1692	  This module provides Twofish cipher algorithm that processes three
1693	  blocks parallel, utilizing resources of out-of-order CPUs better.
1694
1695	  See also:
1696	  <http://www.schneier.com/twofish.html>
1697
1698config CRYPTO_TWOFISH_AVX_X86_64
1699	tristate "Twofish cipher algorithm (x86_64/AVX)"
1700	depends on X86 && 64BIT
1701	select CRYPTO_BLKCIPHER
1702	select CRYPTO_GLUE_HELPER_X86
1703	select CRYPTO_SIMD
1704	select CRYPTO_TWOFISH_COMMON
1705	select CRYPTO_TWOFISH_X86_64
1706	select CRYPTO_TWOFISH_X86_64_3WAY
1707	help
1708	  Twofish cipher algorithm (x86_64/AVX).
1709
1710	  Twofish was submitted as an AES (Advanced Encryption Standard)
1711	  candidate cipher by researchers at CounterPane Systems.  It is a
1712	  16 round block cipher supporting key sizes of 128, 192, and 256
1713	  bits.
1714
1715	  This module provides the Twofish cipher algorithm that processes
1716	  eight blocks parallel using the AVX Instruction Set.
1717
1718	  See also:
1719	  <http://www.schneier.com/twofish.html>
1720
1721comment "Compression"
1722
1723config CRYPTO_DEFLATE
1724	tristate "Deflate compression algorithm"
1725	select CRYPTO_ALGAPI
1726	select CRYPTO_ACOMP2
1727	select ZLIB_INFLATE
1728	select ZLIB_DEFLATE
1729	help
1730	  This is the Deflate algorithm (RFC1951), specified for use in
1731	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1732
1733	  You will most probably want this if using IPSec.
1734
1735config CRYPTO_LZO
1736	tristate "LZO compression algorithm"
1737	select CRYPTO_ALGAPI
1738	select CRYPTO_ACOMP2
1739	select LZO_COMPRESS
1740	select LZO_DECOMPRESS
1741	help
1742	  This is the LZO algorithm.
1743
1744config CRYPTO_842
1745	tristate "842 compression algorithm"
1746	select CRYPTO_ALGAPI
1747	select CRYPTO_ACOMP2
1748	select 842_COMPRESS
1749	select 842_DECOMPRESS
1750	help
1751	  This is the 842 algorithm.
1752
1753config CRYPTO_LZ4
1754	tristate "LZ4 compression algorithm"
1755	select CRYPTO_ALGAPI
1756	select CRYPTO_ACOMP2
1757	select LZ4_COMPRESS
1758	select LZ4_DECOMPRESS
1759	help
1760	  This is the LZ4 algorithm.
1761
1762config CRYPTO_LZ4HC
1763	tristate "LZ4HC compression algorithm"
1764	select CRYPTO_ALGAPI
1765	select CRYPTO_ACOMP2
1766	select LZ4HC_COMPRESS
1767	select LZ4_DECOMPRESS
1768	help
1769	  This is the LZ4 high compression mode algorithm.
1770
1771config CRYPTO_ZSTD
1772	tristate "Zstd compression algorithm"
1773	select CRYPTO_ALGAPI
1774	select CRYPTO_ACOMP2
1775	select ZSTD_COMPRESS
1776	select ZSTD_DECOMPRESS
1777	help
1778	  This is the zstd algorithm.
1779
1780comment "Random Number Generation"
1781
1782config CRYPTO_ANSI_CPRNG
1783	tristate "Pseudo Random Number Generation for Cryptographic modules"
1784	select CRYPTO_AES
1785	select CRYPTO_RNG
1786	help
1787	  This option enables the generic pseudo random number generator
1788	  for cryptographic modules.  Uses the Algorithm specified in
1789	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1790	  CRYPTO_FIPS is selected
1791
1792menuconfig CRYPTO_DRBG_MENU
1793	tristate "NIST SP800-90A DRBG"
1794	help
1795	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1796	  more of the DRBG types must be selected.
1797
1798if CRYPTO_DRBG_MENU
1799
1800config CRYPTO_DRBG_HMAC
1801	bool
1802	default y
1803	select CRYPTO_HMAC
1804	select CRYPTO_SHA256
1805
1806config CRYPTO_DRBG_HASH
1807	bool "Enable Hash DRBG"
1808	select CRYPTO_SHA256
1809	help
1810	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1811
1812config CRYPTO_DRBG_CTR
1813	bool "Enable CTR DRBG"
1814	select CRYPTO_AES
1815	depends on CRYPTO_CTR
1816	help
1817	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1818
1819config CRYPTO_DRBG
1820	tristate
1821	default CRYPTO_DRBG_MENU
1822	select CRYPTO_RNG
1823	select CRYPTO_JITTERENTROPY
1824
1825endif	# if CRYPTO_DRBG_MENU
1826
1827config CRYPTO_JITTERENTROPY
1828	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1829	select CRYPTO_RNG
1830	help
1831	  The Jitterentropy RNG is a noise that is intended
1832	  to provide seed to another RNG. The RNG does not
1833	  perform any cryptographic whitening of the generated
1834	  random numbers. This Jitterentropy RNG registers with
1835	  the kernel crypto API and can be used by any caller.
1836
1837config CRYPTO_USER_API
1838	tristate
1839
1840config CRYPTO_USER_API_HASH
1841	tristate "User-space interface for hash algorithms"
1842	depends on NET
1843	select CRYPTO_HASH
1844	select CRYPTO_USER_API
1845	help
1846	  This option enables the user-spaces interface for hash
1847	  algorithms.
1848
1849config CRYPTO_USER_API_SKCIPHER
1850	tristate "User-space interface for symmetric key cipher algorithms"
1851	depends on NET
1852	select CRYPTO_BLKCIPHER
1853	select CRYPTO_USER_API
1854	help
1855	  This option enables the user-spaces interface for symmetric
1856	  key cipher algorithms.
1857
1858config CRYPTO_USER_API_RNG
1859	tristate "User-space interface for random number generator algorithms"
1860	depends on NET
1861	select CRYPTO_RNG
1862	select CRYPTO_USER_API
1863	help
1864	  This option enables the user-spaces interface for random
1865	  number generator algorithms.
1866
1867config CRYPTO_USER_API_AEAD
1868	tristate "User-space interface for AEAD cipher algorithms"
1869	depends on NET
1870	select CRYPTO_AEAD
1871	select CRYPTO_BLKCIPHER
1872	select CRYPTO_NULL
1873	select CRYPTO_USER_API
1874	help
1875	  This option enables the user-spaces interface for AEAD
1876	  cipher algorithms.
1877
1878config CRYPTO_HASH_INFO
1879	bool
1880
1881source "drivers/crypto/Kconfig"
1882source crypto/asymmetric_keys/Kconfig
1883source certs/Kconfig
1884
1885endif	# if CRYPTO
1886