1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_RSA 117 tristate "RSA algorithm" 118 select CRYPTO_AKCIPHER 119 select CRYPTO_MANAGER 120 select MPILIB 121 select ASN1 122 help 123 Generic implementation of the RSA public key algorithm. 124 125config CRYPTO_DH 126 tristate "Diffie-Hellman algorithm" 127 select CRYPTO_KPP 128 select MPILIB 129 help 130 Generic implementation of the Diffie-Hellman algorithm. 131 132config CRYPTO_ECDH 133 tristate "ECDH algorithm" 134 select CRYPTO_KPP 135 select CRYPTO_RNG_DEFAULT 136 help 137 Generic implementation of the ECDH algorithm 138 139config CRYPTO_MANAGER 140 tristate "Cryptographic algorithm manager" 141 select CRYPTO_MANAGER2 142 help 143 Create default cryptographic template instantiations such as 144 cbc(aes). 145 146config CRYPTO_MANAGER2 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 148 select CRYPTO_AEAD2 149 select CRYPTO_HASH2 150 select CRYPTO_BLKCIPHER2 151 select CRYPTO_AKCIPHER2 152 select CRYPTO_KPP2 153 select CRYPTO_ACOMP2 154 155config CRYPTO_USER 156 tristate "Userspace cryptographic algorithm configuration" 157 depends on NET 158 select CRYPTO_MANAGER 159 help 160 Userspace configuration for cryptographic instantiations such as 161 cbc(aes). 162 163config CRYPTO_MANAGER_DISABLE_TESTS 164 bool "Disable run-time self tests" 165 default y 166 depends on CRYPTO_MANAGER2 167 help 168 Disable run-time self tests that normally take place at 169 algorithm registration. 170 171config CRYPTO_GF128MUL 172 tristate "GF(2^128) multiplication functions" 173 help 174 Efficient table driven implementation of multiplications in the 175 field GF(2^128). This is needed by some cypher modes. This 176 option will be selected automatically if you select such a 177 cipher mode. Only select this option by hand if you expect to load 178 an external module that requires these functions. 179 180config CRYPTO_NULL 181 tristate "Null algorithms" 182 select CRYPTO_NULL2 183 help 184 These are 'Null' algorithms, used by IPsec, which do nothing. 185 186config CRYPTO_NULL2 187 tristate 188 select CRYPTO_ALGAPI2 189 select CRYPTO_BLKCIPHER2 190 select CRYPTO_HASH2 191 192config CRYPTO_PCRYPT 193 tristate "Parallel crypto engine" 194 depends on SMP 195 select PADATA 196 select CRYPTO_MANAGER 197 select CRYPTO_AEAD 198 help 199 This converts an arbitrary crypto algorithm into a parallel 200 algorithm that executes in kernel threads. 201 202config CRYPTO_WORKQUEUE 203 tristate 204 205config CRYPTO_CRYPTD 206 tristate "Software async crypto daemon" 207 select CRYPTO_BLKCIPHER 208 select CRYPTO_HASH 209 select CRYPTO_MANAGER 210 select CRYPTO_WORKQUEUE 211 help 212 This is a generic software asynchronous crypto daemon that 213 converts an arbitrary synchronous software crypto algorithm 214 into an asynchronous algorithm that executes in a kernel thread. 215 216config CRYPTO_MCRYPTD 217 tristate "Software async multi-buffer crypto daemon" 218 select CRYPTO_BLKCIPHER 219 select CRYPTO_HASH 220 select CRYPTO_MANAGER 221 select CRYPTO_WORKQUEUE 222 help 223 This is a generic software asynchronous crypto daemon that 224 provides the kernel thread to assist multi-buffer crypto 225 algorithms for submitting jobs and flushing jobs in multi-buffer 226 crypto algorithms. Multi-buffer crypto algorithms are executed 227 in the context of this kernel thread and drivers can post 228 their crypto request asynchronously to be processed by this daemon. 229 230config CRYPTO_AUTHENC 231 tristate "Authenc support" 232 select CRYPTO_AEAD 233 select CRYPTO_BLKCIPHER 234 select CRYPTO_MANAGER 235 select CRYPTO_HASH 236 select CRYPTO_NULL 237 help 238 Authenc: Combined mode wrapper for IPsec. 239 This is required for IPSec. 240 241config CRYPTO_TEST 242 tristate "Testing module" 243 depends on m 244 select CRYPTO_MANAGER 245 help 246 Quick & dirty crypto test module. 247 248config CRYPTO_ABLK_HELPER 249 tristate 250 select CRYPTO_CRYPTD 251 252config CRYPTO_SIMD 253 tristate 254 select CRYPTO_CRYPTD 255 256config CRYPTO_GLUE_HELPER_X86 257 tristate 258 depends on X86 259 select CRYPTO_BLKCIPHER 260 261config CRYPTO_ENGINE 262 tristate 263 264comment "Authenticated Encryption with Associated Data" 265 266config CRYPTO_CCM 267 tristate "CCM support" 268 select CRYPTO_CTR 269 select CRYPTO_HASH 270 select CRYPTO_AEAD 271 help 272 Support for Counter with CBC MAC. Required for IPsec. 273 274config CRYPTO_GCM 275 tristate "GCM/GMAC support" 276 select CRYPTO_CTR 277 select CRYPTO_AEAD 278 select CRYPTO_GHASH 279 select CRYPTO_NULL 280 help 281 Support for Galois/Counter Mode (GCM) and Galois Message 282 Authentication Code (GMAC). Required for IPSec. 283 284config CRYPTO_CHACHA20POLY1305 285 tristate "ChaCha20-Poly1305 AEAD support" 286 select CRYPTO_CHACHA20 287 select CRYPTO_POLY1305 288 select CRYPTO_AEAD 289 help 290 ChaCha20-Poly1305 AEAD support, RFC7539. 291 292 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 293 with the Poly1305 authenticator. It is defined in RFC7539 for use in 294 IETF protocols. 295 296config CRYPTO_SEQIV 297 tristate "Sequence Number IV Generator" 298 select CRYPTO_AEAD 299 select CRYPTO_BLKCIPHER 300 select CRYPTO_NULL 301 select CRYPTO_RNG_DEFAULT 302 help 303 This IV generator generates an IV based on a sequence number by 304 xoring it with a salt. This algorithm is mainly useful for CTR 305 306config CRYPTO_ECHAINIV 307 tristate "Encrypted Chain IV Generator" 308 select CRYPTO_AEAD 309 select CRYPTO_NULL 310 select CRYPTO_RNG_DEFAULT 311 default m 312 help 313 This IV generator generates an IV based on the encryption of 314 a sequence number xored with a salt. This is the default 315 algorithm for CBC. 316 317comment "Block modes" 318 319config CRYPTO_CBC 320 tristate "CBC support" 321 select CRYPTO_BLKCIPHER 322 select CRYPTO_MANAGER 323 help 324 CBC: Cipher Block Chaining mode 325 This block cipher algorithm is required for IPSec. 326 327config CRYPTO_CTR 328 tristate "CTR support" 329 select CRYPTO_BLKCIPHER 330 select CRYPTO_SEQIV 331 select CRYPTO_MANAGER 332 help 333 CTR: Counter mode 334 This block cipher algorithm is required for IPSec. 335 336config CRYPTO_CTS 337 tristate "CTS support" 338 select CRYPTO_BLKCIPHER 339 help 340 CTS: Cipher Text Stealing 341 This is the Cipher Text Stealing mode as described by 342 Section 8 of rfc2040 and referenced by rfc3962. 343 (rfc3962 includes errata information in its Appendix A) 344 This mode is required for Kerberos gss mechanism support 345 for AES encryption. 346 347config CRYPTO_ECB 348 tristate "ECB support" 349 select CRYPTO_BLKCIPHER 350 select CRYPTO_MANAGER 351 help 352 ECB: Electronic CodeBook mode 353 This is the simplest block cipher algorithm. It simply encrypts 354 the input block by block. 355 356config CRYPTO_LRW 357 tristate "LRW support" 358 select CRYPTO_BLKCIPHER 359 select CRYPTO_MANAGER 360 select CRYPTO_GF128MUL 361 help 362 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 363 narrow block cipher mode for dm-crypt. Use it with cipher 364 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 365 The first 128, 192 or 256 bits in the key are used for AES and the 366 rest is used to tie each cipher block to its logical position. 367 368config CRYPTO_PCBC 369 tristate "PCBC support" 370 select CRYPTO_BLKCIPHER 371 select CRYPTO_MANAGER 372 help 373 PCBC: Propagating Cipher Block Chaining mode 374 This block cipher algorithm is required for RxRPC. 375 376config CRYPTO_XTS 377 tristate "XTS support" 378 select CRYPTO_BLKCIPHER 379 select CRYPTO_MANAGER 380 select CRYPTO_ECB 381 help 382 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 383 key size 256, 384 or 512 bits. This implementation currently 384 can't handle a sectorsize which is not a multiple of 16 bytes. 385 386config CRYPTO_KEYWRAP 387 tristate "Key wrapping support" 388 select CRYPTO_BLKCIPHER 389 help 390 Support for key wrapping (NIST SP800-38F / RFC3394) without 391 padding. 392 393comment "Hash modes" 394 395config CRYPTO_CMAC 396 tristate "CMAC support" 397 select CRYPTO_HASH 398 select CRYPTO_MANAGER 399 help 400 Cipher-based Message Authentication Code (CMAC) specified by 401 The National Institute of Standards and Technology (NIST). 402 403 https://tools.ietf.org/html/rfc4493 404 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 405 406config CRYPTO_HMAC 407 tristate "HMAC support" 408 select CRYPTO_HASH 409 select CRYPTO_MANAGER 410 help 411 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 412 This is required for IPSec. 413 414config CRYPTO_XCBC 415 tristate "XCBC support" 416 select CRYPTO_HASH 417 select CRYPTO_MANAGER 418 help 419 XCBC: Keyed-Hashing with encryption algorithm 420 http://www.ietf.org/rfc/rfc3566.txt 421 http://csrc.nist.gov/encryption/modes/proposedmodes/ 422 xcbc-mac/xcbc-mac-spec.pdf 423 424config CRYPTO_VMAC 425 tristate "VMAC support" 426 select CRYPTO_HASH 427 select CRYPTO_MANAGER 428 help 429 VMAC is a message authentication algorithm designed for 430 very high speed on 64-bit architectures. 431 432 See also: 433 <http://fastcrypto.org/vmac> 434 435comment "Digest" 436 437config CRYPTO_CRC32C 438 tristate "CRC32c CRC algorithm" 439 select CRYPTO_HASH 440 select CRC32 441 help 442 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 443 by iSCSI for header and data digests and by others. 444 See Castagnoli93. Module will be crc32c. 445 446config CRYPTO_CRC32C_INTEL 447 tristate "CRC32c INTEL hardware acceleration" 448 depends on X86 449 select CRYPTO_HASH 450 help 451 In Intel processor with SSE4.2 supported, the processor will 452 support CRC32C implementation using hardware accelerated CRC32 453 instruction. This option will create 'crc32c-intel' module, 454 which will enable any routine to use the CRC32 instruction to 455 gain performance compared with software implementation. 456 Module will be crc32c-intel. 457 458config CRYPTO_CRC32C_VPMSUM 459 tristate "CRC32c CRC algorithm (powerpc64)" 460 depends on PPC64 && ALTIVEC 461 select CRYPTO_HASH 462 select CRC32 463 help 464 CRC32c algorithm implemented using vector polynomial multiply-sum 465 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 466 and newer processors for improved performance. 467 468 469config CRYPTO_CRC32C_SPARC64 470 tristate "CRC32c CRC algorithm (SPARC64)" 471 depends on SPARC64 472 select CRYPTO_HASH 473 select CRC32 474 help 475 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 476 when available. 477 478config CRYPTO_CRC32 479 tristate "CRC32 CRC algorithm" 480 select CRYPTO_HASH 481 select CRC32 482 help 483 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 484 Shash crypto api wrappers to crc32_le function. 485 486config CRYPTO_CRC32_PCLMUL 487 tristate "CRC32 PCLMULQDQ hardware acceleration" 488 depends on X86 489 select CRYPTO_HASH 490 select CRC32 491 help 492 From Intel Westmere and AMD Bulldozer processor with SSE4.2 493 and PCLMULQDQ supported, the processor will support 494 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 495 instruction. This option will create 'crc32-plcmul' module, 496 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 497 and gain better performance as compared with the table implementation. 498 499config CRYPTO_CRC32_MIPS 500 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 501 depends on MIPS_CRC_SUPPORT 502 select CRYPTO_HASH 503 help 504 CRC32c and CRC32 CRC algorithms implemented using mips crypto 505 instructions, when available. 506 507 508config CRYPTO_CRCT10DIF 509 tristate "CRCT10DIF algorithm" 510 select CRYPTO_HASH 511 help 512 CRC T10 Data Integrity Field computation is being cast as 513 a crypto transform. This allows for faster crc t10 diff 514 transforms to be used if they are available. 515 516config CRYPTO_CRCT10DIF_PCLMUL 517 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 518 depends on X86 && 64BIT && CRC_T10DIF 519 select CRYPTO_HASH 520 help 521 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 522 CRC T10 DIF PCLMULQDQ computation can be hardware 523 accelerated PCLMULQDQ instruction. This option will create 524 'crct10dif-plcmul' module, which is faster when computing the 525 crct10dif checksum as compared with the generic table implementation. 526 527config CRYPTO_CRCT10DIF_VPMSUM 528 tristate "CRC32T10DIF powerpc64 hardware acceleration" 529 depends on PPC64 && ALTIVEC && CRC_T10DIF 530 select CRYPTO_HASH 531 help 532 CRC10T10DIF algorithm implemented using vector polynomial 533 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 534 POWER8 and newer processors for improved performance. 535 536config CRYPTO_VPMSUM_TESTER 537 tristate "Powerpc64 vpmsum hardware acceleration tester" 538 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 539 help 540 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 541 POWER8 vpmsum instructions. 542 Unless you are testing these algorithms, you don't need this. 543 544config CRYPTO_GHASH 545 tristate "GHASH digest algorithm" 546 select CRYPTO_GF128MUL 547 select CRYPTO_HASH 548 help 549 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 550 551config CRYPTO_POLY1305 552 tristate "Poly1305 authenticator algorithm" 553 select CRYPTO_HASH 554 help 555 Poly1305 authenticator algorithm, RFC7539. 556 557 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 558 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 559 in IETF protocols. This is the portable C implementation of Poly1305. 560 561config CRYPTO_POLY1305_X86_64 562 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 563 depends on X86 && 64BIT 564 select CRYPTO_POLY1305 565 help 566 Poly1305 authenticator algorithm, RFC7539. 567 568 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 569 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 570 in IETF protocols. This is the x86_64 assembler implementation using SIMD 571 instructions. 572 573config CRYPTO_MD4 574 tristate "MD4 digest algorithm" 575 select CRYPTO_HASH 576 help 577 MD4 message digest algorithm (RFC1320). 578 579config CRYPTO_MD5 580 tristate "MD5 digest algorithm" 581 select CRYPTO_HASH 582 help 583 MD5 message digest algorithm (RFC1321). 584 585config CRYPTO_MD5_OCTEON 586 tristate "MD5 digest algorithm (OCTEON)" 587 depends on CPU_CAVIUM_OCTEON 588 select CRYPTO_MD5 589 select CRYPTO_HASH 590 help 591 MD5 message digest algorithm (RFC1321) implemented 592 using OCTEON crypto instructions, when available. 593 594config CRYPTO_MD5_PPC 595 tristate "MD5 digest algorithm (PPC)" 596 depends on PPC 597 select CRYPTO_HASH 598 help 599 MD5 message digest algorithm (RFC1321) implemented 600 in PPC assembler. 601 602config CRYPTO_MD5_SPARC64 603 tristate "MD5 digest algorithm (SPARC64)" 604 depends on SPARC64 605 select CRYPTO_MD5 606 select CRYPTO_HASH 607 help 608 MD5 message digest algorithm (RFC1321) implemented 609 using sparc64 crypto instructions, when available. 610 611config CRYPTO_MICHAEL_MIC 612 tristate "Michael MIC keyed digest algorithm" 613 select CRYPTO_HASH 614 help 615 Michael MIC is used for message integrity protection in TKIP 616 (IEEE 802.11i). This algorithm is required for TKIP, but it 617 should not be used for other purposes because of the weakness 618 of the algorithm. 619 620config CRYPTO_RMD128 621 tristate "RIPEMD-128 digest algorithm" 622 select CRYPTO_HASH 623 help 624 RIPEMD-128 (ISO/IEC 10118-3:2004). 625 626 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 627 be used as a secure replacement for RIPEMD. For other use cases, 628 RIPEMD-160 should be used. 629 630 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 631 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 632 633config CRYPTO_RMD160 634 tristate "RIPEMD-160 digest algorithm" 635 select CRYPTO_HASH 636 help 637 RIPEMD-160 (ISO/IEC 10118-3:2004). 638 639 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 640 to be used as a secure replacement for the 128-bit hash functions 641 MD4, MD5 and it's predecessor RIPEMD 642 (not to be confused with RIPEMD-128). 643 644 It's speed is comparable to SHA1 and there are no known attacks 645 against RIPEMD-160. 646 647 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 648 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 649 650config CRYPTO_RMD256 651 tristate "RIPEMD-256 digest algorithm" 652 select CRYPTO_HASH 653 help 654 RIPEMD-256 is an optional extension of RIPEMD-128 with a 655 256 bit hash. It is intended for applications that require 656 longer hash-results, without needing a larger security level 657 (than RIPEMD-128). 658 659 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 660 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 661 662config CRYPTO_RMD320 663 tristate "RIPEMD-320 digest algorithm" 664 select CRYPTO_HASH 665 help 666 RIPEMD-320 is an optional extension of RIPEMD-160 with a 667 320 bit hash. It is intended for applications that require 668 longer hash-results, without needing a larger security level 669 (than RIPEMD-160). 670 671 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 672 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 673 674config CRYPTO_SHA1 675 tristate "SHA1 digest algorithm" 676 select CRYPTO_HASH 677 help 678 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 679 680config CRYPTO_SHA1_SSSE3 681 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 682 depends on X86 && 64BIT 683 select CRYPTO_SHA1 684 select CRYPTO_HASH 685 help 686 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 687 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 688 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 689 when available. 690 691config CRYPTO_SHA256_SSSE3 692 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 693 depends on X86 && 64BIT 694 select CRYPTO_SHA256 695 select CRYPTO_HASH 696 help 697 SHA-256 secure hash standard (DFIPS 180-2) implemented 698 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 699 Extensions version 1 (AVX1), or Advanced Vector Extensions 700 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 701 Instructions) when available. 702 703config CRYPTO_SHA512_SSSE3 704 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 705 depends on X86 && 64BIT 706 select CRYPTO_SHA512 707 select CRYPTO_HASH 708 help 709 SHA-512 secure hash standard (DFIPS 180-2) implemented 710 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 711 Extensions version 1 (AVX1), or Advanced Vector Extensions 712 version 2 (AVX2) instructions, when available. 713 714config CRYPTO_SHA1_OCTEON 715 tristate "SHA1 digest algorithm (OCTEON)" 716 depends on CPU_CAVIUM_OCTEON 717 select CRYPTO_SHA1 718 select CRYPTO_HASH 719 help 720 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 721 using OCTEON crypto instructions, when available. 722 723config CRYPTO_SHA1_SPARC64 724 tristate "SHA1 digest algorithm (SPARC64)" 725 depends on SPARC64 726 select CRYPTO_SHA1 727 select CRYPTO_HASH 728 help 729 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 730 using sparc64 crypto instructions, when available. 731 732config CRYPTO_SHA1_PPC 733 tristate "SHA1 digest algorithm (powerpc)" 734 depends on PPC 735 help 736 This is the powerpc hardware accelerated implementation of the 737 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 738 739config CRYPTO_SHA1_PPC_SPE 740 tristate "SHA1 digest algorithm (PPC SPE)" 741 depends on PPC && SPE 742 help 743 SHA-1 secure hash standard (DFIPS 180-4) implemented 744 using powerpc SPE SIMD instruction set. 745 746config CRYPTO_SHA1_MB 747 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 748 depends on X86 && 64BIT 749 select CRYPTO_SHA1 750 select CRYPTO_HASH 751 select CRYPTO_MCRYPTD 752 help 753 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 754 using multi-buffer technique. This algorithm computes on 755 multiple data lanes concurrently with SIMD instructions for 756 better throughput. It should not be enabled by default but 757 used when there is significant amount of work to keep the keep 758 the data lanes filled to get performance benefit. If the data 759 lanes remain unfilled, a flush operation will be initiated to 760 process the crypto jobs, adding a slight latency. 761 762config CRYPTO_SHA256_MB 763 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)" 764 depends on X86 && 64BIT 765 select CRYPTO_SHA256 766 select CRYPTO_HASH 767 select CRYPTO_MCRYPTD 768 help 769 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 770 using multi-buffer technique. This algorithm computes on 771 multiple data lanes concurrently with SIMD instructions for 772 better throughput. It should not be enabled by default but 773 used when there is significant amount of work to keep the keep 774 the data lanes filled to get performance benefit. If the data 775 lanes remain unfilled, a flush operation will be initiated to 776 process the crypto jobs, adding a slight latency. 777 778config CRYPTO_SHA512_MB 779 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)" 780 depends on X86 && 64BIT 781 select CRYPTO_SHA512 782 select CRYPTO_HASH 783 select CRYPTO_MCRYPTD 784 help 785 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 786 using multi-buffer technique. This algorithm computes on 787 multiple data lanes concurrently with SIMD instructions for 788 better throughput. It should not be enabled by default but 789 used when there is significant amount of work to keep the keep 790 the data lanes filled to get performance benefit. If the data 791 lanes remain unfilled, a flush operation will be initiated to 792 process the crypto jobs, adding a slight latency. 793 794config CRYPTO_SHA256 795 tristate "SHA224 and SHA256 digest algorithm" 796 select CRYPTO_HASH 797 help 798 SHA256 secure hash standard (DFIPS 180-2). 799 800 This version of SHA implements a 256 bit hash with 128 bits of 801 security against collision attacks. 802 803 This code also includes SHA-224, a 224 bit hash with 112 bits 804 of security against collision attacks. 805 806config CRYPTO_SHA256_PPC_SPE 807 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 808 depends on PPC && SPE 809 select CRYPTO_SHA256 810 select CRYPTO_HASH 811 help 812 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 813 implemented using powerpc SPE SIMD instruction set. 814 815config CRYPTO_SHA256_OCTEON 816 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 817 depends on CPU_CAVIUM_OCTEON 818 select CRYPTO_SHA256 819 select CRYPTO_HASH 820 help 821 SHA-256 secure hash standard (DFIPS 180-2) implemented 822 using OCTEON crypto instructions, when available. 823 824config CRYPTO_SHA256_SPARC64 825 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 826 depends on SPARC64 827 select CRYPTO_SHA256 828 select CRYPTO_HASH 829 help 830 SHA-256 secure hash standard (DFIPS 180-2) implemented 831 using sparc64 crypto instructions, when available. 832 833config CRYPTO_SHA512 834 tristate "SHA384 and SHA512 digest algorithms" 835 select CRYPTO_HASH 836 help 837 SHA512 secure hash standard (DFIPS 180-2). 838 839 This version of SHA implements a 512 bit hash with 256 bits of 840 security against collision attacks. 841 842 This code also includes SHA-384, a 384 bit hash with 192 bits 843 of security against collision attacks. 844 845config CRYPTO_SHA512_OCTEON 846 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 847 depends on CPU_CAVIUM_OCTEON 848 select CRYPTO_SHA512 849 select CRYPTO_HASH 850 help 851 SHA-512 secure hash standard (DFIPS 180-2) implemented 852 using OCTEON crypto instructions, when available. 853 854config CRYPTO_SHA512_SPARC64 855 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 856 depends on SPARC64 857 select CRYPTO_SHA512 858 select CRYPTO_HASH 859 help 860 SHA-512 secure hash standard (DFIPS 180-2) implemented 861 using sparc64 crypto instructions, when available. 862 863config CRYPTO_SHA3 864 tristate "SHA3 digest algorithm" 865 select CRYPTO_HASH 866 help 867 SHA-3 secure hash standard (DFIPS 202). It's based on 868 cryptographic sponge function family called Keccak. 869 870 References: 871 http://keccak.noekeon.org/ 872 873config CRYPTO_SM3 874 tristate "SM3 digest algorithm" 875 select CRYPTO_HASH 876 help 877 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 878 It is part of the Chinese Commercial Cryptography suite. 879 880 References: 881 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 882 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 883 884config CRYPTO_TGR192 885 tristate "Tiger digest algorithms" 886 select CRYPTO_HASH 887 help 888 Tiger hash algorithm 192, 160 and 128-bit hashes 889 890 Tiger is a hash function optimized for 64-bit processors while 891 still having decent performance on 32-bit processors. 892 Tiger was developed by Ross Anderson and Eli Biham. 893 894 See also: 895 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 896 897config CRYPTO_WP512 898 tristate "Whirlpool digest algorithms" 899 select CRYPTO_HASH 900 help 901 Whirlpool hash algorithm 512, 384 and 256-bit hashes 902 903 Whirlpool-512 is part of the NESSIE cryptographic primitives. 904 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 905 906 See also: 907 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 908 909config CRYPTO_GHASH_CLMUL_NI_INTEL 910 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 911 depends on X86 && 64BIT 912 select CRYPTO_CRYPTD 913 help 914 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 915 The implementation is accelerated by CLMUL-NI of Intel. 916 917comment "Ciphers" 918 919config CRYPTO_AES 920 tristate "AES cipher algorithms" 921 select CRYPTO_ALGAPI 922 help 923 AES cipher algorithms (FIPS-197). AES uses the Rijndael 924 algorithm. 925 926 Rijndael appears to be consistently a very good performer in 927 both hardware and software across a wide range of computing 928 environments regardless of its use in feedback or non-feedback 929 modes. Its key setup time is excellent, and its key agility is 930 good. Rijndael's very low memory requirements make it very well 931 suited for restricted-space environments, in which it also 932 demonstrates excellent performance. Rijndael's operations are 933 among the easiest to defend against power and timing attacks. 934 935 The AES specifies three key sizes: 128, 192 and 256 bits 936 937 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 938 939config CRYPTO_AES_TI 940 tristate "Fixed time AES cipher" 941 select CRYPTO_ALGAPI 942 help 943 This is a generic implementation of AES that attempts to eliminate 944 data dependent latencies as much as possible without affecting 945 performance too much. It is intended for use by the generic CCM 946 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 947 solely on encryption (although decryption is supported as well, but 948 with a more dramatic performance hit) 949 950 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 951 8 for decryption), this implementation only uses just two S-boxes of 952 256 bytes each, and attempts to eliminate data dependent latencies by 953 prefetching the entire table into the cache at the start of each 954 block. 955 956config CRYPTO_AES_586 957 tristate "AES cipher algorithms (i586)" 958 depends on (X86 || UML_X86) && !64BIT 959 select CRYPTO_ALGAPI 960 select CRYPTO_AES 961 help 962 AES cipher algorithms (FIPS-197). AES uses the Rijndael 963 algorithm. 964 965 Rijndael appears to be consistently a very good performer in 966 both hardware and software across a wide range of computing 967 environments regardless of its use in feedback or non-feedback 968 modes. Its key setup time is excellent, and its key agility is 969 good. Rijndael's very low memory requirements make it very well 970 suited for restricted-space environments, in which it also 971 demonstrates excellent performance. Rijndael's operations are 972 among the easiest to defend against power and timing attacks. 973 974 The AES specifies three key sizes: 128, 192 and 256 bits 975 976 See <http://csrc.nist.gov/encryption/aes/> for more information. 977 978config CRYPTO_AES_X86_64 979 tristate "AES cipher algorithms (x86_64)" 980 depends on (X86 || UML_X86) && 64BIT 981 select CRYPTO_ALGAPI 982 select CRYPTO_AES 983 help 984 AES cipher algorithms (FIPS-197). AES uses the Rijndael 985 algorithm. 986 987 Rijndael appears to be consistently a very good performer in 988 both hardware and software across a wide range of computing 989 environments regardless of its use in feedback or non-feedback 990 modes. Its key setup time is excellent, and its key agility is 991 good. Rijndael's very low memory requirements make it very well 992 suited for restricted-space environments, in which it also 993 demonstrates excellent performance. Rijndael's operations are 994 among the easiest to defend against power and timing attacks. 995 996 The AES specifies three key sizes: 128, 192 and 256 bits 997 998 See <http://csrc.nist.gov/encryption/aes/> for more information. 999 1000config CRYPTO_AES_NI_INTEL 1001 tristate "AES cipher algorithms (AES-NI)" 1002 depends on X86 1003 select CRYPTO_AEAD 1004 select CRYPTO_AES_X86_64 if 64BIT 1005 select CRYPTO_AES_586 if !64BIT 1006 select CRYPTO_ALGAPI 1007 select CRYPTO_BLKCIPHER 1008 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1009 select CRYPTO_SIMD 1010 help 1011 Use Intel AES-NI instructions for AES algorithm. 1012 1013 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1014 algorithm. 1015 1016 Rijndael appears to be consistently a very good performer in 1017 both hardware and software across a wide range of computing 1018 environments regardless of its use in feedback or non-feedback 1019 modes. Its key setup time is excellent, and its key agility is 1020 good. Rijndael's very low memory requirements make it very well 1021 suited for restricted-space environments, in which it also 1022 demonstrates excellent performance. Rijndael's operations are 1023 among the easiest to defend against power and timing attacks. 1024 1025 The AES specifies three key sizes: 128, 192 and 256 bits 1026 1027 See <http://csrc.nist.gov/encryption/aes/> for more information. 1028 1029 In addition to AES cipher algorithm support, the acceleration 1030 for some popular block cipher mode is supported too, including 1031 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1032 acceleration for CTR. 1033 1034config CRYPTO_AES_SPARC64 1035 tristate "AES cipher algorithms (SPARC64)" 1036 depends on SPARC64 1037 select CRYPTO_CRYPTD 1038 select CRYPTO_ALGAPI 1039 help 1040 Use SPARC64 crypto opcodes for AES algorithm. 1041 1042 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1043 algorithm. 1044 1045 Rijndael appears to be consistently a very good performer in 1046 both hardware and software across a wide range of computing 1047 environments regardless of its use in feedback or non-feedback 1048 modes. Its key setup time is excellent, and its key agility is 1049 good. Rijndael's very low memory requirements make it very well 1050 suited for restricted-space environments, in which it also 1051 demonstrates excellent performance. Rijndael's operations are 1052 among the easiest to defend against power and timing attacks. 1053 1054 The AES specifies three key sizes: 128, 192 and 256 bits 1055 1056 See <http://csrc.nist.gov/encryption/aes/> for more information. 1057 1058 In addition to AES cipher algorithm support, the acceleration 1059 for some popular block cipher mode is supported too, including 1060 ECB and CBC. 1061 1062config CRYPTO_AES_PPC_SPE 1063 tristate "AES cipher algorithms (PPC SPE)" 1064 depends on PPC && SPE 1065 help 1066 AES cipher algorithms (FIPS-197). Additionally the acceleration 1067 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1068 This module should only be used for low power (router) devices 1069 without hardware AES acceleration (e.g. caam crypto). It reduces the 1070 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1071 timining attacks. Nevertheless it might be not as secure as other 1072 architecture specific assembler implementations that work on 1KB 1073 tables or 256 bytes S-boxes. 1074 1075config CRYPTO_ANUBIS 1076 tristate "Anubis cipher algorithm" 1077 select CRYPTO_ALGAPI 1078 help 1079 Anubis cipher algorithm. 1080 1081 Anubis is a variable key length cipher which can use keys from 1082 128 bits to 320 bits in length. It was evaluated as a entrant 1083 in the NESSIE competition. 1084 1085 See also: 1086 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1087 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1088 1089config CRYPTO_ARC4 1090 tristate "ARC4 cipher algorithm" 1091 select CRYPTO_BLKCIPHER 1092 help 1093 ARC4 cipher algorithm. 1094 1095 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1096 bits in length. This algorithm is required for driver-based 1097 WEP, but it should not be for other purposes because of the 1098 weakness of the algorithm. 1099 1100config CRYPTO_BLOWFISH 1101 tristate "Blowfish cipher algorithm" 1102 select CRYPTO_ALGAPI 1103 select CRYPTO_BLOWFISH_COMMON 1104 help 1105 Blowfish cipher algorithm, by Bruce Schneier. 1106 1107 This is a variable key length cipher which can use keys from 32 1108 bits to 448 bits in length. It's fast, simple and specifically 1109 designed for use on "large microprocessors". 1110 1111 See also: 1112 <http://www.schneier.com/blowfish.html> 1113 1114config CRYPTO_BLOWFISH_COMMON 1115 tristate 1116 help 1117 Common parts of the Blowfish cipher algorithm shared by the 1118 generic c and the assembler implementations. 1119 1120 See also: 1121 <http://www.schneier.com/blowfish.html> 1122 1123config CRYPTO_BLOWFISH_X86_64 1124 tristate "Blowfish cipher algorithm (x86_64)" 1125 depends on X86 && 64BIT 1126 select CRYPTO_ALGAPI 1127 select CRYPTO_BLOWFISH_COMMON 1128 help 1129 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1130 1131 This is a variable key length cipher which can use keys from 32 1132 bits to 448 bits in length. It's fast, simple and specifically 1133 designed for use on "large microprocessors". 1134 1135 See also: 1136 <http://www.schneier.com/blowfish.html> 1137 1138config CRYPTO_CAMELLIA 1139 tristate "Camellia cipher algorithms" 1140 depends on CRYPTO 1141 select CRYPTO_ALGAPI 1142 help 1143 Camellia cipher algorithms module. 1144 1145 Camellia is a symmetric key block cipher developed jointly 1146 at NTT and Mitsubishi Electric Corporation. 1147 1148 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1149 1150 See also: 1151 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1152 1153config CRYPTO_CAMELLIA_X86_64 1154 tristate "Camellia cipher algorithm (x86_64)" 1155 depends on X86 && 64BIT 1156 depends on CRYPTO 1157 select CRYPTO_ALGAPI 1158 select CRYPTO_GLUE_HELPER_X86 1159 select CRYPTO_LRW 1160 select CRYPTO_XTS 1161 help 1162 Camellia cipher algorithm module (x86_64). 1163 1164 Camellia is a symmetric key block cipher developed jointly 1165 at NTT and Mitsubishi Electric Corporation. 1166 1167 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1168 1169 See also: 1170 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1171 1172config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1173 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1174 depends on X86 && 64BIT 1175 depends on CRYPTO 1176 select CRYPTO_ALGAPI 1177 select CRYPTO_CRYPTD 1178 select CRYPTO_ABLK_HELPER 1179 select CRYPTO_GLUE_HELPER_X86 1180 select CRYPTO_CAMELLIA_X86_64 1181 select CRYPTO_LRW 1182 select CRYPTO_XTS 1183 help 1184 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1185 1186 Camellia is a symmetric key block cipher developed jointly 1187 at NTT and Mitsubishi Electric Corporation. 1188 1189 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1190 1191 See also: 1192 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1193 1194config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1195 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1196 depends on X86 && 64BIT 1197 depends on CRYPTO 1198 select CRYPTO_ALGAPI 1199 select CRYPTO_CRYPTD 1200 select CRYPTO_ABLK_HELPER 1201 select CRYPTO_GLUE_HELPER_X86 1202 select CRYPTO_CAMELLIA_X86_64 1203 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1204 select CRYPTO_LRW 1205 select CRYPTO_XTS 1206 help 1207 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1208 1209 Camellia is a symmetric key block cipher developed jointly 1210 at NTT and Mitsubishi Electric Corporation. 1211 1212 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1213 1214 See also: 1215 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1216 1217config CRYPTO_CAMELLIA_SPARC64 1218 tristate "Camellia cipher algorithm (SPARC64)" 1219 depends on SPARC64 1220 depends on CRYPTO 1221 select CRYPTO_ALGAPI 1222 help 1223 Camellia cipher algorithm module (SPARC64). 1224 1225 Camellia is a symmetric key block cipher developed jointly 1226 at NTT and Mitsubishi Electric Corporation. 1227 1228 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1229 1230 See also: 1231 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1232 1233config CRYPTO_CAST_COMMON 1234 tristate 1235 help 1236 Common parts of the CAST cipher algorithms shared by the 1237 generic c and the assembler implementations. 1238 1239config CRYPTO_CAST5 1240 tristate "CAST5 (CAST-128) cipher algorithm" 1241 select CRYPTO_ALGAPI 1242 select CRYPTO_CAST_COMMON 1243 help 1244 The CAST5 encryption algorithm (synonymous with CAST-128) is 1245 described in RFC2144. 1246 1247config CRYPTO_CAST5_AVX_X86_64 1248 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1249 depends on X86 && 64BIT 1250 select CRYPTO_ALGAPI 1251 select CRYPTO_CRYPTD 1252 select CRYPTO_ABLK_HELPER 1253 select CRYPTO_CAST_COMMON 1254 select CRYPTO_CAST5 1255 help 1256 The CAST5 encryption algorithm (synonymous with CAST-128) is 1257 described in RFC2144. 1258 1259 This module provides the Cast5 cipher algorithm that processes 1260 sixteen blocks parallel using the AVX instruction set. 1261 1262config CRYPTO_CAST6 1263 tristate "CAST6 (CAST-256) cipher algorithm" 1264 select CRYPTO_ALGAPI 1265 select CRYPTO_CAST_COMMON 1266 help 1267 The CAST6 encryption algorithm (synonymous with CAST-256) is 1268 described in RFC2612. 1269 1270config CRYPTO_CAST6_AVX_X86_64 1271 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1272 depends on X86 && 64BIT 1273 select CRYPTO_ALGAPI 1274 select CRYPTO_CRYPTD 1275 select CRYPTO_ABLK_HELPER 1276 select CRYPTO_GLUE_HELPER_X86 1277 select CRYPTO_CAST_COMMON 1278 select CRYPTO_CAST6 1279 select CRYPTO_LRW 1280 select CRYPTO_XTS 1281 help 1282 The CAST6 encryption algorithm (synonymous with CAST-256) is 1283 described in RFC2612. 1284 1285 This module provides the Cast6 cipher algorithm that processes 1286 eight blocks parallel using the AVX instruction set. 1287 1288config CRYPTO_DES 1289 tristate "DES and Triple DES EDE cipher algorithms" 1290 select CRYPTO_ALGAPI 1291 help 1292 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1293 1294config CRYPTO_DES_SPARC64 1295 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1296 depends on SPARC64 1297 select CRYPTO_ALGAPI 1298 select CRYPTO_DES 1299 help 1300 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1301 optimized using SPARC64 crypto opcodes. 1302 1303config CRYPTO_DES3_EDE_X86_64 1304 tristate "Triple DES EDE cipher algorithm (x86-64)" 1305 depends on X86 && 64BIT 1306 select CRYPTO_ALGAPI 1307 select CRYPTO_DES 1308 help 1309 Triple DES EDE (FIPS 46-3) algorithm. 1310 1311 This module provides implementation of the Triple DES EDE cipher 1312 algorithm that is optimized for x86-64 processors. Two versions of 1313 algorithm are provided; regular processing one input block and 1314 one that processes three blocks parallel. 1315 1316config CRYPTO_FCRYPT 1317 tristate "FCrypt cipher algorithm" 1318 select CRYPTO_ALGAPI 1319 select CRYPTO_BLKCIPHER 1320 help 1321 FCrypt algorithm used by RxRPC. 1322 1323config CRYPTO_KHAZAD 1324 tristate "Khazad cipher algorithm" 1325 select CRYPTO_ALGAPI 1326 help 1327 Khazad cipher algorithm. 1328 1329 Khazad was a finalist in the initial NESSIE competition. It is 1330 an algorithm optimized for 64-bit processors with good performance 1331 on 32-bit processors. Khazad uses an 128 bit key size. 1332 1333 See also: 1334 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1335 1336config CRYPTO_SALSA20 1337 tristate "Salsa20 stream cipher algorithm" 1338 select CRYPTO_BLKCIPHER 1339 help 1340 Salsa20 stream cipher algorithm. 1341 1342 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1343 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1344 1345 The Salsa20 stream cipher algorithm is designed by Daniel J. 1346 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1347 1348config CRYPTO_SALSA20_586 1349 tristate "Salsa20 stream cipher algorithm (i586)" 1350 depends on (X86 || UML_X86) && !64BIT 1351 select CRYPTO_BLKCIPHER 1352 select CRYPTO_SALSA20 1353 help 1354 Salsa20 stream cipher algorithm. 1355 1356 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1357 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1358 1359 The Salsa20 stream cipher algorithm is designed by Daniel J. 1360 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1361 1362config CRYPTO_SALSA20_X86_64 1363 tristate "Salsa20 stream cipher algorithm (x86_64)" 1364 depends on (X86 || UML_X86) && 64BIT 1365 select CRYPTO_BLKCIPHER 1366 select CRYPTO_SALSA20 1367 help 1368 Salsa20 stream cipher algorithm. 1369 1370 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1371 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1372 1373 The Salsa20 stream cipher algorithm is designed by Daniel J. 1374 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1375 1376config CRYPTO_CHACHA20 1377 tristate "ChaCha20 cipher algorithm" 1378 select CRYPTO_BLKCIPHER 1379 help 1380 ChaCha20 cipher algorithm, RFC7539. 1381 1382 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1383 Bernstein and further specified in RFC7539 for use in IETF protocols. 1384 This is the portable C implementation of ChaCha20. 1385 1386 See also: 1387 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1388 1389config CRYPTO_CHACHA20_X86_64 1390 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1391 depends on X86 && 64BIT 1392 select CRYPTO_BLKCIPHER 1393 select CRYPTO_CHACHA20 1394 help 1395 ChaCha20 cipher algorithm, RFC7539. 1396 1397 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1398 Bernstein and further specified in RFC7539 for use in IETF protocols. 1399 This is the x86_64 assembler implementation using SIMD instructions. 1400 1401 See also: 1402 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1403 1404config CRYPTO_SEED 1405 tristate "SEED cipher algorithm" 1406 select CRYPTO_ALGAPI 1407 help 1408 SEED cipher algorithm (RFC4269). 1409 1410 SEED is a 128-bit symmetric key block cipher that has been 1411 developed by KISA (Korea Information Security Agency) as a 1412 national standard encryption algorithm of the Republic of Korea. 1413 It is a 16 round block cipher with the key size of 128 bit. 1414 1415 See also: 1416 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1417 1418config CRYPTO_SERPENT 1419 tristate "Serpent cipher algorithm" 1420 select CRYPTO_ALGAPI 1421 help 1422 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1423 1424 Keys are allowed to be from 0 to 256 bits in length, in steps 1425 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1426 variant of Serpent for compatibility with old kerneli.org code. 1427 1428 See also: 1429 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1430 1431config CRYPTO_SERPENT_SSE2_X86_64 1432 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1433 depends on X86 && 64BIT 1434 select CRYPTO_ALGAPI 1435 select CRYPTO_CRYPTD 1436 select CRYPTO_ABLK_HELPER 1437 select CRYPTO_GLUE_HELPER_X86 1438 select CRYPTO_SERPENT 1439 select CRYPTO_LRW 1440 select CRYPTO_XTS 1441 help 1442 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1443 1444 Keys are allowed to be from 0 to 256 bits in length, in steps 1445 of 8 bits. 1446 1447 This module provides Serpent cipher algorithm that processes eight 1448 blocks parallel using SSE2 instruction set. 1449 1450 See also: 1451 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1452 1453config CRYPTO_SERPENT_SSE2_586 1454 tristate "Serpent cipher algorithm (i586/SSE2)" 1455 depends on X86 && !64BIT 1456 select CRYPTO_ALGAPI 1457 select CRYPTO_CRYPTD 1458 select CRYPTO_ABLK_HELPER 1459 select CRYPTO_GLUE_HELPER_X86 1460 select CRYPTO_SERPENT 1461 select CRYPTO_LRW 1462 select CRYPTO_XTS 1463 help 1464 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1465 1466 Keys are allowed to be from 0 to 256 bits in length, in steps 1467 of 8 bits. 1468 1469 This module provides Serpent cipher algorithm that processes four 1470 blocks parallel using SSE2 instruction set. 1471 1472 See also: 1473 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1474 1475config CRYPTO_SERPENT_AVX_X86_64 1476 tristate "Serpent cipher algorithm (x86_64/AVX)" 1477 depends on X86 && 64BIT 1478 select CRYPTO_ALGAPI 1479 select CRYPTO_CRYPTD 1480 select CRYPTO_ABLK_HELPER 1481 select CRYPTO_GLUE_HELPER_X86 1482 select CRYPTO_SERPENT 1483 select CRYPTO_LRW 1484 select CRYPTO_XTS 1485 help 1486 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1487 1488 Keys are allowed to be from 0 to 256 bits in length, in steps 1489 of 8 bits. 1490 1491 This module provides the Serpent cipher algorithm that processes 1492 eight blocks parallel using the AVX instruction set. 1493 1494 See also: 1495 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1496 1497config CRYPTO_SERPENT_AVX2_X86_64 1498 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1499 depends on X86 && 64BIT 1500 select CRYPTO_ALGAPI 1501 select CRYPTO_CRYPTD 1502 select CRYPTO_ABLK_HELPER 1503 select CRYPTO_GLUE_HELPER_X86 1504 select CRYPTO_SERPENT 1505 select CRYPTO_SERPENT_AVX_X86_64 1506 select CRYPTO_LRW 1507 select CRYPTO_XTS 1508 help 1509 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1510 1511 Keys are allowed to be from 0 to 256 bits in length, in steps 1512 of 8 bits. 1513 1514 This module provides Serpent cipher algorithm that processes 16 1515 blocks parallel using AVX2 instruction set. 1516 1517 See also: 1518 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1519 1520config CRYPTO_TEA 1521 tristate "TEA, XTEA and XETA cipher algorithms" 1522 select CRYPTO_ALGAPI 1523 help 1524 TEA cipher algorithm. 1525 1526 Tiny Encryption Algorithm is a simple cipher that uses 1527 many rounds for security. It is very fast and uses 1528 little memory. 1529 1530 Xtendend Tiny Encryption Algorithm is a modification to 1531 the TEA algorithm to address a potential key weakness 1532 in the TEA algorithm. 1533 1534 Xtendend Encryption Tiny Algorithm is a mis-implementation 1535 of the XTEA algorithm for compatibility purposes. 1536 1537config CRYPTO_TWOFISH 1538 tristate "Twofish cipher algorithm" 1539 select CRYPTO_ALGAPI 1540 select CRYPTO_TWOFISH_COMMON 1541 help 1542 Twofish cipher algorithm. 1543 1544 Twofish was submitted as an AES (Advanced Encryption Standard) 1545 candidate cipher by researchers at CounterPane Systems. It is a 1546 16 round block cipher supporting key sizes of 128, 192, and 256 1547 bits. 1548 1549 See also: 1550 <http://www.schneier.com/twofish.html> 1551 1552config CRYPTO_TWOFISH_COMMON 1553 tristate 1554 help 1555 Common parts of the Twofish cipher algorithm shared by the 1556 generic c and the assembler implementations. 1557 1558config CRYPTO_TWOFISH_586 1559 tristate "Twofish cipher algorithms (i586)" 1560 depends on (X86 || UML_X86) && !64BIT 1561 select CRYPTO_ALGAPI 1562 select CRYPTO_TWOFISH_COMMON 1563 help 1564 Twofish cipher algorithm. 1565 1566 Twofish was submitted as an AES (Advanced Encryption Standard) 1567 candidate cipher by researchers at CounterPane Systems. It is a 1568 16 round block cipher supporting key sizes of 128, 192, and 256 1569 bits. 1570 1571 See also: 1572 <http://www.schneier.com/twofish.html> 1573 1574config CRYPTO_TWOFISH_X86_64 1575 tristate "Twofish cipher algorithm (x86_64)" 1576 depends on (X86 || UML_X86) && 64BIT 1577 select CRYPTO_ALGAPI 1578 select CRYPTO_TWOFISH_COMMON 1579 help 1580 Twofish cipher algorithm (x86_64). 1581 1582 Twofish was submitted as an AES (Advanced Encryption Standard) 1583 candidate cipher by researchers at CounterPane Systems. It is a 1584 16 round block cipher supporting key sizes of 128, 192, and 256 1585 bits. 1586 1587 See also: 1588 <http://www.schneier.com/twofish.html> 1589 1590config CRYPTO_TWOFISH_X86_64_3WAY 1591 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1592 depends on X86 && 64BIT 1593 select CRYPTO_ALGAPI 1594 select CRYPTO_TWOFISH_COMMON 1595 select CRYPTO_TWOFISH_X86_64 1596 select CRYPTO_GLUE_HELPER_X86 1597 select CRYPTO_LRW 1598 select CRYPTO_XTS 1599 help 1600 Twofish cipher algorithm (x86_64, 3-way parallel). 1601 1602 Twofish was submitted as an AES (Advanced Encryption Standard) 1603 candidate cipher by researchers at CounterPane Systems. It is a 1604 16 round block cipher supporting key sizes of 128, 192, and 256 1605 bits. 1606 1607 This module provides Twofish cipher algorithm that processes three 1608 blocks parallel, utilizing resources of out-of-order CPUs better. 1609 1610 See also: 1611 <http://www.schneier.com/twofish.html> 1612 1613config CRYPTO_TWOFISH_AVX_X86_64 1614 tristate "Twofish cipher algorithm (x86_64/AVX)" 1615 depends on X86 && 64BIT 1616 select CRYPTO_ALGAPI 1617 select CRYPTO_CRYPTD 1618 select CRYPTO_ABLK_HELPER 1619 select CRYPTO_GLUE_HELPER_X86 1620 select CRYPTO_TWOFISH_COMMON 1621 select CRYPTO_TWOFISH_X86_64 1622 select CRYPTO_TWOFISH_X86_64_3WAY 1623 select CRYPTO_LRW 1624 select CRYPTO_XTS 1625 help 1626 Twofish cipher algorithm (x86_64/AVX). 1627 1628 Twofish was submitted as an AES (Advanced Encryption Standard) 1629 candidate cipher by researchers at CounterPane Systems. It is a 1630 16 round block cipher supporting key sizes of 128, 192, and 256 1631 bits. 1632 1633 This module provides the Twofish cipher algorithm that processes 1634 eight blocks parallel using the AVX Instruction Set. 1635 1636 See also: 1637 <http://www.schneier.com/twofish.html> 1638 1639comment "Compression" 1640 1641config CRYPTO_DEFLATE 1642 tristate "Deflate compression algorithm" 1643 select CRYPTO_ALGAPI 1644 select CRYPTO_ACOMP2 1645 select ZLIB_INFLATE 1646 select ZLIB_DEFLATE 1647 help 1648 This is the Deflate algorithm (RFC1951), specified for use in 1649 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1650 1651 You will most probably want this if using IPSec. 1652 1653config CRYPTO_LZO 1654 tristate "LZO compression algorithm" 1655 select CRYPTO_ALGAPI 1656 select CRYPTO_ACOMP2 1657 select LZO_COMPRESS 1658 select LZO_DECOMPRESS 1659 help 1660 This is the LZO algorithm. 1661 1662config CRYPTO_842 1663 tristate "842 compression algorithm" 1664 select CRYPTO_ALGAPI 1665 select CRYPTO_ACOMP2 1666 select 842_COMPRESS 1667 select 842_DECOMPRESS 1668 help 1669 This is the 842 algorithm. 1670 1671config CRYPTO_LZ4 1672 tristate "LZ4 compression algorithm" 1673 select CRYPTO_ALGAPI 1674 select CRYPTO_ACOMP2 1675 select LZ4_COMPRESS 1676 select LZ4_DECOMPRESS 1677 help 1678 This is the LZ4 algorithm. 1679 1680config CRYPTO_LZ4HC 1681 tristate "LZ4HC compression algorithm" 1682 select CRYPTO_ALGAPI 1683 select CRYPTO_ACOMP2 1684 select LZ4HC_COMPRESS 1685 select LZ4_DECOMPRESS 1686 help 1687 This is the LZ4 high compression mode algorithm. 1688 1689comment "Random Number Generation" 1690 1691config CRYPTO_ANSI_CPRNG 1692 tristate "Pseudo Random Number Generation for Cryptographic modules" 1693 select CRYPTO_AES 1694 select CRYPTO_RNG 1695 help 1696 This option enables the generic pseudo random number generator 1697 for cryptographic modules. Uses the Algorithm specified in 1698 ANSI X9.31 A.2.4. Note that this option must be enabled if 1699 CRYPTO_FIPS is selected 1700 1701menuconfig CRYPTO_DRBG_MENU 1702 tristate "NIST SP800-90A DRBG" 1703 help 1704 NIST SP800-90A compliant DRBG. In the following submenu, one or 1705 more of the DRBG types must be selected. 1706 1707if CRYPTO_DRBG_MENU 1708 1709config CRYPTO_DRBG_HMAC 1710 bool 1711 default y 1712 select CRYPTO_HMAC 1713 select CRYPTO_SHA256 1714 1715config CRYPTO_DRBG_HASH 1716 bool "Enable Hash DRBG" 1717 select CRYPTO_SHA256 1718 help 1719 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1720 1721config CRYPTO_DRBG_CTR 1722 bool "Enable CTR DRBG" 1723 select CRYPTO_AES 1724 depends on CRYPTO_CTR 1725 help 1726 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1727 1728config CRYPTO_DRBG 1729 tristate 1730 default CRYPTO_DRBG_MENU 1731 select CRYPTO_RNG 1732 select CRYPTO_JITTERENTROPY 1733 1734endif # if CRYPTO_DRBG_MENU 1735 1736config CRYPTO_JITTERENTROPY 1737 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1738 select CRYPTO_RNG 1739 help 1740 The Jitterentropy RNG is a noise that is intended 1741 to provide seed to another RNG. The RNG does not 1742 perform any cryptographic whitening of the generated 1743 random numbers. This Jitterentropy RNG registers with 1744 the kernel crypto API and can be used by any caller. 1745 1746config CRYPTO_USER_API 1747 tristate 1748 1749config CRYPTO_USER_API_HASH 1750 tristate "User-space interface for hash algorithms" 1751 depends on NET 1752 select CRYPTO_HASH 1753 select CRYPTO_USER_API 1754 help 1755 This option enables the user-spaces interface for hash 1756 algorithms. 1757 1758config CRYPTO_USER_API_SKCIPHER 1759 tristate "User-space interface for symmetric key cipher algorithms" 1760 depends on NET 1761 select CRYPTO_BLKCIPHER 1762 select CRYPTO_USER_API 1763 help 1764 This option enables the user-spaces interface for symmetric 1765 key cipher algorithms. 1766 1767config CRYPTO_USER_API_RNG 1768 tristate "User-space interface for random number generator algorithms" 1769 depends on NET 1770 select CRYPTO_RNG 1771 select CRYPTO_USER_API 1772 help 1773 This option enables the user-spaces interface for random 1774 number generator algorithms. 1775 1776config CRYPTO_USER_API_AEAD 1777 tristate "User-space interface for AEAD cipher algorithms" 1778 depends on NET 1779 select CRYPTO_AEAD 1780 select CRYPTO_BLKCIPHER 1781 select CRYPTO_NULL 1782 select CRYPTO_USER_API 1783 help 1784 This option enables the user-spaces interface for AEAD 1785 cipher algorithms. 1786 1787config CRYPTO_HASH_INFO 1788 bool 1789 1790source "drivers/crypto/Kconfig" 1791source crypto/asymmetric_keys/Kconfig 1792source certs/Kconfig 1793 1794endif # if CRYPTO 1795