linux/crypto/Kconfig
<<
>>
Prefs
   1#
   2# Generic algorithms support
   3#
   4config XOR_BLOCKS
   5        tristate
   6
   7#
   8# async_tx api: hardware offloaded memory transfer/transform support
   9#
  10source "crypto/async_tx/Kconfig"
  11
  12#
  13# Cryptographic API Configuration
  14#
  15menuconfig CRYPTO
  16        tristate "Cryptographic API"
  17        help
  18          This option provides the core Cryptographic API.
  19
  20if CRYPTO
  21
  22comment "Crypto core or helper"
  23
  24config CRYPTO_FIPS
  25        bool "FIPS 200 compliance"
  26        depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
  27        depends on MODULE_SIG
  28        help
  29          This options enables the fips boot option which is
  30          required if you want to system to operate in a FIPS 200
  31          certification.  You should say no unless you know what
  32          this is.
  33
  34config CRYPTO_ALGAPI
  35        tristate
  36        select CRYPTO_ALGAPI2
  37        help
  38          This option provides the API for cryptographic algorithms.
  39
  40config CRYPTO_ALGAPI2
  41        tristate
  42
  43config CRYPTO_AEAD
  44        tristate
  45        select CRYPTO_AEAD2
  46        select CRYPTO_ALGAPI
  47
  48config CRYPTO_AEAD2
  49        tristate
  50        select CRYPTO_ALGAPI2
  51        select CRYPTO_NULL2
  52        select CRYPTO_RNG2
  53
  54config CRYPTO_BLKCIPHER
  55        tristate
  56        select CRYPTO_BLKCIPHER2
  57        select CRYPTO_ALGAPI
  58
  59config CRYPTO_BLKCIPHER2
  60        tristate
  61        select CRYPTO_ALGAPI2
  62        select CRYPTO_RNG2
  63        select CRYPTO_WORKQUEUE
  64
  65config CRYPTO_HASH
  66        tristate
  67        select CRYPTO_HASH2
  68        select CRYPTO_ALGAPI
  69
  70config CRYPTO_HASH2
  71        tristate
  72        select CRYPTO_ALGAPI2
  73
  74config CRYPTO_RNG
  75        tristate
  76        select CRYPTO_RNG2
  77        select CRYPTO_ALGAPI
  78
  79config CRYPTO_RNG2
  80        tristate
  81        select CRYPTO_ALGAPI2
  82
  83config CRYPTO_RNG_DEFAULT
  84        tristate
  85        select CRYPTO_DRBG_MENU
  86
  87config CRYPTO_AKCIPHER2
  88        tristate
  89        select CRYPTO_ALGAPI2
  90
  91config CRYPTO_AKCIPHER
  92        tristate
  93        select CRYPTO_AKCIPHER2
  94        select CRYPTO_ALGAPI
  95
  96config CRYPTO_RSA
  97        tristate "RSA algorithm"
  98        select CRYPTO_AKCIPHER
  99        select CRYPTO_MANAGER
 100        select MPILIB
 101        select ASN1
 102        help
 103          Generic implementation of the RSA public key algorithm.
 104
 105config CRYPTO_MANAGER
 106        tristate "Cryptographic algorithm manager"
 107        select CRYPTO_MANAGER2
 108        help
 109          Create default cryptographic template instantiations such as
 110          cbc(aes).
 111
 112config CRYPTO_MANAGER2
 113        def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
 114        select CRYPTO_AEAD2
 115        select CRYPTO_HASH2
 116        select CRYPTO_BLKCIPHER2
 117        select CRYPTO_AKCIPHER2
 118
 119config CRYPTO_USER
 120        tristate "Userspace cryptographic algorithm configuration"
 121        depends on NET
 122        select CRYPTO_MANAGER
 123        help
 124          Userspace configuration for cryptographic instantiations such as
 125          cbc(aes).
 126
 127config CRYPTO_MANAGER_DISABLE_TESTS
 128        bool "Disable run-time self tests"
 129        default y
 130        depends on CRYPTO_MANAGER2
 131        help
 132          Disable run-time self tests that normally take place at
 133          algorithm registration.
 134
 135config CRYPTO_GF128MUL
 136        tristate "GF(2^128) multiplication functions"
 137        help
 138          Efficient table driven implementation of multiplications in the
 139          field GF(2^128).  This is needed by some cypher modes. This
 140          option will be selected automatically if you select such a
 141          cipher mode.  Only select this option by hand if you expect to load
 142          an external module that requires these functions.
 143
 144config CRYPTO_NULL
 145        tristate "Null algorithms"
 146        select CRYPTO_NULL2
 147        help
 148          These are 'Null' algorithms, used by IPsec, which do nothing.
 149
 150config CRYPTO_NULL2
 151        tristate
 152        select CRYPTO_ALGAPI2
 153        select CRYPTO_BLKCIPHER2
 154        select CRYPTO_HASH2
 155
 156config CRYPTO_PCRYPT
 157        tristate "Parallel crypto engine"
 158        depends on SMP
 159        select PADATA
 160        select CRYPTO_MANAGER
 161        select CRYPTO_AEAD
 162        help
 163          This converts an arbitrary crypto algorithm into a parallel
 164          algorithm that executes in kernel threads.
 165
 166config CRYPTO_WORKQUEUE
 167       tristate
 168
 169config CRYPTO_CRYPTD
 170        tristate "Software async crypto daemon"
 171        select CRYPTO_BLKCIPHER
 172        select CRYPTO_HASH
 173        select CRYPTO_MANAGER
 174        select CRYPTO_WORKQUEUE
 175        help
 176          This is a generic software asynchronous crypto daemon that
 177          converts an arbitrary synchronous software crypto algorithm
 178          into an asynchronous algorithm that executes in a kernel thread.
 179
 180config CRYPTO_MCRYPTD
 181        tristate "Software async multi-buffer crypto daemon"
 182        select CRYPTO_BLKCIPHER
 183        select CRYPTO_HASH
 184        select CRYPTO_MANAGER
 185        select CRYPTO_WORKQUEUE
 186        help
 187          This is a generic software asynchronous crypto daemon that
 188          provides the kernel thread to assist multi-buffer crypto
 189          algorithms for submitting jobs and flushing jobs in multi-buffer
 190          crypto algorithms.  Multi-buffer crypto algorithms are executed
 191          in the context of this kernel thread and drivers can post
 192          their crypto request asynchronously to be processed by this daemon.
 193
 194config CRYPTO_AUTHENC
 195        tristate "Authenc support"
 196        select CRYPTO_AEAD
 197        select CRYPTO_BLKCIPHER
 198        select CRYPTO_MANAGER
 199        select CRYPTO_HASH
 200        select CRYPTO_NULL
 201        help
 202          Authenc: Combined mode wrapper for IPsec.
 203          This is required for IPSec.
 204
 205config CRYPTO_TEST
 206        tristate "Testing module"
 207        depends on m
 208        select CRYPTO_MANAGER
 209        help
 210          Quick & dirty crypto test module.
 211
 212config CRYPTO_ABLK_HELPER
 213        tristate
 214        select CRYPTO_CRYPTD
 215
 216config CRYPTO_GLUE_HELPER_X86
 217        tristate
 218        depends on X86
 219        select CRYPTO_ALGAPI
 220
 221config CRYPTO_ENGINE
 222        tristate
 223
 224comment "Authenticated Encryption with Associated Data"
 225
 226config CRYPTO_CCM
 227        tristate "CCM support"
 228        select CRYPTO_CTR
 229        select CRYPTO_AEAD
 230        help
 231          Support for Counter with CBC MAC. Required for IPsec.
 232
 233config CRYPTO_GCM
 234        tristate "GCM/GMAC support"
 235        select CRYPTO_CTR
 236        select CRYPTO_AEAD
 237        select CRYPTO_GHASH
 238        select CRYPTO_NULL
 239        help
 240          Support for Galois/Counter Mode (GCM) and Galois Message
 241          Authentication Code (GMAC). Required for IPSec.
 242
 243config CRYPTO_CHACHA20POLY1305
 244        tristate "ChaCha20-Poly1305 AEAD support"
 245        select CRYPTO_CHACHA20
 246        select CRYPTO_POLY1305
 247        select CRYPTO_AEAD
 248        help
 249          ChaCha20-Poly1305 AEAD support, RFC7539.
 250
 251          Support for the AEAD wrapper using the ChaCha20 stream cipher combined
 252          with the Poly1305 authenticator. It is defined in RFC7539 for use in
 253          IETF protocols.
 254
 255config CRYPTO_SEQIV
 256        tristate "Sequence Number IV Generator"
 257        select CRYPTO_AEAD
 258        select CRYPTO_BLKCIPHER
 259        select CRYPTO_NULL
 260        select CRYPTO_RNG_DEFAULT
 261        help
 262          This IV generator generates an IV based on a sequence number by
 263          xoring it with a salt.  This algorithm is mainly useful for CTR
 264
 265config CRYPTO_ECHAINIV
 266        tristate "Encrypted Chain IV Generator"
 267        select CRYPTO_AEAD
 268        select CRYPTO_NULL
 269        select CRYPTO_RNG_DEFAULT
 270        default m
 271        help
 272          This IV generator generates an IV based on the encryption of
 273          a sequence number xored with a salt.  This is the default
 274          algorithm for CBC.
 275
 276comment "Block modes"
 277
 278config CRYPTO_CBC
 279        tristate "CBC support"
 280        select CRYPTO_BLKCIPHER
 281        select CRYPTO_MANAGER
 282        help
 283          CBC: Cipher Block Chaining mode
 284          This block cipher algorithm is required for IPSec.
 285
 286config CRYPTO_CTR
 287        tristate "CTR support"
 288        select CRYPTO_BLKCIPHER
 289        select CRYPTO_SEQIV
 290        select CRYPTO_MANAGER
 291        help
 292          CTR: Counter mode
 293          This block cipher algorithm is required for IPSec.
 294
 295config CRYPTO_CTS
 296        tristate "CTS support"
 297        select CRYPTO_BLKCIPHER
 298        help
 299          CTS: Cipher Text Stealing
 300          This is the Cipher Text Stealing mode as described by
 301          Section 8 of rfc2040 and referenced by rfc3962.
 302          (rfc3962 includes errata information in its Appendix A)
 303          This mode is required for Kerberos gss mechanism support
 304          for AES encryption.
 305
 306config CRYPTO_ECB
 307        tristate "ECB support"
 308        select CRYPTO_BLKCIPHER
 309        select CRYPTO_MANAGER
 310        help
 311          ECB: Electronic CodeBook mode
 312          This is the simplest block cipher algorithm.  It simply encrypts
 313          the input block by block.
 314
 315config CRYPTO_LRW
 316        tristate "LRW support"
 317        select CRYPTO_BLKCIPHER
 318        select CRYPTO_MANAGER
 319        select CRYPTO_GF128MUL
 320        help
 321          LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
 322          narrow block cipher mode for dm-crypt.  Use it with cipher
 323          specification string aes-lrw-benbi, the key must be 256, 320 or 384.
 324          The first 128, 192 or 256 bits in the key are used for AES and the
 325          rest is used to tie each cipher block to its logical position.
 326
 327config CRYPTO_PCBC
 328        tristate "PCBC support"
 329        select CRYPTO_BLKCIPHER
 330        select CRYPTO_MANAGER
 331        help
 332          PCBC: Propagating Cipher Block Chaining mode
 333          This block cipher algorithm is required for RxRPC.
 334
 335config CRYPTO_XTS
 336        tristate "XTS support"
 337        select CRYPTO_BLKCIPHER
 338        select CRYPTO_MANAGER
 339        select CRYPTO_GF128MUL
 340        help
 341          XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
 342          key size 256, 384 or 512 bits. This implementation currently
 343          can't handle a sectorsize which is not a multiple of 16 bytes.
 344
 345config CRYPTO_KEYWRAP
 346        tristate "Key wrapping support"
 347        select CRYPTO_BLKCIPHER
 348        help
 349          Support for key wrapping (NIST SP800-38F / RFC3394) without
 350          padding.
 351
 352comment "Hash modes"
 353
 354config CRYPTO_CMAC
 355        tristate "CMAC support"
 356        select CRYPTO_HASH
 357        select CRYPTO_MANAGER
 358        help
 359          Cipher-based Message Authentication Code (CMAC) specified by
 360          The National Institute of Standards and Technology (NIST).
 361
 362          https://tools.ietf.org/html/rfc4493
 363          http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
 364
 365config CRYPTO_HMAC
 366        tristate "HMAC support"
 367        select CRYPTO_HASH
 368        select CRYPTO_MANAGER
 369        help
 370          HMAC: Keyed-Hashing for Message Authentication (RFC2104).
 371          This is required for IPSec.
 372
 373config CRYPTO_XCBC
 374        tristate "XCBC support"
 375        select CRYPTO_HASH
 376        select CRYPTO_MANAGER
 377        help
 378          XCBC: Keyed-Hashing with encryption algorithm
 379                http://www.ietf.org/rfc/rfc3566.txt
 380                http://csrc.nist.gov/encryption/modes/proposedmodes/
 381                 xcbc-mac/xcbc-mac-spec.pdf
 382
 383config CRYPTO_VMAC
 384        tristate "VMAC support"
 385        select CRYPTO_HASH
 386        select CRYPTO_MANAGER
 387        help
 388          VMAC is a message authentication algorithm designed for
 389          very high speed on 64-bit architectures.
 390
 391          See also:
 392          <http://fastcrypto.org/vmac>
 393
 394comment "Digest"
 395
 396config CRYPTO_CRC32C
 397        tristate "CRC32c CRC algorithm"
 398        select CRYPTO_HASH
 399        select CRC32
 400        help
 401          Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
 402          by iSCSI for header and data digests and by others.
 403          See Castagnoli93.  Module will be crc32c.
 404
 405config CRYPTO_CRC32C_INTEL
 406        tristate "CRC32c INTEL hardware acceleration"
 407        depends on X86
 408        select CRYPTO_HASH
 409        help
 410          In Intel processor with SSE4.2 supported, the processor will
 411          support CRC32C implementation using hardware accelerated CRC32
 412          instruction. This option will create 'crc32c-intel' module,
 413          which will enable any routine to use the CRC32 instruction to
 414          gain performance compared with software implementation.
 415          Module will be crc32c-intel.
 416
 417config CRYPTO_CRC32C_SPARC64
 418        tristate "CRC32c CRC algorithm (SPARC64)"
 419        depends on SPARC64
 420        select CRYPTO_HASH
 421        select CRC32
 422        help
 423          CRC32c CRC algorithm implemented using sparc64 crypto instructions,
 424          when available.
 425
 426config CRYPTO_CRC32
 427        tristate "CRC32 CRC algorithm"
 428        select CRYPTO_HASH
 429        select CRC32
 430        help
 431          CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
 432          Shash crypto api wrappers to crc32_le function.
 433
 434config CRYPTO_CRC32_PCLMUL
 435        tristate "CRC32 PCLMULQDQ hardware acceleration"
 436        depends on X86
 437        select CRYPTO_HASH
 438        select CRC32
 439        help
 440          From Intel Westmere and AMD Bulldozer processor with SSE4.2
 441          and PCLMULQDQ supported, the processor will support
 442          CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
 443          instruction. This option will create 'crc32-plcmul' module,
 444          which will enable any routine to use the CRC-32-IEEE 802.3 checksum
 445          and gain better performance as compared with the table implementation.
 446
 447config CRYPTO_CRCT10DIF
 448        tristate "CRCT10DIF algorithm"
 449        select CRYPTO_HASH
 450        help
 451          CRC T10 Data Integrity Field computation is being cast as
 452          a crypto transform.  This allows for faster crc t10 diff
 453          transforms to be used if they are available.
 454
 455config CRYPTO_CRCT10DIF_PCLMUL
 456        tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
 457        depends on X86 && 64BIT && CRC_T10DIF
 458        select CRYPTO_HASH
 459        help
 460          For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
 461          CRC T10 DIF PCLMULQDQ computation can be hardware
 462          accelerated PCLMULQDQ instruction. This option will create
 463          'crct10dif-plcmul' module, which is faster when computing the
 464          crct10dif checksum as compared with the generic table implementation.
 465
 466config CRYPTO_GHASH
 467        tristate "GHASH digest algorithm"
 468        select CRYPTO_GF128MUL
 469        select CRYPTO_HASH
 470        help
 471          GHASH is message digest algorithm for GCM (Galois/Counter Mode).
 472
 473config CRYPTO_POLY1305
 474        tristate "Poly1305 authenticator algorithm"
 475        select CRYPTO_HASH
 476        help
 477          Poly1305 authenticator algorithm, RFC7539.
 478
 479          Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 480          It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 481          in IETF protocols. This is the portable C implementation of Poly1305.
 482
 483config CRYPTO_POLY1305_X86_64
 484        tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
 485        depends on X86 && 64BIT
 486        select CRYPTO_POLY1305
 487        help
 488          Poly1305 authenticator algorithm, RFC7539.
 489
 490          Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 491          It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 492          in IETF protocols. This is the x86_64 assembler implementation using SIMD
 493          instructions.
 494
 495config CRYPTO_MD4
 496        tristate "MD4 digest algorithm"
 497        select CRYPTO_HASH
 498        help
 499          MD4 message digest algorithm (RFC1320).
 500
 501config CRYPTO_MD5
 502        tristate "MD5 digest algorithm"
 503        select CRYPTO_HASH
 504        help
 505          MD5 message digest algorithm (RFC1321).
 506
 507config CRYPTO_MD5_OCTEON
 508        tristate "MD5 digest algorithm (OCTEON)"
 509        depends on CPU_CAVIUM_OCTEON
 510        select CRYPTO_MD5
 511        select CRYPTO_HASH
 512        help
 513          MD5 message digest algorithm (RFC1321) implemented
 514          using OCTEON crypto instructions, when available.
 515
 516config CRYPTO_MD5_PPC
 517        tristate "MD5 digest algorithm (PPC)"
 518        depends on PPC
 519        select CRYPTO_HASH
 520        help
 521          MD5 message digest algorithm (RFC1321) implemented
 522          in PPC assembler.
 523
 524config CRYPTO_MD5_SPARC64
 525        tristate "MD5 digest algorithm (SPARC64)"
 526        depends on SPARC64
 527        select CRYPTO_MD5
 528        select CRYPTO_HASH
 529        help
 530          MD5 message digest algorithm (RFC1321) implemented
 531          using sparc64 crypto instructions, when available.
 532
 533config CRYPTO_MICHAEL_MIC
 534        tristate "Michael MIC keyed digest algorithm"
 535        select CRYPTO_HASH
 536        help
 537          Michael MIC is used for message integrity protection in TKIP
 538          (IEEE 802.11i). This algorithm is required for TKIP, but it
 539          should not be used for other purposes because of the weakness
 540          of the algorithm.
 541
 542config CRYPTO_RMD128
 543        tristate "RIPEMD-128 digest algorithm"
 544        select CRYPTO_HASH
 545        help
 546          RIPEMD-128 (ISO/IEC 10118-3:2004).
 547
 548          RIPEMD-128 is a 128-bit cryptographic hash function. It should only
 549          be used as a secure replacement for RIPEMD. For other use cases,
 550          RIPEMD-160 should be used.
 551
 552          Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 553          See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 554
 555config CRYPTO_RMD160
 556        tristate "RIPEMD-160 digest algorithm"
 557        select CRYPTO_HASH
 558        help
 559          RIPEMD-160 (ISO/IEC 10118-3:2004).
 560
 561          RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
 562          to be used as a secure replacement for the 128-bit hash functions
 563          MD4, MD5 and it's predecessor RIPEMD
 564          (not to be confused with RIPEMD-128).
 565
 566          It's speed is comparable to SHA1 and there are no known attacks
 567          against RIPEMD-160.
 568
 569          Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 570          See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 571
 572config CRYPTO_RMD256
 573        tristate "RIPEMD-256 digest algorithm"
 574        select CRYPTO_HASH
 575        help
 576          RIPEMD-256 is an optional extension of RIPEMD-128 with a
 577          256 bit hash. It is intended for applications that require
 578          longer hash-results, without needing a larger security level
 579          (than RIPEMD-128).
 580
 581          Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 582          See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 583
 584config CRYPTO_RMD320
 585        tristate "RIPEMD-320 digest algorithm"
 586        select CRYPTO_HASH
 587        help
 588          RIPEMD-320 is an optional extension of RIPEMD-160 with a
 589          320 bit hash. It is intended for applications that require
 590          longer hash-results, without needing a larger security level
 591          (than RIPEMD-160).
 592
 593          Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 594          See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 595
 596config CRYPTO_SHA1
 597        tristate "SHA1 digest algorithm"
 598        select CRYPTO_HASH
 599        help
 600          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 601
 602config CRYPTO_SHA1_SSSE3
 603        tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 604        depends on X86 && 64BIT
 605        select CRYPTO_SHA1
 606        select CRYPTO_HASH
 607        help
 608          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 609          using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
 610          Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
 611          when available.
 612
 613config CRYPTO_SHA256_SSSE3
 614        tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 615        depends on X86 && 64BIT
 616        select CRYPTO_SHA256
 617        select CRYPTO_HASH
 618        help
 619          SHA-256 secure hash standard (DFIPS 180-2) implemented
 620          using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 621          Extensions version 1 (AVX1), or Advanced Vector Extensions
 622          version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
 623          Instructions) when available.
 624
 625config CRYPTO_SHA512_SSSE3
 626        tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
 627        depends on X86 && 64BIT
 628        select CRYPTO_SHA512
 629        select CRYPTO_HASH
 630        help
 631          SHA-512 secure hash standard (DFIPS 180-2) implemented
 632          using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 633          Extensions version 1 (AVX1), or Advanced Vector Extensions
 634          version 2 (AVX2) instructions, when available.
 635
 636config CRYPTO_SHA1_OCTEON
 637        tristate "SHA1 digest algorithm (OCTEON)"
 638        depends on CPU_CAVIUM_OCTEON
 639        select CRYPTO_SHA1
 640        select CRYPTO_HASH
 641        help
 642          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 643          using OCTEON crypto instructions, when available.
 644
 645config CRYPTO_SHA1_SPARC64
 646        tristate "SHA1 digest algorithm (SPARC64)"
 647        depends on SPARC64
 648        select CRYPTO_SHA1
 649        select CRYPTO_HASH
 650        help
 651          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 652          using sparc64 crypto instructions, when available.
 653
 654config CRYPTO_SHA1_PPC
 655        tristate "SHA1 digest algorithm (powerpc)"
 656        depends on PPC
 657        help
 658          This is the powerpc hardware accelerated implementation of the
 659          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 660
 661config CRYPTO_SHA1_PPC_SPE
 662        tristate "SHA1 digest algorithm (PPC SPE)"
 663        depends on PPC && SPE
 664        help
 665          SHA-1 secure hash standard (DFIPS 180-4) implemented
 666          using powerpc SPE SIMD instruction set.
 667
 668config CRYPTO_SHA1_MB
 669        tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
 670        depends on X86 && 64BIT
 671        select CRYPTO_SHA1
 672        select CRYPTO_HASH
 673        select CRYPTO_MCRYPTD
 674        help
 675          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 676          using multi-buffer technique.  This algorithm computes on
 677          multiple data lanes concurrently with SIMD instructions for
 678          better throughput.  It should not be enabled by default but
 679          used when there is significant amount of work to keep the keep
 680          the data lanes filled to get performance benefit.  If the data
 681          lanes remain unfilled, a flush operation will be initiated to
 682          process the crypto jobs, adding a slight latency.
 683
 684config CRYPTO_SHA256
 685        tristate "SHA224 and SHA256 digest algorithm"
 686        select CRYPTO_HASH
 687        help
 688          SHA256 secure hash standard (DFIPS 180-2).
 689
 690          This version of SHA implements a 256 bit hash with 128 bits of
 691          security against collision attacks.
 692
 693          This code also includes SHA-224, a 224 bit hash with 112 bits
 694          of security against collision attacks.
 695
 696config CRYPTO_SHA256_PPC_SPE
 697        tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
 698        depends on PPC && SPE
 699        select CRYPTO_SHA256
 700        select CRYPTO_HASH
 701        help
 702          SHA224 and SHA256 secure hash standard (DFIPS 180-2)
 703          implemented using powerpc SPE SIMD instruction set.
 704
 705config CRYPTO_SHA256_OCTEON
 706        tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
 707        depends on CPU_CAVIUM_OCTEON
 708        select CRYPTO_SHA256
 709        select CRYPTO_HASH
 710        help
 711          SHA-256 secure hash standard (DFIPS 180-2) implemented
 712          using OCTEON crypto instructions, when available.
 713
 714config CRYPTO_SHA256_SPARC64
 715        tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
 716        depends on SPARC64
 717        select CRYPTO_SHA256
 718        select CRYPTO_HASH
 719        help
 720          SHA-256 secure hash standard (DFIPS 180-2) implemented
 721          using sparc64 crypto instructions, when available.
 722
 723config CRYPTO_SHA512
 724        tristate "SHA384 and SHA512 digest algorithms"
 725        select CRYPTO_HASH
 726        help
 727          SHA512 secure hash standard (DFIPS 180-2).
 728
 729          This version of SHA implements a 512 bit hash with 256 bits of
 730          security against collision attacks.
 731
 732          This code also includes SHA-384, a 384 bit hash with 192 bits
 733          of security against collision attacks.
 734
 735config CRYPTO_SHA512_OCTEON
 736        tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
 737        depends on CPU_CAVIUM_OCTEON
 738        select CRYPTO_SHA512
 739        select CRYPTO_HASH
 740        help
 741          SHA-512 secure hash standard (DFIPS 180-2) implemented
 742          using OCTEON crypto instructions, when available.
 743
 744config CRYPTO_SHA512_SPARC64
 745        tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
 746        depends on SPARC64
 747        select CRYPTO_SHA512
 748        select CRYPTO_HASH
 749        help
 750          SHA-512 secure hash standard (DFIPS 180-2) implemented
 751          using sparc64 crypto instructions, when available.
 752
 753config CRYPTO_TGR192
 754        tristate "Tiger digest algorithms"
 755        select CRYPTO_HASH
 756        help
 757          Tiger hash algorithm 192, 160 and 128-bit hashes
 758
 759          Tiger is a hash function optimized for 64-bit processors while
 760          still having decent performance on 32-bit processors.
 761          Tiger was developed by Ross Anderson and Eli Biham.
 762
 763          See also:
 764          <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
 765
 766config CRYPTO_WP512
 767        tristate "Whirlpool digest algorithms"
 768        select CRYPTO_HASH
 769        help
 770          Whirlpool hash algorithm 512, 384 and 256-bit hashes
 771
 772          Whirlpool-512 is part of the NESSIE cryptographic primitives.
 773          Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
 774
 775          See also:
 776          <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
 777
 778config CRYPTO_GHASH_CLMUL_NI_INTEL
 779        tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
 780        depends on X86 && 64BIT
 781        select CRYPTO_CRYPTD
 782        help
 783          GHASH is message digest algorithm for GCM (Galois/Counter Mode).
 784          The implementation is accelerated by CLMUL-NI of Intel.
 785
 786comment "Ciphers"
 787
 788config CRYPTO_AES
 789        tristate "AES cipher algorithms"
 790        select CRYPTO_ALGAPI
 791        help
 792          AES cipher algorithms (FIPS-197). AES uses the Rijndael
 793          algorithm.
 794
 795          Rijndael appears to be consistently a very good performer in
 796          both hardware and software across a wide range of computing
 797          environments regardless of its use in feedback or non-feedback
 798          modes. Its key setup time is excellent, and its key agility is
 799          good. Rijndael's very low memory requirements make it very well
 800          suited for restricted-space environments, in which it also
 801          demonstrates excellent performance. Rijndael's operations are
 802          among the easiest to defend against power and timing attacks.
 803
 804          The AES specifies three key sizes: 128, 192 and 256 bits
 805
 806          See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
 807
 808config CRYPTO_AES_586
 809        tristate "AES cipher algorithms (i586)"
 810        depends on (X86 || UML_X86) && !64BIT
 811        select CRYPTO_ALGAPI
 812        select CRYPTO_AES
 813        help
 814          AES cipher algorithms (FIPS-197). AES uses the Rijndael
 815          algorithm.
 816
 817          Rijndael appears to be consistently a very good performer in
 818          both hardware and software across a wide range of computing
 819          environments regardless of its use in feedback or non-feedback
 820          modes. Its key setup time is excellent, and its key agility is
 821          good. Rijndael's very low memory requirements make it very well
 822          suited for restricted-space environments, in which it also
 823          demonstrates excellent performance. Rijndael's operations are
 824          among the easiest to defend against power and timing attacks.
 825
 826          The AES specifies three key sizes: 128, 192 and 256 bits
 827
 828          See <http://csrc.nist.gov/encryption/aes/> for more information.
 829
 830config CRYPTO_AES_X86_64
 831        tristate "AES cipher algorithms (x86_64)"
 832        depends on (X86 || UML_X86) && 64BIT
 833        select CRYPTO_ALGAPI
 834        select CRYPTO_AES
 835        help
 836          AES cipher algorithms (FIPS-197). AES uses the Rijndael
 837          algorithm.
 838
 839          Rijndael appears to be consistently a very good performer in
 840          both hardware and software across a wide range of computing
 841          environments regardless of its use in feedback or non-feedback
 842          modes. Its key setup time is excellent, and its key agility is
 843          good. Rijndael's very low memory requirements make it very well
 844          suited for restricted-space environments, in which it also
 845          demonstrates excellent performance. Rijndael's operations are
 846          among the easiest to defend against power and timing attacks.
 847
 848          The AES specifies three key sizes: 128, 192 and 256 bits
 849
 850          See <http://csrc.nist.gov/encryption/aes/> for more information.
 851
 852config CRYPTO_AES_NI_INTEL
 853        tristate "AES cipher algorithms (AES-NI)"
 854        depends on X86
 855        select CRYPTO_AES_X86_64 if 64BIT
 856        select CRYPTO_AES_586 if !64BIT
 857        select CRYPTO_CRYPTD
 858        select CRYPTO_ABLK_HELPER
 859        select CRYPTO_ALGAPI
 860        select CRYPTO_GLUE_HELPER_X86 if 64BIT
 861        select CRYPTO_LRW
 862        select CRYPTO_XTS
 863        help
 864          Use Intel AES-NI instructions for AES algorithm.
 865
 866          AES cipher algorithms (FIPS-197). AES uses the Rijndael
 867          algorithm.
 868
 869          Rijndael appears to be consistently a very good performer in
 870          both hardware and software across a wide range of computing
 871          environments regardless of its use in feedback or non-feedback
 872          modes. Its key setup time is excellent, and its key agility is
 873          good. Rijndael's very low memory requirements make it very well
 874          suited for restricted-space environments, in which it also
 875          demonstrates excellent performance. Rijndael's operations are
 876          among the easiest to defend against power and timing attacks.
 877
 878          The AES specifies three key sizes: 128, 192 and 256 bits
 879
 880          See <http://csrc.nist.gov/encryption/aes/> for more information.
 881
 882          In addition to AES cipher algorithm support, the acceleration
 883          for some popular block cipher mode is supported too, including
 884          ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
 885          acceleration for CTR.
 886
 887config CRYPTO_AES_SPARC64
 888        tristate "AES cipher algorithms (SPARC64)"
 889        depends on SPARC64
 890        select CRYPTO_CRYPTD
 891        select CRYPTO_ALGAPI
 892        help
 893          Use SPARC64 crypto opcodes for AES algorithm.
 894
 895          AES cipher algorithms (FIPS-197). AES uses the Rijndael
 896          algorithm.
 897
 898          Rijndael appears to be consistently a very good performer in
 899          both hardware and software across a wide range of computing
 900          environments regardless of its use in feedback or non-feedback
 901          modes. Its key setup time is excellent, and its key agility is
 902          good. Rijndael's very low memory requirements make it very well
 903          suited for restricted-space environments, in which it also
 904          demonstrates excellent performance. Rijndael's operations are
 905          among the easiest to defend against power and timing attacks.
 906
 907          The AES specifies three key sizes: 128, 192 and 256 bits
 908
 909          See <http://csrc.nist.gov/encryption/aes/> for more information.
 910
 911          In addition to AES cipher algorithm support, the acceleration
 912          for some popular block cipher mode is supported too, including
 913          ECB and CBC.
 914
 915config CRYPTO_AES_PPC_SPE
 916        tristate "AES cipher algorithms (PPC SPE)"
 917        depends on PPC && SPE
 918        help
 919          AES cipher algorithms (FIPS-197). Additionally the acceleration
 920          for popular block cipher modes ECB, CBC, CTR and XTS is supported.
 921          This module should only be used for low power (router) devices
 922          without hardware AES acceleration (e.g. caam crypto). It reduces the
 923          size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
 924          timining attacks. Nevertheless it might be not as secure as other
 925          architecture specific assembler implementations that work on 1KB
 926          tables or 256 bytes S-boxes.
 927
 928config CRYPTO_ANUBIS
 929        tristate "Anubis cipher algorithm"
 930        select CRYPTO_ALGAPI
 931        help
 932          Anubis cipher algorithm.
 933
 934          Anubis is a variable key length cipher which can use keys from
 935          128 bits to 320 bits in length.  It was evaluated as a entrant
 936          in the NESSIE competition.
 937
 938          See also:
 939          <https://www.cosic.esat.kuleuven.be/nessie/reports/>
 940          <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
 941
 942config CRYPTO_ARC4
 943        tristate "ARC4 cipher algorithm"
 944        select CRYPTO_BLKCIPHER
 945        help
 946          ARC4 cipher algorithm.
 947
 948          ARC4 is a stream cipher using keys ranging from 8 bits to 2048
 949          bits in length.  This algorithm is required for driver-based
 950          WEP, but it should not be for other purposes because of the
 951          weakness of the algorithm.
 952
 953config CRYPTO_BLOWFISH
 954        tristate "Blowfish cipher algorithm"
 955        select CRYPTO_ALGAPI
 956        select CRYPTO_BLOWFISH_COMMON
 957        help
 958          Blowfish cipher algorithm, by Bruce Schneier.
 959
 960          This is a variable key length cipher which can use keys from 32
 961          bits to 448 bits in length.  It's fast, simple and specifically
 962          designed for use on "large microprocessors".
 963
 964          See also:
 965          <http://www.schneier.com/blowfish.html>
 966
 967config CRYPTO_BLOWFISH_COMMON
 968        tristate
 969        help
 970          Common parts of the Blowfish cipher algorithm shared by the
 971          generic c and the assembler implementations.
 972
 973          See also:
 974          <http://www.schneier.com/blowfish.html>
 975
 976config CRYPTO_BLOWFISH_X86_64
 977        tristate "Blowfish cipher algorithm (x86_64)"
 978        depends on X86 && 64BIT
 979        select CRYPTO_ALGAPI
 980        select CRYPTO_BLOWFISH_COMMON
 981        help
 982          Blowfish cipher algorithm (x86_64), by Bruce Schneier.
 983
 984          This is a variable key length cipher which can use keys from 32
 985          bits to 448 bits in length.  It's fast, simple and specifically
 986          designed for use on "large microprocessors".
 987
 988          See also:
 989          <http://www.schneier.com/blowfish.html>
 990
 991config CRYPTO_CAMELLIA
 992        tristate "Camellia cipher algorithms"
 993        depends on CRYPTO
 994        select CRYPTO_ALGAPI
 995        help
 996          Camellia cipher algorithms module.
 997
 998          Camellia is a symmetric key block cipher developed jointly
 999          at NTT and Mitsubishi Electric Corporation.
1000
1001          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1002
1003          See also:
1004          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1005
1006config CRYPTO_CAMELLIA_X86_64
1007        tristate "Camellia cipher algorithm (x86_64)"
1008        depends on X86 && 64BIT
1009        depends on CRYPTO
1010        select CRYPTO_ALGAPI
1011        select CRYPTO_GLUE_HELPER_X86
1012        select CRYPTO_LRW
1013        select CRYPTO_XTS
1014        help
1015          Camellia cipher algorithm module (x86_64).
1016
1017          Camellia is a symmetric key block cipher developed jointly
1018          at NTT and Mitsubishi Electric Corporation.
1019
1020          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1021
1022          See also:
1023          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1024
1025config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1026        tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1027        depends on X86 && 64BIT
1028        depends on CRYPTO
1029        select CRYPTO_ALGAPI
1030        select CRYPTO_CRYPTD
1031        select CRYPTO_ABLK_HELPER
1032        select CRYPTO_GLUE_HELPER_X86
1033        select CRYPTO_CAMELLIA_X86_64
1034        select CRYPTO_LRW
1035        select CRYPTO_XTS
1036        help
1037          Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1038
1039          Camellia is a symmetric key block cipher developed jointly
1040          at NTT and Mitsubishi Electric Corporation.
1041
1042          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1043
1044          See also:
1045          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1046
1047config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1048        tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1049        depends on X86 && 64BIT
1050        depends on CRYPTO
1051        select CRYPTO_ALGAPI
1052        select CRYPTO_CRYPTD
1053        select CRYPTO_ABLK_HELPER
1054        select CRYPTO_GLUE_HELPER_X86
1055        select CRYPTO_CAMELLIA_X86_64
1056        select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1057        select CRYPTO_LRW
1058        select CRYPTO_XTS
1059        help
1060          Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1061
1062          Camellia is a symmetric key block cipher developed jointly
1063          at NTT and Mitsubishi Electric Corporation.
1064
1065          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1066
1067          See also:
1068          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1069
1070config CRYPTO_CAMELLIA_SPARC64
1071        tristate "Camellia cipher algorithm (SPARC64)"
1072        depends on SPARC64
1073        depends on CRYPTO
1074        select CRYPTO_ALGAPI
1075        help
1076          Camellia cipher algorithm module (SPARC64).
1077
1078          Camellia is a symmetric key block cipher developed jointly
1079          at NTT and Mitsubishi Electric Corporation.
1080
1081          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1082
1083          See also:
1084          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1085
1086config CRYPTO_CAST_COMMON
1087        tristate
1088        help
1089          Common parts of the CAST cipher algorithms shared by the
1090          generic c and the assembler implementations.
1091
1092config CRYPTO_CAST5
1093        tristate "CAST5 (CAST-128) cipher algorithm"
1094        select CRYPTO_ALGAPI
1095        select CRYPTO_CAST_COMMON
1096        help
1097          The CAST5 encryption algorithm (synonymous with CAST-128) is
1098          described in RFC2144.
1099
1100config CRYPTO_CAST5_AVX_X86_64
1101        tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1102        depends on X86 && 64BIT
1103        select CRYPTO_ALGAPI
1104        select CRYPTO_CRYPTD
1105        select CRYPTO_ABLK_HELPER
1106        select CRYPTO_CAST_COMMON
1107        select CRYPTO_CAST5
1108        help
1109          The CAST5 encryption algorithm (synonymous with CAST-128) is
1110          described in RFC2144.
1111
1112          This module provides the Cast5 cipher algorithm that processes
1113          sixteen blocks parallel using the AVX instruction set.
1114
1115config CRYPTO_CAST6
1116        tristate "CAST6 (CAST-256) cipher algorithm"
1117        select CRYPTO_ALGAPI
1118        select CRYPTO_CAST_COMMON
1119        help
1120          The CAST6 encryption algorithm (synonymous with CAST-256) is
1121          described in RFC2612.
1122
1123config CRYPTO_CAST6_AVX_X86_64
1124        tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1125        depends on X86 && 64BIT
1126        select CRYPTO_ALGAPI
1127        select CRYPTO_CRYPTD
1128        select CRYPTO_ABLK_HELPER
1129        select CRYPTO_GLUE_HELPER_X86
1130        select CRYPTO_CAST_COMMON
1131        select CRYPTO_CAST6
1132        select CRYPTO_LRW
1133        select CRYPTO_XTS
1134        help
1135          The CAST6 encryption algorithm (synonymous with CAST-256) is
1136          described in RFC2612.
1137
1138          This module provides the Cast6 cipher algorithm that processes
1139          eight blocks parallel using the AVX instruction set.
1140
1141config CRYPTO_DES
1142        tristate "DES and Triple DES EDE cipher algorithms"
1143        select CRYPTO_ALGAPI
1144        help
1145          DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1146
1147config CRYPTO_DES_SPARC64
1148        tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1149        depends on SPARC64
1150        select CRYPTO_ALGAPI
1151        select CRYPTO_DES
1152        help
1153          DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1154          optimized using SPARC64 crypto opcodes.
1155
1156config CRYPTO_DES3_EDE_X86_64
1157        tristate "Triple DES EDE cipher algorithm (x86-64)"
1158        depends on X86 && 64BIT
1159        select CRYPTO_ALGAPI
1160        select CRYPTO_DES
1161        help
1162          Triple DES EDE (FIPS 46-3) algorithm.
1163
1164          This module provides implementation of the Triple DES EDE cipher
1165          algorithm that is optimized for x86-64 processors. Two versions of
1166          algorithm are provided; regular processing one input block and
1167          one that processes three blocks parallel.
1168
1169config CRYPTO_FCRYPT
1170        tristate "FCrypt cipher algorithm"
1171        select CRYPTO_ALGAPI
1172        select CRYPTO_BLKCIPHER
1173        help
1174          FCrypt algorithm used by RxRPC.
1175
1176config CRYPTO_KHAZAD
1177        tristate "Khazad cipher algorithm"
1178        select CRYPTO_ALGAPI
1179        help
1180          Khazad cipher algorithm.
1181
1182          Khazad was a finalist in the initial NESSIE competition.  It is
1183          an algorithm optimized for 64-bit processors with good performance
1184          on 32-bit processors.  Khazad uses an 128 bit key size.
1185
1186          See also:
1187          <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1188
1189config CRYPTO_SALSA20
1190        tristate "Salsa20 stream cipher algorithm"
1191        select CRYPTO_BLKCIPHER
1192        help
1193          Salsa20 stream cipher algorithm.
1194
1195          Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1196          Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1197
1198          The Salsa20 stream cipher algorithm is designed by Daniel J.
1199          Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1200
1201config CRYPTO_SALSA20_586
1202        tristate "Salsa20 stream cipher algorithm (i586)"
1203        depends on (X86 || UML_X86) && !64BIT
1204        select CRYPTO_BLKCIPHER
1205        help
1206          Salsa20 stream cipher algorithm.
1207
1208          Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1209          Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1210
1211          The Salsa20 stream cipher algorithm is designed by Daniel J.
1212          Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1213
1214config CRYPTO_SALSA20_X86_64
1215        tristate "Salsa20 stream cipher algorithm (x86_64)"
1216        depends on (X86 || UML_X86) && 64BIT
1217        select CRYPTO_BLKCIPHER
1218        help
1219          Salsa20 stream cipher algorithm.
1220
1221          Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1222          Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1223
1224          The Salsa20 stream cipher algorithm is designed by Daniel J.
1225          Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1226
1227config CRYPTO_CHACHA20
1228        tristate "ChaCha20 cipher algorithm"
1229        select CRYPTO_BLKCIPHER
1230        help
1231          ChaCha20 cipher algorithm, RFC7539.
1232
1233          ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1234          Bernstein and further specified in RFC7539 for use in IETF protocols.
1235          This is the portable C implementation of ChaCha20.
1236
1237          See also:
1238          <http://cr.yp.to/chacha/chacha-20080128.pdf>
1239
1240config CRYPTO_CHACHA20_X86_64
1241        tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1242        depends on X86 && 64BIT
1243        select CRYPTO_BLKCIPHER
1244        select CRYPTO_CHACHA20
1245        help
1246          ChaCha20 cipher algorithm, RFC7539.
1247
1248          ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1249          Bernstein and further specified in RFC7539 for use in IETF protocols.
1250          This is the x86_64 assembler implementation using SIMD instructions.
1251
1252          See also:
1253          <http://cr.yp.to/chacha/chacha-20080128.pdf>
1254
1255config CRYPTO_SEED
1256        tristate "SEED cipher algorithm"
1257        select CRYPTO_ALGAPI
1258        help
1259          SEED cipher algorithm (RFC4269).
1260
1261          SEED is a 128-bit symmetric key block cipher that has been
1262          developed by KISA (Korea Information Security Agency) as a
1263          national standard encryption algorithm of the Republic of Korea.
1264          It is a 16 round block cipher with the key size of 128 bit.
1265
1266          See also:
1267          <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1268
1269config CRYPTO_SERPENT
1270        tristate "Serpent cipher algorithm"
1271        select CRYPTO_ALGAPI
1272        help
1273          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1274
1275          Keys are allowed to be from 0 to 256 bits in length, in steps
1276          of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1277          variant of Serpent for compatibility with old kerneli.org code.
1278
1279          See also:
1280          <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1281
1282config CRYPTO_SERPENT_SSE2_X86_64
1283        tristate "Serpent cipher algorithm (x86_64/SSE2)"
1284        depends on X86 && 64BIT
1285        select CRYPTO_ALGAPI
1286        select CRYPTO_CRYPTD
1287        select CRYPTO_ABLK_HELPER
1288        select CRYPTO_GLUE_HELPER_X86
1289        select CRYPTO_SERPENT
1290        select CRYPTO_LRW
1291        select CRYPTO_XTS
1292        help
1293          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1294
1295          Keys are allowed to be from 0 to 256 bits in length, in steps
1296          of 8 bits.
1297
1298          This module provides Serpent cipher algorithm that processes eight
1299          blocks parallel using SSE2 instruction set.
1300
1301          See also:
1302          <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1303
1304config CRYPTO_SERPENT_SSE2_586
1305        tristate "Serpent cipher algorithm (i586/SSE2)"
1306        depends on X86 && !64BIT
1307        select CRYPTO_ALGAPI
1308        select CRYPTO_CRYPTD
1309        select CRYPTO_ABLK_HELPER
1310        select CRYPTO_GLUE_HELPER_X86
1311        select CRYPTO_SERPENT
1312        select CRYPTO_LRW
1313        select CRYPTO_XTS
1314        help
1315          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1316
1317          Keys are allowed to be from 0 to 256 bits in length, in steps
1318          of 8 bits.
1319
1320          This module provides Serpent cipher algorithm that processes four
1321          blocks parallel using SSE2 instruction set.
1322
1323          See also:
1324          <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1325
1326config CRYPTO_SERPENT_AVX_X86_64
1327        tristate "Serpent cipher algorithm (x86_64/AVX)"
1328        depends on X86 && 64BIT
1329        select CRYPTO_ALGAPI
1330        select CRYPTO_CRYPTD
1331        select CRYPTO_ABLK_HELPER
1332        select CRYPTO_GLUE_HELPER_X86
1333        select CRYPTO_SERPENT
1334        select CRYPTO_LRW
1335        select CRYPTO_XTS
1336        help
1337          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1338
1339          Keys are allowed to be from 0 to 256 bits in length, in steps
1340          of 8 bits.
1341
1342          This module provides the Serpent cipher algorithm that processes
1343          eight blocks parallel using the AVX instruction set.
1344
1345          See also:
1346          <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1347
1348config CRYPTO_SERPENT_AVX2_X86_64
1349        tristate "Serpent cipher algorithm (x86_64/AVX2)"
1350        depends on X86 && 64BIT
1351        select CRYPTO_ALGAPI
1352        select CRYPTO_CRYPTD
1353        select CRYPTO_ABLK_HELPER
1354        select CRYPTO_GLUE_HELPER_X86
1355        select CRYPTO_SERPENT
1356        select CRYPTO_SERPENT_AVX_X86_64
1357        select CRYPTO_LRW
1358        select CRYPTO_XTS
1359        help
1360          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1361
1362          Keys are allowed to be from 0 to 256 bits in length, in steps
1363          of 8 bits.
1364
1365          This module provides Serpent cipher algorithm that processes 16
1366          blocks parallel using AVX2 instruction set.
1367
1368          See also:
1369          <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1370
1371config CRYPTO_TEA
1372        tristate "TEA, XTEA and XETA cipher algorithms"
1373        select CRYPTO_ALGAPI
1374        help
1375          TEA cipher algorithm.
1376
1377          Tiny Encryption Algorithm is a simple cipher that uses
1378          many rounds for security.  It is very fast and uses
1379          little memory.
1380
1381          Xtendend Tiny Encryption Algorithm is a modification to
1382          the TEA algorithm to address a potential key weakness
1383          in the TEA algorithm.
1384
1385          Xtendend Encryption Tiny Algorithm is a mis-implementation
1386          of the XTEA algorithm for compatibility purposes.
1387
1388config CRYPTO_TWOFISH
1389        tristate "Twofish cipher algorithm"
1390        select CRYPTO_ALGAPI
1391        select CRYPTO_TWOFISH_COMMON
1392        help
1393          Twofish cipher algorithm.
1394
1395          Twofish was submitted as an AES (Advanced Encryption Standard)
1396          candidate cipher by researchers at CounterPane Systems.  It is a
1397          16 round block cipher supporting key sizes of 128, 192, and 256
1398          bits.
1399
1400          See also:
1401          <http://www.schneier.com/twofish.html>
1402
1403config CRYPTO_TWOFISH_COMMON
1404        tristate
1405        help
1406          Common parts of the Twofish cipher algorithm shared by the
1407          generic c and the assembler implementations.
1408
1409config CRYPTO_TWOFISH_586
1410        tristate "Twofish cipher algorithms (i586)"
1411        depends on (X86 || UML_X86) && !64BIT
1412        select CRYPTO_ALGAPI
1413        select CRYPTO_TWOFISH_COMMON
1414        help
1415          Twofish cipher algorithm.
1416
1417          Twofish was submitted as an AES (Advanced Encryption Standard)
1418          candidate cipher by researchers at CounterPane Systems.  It is a
1419          16 round block cipher supporting key sizes of 128, 192, and 256
1420          bits.
1421
1422          See also:
1423          <http://www.schneier.com/twofish.html>
1424
1425config CRYPTO_TWOFISH_X86_64
1426        tristate "Twofish cipher algorithm (x86_64)"
1427        depends on (X86 || UML_X86) && 64BIT
1428        select CRYPTO_ALGAPI
1429        select CRYPTO_TWOFISH_COMMON
1430        help
1431          Twofish cipher algorithm (x86_64).
1432
1433          Twofish was submitted as an AES (Advanced Encryption Standard)
1434          candidate cipher by researchers at CounterPane Systems.  It is a
1435          16 round block cipher supporting key sizes of 128, 192, and 256
1436          bits.
1437
1438          See also:
1439          <http://www.schneier.com/twofish.html>
1440
1441config CRYPTO_TWOFISH_X86_64_3WAY
1442        tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1443        depends on X86 && 64BIT
1444        select CRYPTO_ALGAPI
1445        select CRYPTO_TWOFISH_COMMON
1446        select CRYPTO_TWOFISH_X86_64
1447        select CRYPTO_GLUE_HELPER_X86
1448        select CRYPTO_LRW
1449        select CRYPTO_XTS
1450        help
1451          Twofish cipher algorithm (x86_64, 3-way parallel).
1452
1453          Twofish was submitted as an AES (Advanced Encryption Standard)
1454          candidate cipher by researchers at CounterPane Systems.  It is a
1455          16 round block cipher supporting key sizes of 128, 192, and 256
1456          bits.
1457
1458          This module provides Twofish cipher algorithm that processes three
1459          blocks parallel, utilizing resources of out-of-order CPUs better.
1460
1461          See also:
1462          <http://www.schneier.com/twofish.html>
1463
1464config CRYPTO_TWOFISH_AVX_X86_64
1465        tristate "Twofish cipher algorithm (x86_64/AVX)"
1466        depends on X86 && 64BIT
1467        select CRYPTO_ALGAPI
1468        select CRYPTO_CRYPTD
1469        select CRYPTO_ABLK_HELPER
1470        select CRYPTO_GLUE_HELPER_X86
1471        select CRYPTO_TWOFISH_COMMON
1472        select CRYPTO_TWOFISH_X86_64
1473        select CRYPTO_TWOFISH_X86_64_3WAY
1474        select CRYPTO_LRW
1475        select CRYPTO_XTS
1476        help
1477          Twofish cipher algorithm (x86_64/AVX).
1478
1479          Twofish was submitted as an AES (Advanced Encryption Standard)
1480          candidate cipher by researchers at CounterPane Systems.  It is a
1481          16 round block cipher supporting key sizes of 128, 192, and 256
1482          bits.
1483
1484          This module provides the Twofish cipher algorithm that processes
1485          eight blocks parallel using the AVX Instruction Set.
1486
1487          See also:
1488          <http://www.schneier.com/twofish.html>
1489
1490comment "Compression"
1491
1492config CRYPTO_DEFLATE
1493        tristate "Deflate compression algorithm"
1494        select CRYPTO_ALGAPI
1495        select ZLIB_INFLATE
1496        select ZLIB_DEFLATE
1497        help
1498          This is the Deflate algorithm (RFC1951), specified for use in
1499          IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1500
1501          You will most probably want this if using IPSec.
1502
1503config CRYPTO_LZO
1504        tristate "LZO compression algorithm"
1505        select CRYPTO_ALGAPI
1506        select LZO_COMPRESS
1507        select LZO_DECOMPRESS
1508        help
1509          This is the LZO algorithm.
1510
1511config CRYPTO_842
1512        tristate "842 compression algorithm"
1513        select CRYPTO_ALGAPI
1514        select 842_COMPRESS
1515        select 842_DECOMPRESS
1516        help
1517          This is the 842 algorithm.
1518
1519config CRYPTO_LZ4
1520        tristate "LZ4 compression algorithm"
1521        select CRYPTO_ALGAPI
1522        select LZ4_COMPRESS
1523        select LZ4_DECOMPRESS
1524        help
1525          This is the LZ4 algorithm.
1526
1527config CRYPTO_LZ4HC
1528        tristate "LZ4HC compression algorithm"
1529        select CRYPTO_ALGAPI
1530        select LZ4HC_COMPRESS
1531        select LZ4_DECOMPRESS
1532        help
1533          This is the LZ4 high compression mode algorithm.
1534
1535comment "Random Number Generation"
1536
1537config CRYPTO_ANSI_CPRNG
1538        tristate "Pseudo Random Number Generation for Cryptographic modules"
1539        select CRYPTO_AES
1540        select CRYPTO_RNG
1541        help
1542          This option enables the generic pseudo random number generator
1543          for cryptographic modules.  Uses the Algorithm specified in
1544          ANSI X9.31 A.2.4. Note that this option must be enabled if
1545          CRYPTO_FIPS is selected
1546
1547menuconfig CRYPTO_DRBG_MENU
1548        tristate "NIST SP800-90A DRBG"
1549        help
1550          NIST SP800-90A compliant DRBG. In the following submenu, one or
1551          more of the DRBG types must be selected.
1552
1553if CRYPTO_DRBG_MENU
1554
1555config CRYPTO_DRBG_HMAC
1556        bool
1557        default y
1558        select CRYPTO_HMAC
1559        select CRYPTO_SHA256
1560
1561config CRYPTO_DRBG_HASH
1562        bool "Enable Hash DRBG"
1563        select CRYPTO_SHA256
1564        help
1565          Enable the Hash DRBG variant as defined in NIST SP800-90A.
1566
1567config CRYPTO_DRBG_CTR
1568        bool "Enable CTR DRBG"
1569        select CRYPTO_AES
1570        help
1571          Enable the CTR DRBG variant as defined in NIST SP800-90A.
1572
1573config CRYPTO_DRBG
1574        tristate
1575        default CRYPTO_DRBG_MENU
1576        select CRYPTO_RNG
1577        select CRYPTO_JITTERENTROPY
1578
1579endif   # if CRYPTO_DRBG_MENU
1580
1581config CRYPTO_JITTERENTROPY
1582        tristate "Jitterentropy Non-Deterministic Random Number Generator"
1583        select CRYPTO_RNG
1584        help
1585          The Jitterentropy RNG is a noise that is intended
1586          to provide seed to another RNG. The RNG does not
1587          perform any cryptographic whitening of the generated
1588          random numbers. This Jitterentropy RNG registers with
1589          the kernel crypto API and can be used by any caller.
1590
1591config CRYPTO_USER_API
1592        tristate
1593
1594config CRYPTO_USER_API_HASH
1595        tristate "User-space interface for hash algorithms"
1596        depends on NET
1597        select CRYPTO_HASH
1598        select CRYPTO_USER_API
1599        help
1600          This option enables the user-spaces interface for hash
1601          algorithms.
1602
1603config CRYPTO_USER_API_SKCIPHER
1604        tristate "User-space interface for symmetric key cipher algorithms"
1605        depends on NET
1606        select CRYPTO_BLKCIPHER
1607        select CRYPTO_USER_API
1608        help
1609          This option enables the user-spaces interface for symmetric
1610          key cipher algorithms.
1611
1612config CRYPTO_USER_API_RNG
1613        tristate "User-space interface for random number generator algorithms"
1614        depends on NET
1615        select CRYPTO_RNG
1616        select CRYPTO_USER_API
1617        help
1618          This option enables the user-spaces interface for random
1619          number generator algorithms.
1620
1621config CRYPTO_USER_API_AEAD
1622        tristate "User-space interface for AEAD cipher algorithms"
1623        depends on NET
1624        select CRYPTO_AEAD
1625        select CRYPTO_USER_API
1626        help
1627          This option enables the user-spaces interface for AEAD
1628          cipher algorithms.
1629
1630config CRYPTO_HASH_INFO
1631        bool
1632
1633source "drivers/crypto/Kconfig"
1634source crypto/asymmetric_keys/Kconfig
1635source certs/Kconfig
1636
1637endif   # if CRYPTO
1638