1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_RSA 116 tristate "RSA algorithm" 117 select CRYPTO_AKCIPHER 118 select CRYPTO_MANAGER 119 select MPILIB 120 select ASN1 121 help 122 Generic implementation of the RSA public key algorithm. 123 124config CRYPTO_DH 125 tristate "Diffie-Hellman algorithm" 126 select CRYPTO_KPP 127 select MPILIB 128 help 129 Generic implementation of the Diffie-Hellman algorithm. 130 131config CRYPTO_ECDH 132 tristate "ECDH algorithm" 133 select CRYPTO_KPP 134 select CRYPTO_RNG_DEFAULT 135 help 136 Generic implementation of the ECDH algorithm 137 138config CRYPTO_MANAGER 139 tristate "Cryptographic algorithm manager" 140 select CRYPTO_MANAGER2 141 help 142 Create default cryptographic template instantiations such as 143 cbc(aes). 144 145config CRYPTO_MANAGER2 146 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 147 select CRYPTO_AEAD2 148 select CRYPTO_HASH2 149 select CRYPTO_BLKCIPHER2 150 select CRYPTO_AKCIPHER2 151 select CRYPTO_KPP2 152 select CRYPTO_ACOMP2 153 154config CRYPTO_USER 155 tristate "Userspace cryptographic algorithm configuration" 156 depends on NET 157 select CRYPTO_MANAGER 158 help 159 Userspace configuration for cryptographic instantiations such as 160 cbc(aes). 161 162config CRYPTO_MANAGER_DISABLE_TESTS 163 bool "Disable run-time self tests" 164 default y 165 depends on CRYPTO_MANAGER2 166 help 167 Disable run-time self tests that normally take place at 168 algorithm registration. 169 170config CRYPTO_GF128MUL 171 tristate "GF(2^128) multiplication functions" 172 help 173 Efficient table driven implementation of multiplications in the 174 field GF(2^128). This is needed by some cypher modes. This 175 option will be selected automatically if you select such a 176 cipher mode. Only select this option by hand if you expect to load 177 an external module that requires these functions. 178 179config CRYPTO_NULL 180 tristate "Null algorithms" 181 select CRYPTO_NULL2 182 help 183 These are 'Null' algorithms, used by IPsec, which do nothing. 184 185config CRYPTO_NULL2 186 tristate 187 select CRYPTO_ALGAPI2 188 select CRYPTO_BLKCIPHER2 189 select CRYPTO_HASH2 190 191config CRYPTO_PCRYPT 192 tristate "Parallel crypto engine" 193 depends on SMP 194 select PADATA 195 select CRYPTO_MANAGER 196 select CRYPTO_AEAD 197 help 198 This converts an arbitrary crypto algorithm into a parallel 199 algorithm that executes in kernel threads. 200 201config CRYPTO_WORKQUEUE 202 tristate 203 204config CRYPTO_CRYPTD 205 tristate "Software async crypto daemon" 206 select CRYPTO_BLKCIPHER 207 select CRYPTO_HASH 208 select CRYPTO_MANAGER 209 select CRYPTO_WORKQUEUE 210 help 211 This is a generic software asynchronous crypto daemon that 212 converts an arbitrary synchronous software crypto algorithm 213 into an asynchronous algorithm that executes in a kernel thread. 214 215config CRYPTO_MCRYPTD 216 tristate "Software async multi-buffer crypto daemon" 217 select CRYPTO_BLKCIPHER 218 select CRYPTO_HASH 219 select CRYPTO_MANAGER 220 select CRYPTO_WORKQUEUE 221 help 222 This is a generic software asynchronous crypto daemon that 223 provides the kernel thread to assist multi-buffer crypto 224 algorithms for submitting jobs and flushing jobs in multi-buffer 225 crypto algorithms. Multi-buffer crypto algorithms are executed 226 in the context of this kernel thread and drivers can post 227 their crypto request asynchronously to be processed by this daemon. 228 229config CRYPTO_AUTHENC 230 tristate "Authenc support" 231 select CRYPTO_AEAD 232 select CRYPTO_BLKCIPHER 233 select CRYPTO_MANAGER 234 select CRYPTO_HASH 235 select CRYPTO_NULL 236 help 237 Authenc: Combined mode wrapper for IPsec. 238 This is required for IPSec. 239 240config CRYPTO_TEST 241 tristate "Testing module" 242 depends on m 243 select CRYPTO_MANAGER 244 help 245 Quick & dirty crypto test module. 246 247config CRYPTO_ABLK_HELPER 248 tristate 249 select CRYPTO_CRYPTD 250 251config CRYPTO_SIMD 252 tristate 253 select CRYPTO_CRYPTD 254 255config CRYPTO_GLUE_HELPER_X86 256 tristate 257 depends on X86 258 select CRYPTO_BLKCIPHER 259 260config CRYPTO_ENGINE 261 tristate 262 263comment "Authenticated Encryption with Associated Data" 264 265config CRYPTO_CCM 266 tristate "CCM support" 267 select CRYPTO_CTR 268 select CRYPTO_HASH 269 select CRYPTO_AEAD 270 help 271 Support for Counter with CBC MAC. Required for IPsec. 272 273config CRYPTO_GCM 274 tristate "GCM/GMAC support" 275 select CRYPTO_CTR 276 select CRYPTO_AEAD 277 select CRYPTO_GHASH 278 select CRYPTO_NULL 279 help 280 Support for Galois/Counter Mode (GCM) and Galois Message 281 Authentication Code (GMAC). Required for IPSec. 282 283config CRYPTO_CHACHA20POLY1305 284 tristate "ChaCha20-Poly1305 AEAD support" 285 select CRYPTO_CHACHA20 286 select CRYPTO_POLY1305 287 select CRYPTO_AEAD 288 help 289 ChaCha20-Poly1305 AEAD support, RFC7539. 290 291 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 292 with the Poly1305 authenticator. It is defined in RFC7539 for use in 293 IETF protocols. 294 295config CRYPTO_SEQIV 296 tristate "Sequence Number IV Generator" 297 select CRYPTO_AEAD 298 select CRYPTO_BLKCIPHER 299 select CRYPTO_NULL 300 select CRYPTO_RNG_DEFAULT 301 help 302 This IV generator generates an IV based on a sequence number by 303 xoring it with a salt. This algorithm is mainly useful for CTR 304 305config CRYPTO_ECHAINIV 306 tristate "Encrypted Chain IV Generator" 307 select CRYPTO_AEAD 308 select CRYPTO_NULL 309 select CRYPTO_RNG_DEFAULT 310 default m 311 help 312 This IV generator generates an IV based on the encryption of 313 a sequence number xored with a salt. This is the default 314 algorithm for CBC. 315 316comment "Block modes" 317 318config CRYPTO_CBC 319 tristate "CBC support" 320 select CRYPTO_BLKCIPHER 321 select CRYPTO_MANAGER 322 help 323 CBC: Cipher Block Chaining mode 324 This block cipher algorithm is required for IPSec. 325 326config CRYPTO_CTR 327 tristate "CTR support" 328 select CRYPTO_BLKCIPHER 329 select CRYPTO_SEQIV 330 select CRYPTO_MANAGER 331 help 332 CTR: Counter mode 333 This block cipher algorithm is required for IPSec. 334 335config CRYPTO_CTS 336 tristate "CTS support" 337 select CRYPTO_BLKCIPHER 338 help 339 CTS: Cipher Text Stealing 340 This is the Cipher Text Stealing mode as described by 341 Section 8 of rfc2040 and referenced by rfc3962. 342 (rfc3962 includes errata information in its Appendix A) 343 This mode is required for Kerberos gss mechanism support 344 for AES encryption. 345 346config CRYPTO_ECB 347 tristate "ECB support" 348 select CRYPTO_BLKCIPHER 349 select CRYPTO_MANAGER 350 help 351 ECB: Electronic CodeBook mode 352 This is the simplest block cipher algorithm. It simply encrypts 353 the input block by block. 354 355config CRYPTO_LRW 356 tristate "LRW support" 357 select CRYPTO_BLKCIPHER 358 select CRYPTO_MANAGER 359 select CRYPTO_GF128MUL 360 help 361 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 362 narrow block cipher mode for dm-crypt. Use it with cipher 363 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 364 The first 128, 192 or 256 bits in the key are used for AES and the 365 rest is used to tie each cipher block to its logical position. 366 367config CRYPTO_PCBC 368 tristate "PCBC support" 369 select CRYPTO_BLKCIPHER 370 select CRYPTO_MANAGER 371 help 372 PCBC: Propagating Cipher Block Chaining mode 373 This block cipher algorithm is required for RxRPC. 374 375config CRYPTO_XTS 376 tristate "XTS support" 377 select CRYPTO_BLKCIPHER 378 select CRYPTO_MANAGER 379 select CRYPTO_ECB 380 help 381 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 382 key size 256, 384 or 512 bits. This implementation currently 383 can't handle a sectorsize which is not a multiple of 16 bytes. 384 385config CRYPTO_KEYWRAP 386 tristate "Key wrapping support" 387 select CRYPTO_BLKCIPHER 388 help 389 Support for key wrapping (NIST SP800-38F / RFC3394) without 390 padding. 391 392config CRYPTO_NHPOLY1305 393 tristate 394 select CRYPTO_HASH 395 select CRYPTO_POLY1305 396 397config CRYPTO_ADIANTUM 398 tristate "Adiantum support" 399 select CRYPTO_CHACHA20 400 select CRYPTO_POLY1305 401 select CRYPTO_NHPOLY1305 402 help 403 Adiantum is a tweakable, length-preserving encryption mode 404 designed for fast and secure disk encryption, especially on 405 CPUs without dedicated crypto instructions. It encrypts 406 each sector using the XChaCha12 stream cipher, two passes of 407 an ε-almost-∆-universal hash function, and an invocation of 408 the AES-256 block cipher on a single 16-byte block. On CPUs 409 without AES instructions, Adiantum is much faster than 410 AES-XTS. 411 412 Adiantum's security is provably reducible to that of its 413 underlying stream and block ciphers, subject to a security 414 bound. Unlike XTS, Adiantum is a true wide-block encryption 415 mode, so it actually provides an even stronger notion of 416 security than XTS, subject to the security bound. 417 418 If unsure, say N. 419 420comment "Hash modes" 421 422config CRYPTO_CMAC 423 tristate "CMAC support" 424 select CRYPTO_HASH 425 select CRYPTO_MANAGER 426 help 427 Cipher-based Message Authentication Code (CMAC) specified by 428 The National Institute of Standards and Technology (NIST). 429 430 https://tools.ietf.org/html/rfc4493 431 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 432 433config CRYPTO_HMAC 434 tristate "HMAC support" 435 select CRYPTO_HASH 436 select CRYPTO_MANAGER 437 help 438 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 439 This is required for IPSec. 440 441config CRYPTO_XCBC 442 tristate "XCBC support" 443 select CRYPTO_HASH 444 select CRYPTO_MANAGER 445 help 446 XCBC: Keyed-Hashing with encryption algorithm 447 http://www.ietf.org/rfc/rfc3566.txt 448 http://csrc.nist.gov/encryption/modes/proposedmodes/ 449 xcbc-mac/xcbc-mac-spec.pdf 450 451config CRYPTO_VMAC 452 tristate "VMAC support" 453 select CRYPTO_HASH 454 select CRYPTO_MANAGER 455 help 456 VMAC is a message authentication algorithm designed for 457 very high speed on 64-bit architectures. 458 459 See also: 460 <http://fastcrypto.org/vmac> 461 462comment "Digest" 463 464config CRYPTO_CRC32C 465 tristate "CRC32c CRC algorithm" 466 select CRYPTO_HASH 467 select CRC32 468 help 469 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 470 by iSCSI for header and data digests and by others. 471 See Castagnoli93. Module will be crc32c. 472 473config CRYPTO_CRC32C_INTEL 474 tristate "CRC32c INTEL hardware acceleration" 475 depends on X86 476 select CRYPTO_HASH 477 help 478 In Intel processor with SSE4.2 supported, the processor will 479 support CRC32C implementation using hardware accelerated CRC32 480 instruction. This option will create 'crc32c-intel' module, 481 which will enable any routine to use the CRC32 instruction to 482 gain performance compared with software implementation. 483 Module will be crc32c-intel. 484 485config CRYPTO_CRC32C_VPMSUM 486 tristate "CRC32c CRC algorithm (powerpc64)" 487 depends on PPC64 && ALTIVEC 488 select CRYPTO_HASH 489 select CRC32 490 help 491 CRC32c algorithm implemented using vector polynomial multiply-sum 492 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 493 and newer processors for improved performance. 494 495 496config CRYPTO_CRC32C_SPARC64 497 tristate "CRC32c CRC algorithm (SPARC64)" 498 depends on SPARC64 499 select CRYPTO_HASH 500 select CRC32 501 help 502 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 503 when available. 504 505config CRYPTO_CRC32 506 tristate "CRC32 CRC algorithm" 507 select CRYPTO_HASH 508 select CRC32 509 help 510 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 511 Shash crypto api wrappers to crc32_le function. 512 513config CRYPTO_CRC32_PCLMUL 514 tristate "CRC32 PCLMULQDQ hardware acceleration" 515 depends on X86 516 select CRYPTO_HASH 517 select CRC32 518 help 519 From Intel Westmere and AMD Bulldozer processor with SSE4.2 520 and PCLMULQDQ supported, the processor will support 521 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 522 instruction. This option will create 'crc32-plcmul' module, 523 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 524 and gain better performance as compared with the table implementation. 525 526config CRYPTO_CRCT10DIF 527 tristate "CRCT10DIF algorithm" 528 select CRYPTO_HASH 529 help 530 CRC T10 Data Integrity Field computation is being cast as 531 a crypto transform. This allows for faster crc t10 diff 532 transforms to be used if they are available. 533 534config CRYPTO_CRCT10DIF_PCLMUL 535 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 536 depends on X86 && 64BIT && CRC_T10DIF 537 select CRYPTO_HASH 538 help 539 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 540 CRC T10 DIF PCLMULQDQ computation can be hardware 541 accelerated PCLMULQDQ instruction. This option will create 542 'crct10dif-plcmul' module, which is faster when computing the 543 crct10dif checksum as compared with the generic table implementation. 544 545config CRYPTO_CRCT10DIF_VPMSUM 546 tristate "CRC32T10DIF powerpc64 hardware acceleration" 547 depends on PPC64 && ALTIVEC && CRC_T10DIF 548 select CRYPTO_HASH 549 help 550 CRC10T10DIF algorithm implemented using vector polynomial 551 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 552 POWER8 and newer processors for improved performance. 553 554config CRYPTO_VPMSUM_TESTER 555 tristate "Powerpc64 vpmsum hardware acceleration tester" 556 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 557 help 558 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 559 POWER8 vpmsum instructions. 560 Unless you are testing these algorithms, you don't need this. 561 562config CRYPTO_GHASH 563 tristate "GHASH digest algorithm" 564 select CRYPTO_GF128MUL 565 select CRYPTO_HASH 566 help 567 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 568 569config CRYPTO_POLY1305 570 tristate "Poly1305 authenticator algorithm" 571 select CRYPTO_HASH 572 help 573 Poly1305 authenticator algorithm, RFC7539. 574 575 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 576 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 577 in IETF protocols. This is the portable C implementation of Poly1305. 578 579config CRYPTO_POLY1305_X86_64 580 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 581 depends on X86 && 64BIT 582 select CRYPTO_POLY1305 583 help 584 Poly1305 authenticator algorithm, RFC7539. 585 586 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 587 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 588 in IETF protocols. This is the x86_64 assembler implementation using SIMD 589 instructions. 590 591config CRYPTO_MD4 592 tristate "MD4 digest algorithm" 593 select CRYPTO_HASH 594 help 595 MD4 message digest algorithm (RFC1320). 596 597config CRYPTO_MD5 598 tristate "MD5 digest algorithm" 599 select CRYPTO_HASH 600 help 601 MD5 message digest algorithm (RFC1321). 602 603config CRYPTO_MD5_OCTEON 604 tristate "MD5 digest algorithm (OCTEON)" 605 depends on CPU_CAVIUM_OCTEON 606 select CRYPTO_MD5 607 select CRYPTO_HASH 608 help 609 MD5 message digest algorithm (RFC1321) implemented 610 using OCTEON crypto instructions, when available. 611 612config CRYPTO_MD5_PPC 613 tristate "MD5 digest algorithm (PPC)" 614 depends on PPC 615 select CRYPTO_HASH 616 help 617 MD5 message digest algorithm (RFC1321) implemented 618 in PPC assembler. 619 620config CRYPTO_MD5_SPARC64 621 tristate "MD5 digest algorithm (SPARC64)" 622 depends on SPARC64 623 select CRYPTO_MD5 624 select CRYPTO_HASH 625 help 626 MD5 message digest algorithm (RFC1321) implemented 627 using sparc64 crypto instructions, when available. 628 629config CRYPTO_MICHAEL_MIC 630 tristate "Michael MIC keyed digest algorithm" 631 select CRYPTO_HASH 632 help 633 Michael MIC is used for message integrity protection in TKIP 634 (IEEE 802.11i). This algorithm is required for TKIP, but it 635 should not be used for other purposes because of the weakness 636 of the algorithm. 637 638config CRYPTO_RMD128 639 tristate "RIPEMD-128 digest algorithm" 640 select CRYPTO_HASH 641 help 642 RIPEMD-128 (ISO/IEC 10118-3:2004). 643 644 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 645 be used as a secure replacement for RIPEMD. For other use cases, 646 RIPEMD-160 should be used. 647 648 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 649 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 650 651config CRYPTO_RMD160 652 tristate "RIPEMD-160 digest algorithm" 653 select CRYPTO_HASH 654 help 655 RIPEMD-160 (ISO/IEC 10118-3:2004). 656 657 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 658 to be used as a secure replacement for the 128-bit hash functions 659 MD4, MD5 and it's predecessor RIPEMD 660 (not to be confused with RIPEMD-128). 661 662 It's speed is comparable to SHA1 and there are no known attacks 663 against RIPEMD-160. 664 665 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 666 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 667 668config CRYPTO_RMD256 669 tristate "RIPEMD-256 digest algorithm" 670 select CRYPTO_HASH 671 help 672 RIPEMD-256 is an optional extension of RIPEMD-128 with a 673 256 bit hash. It is intended for applications that require 674 longer hash-results, without needing a larger security level 675 (than RIPEMD-128). 676 677 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 678 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 679 680config CRYPTO_RMD320 681 tristate "RIPEMD-320 digest algorithm" 682 select CRYPTO_HASH 683 help 684 RIPEMD-320 is an optional extension of RIPEMD-160 with a 685 320 bit hash. It is intended for applications that require 686 longer hash-results, without needing a larger security level 687 (than RIPEMD-160). 688 689 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 690 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 691 692config CRYPTO_SHA1 693 tristate "SHA1 digest algorithm" 694 select CRYPTO_HASH 695 help 696 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 697 698config CRYPTO_SHA1_SSSE3 699 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 700 depends on X86 && 64BIT 701 select CRYPTO_SHA1 702 select CRYPTO_HASH 703 help 704 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 705 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 706 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 707 when available. 708 709config CRYPTO_SHA256_SSSE3 710 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 711 depends on X86 && 64BIT 712 select CRYPTO_SHA256 713 select CRYPTO_HASH 714 help 715 SHA-256 secure hash standard (DFIPS 180-2) implemented 716 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 717 Extensions version 1 (AVX1), or Advanced Vector Extensions 718 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 719 Instructions) when available. 720 721config CRYPTO_SHA512_SSSE3 722 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 723 depends on X86 && 64BIT 724 select CRYPTO_SHA512 725 select CRYPTO_HASH 726 help 727 SHA-512 secure hash standard (DFIPS 180-2) implemented 728 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 729 Extensions version 1 (AVX1), or Advanced Vector Extensions 730 version 2 (AVX2) instructions, when available. 731 732config CRYPTO_SHA1_OCTEON 733 tristate "SHA1 digest algorithm (OCTEON)" 734 depends on CPU_CAVIUM_OCTEON 735 select CRYPTO_SHA1 736 select CRYPTO_HASH 737 help 738 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 739 using OCTEON crypto instructions, when available. 740 741config CRYPTO_SHA1_SPARC64 742 tristate "SHA1 digest algorithm (SPARC64)" 743 depends on SPARC64 744 select CRYPTO_SHA1 745 select CRYPTO_HASH 746 help 747 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 748 using sparc64 crypto instructions, when available. 749 750config CRYPTO_SHA1_PPC 751 tristate "SHA1 digest algorithm (powerpc)" 752 depends on PPC 753 help 754 This is the powerpc hardware accelerated implementation of the 755 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 756 757config CRYPTO_SHA1_PPC_SPE 758 tristate "SHA1 digest algorithm (PPC SPE)" 759 depends on PPC && SPE 760 help 761 SHA-1 secure hash standard (DFIPS 180-4) implemented 762 using powerpc SPE SIMD instruction set. 763 764config CRYPTO_SHA1_MB 765 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 766 depends on X86 && 64BIT 767 select CRYPTO_SHA1 768 select CRYPTO_HASH 769 select CRYPTO_MCRYPTD 770 help 771 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 772 using multi-buffer technique. This algorithm computes on 773 multiple data lanes concurrently with SIMD instructions for 774 better throughput. It should not be enabled by default but 775 used when there is significant amount of work to keep the keep 776 the data lanes filled to get performance benefit. If the data 777 lanes remain unfilled, a flush operation will be initiated to 778 process the crypto jobs, adding a slight latency. 779 780config CRYPTO_SHA256_MB 781 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)" 782 depends on X86 && 64BIT 783 select CRYPTO_SHA256 784 select CRYPTO_HASH 785 select CRYPTO_MCRYPTD 786 help 787 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 788 using multi-buffer technique. This algorithm computes on 789 multiple data lanes concurrently with SIMD instructions for 790 better throughput. It should not be enabled by default but 791 used when there is significant amount of work to keep the keep 792 the data lanes filled to get performance benefit. If the data 793 lanes remain unfilled, a flush operation will be initiated to 794 process the crypto jobs, adding a slight latency. 795 796config CRYPTO_SHA512_MB 797 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)" 798 depends on X86 && 64BIT 799 select CRYPTO_SHA512 800 select CRYPTO_HASH 801 select CRYPTO_MCRYPTD 802 help 803 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 804 using multi-buffer technique. This algorithm computes on 805 multiple data lanes concurrently with SIMD instructions for 806 better throughput. It should not be enabled by default but 807 used when there is significant amount of work to keep the keep 808 the data lanes filled to get performance benefit. If the data 809 lanes remain unfilled, a flush operation will be initiated to 810 process the crypto jobs, adding a slight latency. 811 812config CRYPTO_SHA256 813 tristate "SHA224 and SHA256 digest algorithm" 814 select CRYPTO_HASH 815 help 816 SHA256 secure hash standard (DFIPS 180-2). 817 818 This version of SHA implements a 256 bit hash with 128 bits of 819 security against collision attacks. 820 821 This code also includes SHA-224, a 224 bit hash with 112 bits 822 of security against collision attacks. 823 824config CRYPTO_SHA256_PPC_SPE 825 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 826 depends on PPC && SPE 827 select CRYPTO_SHA256 828 select CRYPTO_HASH 829 help 830 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 831 implemented using powerpc SPE SIMD instruction set. 832 833config CRYPTO_SHA256_OCTEON 834 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 835 depends on CPU_CAVIUM_OCTEON 836 select CRYPTO_SHA256 837 select CRYPTO_HASH 838 help 839 SHA-256 secure hash standard (DFIPS 180-2) implemented 840 using OCTEON crypto instructions, when available. 841 842config CRYPTO_SHA256_SPARC64 843 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 844 depends on SPARC64 845 select CRYPTO_SHA256 846 select CRYPTO_HASH 847 help 848 SHA-256 secure hash standard (DFIPS 180-2) implemented 849 using sparc64 crypto instructions, when available. 850 851config CRYPTO_SHA512 852 tristate "SHA384 and SHA512 digest algorithms" 853 select CRYPTO_HASH 854 help 855 SHA512 secure hash standard (DFIPS 180-2). 856 857 This version of SHA implements a 512 bit hash with 256 bits of 858 security against collision attacks. 859 860 This code also includes SHA-384, a 384 bit hash with 192 bits 861 of security against collision attacks. 862 863config CRYPTO_SHA512_OCTEON 864 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 865 depends on CPU_CAVIUM_OCTEON 866 select CRYPTO_SHA512 867 select CRYPTO_HASH 868 help 869 SHA-512 secure hash standard (DFIPS 180-2) implemented 870 using OCTEON crypto instructions, when available. 871 872config CRYPTO_SHA512_SPARC64 873 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 874 depends on SPARC64 875 select CRYPTO_SHA512 876 select CRYPTO_HASH 877 help 878 SHA-512 secure hash standard (DFIPS 180-2) implemented 879 using sparc64 crypto instructions, when available. 880 881config CRYPTO_SHA3 882 tristate "SHA3 digest algorithm" 883 select CRYPTO_HASH 884 help 885 SHA-3 secure hash standard (DFIPS 202). It's based on 886 cryptographic sponge function family called Keccak. 887 888 References: 889 http://keccak.noekeon.org/ 890 891config CRYPTO_TGR192 892 tristate "Tiger digest algorithms" 893 select CRYPTO_HASH 894 help 895 Tiger hash algorithm 192, 160 and 128-bit hashes 896 897 Tiger is a hash function optimized for 64-bit processors while 898 still having decent performance on 32-bit processors. 899 Tiger was developed by Ross Anderson and Eli Biham. 900 901 See also: 902 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 903 904config CRYPTO_WP512 905 tristate "Whirlpool digest algorithms" 906 select CRYPTO_HASH 907 help 908 Whirlpool hash algorithm 512, 384 and 256-bit hashes 909 910 Whirlpool-512 is part of the NESSIE cryptographic primitives. 911 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 912 913 See also: 914 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 915 916config CRYPTO_GHASH_CLMUL_NI_INTEL 917 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 918 depends on X86 && 64BIT 919 select CRYPTO_CRYPTD 920 help 921 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 922 The implementation is accelerated by CLMUL-NI of Intel. 923 924comment "Ciphers" 925 926config CRYPTO_AES 927 tristate "AES cipher algorithms" 928 select CRYPTO_ALGAPI 929 help 930 AES cipher algorithms (FIPS-197). AES uses the Rijndael 931 algorithm. 932 933 Rijndael appears to be consistently a very good performer in 934 both hardware and software across a wide range of computing 935 environments regardless of its use in feedback or non-feedback 936 modes. Its key setup time is excellent, and its key agility is 937 good. Rijndael's very low memory requirements make it very well 938 suited for restricted-space environments, in which it also 939 demonstrates excellent performance. Rijndael's operations are 940 among the easiest to defend against power and timing attacks. 941 942 The AES specifies three key sizes: 128, 192 and 256 bits 943 944 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 945 946config CRYPTO_AES_TI 947 tristate "Fixed time AES cipher" 948 select CRYPTO_ALGAPI 949 help 950 This is a generic implementation of AES that attempts to eliminate 951 data dependent latencies as much as possible without affecting 952 performance too much. It is intended for use by the generic CCM 953 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 954 solely on encryption (although decryption is supported as well, but 955 with a more dramatic performance hit) 956 957 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 958 8 for decryption), this implementation only uses just two S-boxes of 959 256 bytes each, and attempts to eliminate data dependent latencies by 960 prefetching the entire table into the cache at the start of each 961 block. Interrupts are also disabled to avoid races where cachelines 962 are evicted when the CPU is interrupted to do something else. 963 964config CRYPTO_AES_586 965 tristate "AES cipher algorithms (i586)" 966 depends on (X86 || UML_X86) && !64BIT 967 select CRYPTO_ALGAPI 968 select CRYPTO_AES 969 help 970 AES cipher algorithms (FIPS-197). AES uses the Rijndael 971 algorithm. 972 973 Rijndael appears to be consistently a very good performer in 974 both hardware and software across a wide range of computing 975 environments regardless of its use in feedback or non-feedback 976 modes. Its key setup time is excellent, and its key agility is 977 good. Rijndael's very low memory requirements make it very well 978 suited for restricted-space environments, in which it also 979 demonstrates excellent performance. Rijndael's operations are 980 among the easiest to defend against power and timing attacks. 981 982 The AES specifies three key sizes: 128, 192 and 256 bits 983 984 See <http://csrc.nist.gov/encryption/aes/> for more information. 985 986config CRYPTO_AES_X86_64 987 tristate "AES cipher algorithms (x86_64)" 988 depends on (X86 || UML_X86) && 64BIT 989 select CRYPTO_ALGAPI 990 select CRYPTO_AES 991 help 992 AES cipher algorithms (FIPS-197). AES uses the Rijndael 993 algorithm. 994 995 Rijndael appears to be consistently a very good performer in 996 both hardware and software across a wide range of computing 997 environments regardless of its use in feedback or non-feedback 998 modes. Its key setup time is excellent, and its key agility is 999 good. Rijndael's very low memory requirements make it very well 1000 suited for restricted-space environments, in which it also 1001 demonstrates excellent performance. Rijndael's operations are 1002 among the easiest to defend against power and timing attacks. 1003 1004 The AES specifies three key sizes: 128, 192 and 256 bits 1005 1006 See <http://csrc.nist.gov/encryption/aes/> for more information. 1007 1008config CRYPTO_AES_NI_INTEL 1009 tristate "AES cipher algorithms (AES-NI)" 1010 depends on X86 1011 select CRYPTO_AEAD 1012 select CRYPTO_AES_X86_64 if 64BIT 1013 select CRYPTO_AES_586 if !64BIT 1014 select CRYPTO_ALGAPI 1015 select CRYPTO_BLKCIPHER 1016 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1017 select CRYPTO_SIMD 1018 help 1019 Use Intel AES-NI instructions for AES algorithm. 1020 1021 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1022 algorithm. 1023 1024 Rijndael appears to be consistently a very good performer in 1025 both hardware and software across a wide range of computing 1026 environments regardless of its use in feedback or non-feedback 1027 modes. Its key setup time is excellent, and its key agility is 1028 good. Rijndael's very low memory requirements make it very well 1029 suited for restricted-space environments, in which it also 1030 demonstrates excellent performance. Rijndael's operations are 1031 among the easiest to defend against power and timing attacks. 1032 1033 The AES specifies three key sizes: 128, 192 and 256 bits 1034 1035 See <http://csrc.nist.gov/encryption/aes/> for more information. 1036 1037 In addition to AES cipher algorithm support, the acceleration 1038 for some popular block cipher mode is supported too, including 1039 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1040 acceleration for CTR. 1041 1042config CRYPTO_AES_SPARC64 1043 tristate "AES cipher algorithms (SPARC64)" 1044 depends on SPARC64 1045 select CRYPTO_CRYPTD 1046 select CRYPTO_ALGAPI 1047 help 1048 Use SPARC64 crypto opcodes for AES algorithm. 1049 1050 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1051 algorithm. 1052 1053 Rijndael appears to be consistently a very good performer in 1054 both hardware and software across a wide range of computing 1055 environments regardless of its use in feedback or non-feedback 1056 modes. Its key setup time is excellent, and its key agility is 1057 good. Rijndael's very low memory requirements make it very well 1058 suited for restricted-space environments, in which it also 1059 demonstrates excellent performance. Rijndael's operations are 1060 among the easiest to defend against power and timing attacks. 1061 1062 The AES specifies three key sizes: 128, 192 and 256 bits 1063 1064 See <http://csrc.nist.gov/encryption/aes/> for more information. 1065 1066 In addition to AES cipher algorithm support, the acceleration 1067 for some popular block cipher mode is supported too, including 1068 ECB and CBC. 1069 1070config CRYPTO_AES_PPC_SPE 1071 tristate "AES cipher algorithms (PPC SPE)" 1072 depends on PPC && SPE 1073 help 1074 AES cipher algorithms (FIPS-197). Additionally the acceleration 1075 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1076 This module should only be used for low power (router) devices 1077 without hardware AES acceleration (e.g. caam crypto). It reduces the 1078 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1079 timining attacks. Nevertheless it might be not as secure as other 1080 architecture specific assembler implementations that work on 1KB 1081 tables or 256 bytes S-boxes. 1082 1083config CRYPTO_ANUBIS 1084 tristate "Anubis cipher algorithm" 1085 select CRYPTO_ALGAPI 1086 help 1087 Anubis cipher algorithm. 1088 1089 Anubis is a variable key length cipher which can use keys from 1090 128 bits to 320 bits in length. It was evaluated as a entrant 1091 in the NESSIE competition. 1092 1093 See also: 1094 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1095 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1096 1097config CRYPTO_ARC4 1098 tristate "ARC4 cipher algorithm" 1099 select CRYPTO_BLKCIPHER 1100 help 1101 ARC4 cipher algorithm. 1102 1103 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1104 bits in length. This algorithm is required for driver-based 1105 WEP, but it should not be for other purposes because of the 1106 weakness of the algorithm. 1107 1108config CRYPTO_BLOWFISH 1109 tristate "Blowfish cipher algorithm" 1110 select CRYPTO_ALGAPI 1111 select CRYPTO_BLOWFISH_COMMON 1112 help 1113 Blowfish cipher algorithm, by Bruce Schneier. 1114 1115 This is a variable key length cipher which can use keys from 32 1116 bits to 448 bits in length. It's fast, simple and specifically 1117 designed for use on "large microprocessors". 1118 1119 See also: 1120 <http://www.schneier.com/blowfish.html> 1121 1122config CRYPTO_BLOWFISH_COMMON 1123 tristate 1124 help 1125 Common parts of the Blowfish cipher algorithm shared by the 1126 generic c and the assembler implementations. 1127 1128 See also: 1129 <http://www.schneier.com/blowfish.html> 1130 1131config CRYPTO_BLOWFISH_X86_64 1132 tristate "Blowfish cipher algorithm (x86_64)" 1133 depends on X86 && 64BIT 1134 select CRYPTO_ALGAPI 1135 select CRYPTO_BLOWFISH_COMMON 1136 help 1137 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1138 1139 This is a variable key length cipher which can use keys from 32 1140 bits to 448 bits in length. It's fast, simple and specifically 1141 designed for use on "large microprocessors". 1142 1143 See also: 1144 <http://www.schneier.com/blowfish.html> 1145 1146config CRYPTO_CAMELLIA 1147 tristate "Camellia cipher algorithms" 1148 depends on CRYPTO 1149 select CRYPTO_ALGAPI 1150 help 1151 Camellia cipher algorithms module. 1152 1153 Camellia is a symmetric key block cipher developed jointly 1154 at NTT and Mitsubishi Electric Corporation. 1155 1156 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1157 1158 See also: 1159 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1160 1161config CRYPTO_CAMELLIA_X86_64 1162 tristate "Camellia cipher algorithm (x86_64)" 1163 depends on X86 && 64BIT 1164 depends on CRYPTO 1165 select CRYPTO_ALGAPI 1166 select CRYPTO_GLUE_HELPER_X86 1167 select CRYPTO_LRW 1168 select CRYPTO_XTS 1169 help 1170 Camellia cipher algorithm module (x86_64). 1171 1172 Camellia is a symmetric key block cipher developed jointly 1173 at NTT and Mitsubishi Electric Corporation. 1174 1175 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1176 1177 See also: 1178 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1179 1180config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1181 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1182 depends on X86 && 64BIT 1183 depends on CRYPTO 1184 select CRYPTO_ALGAPI 1185 select CRYPTO_CRYPTD 1186 select CRYPTO_ABLK_HELPER 1187 select CRYPTO_GLUE_HELPER_X86 1188 select CRYPTO_CAMELLIA_X86_64 1189 select CRYPTO_LRW 1190 select CRYPTO_XTS 1191 help 1192 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1193 1194 Camellia is a symmetric key block cipher developed jointly 1195 at NTT and Mitsubishi Electric Corporation. 1196 1197 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1198 1199 See also: 1200 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1201 1202config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1203 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1204 depends on X86 && 64BIT 1205 depends on CRYPTO 1206 select CRYPTO_ALGAPI 1207 select CRYPTO_CRYPTD 1208 select CRYPTO_ABLK_HELPER 1209 select CRYPTO_GLUE_HELPER_X86 1210 select CRYPTO_CAMELLIA_X86_64 1211 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1212 select CRYPTO_LRW 1213 select CRYPTO_XTS 1214 help 1215 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1216 1217 Camellia is a symmetric key block cipher developed jointly 1218 at NTT and Mitsubishi Electric Corporation. 1219 1220 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1221 1222 See also: 1223 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1224 1225config CRYPTO_CAMELLIA_SPARC64 1226 tristate "Camellia cipher algorithm (SPARC64)" 1227 depends on SPARC64 1228 depends on CRYPTO 1229 select CRYPTO_ALGAPI 1230 help 1231 Camellia cipher algorithm module (SPARC64). 1232 1233 Camellia is a symmetric key block cipher developed jointly 1234 at NTT and Mitsubishi Electric Corporation. 1235 1236 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1237 1238 See also: 1239 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1240 1241config CRYPTO_CAST_COMMON 1242 tristate 1243 help 1244 Common parts of the CAST cipher algorithms shared by the 1245 generic c and the assembler implementations. 1246 1247config CRYPTO_CAST5 1248 tristate "CAST5 (CAST-128) cipher algorithm" 1249 select CRYPTO_ALGAPI 1250 select CRYPTO_CAST_COMMON 1251 help 1252 The CAST5 encryption algorithm (synonymous with CAST-128) is 1253 described in RFC2144. 1254 1255config CRYPTO_CAST5_AVX_X86_64 1256 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1257 depends on X86 && 64BIT 1258 select CRYPTO_ALGAPI 1259 select CRYPTO_CRYPTD 1260 select CRYPTO_ABLK_HELPER 1261 select CRYPTO_CAST_COMMON 1262 select CRYPTO_CAST5 1263 help 1264 The CAST5 encryption algorithm (synonymous with CAST-128) is 1265 described in RFC2144. 1266 1267 This module provides the Cast5 cipher algorithm that processes 1268 sixteen blocks parallel using the AVX instruction set. 1269 1270config CRYPTO_CAST6 1271 tristate "CAST6 (CAST-256) cipher algorithm" 1272 select CRYPTO_ALGAPI 1273 select CRYPTO_CAST_COMMON 1274 help 1275 The CAST6 encryption algorithm (synonymous with CAST-256) is 1276 described in RFC2612. 1277 1278config CRYPTO_CAST6_AVX_X86_64 1279 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1280 depends on X86 && 64BIT 1281 select CRYPTO_ALGAPI 1282 select CRYPTO_CRYPTD 1283 select CRYPTO_ABLK_HELPER 1284 select CRYPTO_GLUE_HELPER_X86 1285 select CRYPTO_CAST_COMMON 1286 select CRYPTO_CAST6 1287 select CRYPTO_LRW 1288 select CRYPTO_XTS 1289 help 1290 The CAST6 encryption algorithm (synonymous with CAST-256) is 1291 described in RFC2612. 1292 1293 This module provides the Cast6 cipher algorithm that processes 1294 eight blocks parallel using the AVX instruction set. 1295 1296config CRYPTO_DES 1297 tristate "DES and Triple DES EDE cipher algorithms" 1298 select CRYPTO_ALGAPI 1299 help 1300 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1301 1302config CRYPTO_DES_SPARC64 1303 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1304 depends on SPARC64 1305 select CRYPTO_ALGAPI 1306 select CRYPTO_DES 1307 help 1308 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1309 optimized using SPARC64 crypto opcodes. 1310 1311config CRYPTO_DES3_EDE_X86_64 1312 tristate "Triple DES EDE cipher algorithm (x86-64)" 1313 depends on X86 && 64BIT 1314 select CRYPTO_ALGAPI 1315 select CRYPTO_DES 1316 help 1317 Triple DES EDE (FIPS 46-3) algorithm. 1318 1319 This module provides implementation of the Triple DES EDE cipher 1320 algorithm that is optimized for x86-64 processors. Two versions of 1321 algorithm are provided; regular processing one input block and 1322 one that processes three blocks parallel. 1323 1324config CRYPTO_FCRYPT 1325 tristate "FCrypt cipher algorithm" 1326 select CRYPTO_ALGAPI 1327 select CRYPTO_BLKCIPHER 1328 help 1329 FCrypt algorithm used by RxRPC. 1330 1331config CRYPTO_KHAZAD 1332 tristate "Khazad cipher algorithm" 1333 select CRYPTO_ALGAPI 1334 help 1335 Khazad cipher algorithm. 1336 1337 Khazad was a finalist in the initial NESSIE competition. It is 1338 an algorithm optimized for 64-bit processors with good performance 1339 on 32-bit processors. Khazad uses an 128 bit key size. 1340 1341 See also: 1342 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1343 1344config CRYPTO_SALSA20 1345 tristate "Salsa20 stream cipher algorithm" 1346 select CRYPTO_BLKCIPHER 1347 help 1348 Salsa20 stream cipher algorithm. 1349 1350 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1351 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1352 1353 The Salsa20 stream cipher algorithm is designed by Daniel J. 1354 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1355 1356config CRYPTO_CHACHA20 1357 tristate "ChaCha stream cipher algorithms" 1358 select CRYPTO_BLKCIPHER 1359 help 1360 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1361 1362 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1363 Bernstein and further specified in RFC7539 for use in IETF protocols. 1364 This is the portable C implementation of ChaCha20. See also: 1365 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1366 1367 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1368 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1369 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1370 while provably retaining ChaCha20's security. See also: 1371 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1372 1373 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1374 reduced security margin but increased performance. It can be needed 1375 in some performance-sensitive scenarios. 1376 1377config CRYPTO_CHACHA20_X86_64 1378 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1379 depends on X86 && 64BIT 1380 select CRYPTO_BLKCIPHER 1381 select CRYPTO_CHACHA20 1382 help 1383 ChaCha20 cipher algorithm, RFC7539. 1384 1385 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1386 Bernstein and further specified in RFC7539 for use in IETF protocols. 1387 This is the x86_64 assembler implementation using SIMD instructions. 1388 1389 See also: 1390 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1391 1392config CRYPTO_SEED 1393 tristate "SEED cipher algorithm" 1394 select CRYPTO_ALGAPI 1395 help 1396 SEED cipher algorithm (RFC4269). 1397 1398 SEED is a 128-bit symmetric key block cipher that has been 1399 developed by KISA (Korea Information Security Agency) as a 1400 national standard encryption algorithm of the Republic of Korea. 1401 It is a 16 round block cipher with the key size of 128 bit. 1402 1403 See also: 1404 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1405 1406config CRYPTO_SERPENT 1407 tristate "Serpent cipher algorithm" 1408 select CRYPTO_ALGAPI 1409 help 1410 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1411 1412 Keys are allowed to be from 0 to 256 bits in length, in steps 1413 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1414 variant of Serpent for compatibility with old kerneli.org code. 1415 1416 See also: 1417 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1418 1419config CRYPTO_SERPENT_SSE2_X86_64 1420 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1421 depends on X86 && 64BIT 1422 select CRYPTO_ALGAPI 1423 select CRYPTO_CRYPTD 1424 select CRYPTO_ABLK_HELPER 1425 select CRYPTO_GLUE_HELPER_X86 1426 select CRYPTO_SERPENT 1427 select CRYPTO_LRW 1428 select CRYPTO_XTS 1429 help 1430 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1431 1432 Keys are allowed to be from 0 to 256 bits in length, in steps 1433 of 8 bits. 1434 1435 This module provides Serpent cipher algorithm that processes eight 1436 blocks parallel using SSE2 instruction set. 1437 1438 See also: 1439 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1440 1441config CRYPTO_SERPENT_SSE2_586 1442 tristate "Serpent cipher algorithm (i586/SSE2)" 1443 depends on X86 && !64BIT 1444 select CRYPTO_ALGAPI 1445 select CRYPTO_CRYPTD 1446 select CRYPTO_ABLK_HELPER 1447 select CRYPTO_GLUE_HELPER_X86 1448 select CRYPTO_SERPENT 1449 select CRYPTO_LRW 1450 select CRYPTO_XTS 1451 help 1452 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1453 1454 Keys are allowed to be from 0 to 256 bits in length, in steps 1455 of 8 bits. 1456 1457 This module provides Serpent cipher algorithm that processes four 1458 blocks parallel using SSE2 instruction set. 1459 1460 See also: 1461 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1462 1463config CRYPTO_SERPENT_AVX_X86_64 1464 tristate "Serpent cipher algorithm (x86_64/AVX)" 1465 depends on X86 && 64BIT 1466 select CRYPTO_ALGAPI 1467 select CRYPTO_CRYPTD 1468 select CRYPTO_ABLK_HELPER 1469 select CRYPTO_GLUE_HELPER_X86 1470 select CRYPTO_SERPENT 1471 select CRYPTO_LRW 1472 select CRYPTO_XTS 1473 help 1474 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1475 1476 Keys are allowed to be from 0 to 256 bits in length, in steps 1477 of 8 bits. 1478 1479 This module provides the Serpent cipher algorithm that processes 1480 eight blocks parallel using the AVX instruction set. 1481 1482 See also: 1483 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1484 1485config CRYPTO_SERPENT_AVX2_X86_64 1486 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1487 depends on X86 && 64BIT 1488 select CRYPTO_ALGAPI 1489 select CRYPTO_CRYPTD 1490 select CRYPTO_ABLK_HELPER 1491 select CRYPTO_GLUE_HELPER_X86 1492 select CRYPTO_SERPENT 1493 select CRYPTO_SERPENT_AVX_X86_64 1494 select CRYPTO_LRW 1495 select CRYPTO_XTS 1496 help 1497 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1498 1499 Keys are allowed to be from 0 to 256 bits in length, in steps 1500 of 8 bits. 1501 1502 This module provides Serpent cipher algorithm that processes 16 1503 blocks parallel using AVX2 instruction set. 1504 1505 See also: 1506 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1507 1508config CRYPTO_TEA 1509 tristate "TEA, XTEA and XETA cipher algorithms" 1510 select CRYPTO_ALGAPI 1511 help 1512 TEA cipher algorithm. 1513 1514 Tiny Encryption Algorithm is a simple cipher that uses 1515 many rounds for security. It is very fast and uses 1516 little memory. 1517 1518 Xtendend Tiny Encryption Algorithm is a modification to 1519 the TEA algorithm to address a potential key weakness 1520 in the TEA algorithm. 1521 1522 Xtendend Encryption Tiny Algorithm is a mis-implementation 1523 of the XTEA algorithm for compatibility purposes. 1524 1525config CRYPTO_TWOFISH 1526 tristate "Twofish cipher algorithm" 1527 select CRYPTO_ALGAPI 1528 select CRYPTO_TWOFISH_COMMON 1529 help 1530 Twofish cipher algorithm. 1531 1532 Twofish was submitted as an AES (Advanced Encryption Standard) 1533 candidate cipher by researchers at CounterPane Systems. It is a 1534 16 round block cipher supporting key sizes of 128, 192, and 256 1535 bits. 1536 1537 See also: 1538 <http://www.schneier.com/twofish.html> 1539 1540config CRYPTO_TWOFISH_COMMON 1541 tristate 1542 help 1543 Common parts of the Twofish cipher algorithm shared by the 1544 generic c and the assembler implementations. 1545 1546config CRYPTO_TWOFISH_586 1547 tristate "Twofish cipher algorithms (i586)" 1548 depends on (X86 || UML_X86) && !64BIT 1549 select CRYPTO_ALGAPI 1550 select CRYPTO_TWOFISH_COMMON 1551 help 1552 Twofish cipher algorithm. 1553 1554 Twofish was submitted as an AES (Advanced Encryption Standard) 1555 candidate cipher by researchers at CounterPane Systems. It is a 1556 16 round block cipher supporting key sizes of 128, 192, and 256 1557 bits. 1558 1559 See also: 1560 <http://www.schneier.com/twofish.html> 1561 1562config CRYPTO_TWOFISH_X86_64 1563 tristate "Twofish cipher algorithm (x86_64)" 1564 depends on (X86 || UML_X86) && 64BIT 1565 select CRYPTO_ALGAPI 1566 select CRYPTO_TWOFISH_COMMON 1567 help 1568 Twofish cipher algorithm (x86_64). 1569 1570 Twofish was submitted as an AES (Advanced Encryption Standard) 1571 candidate cipher by researchers at CounterPane Systems. It is a 1572 16 round block cipher supporting key sizes of 128, 192, and 256 1573 bits. 1574 1575 See also: 1576 <http://www.schneier.com/twofish.html> 1577 1578config CRYPTO_TWOFISH_X86_64_3WAY 1579 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1580 depends on X86 && 64BIT 1581 select CRYPTO_ALGAPI 1582 select CRYPTO_TWOFISH_COMMON 1583 select CRYPTO_TWOFISH_X86_64 1584 select CRYPTO_GLUE_HELPER_X86 1585 select CRYPTO_LRW 1586 select CRYPTO_XTS 1587 help 1588 Twofish cipher algorithm (x86_64, 3-way parallel). 1589 1590 Twofish was submitted as an AES (Advanced Encryption Standard) 1591 candidate cipher by researchers at CounterPane Systems. It is a 1592 16 round block cipher supporting key sizes of 128, 192, and 256 1593 bits. 1594 1595 This module provides Twofish cipher algorithm that processes three 1596 blocks parallel, utilizing resources of out-of-order CPUs better. 1597 1598 See also: 1599 <http://www.schneier.com/twofish.html> 1600 1601config CRYPTO_TWOFISH_AVX_X86_64 1602 tristate "Twofish cipher algorithm (x86_64/AVX)" 1603 depends on X86 && 64BIT 1604 select CRYPTO_ALGAPI 1605 select CRYPTO_CRYPTD 1606 select CRYPTO_ABLK_HELPER 1607 select CRYPTO_GLUE_HELPER_X86 1608 select CRYPTO_TWOFISH_COMMON 1609 select CRYPTO_TWOFISH_X86_64 1610 select CRYPTO_TWOFISH_X86_64_3WAY 1611 select CRYPTO_LRW 1612 select CRYPTO_XTS 1613 help 1614 Twofish cipher algorithm (x86_64/AVX). 1615 1616 Twofish was submitted as an AES (Advanced Encryption Standard) 1617 candidate cipher by researchers at CounterPane Systems. It is a 1618 16 round block cipher supporting key sizes of 128, 192, and 256 1619 bits. 1620 1621 This module provides the Twofish cipher algorithm that processes 1622 eight blocks parallel using the AVX Instruction Set. 1623 1624 See also: 1625 <http://www.schneier.com/twofish.html> 1626 1627comment "Compression" 1628 1629config CRYPTO_DEFLATE 1630 tristate "Deflate compression algorithm" 1631 select CRYPTO_ALGAPI 1632 select CRYPTO_ACOMP2 1633 select ZLIB_INFLATE 1634 select ZLIB_DEFLATE 1635 help 1636 This is the Deflate algorithm (RFC1951), specified for use in 1637 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1638 1639 You will most probably want this if using IPSec. 1640 1641config CRYPTO_LZO 1642 tristate "LZO compression algorithm" 1643 select CRYPTO_ALGAPI 1644 select CRYPTO_ACOMP2 1645 select LZO_COMPRESS 1646 select LZO_DECOMPRESS 1647 help 1648 This is the LZO algorithm. 1649 1650config CRYPTO_842 1651 tristate "842 compression algorithm" 1652 select CRYPTO_ALGAPI 1653 select CRYPTO_ACOMP2 1654 select 842_COMPRESS 1655 select 842_DECOMPRESS 1656 help 1657 This is the 842 algorithm. 1658 1659config CRYPTO_LZ4 1660 tristate "LZ4 compression algorithm" 1661 select CRYPTO_ALGAPI 1662 select CRYPTO_ACOMP2 1663 select LZ4_COMPRESS 1664 select LZ4_DECOMPRESS 1665 help 1666 This is the LZ4 algorithm. 1667 1668config CRYPTO_LZ4HC 1669 tristate "LZ4HC compression algorithm" 1670 select CRYPTO_ALGAPI 1671 select CRYPTO_ACOMP2 1672 select LZ4HC_COMPRESS 1673 select LZ4_DECOMPRESS 1674 help 1675 This is the LZ4 high compression mode algorithm. 1676 1677config CRYPTO_ZSTD 1678 tristate "Zstd compression algorithm" 1679 select CRYPTO_ALGAPI 1680 select CRYPTO_ACOMP2 1681 select ZSTD_COMPRESS 1682 select ZSTD_DECOMPRESS 1683 help 1684 This is the zstd algorithm. 1685 1686comment "Random Number Generation" 1687 1688config CRYPTO_ANSI_CPRNG 1689 tristate "Pseudo Random Number Generation for Cryptographic modules" 1690 select CRYPTO_AES 1691 select CRYPTO_RNG 1692 help 1693 This option enables the generic pseudo random number generator 1694 for cryptographic modules. Uses the Algorithm specified in 1695 ANSI X9.31 A.2.4. Note that this option must be enabled if 1696 CRYPTO_FIPS is selected 1697 1698menuconfig CRYPTO_DRBG_MENU 1699 tristate "NIST SP800-90A DRBG" 1700 help 1701 NIST SP800-90A compliant DRBG. In the following submenu, one or 1702 more of the DRBG types must be selected. 1703 1704if CRYPTO_DRBG_MENU 1705 1706config CRYPTO_DRBG_HMAC 1707 bool 1708 default y 1709 select CRYPTO_HMAC 1710 select CRYPTO_SHA256 1711 1712config CRYPTO_DRBG_HASH 1713 bool "Enable Hash DRBG" 1714 select CRYPTO_SHA256 1715 help 1716 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1717 1718config CRYPTO_DRBG_CTR 1719 bool "Enable CTR DRBG" 1720 select CRYPTO_AES 1721 depends on CRYPTO_CTR 1722 help 1723 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1724 1725config CRYPTO_DRBG 1726 tristate 1727 default CRYPTO_DRBG_MENU 1728 select CRYPTO_RNG 1729 select CRYPTO_JITTERENTROPY 1730 1731endif # if CRYPTO_DRBG_MENU 1732 1733config CRYPTO_JITTERENTROPY 1734 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1735 select CRYPTO_RNG 1736 help 1737 The Jitterentropy RNG is a noise that is intended 1738 to provide seed to another RNG. The RNG does not 1739 perform any cryptographic whitening of the generated 1740 random numbers. This Jitterentropy RNG registers with 1741 the kernel crypto API and can be used by any caller. 1742 1743config CRYPTO_USER_API 1744 tristate 1745 1746config CRYPTO_USER_API_HASH 1747 tristate "User-space interface for hash algorithms" 1748 depends on NET 1749 select CRYPTO_HASH 1750 select CRYPTO_USER_API 1751 help 1752 This option enables the user-spaces interface for hash 1753 algorithms. 1754 1755config CRYPTO_USER_API_SKCIPHER 1756 tristate "User-space interface for symmetric key cipher algorithms" 1757 depends on NET 1758 select CRYPTO_BLKCIPHER 1759 select CRYPTO_USER_API 1760 help 1761 This option enables the user-spaces interface for symmetric 1762 key cipher algorithms. 1763 1764config CRYPTO_USER_API_RNG 1765 tristate "User-space interface for random number generator algorithms" 1766 depends on NET 1767 select CRYPTO_RNG 1768 select CRYPTO_USER_API 1769 help 1770 This option enables the user-spaces interface for random 1771 number generator algorithms. 1772 1773config CRYPTO_USER_API_AEAD 1774 tristate "User-space interface for AEAD cipher algorithms" 1775 depends on NET 1776 select CRYPTO_AEAD 1777 select CRYPTO_BLKCIPHER 1778 select CRYPTO_NULL 1779 select CRYPTO_USER_API 1780 help 1781 This option enables the user-spaces interface for AEAD 1782 cipher algorithms. 1783 1784config CRYPTO_HASH_INFO 1785 bool 1786 1787source "drivers/crypto/Kconfig" 1788source crypto/asymmetric_keys/Kconfig 1789source certs/Kconfig 1790 1791endif # if CRYPTO 1792