1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 27 depends on MODULE_SIG 28 help 29 This options enables the fips boot option which is 30 required if you want to system to operate in a FIPS 200 31 certification. You should say no unless you know what 32 this is. 33 34config CRYPTO_ALGAPI 35 tristate 36 select CRYPTO_ALGAPI2 37 help 38 This option provides the API for cryptographic algorithms. 39 40config CRYPTO_ALGAPI2 41 tristate 42 43config CRYPTO_AEAD 44 tristate 45 select CRYPTO_AEAD2 46 select CRYPTO_ALGAPI 47 48config CRYPTO_AEAD2 49 tristate 50 select CRYPTO_ALGAPI2 51 select CRYPTO_NULL2 52 select CRYPTO_RNG2 53 54config CRYPTO_BLKCIPHER 55 tristate 56 select CRYPTO_BLKCIPHER2 57 select CRYPTO_ALGAPI 58 59config CRYPTO_BLKCIPHER2 60 tristate 61 select CRYPTO_ALGAPI2 62 select CRYPTO_RNG2 63 select CRYPTO_WORKQUEUE 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_PCOMP 88 tristate 89 select CRYPTO_PCOMP2 90 select CRYPTO_ALGAPI 91 92config CRYPTO_PCOMP2 93 tristate 94 select CRYPTO_ALGAPI2 95 96config CRYPTO_AKCIPHER2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_AKCIPHER 101 tristate 102 select CRYPTO_AKCIPHER2 103 select CRYPTO_ALGAPI 104 105config CRYPTO_RSA 106 tristate "RSA algorithm" 107 select CRYPTO_AKCIPHER 108 select MPILIB 109 select ASN1 110 help 111 Generic implementation of the RSA public key algorithm. 112 113config CRYPTO_MANAGER 114 tristate "Cryptographic algorithm manager" 115 select CRYPTO_MANAGER2 116 help 117 Create default cryptographic template instantiations such as 118 cbc(aes). 119 120config CRYPTO_MANAGER2 121 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 122 select CRYPTO_AEAD2 123 select CRYPTO_HASH2 124 select CRYPTO_BLKCIPHER2 125 select CRYPTO_PCOMP2 126 select CRYPTO_AKCIPHER2 127 128config CRYPTO_USER 129 tristate "Userspace cryptographic algorithm configuration" 130 depends on NET 131 select CRYPTO_MANAGER 132 help 133 Userspace configuration for cryptographic instantiations such as 134 cbc(aes). 135 136config CRYPTO_MANAGER_DISABLE_TESTS 137 bool "Disable run-time self tests" 138 default y 139 depends on CRYPTO_MANAGER2 140 help 141 Disable run-time self tests that normally take place at 142 algorithm registration. 143 144config CRYPTO_GF128MUL 145 tristate "GF(2^128) multiplication functions" 146 help 147 Efficient table driven implementation of multiplications in the 148 field GF(2^128). This is needed by some cypher modes. This 149 option will be selected automatically if you select such a 150 cipher mode. Only select this option by hand if you expect to load 151 an external module that requires these functions. 152 153config CRYPTO_NULL 154 tristate "Null algorithms" 155 select CRYPTO_NULL2 156 help 157 These are 'Null' algorithms, used by IPsec, which do nothing. 158 159config CRYPTO_NULL2 160 tristate 161 select CRYPTO_ALGAPI2 162 select CRYPTO_BLKCIPHER2 163 select CRYPTO_HASH2 164 165config CRYPTO_PCRYPT 166 tristate "Parallel crypto engine" 167 depends on SMP 168 select PADATA 169 select CRYPTO_MANAGER 170 select CRYPTO_AEAD 171 help 172 This converts an arbitrary crypto algorithm into a parallel 173 algorithm that executes in kernel threads. 174 175config CRYPTO_WORKQUEUE 176 tristate 177 178config CRYPTO_CRYPTD 179 tristate "Software async crypto daemon" 180 select CRYPTO_BLKCIPHER 181 select CRYPTO_HASH 182 select CRYPTO_MANAGER 183 select CRYPTO_WORKQUEUE 184 help 185 This is a generic software asynchronous crypto daemon that 186 converts an arbitrary synchronous software crypto algorithm 187 into an asynchronous algorithm that executes in a kernel thread. 188 189config CRYPTO_MCRYPTD 190 tristate "Software async multi-buffer crypto daemon" 191 select CRYPTO_BLKCIPHER 192 select CRYPTO_HASH 193 select CRYPTO_MANAGER 194 select CRYPTO_WORKQUEUE 195 help 196 This is a generic software asynchronous crypto daemon that 197 provides the kernel thread to assist multi-buffer crypto 198 algorithms for submitting jobs and flushing jobs in multi-buffer 199 crypto algorithms. Multi-buffer crypto algorithms are executed 200 in the context of this kernel thread and drivers can post 201 their crypto request asynchronously to be processed by this daemon. 202 203config CRYPTO_AUTHENC 204 tristate "Authenc support" 205 select CRYPTO_AEAD 206 select CRYPTO_BLKCIPHER 207 select CRYPTO_MANAGER 208 select CRYPTO_HASH 209 select CRYPTO_NULL 210 help 211 Authenc: Combined mode wrapper for IPsec. 212 This is required for IPSec. 213 214config CRYPTO_TEST 215 tristate "Testing module" 216 depends on m 217 select CRYPTO_MANAGER 218 help 219 Quick & dirty crypto test module. 220 221config CRYPTO_ABLK_HELPER 222 tristate 223 select CRYPTO_CRYPTD 224 225config CRYPTO_GLUE_HELPER_X86 226 tristate 227 depends on X86 228 select CRYPTO_ALGAPI 229 230comment "Authenticated Encryption with Associated Data" 231 232config CRYPTO_CCM 233 tristate "CCM support" 234 select CRYPTO_CTR 235 select CRYPTO_AEAD 236 help 237 Support for Counter with CBC MAC. Required for IPsec. 238 239config CRYPTO_GCM 240 tristate "GCM/GMAC support" 241 select CRYPTO_CTR 242 select CRYPTO_AEAD 243 select CRYPTO_GHASH 244 select CRYPTO_NULL 245 help 246 Support for Galois/Counter Mode (GCM) and Galois Message 247 Authentication Code (GMAC). Required for IPSec. 248 249config CRYPTO_CHACHA20POLY1305 250 tristate "ChaCha20-Poly1305 AEAD support" 251 select CRYPTO_CHACHA20 252 select CRYPTO_POLY1305 253 select CRYPTO_AEAD 254 help 255 ChaCha20-Poly1305 AEAD support, RFC7539. 256 257 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 258 with the Poly1305 authenticator. It is defined in RFC7539 for use in 259 IETF protocols. 260 261config CRYPTO_SEQIV 262 tristate "Sequence Number IV Generator" 263 select CRYPTO_AEAD 264 select CRYPTO_BLKCIPHER 265 select CRYPTO_NULL 266 select CRYPTO_RNG_DEFAULT 267 help 268 This IV generator generates an IV based on a sequence number by 269 xoring it with a salt. This algorithm is mainly useful for CTR 270 271config CRYPTO_ECHAINIV 272 tristate "Encrypted Chain IV Generator" 273 select CRYPTO_AEAD 274 select CRYPTO_NULL 275 select CRYPTO_RNG_DEFAULT 276 default m 277 help 278 This IV generator generates an IV based on the encryption of 279 a sequence number xored with a salt. This is the default 280 algorithm for CBC. 281 282comment "Block modes" 283 284config CRYPTO_CBC 285 tristate "CBC support" 286 select CRYPTO_BLKCIPHER 287 select CRYPTO_MANAGER 288 help 289 CBC: Cipher Block Chaining mode 290 This block cipher algorithm is required for IPSec. 291 292config CRYPTO_HEH 293 tristate "HEH support" 294 select CRYPTO_CMAC 295 select CRYPTO_ECB 296 select CRYPTO_GF128MUL 297 select CRYPTO_MANAGER 298 select CRYPTO_POLY_HASH_ARM64_CE if ARM64 && KERNEL_MODE_NEON 299 help 300 HEH: Hash-Encrypt-Hash mode 301 HEH is a proposed block cipher mode of operation which extends the 302 strong pseudo-random permutation (SPRP) property of block ciphers to 303 arbitrary-length input strings. This provides a stronger notion of 304 security than existing block cipher modes of operation (e.g. CBC, CTR, 305 XTS), though it is usually less performant. Applications include disk 306 encryption and encryption of file names and contents. Currently, this 307 implementation only provides a symmetric cipher interface, so it can't 308 yet be used as an AEAD. 309 310config CRYPTO_CTR 311 tristate "CTR support" 312 select CRYPTO_BLKCIPHER 313 select CRYPTO_SEQIV 314 select CRYPTO_MANAGER 315 help 316 CTR: Counter mode 317 This block cipher algorithm is required for IPSec. 318 319config CRYPTO_CTS 320 tristate "CTS support" 321 select CRYPTO_BLKCIPHER 322 help 323 CTS: Cipher Text Stealing 324 This is the Cipher Text Stealing mode as described by 325 Section 8 of rfc2040 and referenced by rfc3962. 326 (rfc3962 includes errata information in its Appendix A) 327 This mode is required for Kerberos gss mechanism support 328 for AES encryption. 329 330config CRYPTO_ECB 331 tristate "ECB support" 332 select CRYPTO_BLKCIPHER 333 select CRYPTO_MANAGER 334 help 335 ECB: Electronic CodeBook mode 336 This is the simplest block cipher algorithm. It simply encrypts 337 the input block by block. 338 339config CRYPTO_LRW 340 tristate "LRW support" 341 select CRYPTO_BLKCIPHER 342 select CRYPTO_MANAGER 343 select CRYPTO_GF128MUL 344 help 345 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 346 narrow block cipher mode for dm-crypt. Use it with cipher 347 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 348 The first 128, 192 or 256 bits in the key are used for AES and the 349 rest is used to tie each cipher block to its logical position. 350 351config CRYPTO_PCBC 352 tristate "PCBC support" 353 select CRYPTO_BLKCIPHER 354 select CRYPTO_MANAGER 355 help 356 PCBC: Propagating Cipher Block Chaining mode 357 This block cipher algorithm is required for RxRPC. 358 359config CRYPTO_XTS 360 tristate "XTS support" 361 select CRYPTO_BLKCIPHER 362 select CRYPTO_MANAGER 363 select CRYPTO_GF128MUL 364 help 365 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 366 key size 256, 384 or 512 bits. This implementation currently 367 can't handle a sectorsize which is not a multiple of 16 bytes. 368 369config CRYPTO_KEYWRAP 370 tristate "Key wrapping support" 371 select CRYPTO_BLKCIPHER 372 help 373 Support for key wrapping (NIST SP800-38F / RFC3394) without 374 padding. 375 376comment "Hash modes" 377 378config CRYPTO_CMAC 379 tristate "CMAC support" 380 select CRYPTO_HASH 381 select CRYPTO_MANAGER 382 help 383 Cipher-based Message Authentication Code (CMAC) specified by 384 The National Institute of Standards and Technology (NIST). 385 386 https://tools.ietf.org/html/rfc4493 387 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 388 389config CRYPTO_HMAC 390 tristate "HMAC support" 391 select CRYPTO_HASH 392 select CRYPTO_MANAGER 393 help 394 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 395 This is required for IPSec. 396 397config CRYPTO_XCBC 398 tristate "XCBC support" 399 select CRYPTO_HASH 400 select CRYPTO_MANAGER 401 help 402 XCBC: Keyed-Hashing with encryption algorithm 403 http://www.ietf.org/rfc/rfc3566.txt 404 http://csrc.nist.gov/encryption/modes/proposedmodes/ 405 xcbc-mac/xcbc-mac-spec.pdf 406 407config CRYPTO_VMAC 408 tristate "VMAC support" 409 select CRYPTO_HASH 410 select CRYPTO_MANAGER 411 help 412 VMAC is a message authentication algorithm designed for 413 very high speed on 64-bit architectures. 414 415 See also: 416 <http://fastcrypto.org/vmac> 417 418comment "Digest" 419 420config CRYPTO_CRC32C 421 tristate "CRC32c CRC algorithm" 422 select CRYPTO_HASH 423 select CRC32 424 help 425 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 426 by iSCSI for header and data digests and by others. 427 See Castagnoli93. Module will be crc32c. 428 429config CRYPTO_CRC32C_INTEL 430 tristate "CRC32c INTEL hardware acceleration" 431 depends on X86 432 select CRYPTO_HASH 433 help 434 In Intel processor with SSE4.2 supported, the processor will 435 support CRC32C implementation using hardware accelerated CRC32 436 instruction. This option will create 'crc32c-intel' module, 437 which will enable any routine to use the CRC32 instruction to 438 gain performance compared with software implementation. 439 Module will be crc32c-intel. 440 441config CRYPTO_CRC32C_SPARC64 442 tristate "CRC32c CRC algorithm (SPARC64)" 443 depends on SPARC64 444 select CRYPTO_HASH 445 select CRC32 446 help 447 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 448 when available. 449 450config CRYPTO_CRC32 451 tristate "CRC32 CRC algorithm" 452 select CRYPTO_HASH 453 select CRC32 454 help 455 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 456 Shash crypto api wrappers to crc32_le function. 457 458config CRYPTO_CRC32_PCLMUL 459 tristate "CRC32 PCLMULQDQ hardware acceleration" 460 depends on X86 461 select CRYPTO_HASH 462 select CRC32 463 help 464 From Intel Westmere and AMD Bulldozer processor with SSE4.2 465 and PCLMULQDQ supported, the processor will support 466 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 467 instruction. This option will create 'crc32-plcmul' module, 468 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 469 and gain better performance as compared with the table implementation. 470 471config CRYPTO_CRCT10DIF 472 tristate "CRCT10DIF algorithm" 473 select CRYPTO_HASH 474 help 475 CRC T10 Data Integrity Field computation is being cast as 476 a crypto transform. This allows for faster crc t10 diff 477 transforms to be used if they are available. 478 479config CRYPTO_CRCT10DIF_PCLMUL 480 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 481 depends on X86 && 64BIT && CRC_T10DIF 482 select CRYPTO_HASH 483 help 484 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 485 CRC T10 DIF PCLMULQDQ computation can be hardware 486 accelerated PCLMULQDQ instruction. This option will create 487 'crct10dif-plcmul' module, which is faster when computing the 488 crct10dif checksum as compared with the generic table implementation. 489 490config CRYPTO_GHASH 491 tristate "GHASH digest algorithm" 492 select CRYPTO_GF128MUL 493 help 494 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 495 496config CRYPTO_POLY1305 497 tristate "Poly1305 authenticator algorithm" 498 help 499 Poly1305 authenticator algorithm, RFC7539. 500 501 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 502 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 503 in IETF protocols. This is the portable C implementation of Poly1305. 504 505config CRYPTO_POLY1305_X86_64 506 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 507 depends on X86 && 64BIT 508 select CRYPTO_POLY1305 509 help 510 Poly1305 authenticator algorithm, RFC7539. 511 512 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 513 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 514 in IETF protocols. This is the x86_64 assembler implementation using SIMD 515 instructions. 516 517config CRYPTO_MD4 518 tristate "MD4 digest algorithm" 519 select CRYPTO_HASH 520 help 521 MD4 message digest algorithm (RFC1320). 522 523config CRYPTO_MD5 524 tristate "MD5 digest algorithm" 525 select CRYPTO_HASH 526 help 527 MD5 message digest algorithm (RFC1321). 528 529config CRYPTO_MD5_OCTEON 530 tristate "MD5 digest algorithm (OCTEON)" 531 depends on CPU_CAVIUM_OCTEON 532 select CRYPTO_MD5 533 select CRYPTO_HASH 534 help 535 MD5 message digest algorithm (RFC1321) implemented 536 using OCTEON crypto instructions, when available. 537 538config CRYPTO_MD5_PPC 539 tristate "MD5 digest algorithm (PPC)" 540 depends on PPC 541 select CRYPTO_HASH 542 help 543 MD5 message digest algorithm (RFC1321) implemented 544 in PPC assembler. 545 546config CRYPTO_MD5_SPARC64 547 tristate "MD5 digest algorithm (SPARC64)" 548 depends on SPARC64 549 select CRYPTO_MD5 550 select CRYPTO_HASH 551 help 552 MD5 message digest algorithm (RFC1321) implemented 553 using sparc64 crypto instructions, when available. 554 555config CRYPTO_MICHAEL_MIC 556 tristate "Michael MIC keyed digest algorithm" 557 select CRYPTO_HASH 558 help 559 Michael MIC is used for message integrity protection in TKIP 560 (IEEE 802.11i). This algorithm is required for TKIP, but it 561 should not be used for other purposes because of the weakness 562 of the algorithm. 563 564config CRYPTO_RMD128 565 tristate "RIPEMD-128 digest algorithm" 566 select CRYPTO_HASH 567 help 568 RIPEMD-128 (ISO/IEC 10118-3:2004). 569 570 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 571 be used as a secure replacement for RIPEMD. For other use cases, 572 RIPEMD-160 should be used. 573 574 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 575 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 576 577config CRYPTO_RMD160 578 tristate "RIPEMD-160 digest algorithm" 579 select CRYPTO_HASH 580 help 581 RIPEMD-160 (ISO/IEC 10118-3:2004). 582 583 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 584 to be used as a secure replacement for the 128-bit hash functions 585 MD4, MD5 and it's predecessor RIPEMD 586 (not to be confused with RIPEMD-128). 587 588 It's speed is comparable to SHA1 and there are no known attacks 589 against RIPEMD-160. 590 591 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 592 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 593 594config CRYPTO_RMD256 595 tristate "RIPEMD-256 digest algorithm" 596 select CRYPTO_HASH 597 help 598 RIPEMD-256 is an optional extension of RIPEMD-128 with a 599 256 bit hash. It is intended for applications that require 600 longer hash-results, without needing a larger security level 601 (than RIPEMD-128). 602 603 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 604 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 605 606config CRYPTO_RMD320 607 tristate "RIPEMD-320 digest algorithm" 608 select CRYPTO_HASH 609 help 610 RIPEMD-320 is an optional extension of RIPEMD-160 with a 611 320 bit hash. It is intended for applications that require 612 longer hash-results, without needing a larger security level 613 (than RIPEMD-160). 614 615 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 616 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 617 618config CRYPTO_SHA1 619 tristate "SHA1 digest algorithm" 620 select CRYPTO_HASH 621 help 622 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 623 624config CRYPTO_SHA1_SSSE3 625 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 626 depends on X86 && 64BIT 627 select CRYPTO_SHA1 628 select CRYPTO_HASH 629 help 630 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 631 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 632 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 633 when available. 634 635config CRYPTO_SHA256_SSSE3 636 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 637 depends on X86 && 64BIT 638 select CRYPTO_SHA256 639 select CRYPTO_HASH 640 help 641 SHA-256 secure hash standard (DFIPS 180-2) implemented 642 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 643 Extensions version 1 (AVX1), or Advanced Vector Extensions 644 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 645 Instructions) when available. 646 647config CRYPTO_SHA512_SSSE3 648 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 649 depends on X86 && 64BIT 650 select CRYPTO_SHA512 651 select CRYPTO_HASH 652 help 653 SHA-512 secure hash standard (DFIPS 180-2) implemented 654 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 655 Extensions version 1 (AVX1), or Advanced Vector Extensions 656 version 2 (AVX2) instructions, when available. 657 658config CRYPTO_SHA1_OCTEON 659 tristate "SHA1 digest algorithm (OCTEON)" 660 depends on CPU_CAVIUM_OCTEON 661 select CRYPTO_SHA1 662 select CRYPTO_HASH 663 help 664 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 665 using OCTEON crypto instructions, when available. 666 667config CRYPTO_SHA1_SPARC64 668 tristate "SHA1 digest algorithm (SPARC64)" 669 depends on SPARC64 670 select CRYPTO_SHA1 671 select CRYPTO_HASH 672 help 673 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 674 using sparc64 crypto instructions, when available. 675 676config CRYPTO_SHA1_PPC 677 tristate "SHA1 digest algorithm (powerpc)" 678 depends on PPC 679 help 680 This is the powerpc hardware accelerated implementation of the 681 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 682 683config CRYPTO_SHA1_PPC_SPE 684 tristate "SHA1 digest algorithm (PPC SPE)" 685 depends on PPC && SPE 686 help 687 SHA-1 secure hash standard (DFIPS 180-4) implemented 688 using powerpc SPE SIMD instruction set. 689 690config CRYPTO_SHA1_MB 691 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 692 depends on X86 && 64BIT 693 select CRYPTO_SHA1 694 select CRYPTO_HASH 695 select CRYPTO_MCRYPTD 696 help 697 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 698 using multi-buffer technique. This algorithm computes on 699 multiple data lanes concurrently with SIMD instructions for 700 better throughput. It should not be enabled by default but 701 used when there is significant amount of work to keep the keep 702 the data lanes filled to get performance benefit. If the data 703 lanes remain unfilled, a flush operation will be initiated to 704 process the crypto jobs, adding a slight latency. 705 706config CRYPTO_SHA256 707 tristate "SHA224 and SHA256 digest algorithm" 708 select CRYPTO_HASH 709 help 710 SHA256 secure hash standard (DFIPS 180-2). 711 712 This version of SHA implements a 256 bit hash with 128 bits of 713 security against collision attacks. 714 715 This code also includes SHA-224, a 224 bit hash with 112 bits 716 of security against collision attacks. 717 718config CRYPTO_SHA256_PPC_SPE 719 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 720 depends on PPC && SPE 721 select CRYPTO_SHA256 722 select CRYPTO_HASH 723 help 724 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 725 implemented using powerpc SPE SIMD instruction set. 726 727config CRYPTO_SHA256_OCTEON 728 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 729 depends on CPU_CAVIUM_OCTEON 730 select CRYPTO_SHA256 731 select CRYPTO_HASH 732 help 733 SHA-256 secure hash standard (DFIPS 180-2) implemented 734 using OCTEON crypto instructions, when available. 735 736config CRYPTO_SHA256_SPARC64 737 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 738 depends on SPARC64 739 select CRYPTO_SHA256 740 select CRYPTO_HASH 741 help 742 SHA-256 secure hash standard (DFIPS 180-2) implemented 743 using sparc64 crypto instructions, when available. 744 745config CRYPTO_SHA512 746 tristate "SHA384 and SHA512 digest algorithms" 747 select CRYPTO_HASH 748 help 749 SHA512 secure hash standard (DFIPS 180-2). 750 751 This version of SHA implements a 512 bit hash with 256 bits of 752 security against collision attacks. 753 754 This code also includes SHA-384, a 384 bit hash with 192 bits 755 of security against collision attacks. 756 757config CRYPTO_SHA512_OCTEON 758 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 759 depends on CPU_CAVIUM_OCTEON 760 select CRYPTO_SHA512 761 select CRYPTO_HASH 762 help 763 SHA-512 secure hash standard (DFIPS 180-2) implemented 764 using OCTEON crypto instructions, when available. 765 766config CRYPTO_SHA512_SPARC64 767 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 768 depends on SPARC64 769 select CRYPTO_SHA512 770 select CRYPTO_HASH 771 help 772 SHA-512 secure hash standard (DFIPS 180-2) implemented 773 using sparc64 crypto instructions, when available. 774 775config CRYPTO_TGR192 776 tristate "Tiger digest algorithms" 777 select CRYPTO_HASH 778 help 779 Tiger hash algorithm 192, 160 and 128-bit hashes 780 781 Tiger is a hash function optimized for 64-bit processors while 782 still having decent performance on 32-bit processors. 783 Tiger was developed by Ross Anderson and Eli Biham. 784 785 See also: 786 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 787 788config CRYPTO_WP512 789 tristate "Whirlpool digest algorithms" 790 select CRYPTO_HASH 791 help 792 Whirlpool hash algorithm 512, 384 and 256-bit hashes 793 794 Whirlpool-512 is part of the NESSIE cryptographic primitives. 795 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 796 797 See also: 798 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 799 800config CRYPTO_GHASH_CLMUL_NI_INTEL 801 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 802 depends on X86 && 64BIT 803 select CRYPTO_CRYPTD 804 help 805 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 806 The implementation is accelerated by CLMUL-NI of Intel. 807 808comment "Ciphers" 809 810config CRYPTO_AES 811 tristate "AES cipher algorithms" 812 select CRYPTO_ALGAPI 813 help 814 AES cipher algorithms (FIPS-197). AES uses the Rijndael 815 algorithm. 816 817 Rijndael appears to be consistently a very good performer in 818 both hardware and software across a wide range of computing 819 environments regardless of its use in feedback or non-feedback 820 modes. Its key setup time is excellent, and its key agility is 821 good. Rijndael's very low memory requirements make it very well 822 suited for restricted-space environments, in which it also 823 demonstrates excellent performance. Rijndael's operations are 824 among the easiest to defend against power and timing attacks. 825 826 The AES specifies three key sizes: 128, 192 and 256 bits 827 828 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 829 830config CRYPTO_AES_586 831 tristate "AES cipher algorithms (i586)" 832 depends on (X86 || UML_X86) && !64BIT 833 select CRYPTO_ALGAPI 834 select CRYPTO_AES 835 help 836 AES cipher algorithms (FIPS-197). AES uses the Rijndael 837 algorithm. 838 839 Rijndael appears to be consistently a very good performer in 840 both hardware and software across a wide range of computing 841 environments regardless of its use in feedback or non-feedback 842 modes. Its key setup time is excellent, and its key agility is 843 good. Rijndael's very low memory requirements make it very well 844 suited for restricted-space environments, in which it also 845 demonstrates excellent performance. Rijndael's operations are 846 among the easiest to defend against power and timing attacks. 847 848 The AES specifies three key sizes: 128, 192 and 256 bits 849 850 See <http://csrc.nist.gov/encryption/aes/> for more information. 851 852config CRYPTO_AES_X86_64 853 tristate "AES cipher algorithms (x86_64)" 854 depends on (X86 || UML_X86) && 64BIT 855 select CRYPTO_ALGAPI 856 select CRYPTO_AES 857 help 858 AES cipher algorithms (FIPS-197). AES uses the Rijndael 859 algorithm. 860 861 Rijndael appears to be consistently a very good performer in 862 both hardware and software across a wide range of computing 863 environments regardless of its use in feedback or non-feedback 864 modes. Its key setup time is excellent, and its key agility is 865 good. Rijndael's very low memory requirements make it very well 866 suited for restricted-space environments, in which it also 867 demonstrates excellent performance. Rijndael's operations are 868 among the easiest to defend against power and timing attacks. 869 870 The AES specifies three key sizes: 128, 192 and 256 bits 871 872 See <http://csrc.nist.gov/encryption/aes/> for more information. 873 874config CRYPTO_AES_NI_INTEL 875 tristate "AES cipher algorithms (AES-NI)" 876 depends on X86 877 select CRYPTO_AES_X86_64 if 64BIT 878 select CRYPTO_AES_586 if !64BIT 879 select CRYPTO_CRYPTD 880 select CRYPTO_ABLK_HELPER 881 select CRYPTO_ALGAPI 882 select CRYPTO_GLUE_HELPER_X86 if 64BIT 883 select CRYPTO_LRW 884 select CRYPTO_XTS 885 help 886 Use Intel AES-NI instructions for AES algorithm. 887 888 AES cipher algorithms (FIPS-197). AES uses the Rijndael 889 algorithm. 890 891 Rijndael appears to be consistently a very good performer in 892 both hardware and software across a wide range of computing 893 environments regardless of its use in feedback or non-feedback 894 modes. Its key setup time is excellent, and its key agility is 895 good. Rijndael's very low memory requirements make it very well 896 suited for restricted-space environments, in which it also 897 demonstrates excellent performance. Rijndael's operations are 898 among the easiest to defend against power and timing attacks. 899 900 The AES specifies three key sizes: 128, 192 and 256 bits 901 902 See <http://csrc.nist.gov/encryption/aes/> for more information. 903 904 In addition to AES cipher algorithm support, the acceleration 905 for some popular block cipher mode is supported too, including 906 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 907 acceleration for CTR. 908 909config CRYPTO_AES_SPARC64 910 tristate "AES cipher algorithms (SPARC64)" 911 depends on SPARC64 912 select CRYPTO_CRYPTD 913 select CRYPTO_ALGAPI 914 help 915 Use SPARC64 crypto opcodes for AES algorithm. 916 917 AES cipher algorithms (FIPS-197). AES uses the Rijndael 918 algorithm. 919 920 Rijndael appears to be consistently a very good performer in 921 both hardware and software across a wide range of computing 922 environments regardless of its use in feedback or non-feedback 923 modes. Its key setup time is excellent, and its key agility is 924 good. Rijndael's very low memory requirements make it very well 925 suited for restricted-space environments, in which it also 926 demonstrates excellent performance. Rijndael's operations are 927 among the easiest to defend against power and timing attacks. 928 929 The AES specifies three key sizes: 128, 192 and 256 bits 930 931 See <http://csrc.nist.gov/encryption/aes/> for more information. 932 933 In addition to AES cipher algorithm support, the acceleration 934 for some popular block cipher mode is supported too, including 935 ECB and CBC. 936 937config CRYPTO_AES_PPC_SPE 938 tristate "AES cipher algorithms (PPC SPE)" 939 depends on PPC && SPE 940 help 941 AES cipher algorithms (FIPS-197). Additionally the acceleration 942 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 943 This module should only be used for low power (router) devices 944 without hardware AES acceleration (e.g. caam crypto). It reduces the 945 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 946 timining attacks. Nevertheless it might be not as secure as other 947 architecture specific assembler implementations that work on 1KB 948 tables or 256 bytes S-boxes. 949 950config CRYPTO_ANUBIS 951 tristate "Anubis cipher algorithm" 952 select CRYPTO_ALGAPI 953 help 954 Anubis cipher algorithm. 955 956 Anubis is a variable key length cipher which can use keys from 957 128 bits to 320 bits in length. It was evaluated as a entrant 958 in the NESSIE competition. 959 960 See also: 961 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 962 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 963 964config CRYPTO_ARC4 965 tristate "ARC4 cipher algorithm" 966 select CRYPTO_BLKCIPHER 967 help 968 ARC4 cipher algorithm. 969 970 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 971 bits in length. This algorithm is required for driver-based 972 WEP, but it should not be for other purposes because of the 973 weakness of the algorithm. 974 975config CRYPTO_BLOWFISH 976 tristate "Blowfish cipher algorithm" 977 select CRYPTO_ALGAPI 978 select CRYPTO_BLOWFISH_COMMON 979 help 980 Blowfish cipher algorithm, by Bruce Schneier. 981 982 This is a variable key length cipher which can use keys from 32 983 bits to 448 bits in length. It's fast, simple and specifically 984 designed for use on "large microprocessors". 985 986 See also: 987 <http://www.schneier.com/blowfish.html> 988 989config CRYPTO_BLOWFISH_COMMON 990 tristate 991 help 992 Common parts of the Blowfish cipher algorithm shared by the 993 generic c and the assembler implementations. 994 995 See also: 996 <http://www.schneier.com/blowfish.html> 997 998config CRYPTO_BLOWFISH_X86_64 999 tristate "Blowfish cipher algorithm (x86_64)" 1000 depends on X86 && 64BIT 1001 select CRYPTO_ALGAPI 1002 select CRYPTO_BLOWFISH_COMMON 1003 help 1004 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1005 1006 This is a variable key length cipher which can use keys from 32 1007 bits to 448 bits in length. It's fast, simple and specifically 1008 designed for use on "large microprocessors". 1009 1010 See also: 1011 <http://www.schneier.com/blowfish.html> 1012 1013config CRYPTO_CAMELLIA 1014 tristate "Camellia cipher algorithms" 1015 depends on CRYPTO 1016 select CRYPTO_ALGAPI 1017 help 1018 Camellia cipher algorithms module. 1019 1020 Camellia is a symmetric key block cipher developed jointly 1021 at NTT and Mitsubishi Electric Corporation. 1022 1023 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1024 1025 See also: 1026 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1027 1028config CRYPTO_CAMELLIA_X86_64 1029 tristate "Camellia cipher algorithm (x86_64)" 1030 depends on X86 && 64BIT 1031 depends on CRYPTO 1032 select CRYPTO_ALGAPI 1033 select CRYPTO_GLUE_HELPER_X86 1034 select CRYPTO_LRW 1035 select CRYPTO_XTS 1036 help 1037 Camellia cipher algorithm module (x86_64). 1038 1039 Camellia is a symmetric key block cipher developed jointly 1040 at NTT and Mitsubishi Electric Corporation. 1041 1042 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1043 1044 See also: 1045 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1046 1047config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1048 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1049 depends on X86 && 64BIT 1050 depends on CRYPTO 1051 select CRYPTO_ALGAPI 1052 select CRYPTO_CRYPTD 1053 select CRYPTO_ABLK_HELPER 1054 select CRYPTO_GLUE_HELPER_X86 1055 select CRYPTO_CAMELLIA_X86_64 1056 select CRYPTO_LRW 1057 select CRYPTO_XTS 1058 help 1059 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1060 1061 Camellia is a symmetric key block cipher developed jointly 1062 at NTT and Mitsubishi Electric Corporation. 1063 1064 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1065 1066 See also: 1067 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1068 1069config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1070 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1071 depends on X86 && 64BIT 1072 depends on CRYPTO 1073 select CRYPTO_ALGAPI 1074 select CRYPTO_CRYPTD 1075 select CRYPTO_ABLK_HELPER 1076 select CRYPTO_GLUE_HELPER_X86 1077 select CRYPTO_CAMELLIA_X86_64 1078 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1079 select CRYPTO_LRW 1080 select CRYPTO_XTS 1081 help 1082 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1083 1084 Camellia is a symmetric key block cipher developed jointly 1085 at NTT and Mitsubishi Electric Corporation. 1086 1087 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1088 1089 See also: 1090 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1091 1092config CRYPTO_CAMELLIA_SPARC64 1093 tristate "Camellia cipher algorithm (SPARC64)" 1094 depends on SPARC64 1095 depends on CRYPTO 1096 select CRYPTO_ALGAPI 1097 help 1098 Camellia cipher algorithm module (SPARC64). 1099 1100 Camellia is a symmetric key block cipher developed jointly 1101 at NTT and Mitsubishi Electric Corporation. 1102 1103 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1104 1105 See also: 1106 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1107 1108config CRYPTO_CAST_COMMON 1109 tristate 1110 help 1111 Common parts of the CAST cipher algorithms shared by the 1112 generic c and the assembler implementations. 1113 1114config CRYPTO_CAST5 1115 tristate "CAST5 (CAST-128) cipher algorithm" 1116 select CRYPTO_ALGAPI 1117 select CRYPTO_CAST_COMMON 1118 help 1119 The CAST5 encryption algorithm (synonymous with CAST-128) is 1120 described in RFC2144. 1121 1122config CRYPTO_CAST5_AVX_X86_64 1123 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1124 depends on X86 && 64BIT 1125 select CRYPTO_ALGAPI 1126 select CRYPTO_CRYPTD 1127 select CRYPTO_ABLK_HELPER 1128 select CRYPTO_CAST_COMMON 1129 select CRYPTO_CAST5 1130 help 1131 The CAST5 encryption algorithm (synonymous with CAST-128) is 1132 described in RFC2144. 1133 1134 This module provides the Cast5 cipher algorithm that processes 1135 sixteen blocks parallel using the AVX instruction set. 1136 1137config CRYPTO_CAST6 1138 tristate "CAST6 (CAST-256) cipher algorithm" 1139 select CRYPTO_ALGAPI 1140 select CRYPTO_CAST_COMMON 1141 help 1142 The CAST6 encryption algorithm (synonymous with CAST-256) is 1143 described in RFC2612. 1144 1145config CRYPTO_CAST6_AVX_X86_64 1146 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1147 depends on X86 && 64BIT 1148 select CRYPTO_ALGAPI 1149 select CRYPTO_CRYPTD 1150 select CRYPTO_ABLK_HELPER 1151 select CRYPTO_GLUE_HELPER_X86 1152 select CRYPTO_CAST_COMMON 1153 select CRYPTO_CAST6 1154 select CRYPTO_LRW 1155 select CRYPTO_XTS 1156 help 1157 The CAST6 encryption algorithm (synonymous with CAST-256) is 1158 described in RFC2612. 1159 1160 This module provides the Cast6 cipher algorithm that processes 1161 eight blocks parallel using the AVX instruction set. 1162 1163config CRYPTO_DES 1164 tristate "DES and Triple DES EDE cipher algorithms" 1165 select CRYPTO_ALGAPI 1166 help 1167 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1168 1169config CRYPTO_DES_SPARC64 1170 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1171 depends on SPARC64 1172 select CRYPTO_ALGAPI 1173 select CRYPTO_DES 1174 help 1175 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1176 optimized using SPARC64 crypto opcodes. 1177 1178config CRYPTO_DES3_EDE_X86_64 1179 tristate "Triple DES EDE cipher algorithm (x86-64)" 1180 depends on X86 && 64BIT 1181 select CRYPTO_ALGAPI 1182 select CRYPTO_DES 1183 help 1184 Triple DES EDE (FIPS 46-3) algorithm. 1185 1186 This module provides implementation of the Triple DES EDE cipher 1187 algorithm that is optimized for x86-64 processors. Two versions of 1188 algorithm are provided; regular processing one input block and 1189 one that processes three blocks parallel. 1190 1191config CRYPTO_FCRYPT 1192 tristate "FCrypt cipher algorithm" 1193 select CRYPTO_ALGAPI 1194 select CRYPTO_BLKCIPHER 1195 help 1196 FCrypt algorithm used by RxRPC. 1197 1198config CRYPTO_KHAZAD 1199 tristate "Khazad cipher algorithm" 1200 select CRYPTO_ALGAPI 1201 help 1202 Khazad cipher algorithm. 1203 1204 Khazad was a finalist in the initial NESSIE competition. It is 1205 an algorithm optimized for 64-bit processors with good performance 1206 on 32-bit processors. Khazad uses an 128 bit key size. 1207 1208 See also: 1209 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1210 1211config CRYPTO_SALSA20 1212 tristate "Salsa20 stream cipher algorithm" 1213 select CRYPTO_BLKCIPHER 1214 help 1215 Salsa20 stream cipher algorithm. 1216 1217 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1218 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1219 1220 The Salsa20 stream cipher algorithm is designed by Daniel J. 1221 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1222 1223config CRYPTO_SALSA20_586 1224 tristate "Salsa20 stream cipher algorithm (i586)" 1225 depends on (X86 || UML_X86) && !64BIT 1226 select CRYPTO_BLKCIPHER 1227 help 1228 Salsa20 stream cipher algorithm. 1229 1230 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1231 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1232 1233 The Salsa20 stream cipher algorithm is designed by Daniel J. 1234 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1235 1236config CRYPTO_SALSA20_X86_64 1237 tristate "Salsa20 stream cipher algorithm (x86_64)" 1238 depends on (X86 || UML_X86) && 64BIT 1239 select CRYPTO_BLKCIPHER 1240 help 1241 Salsa20 stream cipher algorithm. 1242 1243 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1244 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1245 1246 The Salsa20 stream cipher algorithm is designed by Daniel J. 1247 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1248 1249config CRYPTO_CHACHA20 1250 tristate "ChaCha20 cipher algorithm" 1251 select CRYPTO_BLKCIPHER 1252 help 1253 ChaCha20 cipher algorithm, RFC7539. 1254 1255 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1256 Bernstein and further specified in RFC7539 for use in IETF protocols. 1257 This is the portable C implementation of ChaCha20. 1258 1259 See also: 1260 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1261 1262config CRYPTO_CHACHA20_X86_64 1263 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1264 depends on X86 && 64BIT 1265 select CRYPTO_BLKCIPHER 1266 select CRYPTO_CHACHA20 1267 help 1268 ChaCha20 cipher algorithm, RFC7539. 1269 1270 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1271 Bernstein and further specified in RFC7539 for use in IETF protocols. 1272 This is the x86_64 assembler implementation using SIMD instructions. 1273 1274 See also: 1275 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1276 1277config CRYPTO_SEED 1278 tristate "SEED cipher algorithm" 1279 select CRYPTO_ALGAPI 1280 help 1281 SEED cipher algorithm (RFC4269). 1282 1283 SEED is a 128-bit symmetric key block cipher that has been 1284 developed by KISA (Korea Information Security Agency) as a 1285 national standard encryption algorithm of the Republic of Korea. 1286 It is a 16 round block cipher with the key size of 128 bit. 1287 1288 See also: 1289 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1290 1291config CRYPTO_SERPENT 1292 tristate "Serpent cipher algorithm" 1293 select CRYPTO_ALGAPI 1294 help 1295 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1296 1297 Keys are allowed to be from 0 to 256 bits in length, in steps 1298 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1299 variant of Serpent for compatibility with old kerneli.org code. 1300 1301 See also: 1302 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1303 1304config CRYPTO_SERPENT_SSE2_X86_64 1305 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1306 depends on X86 && 64BIT 1307 select CRYPTO_ALGAPI 1308 select CRYPTO_CRYPTD 1309 select CRYPTO_ABLK_HELPER 1310 select CRYPTO_GLUE_HELPER_X86 1311 select CRYPTO_SERPENT 1312 select CRYPTO_LRW 1313 select CRYPTO_XTS 1314 help 1315 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1316 1317 Keys are allowed to be from 0 to 256 bits in length, in steps 1318 of 8 bits. 1319 1320 This module provides Serpent cipher algorithm that processes eight 1321 blocks parallel using SSE2 instruction set. 1322 1323 See also: 1324 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1325 1326config CRYPTO_SERPENT_SSE2_586 1327 tristate "Serpent cipher algorithm (i586/SSE2)" 1328 depends on X86 && !64BIT 1329 select CRYPTO_ALGAPI 1330 select CRYPTO_CRYPTD 1331 select CRYPTO_ABLK_HELPER 1332 select CRYPTO_GLUE_HELPER_X86 1333 select CRYPTO_SERPENT 1334 select CRYPTO_LRW 1335 select CRYPTO_XTS 1336 help 1337 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1338 1339 Keys are allowed to be from 0 to 256 bits in length, in steps 1340 of 8 bits. 1341 1342 This module provides Serpent cipher algorithm that processes four 1343 blocks parallel using SSE2 instruction set. 1344 1345 See also: 1346 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1347 1348config CRYPTO_SERPENT_AVX_X86_64 1349 tristate "Serpent cipher algorithm (x86_64/AVX)" 1350 depends on X86 && 64BIT 1351 select CRYPTO_ALGAPI 1352 select CRYPTO_CRYPTD 1353 select CRYPTO_ABLK_HELPER 1354 select CRYPTO_GLUE_HELPER_X86 1355 select CRYPTO_SERPENT 1356 select CRYPTO_LRW 1357 select CRYPTO_XTS 1358 help 1359 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1360 1361 Keys are allowed to be from 0 to 256 bits in length, in steps 1362 of 8 bits. 1363 1364 This module provides the Serpent cipher algorithm that processes 1365 eight blocks parallel using the AVX instruction set. 1366 1367 See also: 1368 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1369 1370config CRYPTO_SERPENT_AVX2_X86_64 1371 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1372 depends on X86 && 64BIT 1373 select CRYPTO_ALGAPI 1374 select CRYPTO_CRYPTD 1375 select CRYPTO_ABLK_HELPER 1376 select CRYPTO_GLUE_HELPER_X86 1377 select CRYPTO_SERPENT 1378 select CRYPTO_SERPENT_AVX_X86_64 1379 select CRYPTO_LRW 1380 select CRYPTO_XTS 1381 help 1382 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1383 1384 Keys are allowed to be from 0 to 256 bits in length, in steps 1385 of 8 bits. 1386 1387 This module provides Serpent cipher algorithm that processes 16 1388 blocks parallel using AVX2 instruction set. 1389 1390 See also: 1391 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1392 1393config CRYPTO_SPECK 1394 tristate "Speck cipher algorithm" 1395 select CRYPTO_ALGAPI 1396 help 1397 Speck is a lightweight block cipher that is tuned for optimal 1398 performance in software (rather than hardware). 1399 1400 Speck may not be as secure as AES, and should only be used on systems 1401 where AES is not fast enough. 1402 1403 See also: <https://eprint.iacr.org/2013/404.pdf> 1404 1405 If unsure, say N. 1406 1407config CRYPTO_TEA 1408 tristate "TEA, XTEA and XETA cipher algorithms" 1409 select CRYPTO_ALGAPI 1410 help 1411 TEA cipher algorithm. 1412 1413 Tiny Encryption Algorithm is a simple cipher that uses 1414 many rounds for security. It is very fast and uses 1415 little memory. 1416 1417 Xtendend Tiny Encryption Algorithm is a modification to 1418 the TEA algorithm to address a potential key weakness 1419 in the TEA algorithm. 1420 1421 Xtendend Encryption Tiny Algorithm is a mis-implementation 1422 of the XTEA algorithm for compatibility purposes. 1423 1424config CRYPTO_TWOFISH 1425 tristate "Twofish cipher algorithm" 1426 select CRYPTO_ALGAPI 1427 select CRYPTO_TWOFISH_COMMON 1428 help 1429 Twofish cipher algorithm. 1430 1431 Twofish was submitted as an AES (Advanced Encryption Standard) 1432 candidate cipher by researchers at CounterPane Systems. It is a 1433 16 round block cipher supporting key sizes of 128, 192, and 256 1434 bits. 1435 1436 See also: 1437 <http://www.schneier.com/twofish.html> 1438 1439config CRYPTO_TWOFISH_COMMON 1440 tristate 1441 help 1442 Common parts of the Twofish cipher algorithm shared by the 1443 generic c and the assembler implementations. 1444 1445config CRYPTO_TWOFISH_586 1446 tristate "Twofish cipher algorithms (i586)" 1447 depends on (X86 || UML_X86) && !64BIT 1448 select CRYPTO_ALGAPI 1449 select CRYPTO_TWOFISH_COMMON 1450 help 1451 Twofish cipher algorithm. 1452 1453 Twofish was submitted as an AES (Advanced Encryption Standard) 1454 candidate cipher by researchers at CounterPane Systems. It is a 1455 16 round block cipher supporting key sizes of 128, 192, and 256 1456 bits. 1457 1458 See also: 1459 <http://www.schneier.com/twofish.html> 1460 1461config CRYPTO_TWOFISH_X86_64 1462 tristate "Twofish cipher algorithm (x86_64)" 1463 depends on (X86 || UML_X86) && 64BIT 1464 select CRYPTO_ALGAPI 1465 select CRYPTO_TWOFISH_COMMON 1466 help 1467 Twofish cipher algorithm (x86_64). 1468 1469 Twofish was submitted as an AES (Advanced Encryption Standard) 1470 candidate cipher by researchers at CounterPane Systems. It is a 1471 16 round block cipher supporting key sizes of 128, 192, and 256 1472 bits. 1473 1474 See also: 1475 <http://www.schneier.com/twofish.html> 1476 1477config CRYPTO_TWOFISH_X86_64_3WAY 1478 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1479 depends on X86 && 64BIT 1480 select CRYPTO_ALGAPI 1481 select CRYPTO_TWOFISH_COMMON 1482 select CRYPTO_TWOFISH_X86_64 1483 select CRYPTO_GLUE_HELPER_X86 1484 select CRYPTO_LRW 1485 select CRYPTO_XTS 1486 help 1487 Twofish cipher algorithm (x86_64, 3-way parallel). 1488 1489 Twofish was submitted as an AES (Advanced Encryption Standard) 1490 candidate cipher by researchers at CounterPane Systems. It is a 1491 16 round block cipher supporting key sizes of 128, 192, and 256 1492 bits. 1493 1494 This module provides Twofish cipher algorithm that processes three 1495 blocks parallel, utilizing resources of out-of-order CPUs better. 1496 1497 See also: 1498 <http://www.schneier.com/twofish.html> 1499 1500config CRYPTO_TWOFISH_AVX_X86_64 1501 tristate "Twofish cipher algorithm (x86_64/AVX)" 1502 depends on X86 && 64BIT 1503 select CRYPTO_ALGAPI 1504 select CRYPTO_CRYPTD 1505 select CRYPTO_ABLK_HELPER 1506 select CRYPTO_GLUE_HELPER_X86 1507 select CRYPTO_TWOFISH_COMMON 1508 select CRYPTO_TWOFISH_X86_64 1509 select CRYPTO_TWOFISH_X86_64_3WAY 1510 select CRYPTO_LRW 1511 select CRYPTO_XTS 1512 help 1513 Twofish cipher algorithm (x86_64/AVX). 1514 1515 Twofish was submitted as an AES (Advanced Encryption Standard) 1516 candidate cipher by researchers at CounterPane Systems. It is a 1517 16 round block cipher supporting key sizes of 128, 192, and 256 1518 bits. 1519 1520 This module provides the Twofish cipher algorithm that processes 1521 eight blocks parallel using the AVX Instruction Set. 1522 1523 See also: 1524 <http://www.schneier.com/twofish.html> 1525 1526comment "Compression" 1527 1528config CRYPTO_DEFLATE 1529 tristate "Deflate compression algorithm" 1530 select CRYPTO_ALGAPI 1531 select ZLIB_INFLATE 1532 select ZLIB_DEFLATE 1533 help 1534 This is the Deflate algorithm (RFC1951), specified for use in 1535 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1536 1537 You will most probably want this if using IPSec. 1538 1539config CRYPTO_ZLIB 1540 tristate "Zlib compression algorithm" 1541 select CRYPTO_PCOMP 1542 select ZLIB_INFLATE 1543 select ZLIB_DEFLATE 1544 select NLATTR 1545 help 1546 This is the zlib algorithm. 1547 1548config CRYPTO_LZO 1549 tristate "LZO compression algorithm" 1550 select CRYPTO_ALGAPI 1551 select LZO_COMPRESS 1552 select LZO_DECOMPRESS 1553 help 1554 This is the LZO algorithm. 1555 1556config CRYPTO_842 1557 tristate "842 compression algorithm" 1558 select CRYPTO_ALGAPI 1559 select 842_COMPRESS 1560 select 842_DECOMPRESS 1561 help 1562 This is the 842 algorithm. 1563 1564config CRYPTO_LZ4 1565 tristate "LZ4 compression algorithm" 1566 select CRYPTO_ALGAPI 1567 select LZ4_COMPRESS 1568 select LZ4_DECOMPRESS 1569 help 1570 This is the LZ4 algorithm. 1571 1572config CRYPTO_LZ4HC 1573 tristate "LZ4HC compression algorithm" 1574 select CRYPTO_ALGAPI 1575 select LZ4HC_COMPRESS 1576 select LZ4_DECOMPRESS 1577 help 1578 This is the LZ4 high compression mode algorithm. 1579 1580comment "Random Number Generation" 1581 1582config CRYPTO_ANSI_CPRNG 1583 tristate "Pseudo Random Number Generation for Cryptographic modules" 1584 select CRYPTO_AES 1585 select CRYPTO_RNG 1586 help 1587 This option enables the generic pseudo random number generator 1588 for cryptographic modules. Uses the Algorithm specified in 1589 ANSI X9.31 A.2.4. Note that this option must be enabled if 1590 CRYPTO_FIPS is selected 1591 1592menuconfig CRYPTO_DRBG_MENU 1593 tristate "NIST SP800-90A DRBG" 1594 help 1595 NIST SP800-90A compliant DRBG. In the following submenu, one or 1596 more of the DRBG types must be selected. 1597 1598if CRYPTO_DRBG_MENU 1599 1600config CRYPTO_DRBG_HMAC 1601 bool 1602 default y 1603 select CRYPTO_HMAC 1604 select CRYPTO_SHA256 1605 1606config CRYPTO_DRBG_HASH 1607 bool "Enable Hash DRBG" 1608 select CRYPTO_SHA256 1609 help 1610 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1611 1612config CRYPTO_DRBG_CTR 1613 bool "Enable CTR DRBG" 1614 select CRYPTO_AES 1615 help 1616 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1617 1618config CRYPTO_DRBG 1619 tristate 1620 default CRYPTO_DRBG_MENU 1621 select CRYPTO_RNG 1622 select CRYPTO_JITTERENTROPY 1623 1624endif # if CRYPTO_DRBG_MENU 1625 1626config CRYPTO_JITTERENTROPY 1627 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1628 help 1629 The Jitterentropy RNG is a noise that is intended 1630 to provide seed to another RNG. The RNG does not 1631 perform any cryptographic whitening of the generated 1632 random numbers. This Jitterentropy RNG registers with 1633 the kernel crypto API and can be used by any caller. 1634 1635config CRYPTO_USER_API 1636 tristate 1637 1638config CRYPTO_USER_API_HASH 1639 tristate "User-space interface for hash algorithms" 1640 depends on NET 1641 select CRYPTO_HASH 1642 select CRYPTO_USER_API 1643 help 1644 This option enables the user-spaces interface for hash 1645 algorithms. 1646 1647config CRYPTO_USER_API_SKCIPHER 1648 tristate "User-space interface for symmetric key cipher algorithms" 1649 depends on NET 1650 select CRYPTO_BLKCIPHER 1651 select CRYPTO_USER_API 1652 help 1653 This option enables the user-spaces interface for symmetric 1654 key cipher algorithms. 1655 1656config CRYPTO_USER_API_RNG 1657 tristate "User-space interface for random number generator algorithms" 1658 depends on NET 1659 select CRYPTO_RNG 1660 select CRYPTO_USER_API 1661 help 1662 This option enables the user-spaces interface for random 1663 number generator algorithms. 1664 1665config CRYPTO_USER_API_AEAD 1666 tristate "User-space interface for AEAD cipher algorithms" 1667 depends on NET 1668 select CRYPTO_AEAD 1669 select CRYPTO_USER_API 1670 help 1671 This option enables the user-spaces interface for AEAD 1672 cipher algorithms. 1673 1674config CRYPTO_HASH_INFO 1675 bool 1676 1677source "drivers/crypto/Kconfig" 1678source crypto/asymmetric_keys/Kconfig 1679source certs/Kconfig 1680 1681endif # if CRYPTO 1682