1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_RSA 117 tristate "RSA algorithm" 118 select CRYPTO_AKCIPHER 119 select CRYPTO_MANAGER 120 select MPILIB 121 select ASN1 122 help 123 Generic implementation of the RSA public key algorithm. 124 125config CRYPTO_DH 126 tristate "Diffie-Hellman algorithm" 127 select CRYPTO_KPP 128 select MPILIB 129 help 130 Generic implementation of the Diffie-Hellman algorithm. 131 132config CRYPTO_ECDH 133 tristate "ECDH algorithm" 134 select CRYPTO_KPP 135 select CRYPTO_RNG_DEFAULT 136 help 137 Generic implementation of the ECDH algorithm 138 139config CRYPTO_MANAGER 140 tristate "Cryptographic algorithm manager" 141 select CRYPTO_MANAGER2 142 help 143 Create default cryptographic template instantiations such as 144 cbc(aes). 145 146config CRYPTO_MANAGER2 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 148 select CRYPTO_AEAD2 149 select CRYPTO_HASH2 150 select CRYPTO_BLKCIPHER2 151 select CRYPTO_AKCIPHER2 152 select CRYPTO_KPP2 153 select CRYPTO_ACOMP2 154 155config CRYPTO_USER 156 tristate "Userspace cryptographic algorithm configuration" 157 depends on NET 158 select CRYPTO_MANAGER 159 help 160 Userspace configuration for cryptographic instantiations such as 161 cbc(aes). 162 163config CRYPTO_MANAGER_DISABLE_TESTS 164 bool "Disable run-time self tests" 165 default y 166 depends on CRYPTO_MANAGER2 167 help 168 Disable run-time self tests that normally take place at 169 algorithm registration. 170 171config CRYPTO_GF128MUL 172 tristate "GF(2^128) multiplication functions" 173 help 174 Efficient table driven implementation of multiplications in the 175 field GF(2^128). This is needed by some cypher modes. This 176 option will be selected automatically if you select such a 177 cipher mode. Only select this option by hand if you expect to load 178 an external module that requires these functions. 179 180config CRYPTO_NULL 181 tristate "Null algorithms" 182 select CRYPTO_NULL2 183 help 184 These are 'Null' algorithms, used by IPsec, which do nothing. 185 186config CRYPTO_NULL2 187 tristate 188 select CRYPTO_ALGAPI2 189 select CRYPTO_BLKCIPHER2 190 select CRYPTO_HASH2 191 192config CRYPTO_PCRYPT 193 tristate "Parallel crypto engine" 194 depends on SMP 195 select PADATA 196 select CRYPTO_MANAGER 197 select CRYPTO_AEAD 198 help 199 This converts an arbitrary crypto algorithm into a parallel 200 algorithm that executes in kernel threads. 201 202config CRYPTO_WORKQUEUE 203 tristate 204 205config CRYPTO_CRYPTD 206 tristate "Software async crypto daemon" 207 select CRYPTO_BLKCIPHER 208 select CRYPTO_HASH 209 select CRYPTO_MANAGER 210 select CRYPTO_WORKQUEUE 211 help 212 This is a generic software asynchronous crypto daemon that 213 converts an arbitrary synchronous software crypto algorithm 214 into an asynchronous algorithm that executes in a kernel thread. 215 216config CRYPTO_MCRYPTD 217 tristate "Software async multi-buffer crypto daemon" 218 select CRYPTO_BLKCIPHER 219 select CRYPTO_HASH 220 select CRYPTO_MANAGER 221 select CRYPTO_WORKQUEUE 222 help 223 This is a generic software asynchronous crypto daemon that 224 provides the kernel thread to assist multi-buffer crypto 225 algorithms for submitting jobs and flushing jobs in multi-buffer 226 crypto algorithms. Multi-buffer crypto algorithms are executed 227 in the context of this kernel thread and drivers can post 228 their crypto request asynchronously to be processed by this daemon. 229 230config CRYPTO_AUTHENC 231 tristate "Authenc support" 232 select CRYPTO_AEAD 233 select CRYPTO_BLKCIPHER 234 select CRYPTO_MANAGER 235 select CRYPTO_HASH 236 select CRYPTO_NULL 237 help 238 Authenc: Combined mode wrapper for IPsec. 239 This is required for IPSec. 240 241config CRYPTO_TEST 242 tristate "Testing module" 243 depends on m 244 select CRYPTO_MANAGER 245 help 246 Quick & dirty crypto test module. 247 248config CRYPTO_SIMD 249 tristate 250 select CRYPTO_CRYPTD 251 252config CRYPTO_GLUE_HELPER_X86 253 tristate 254 depends on X86 255 select CRYPTO_BLKCIPHER 256 257config CRYPTO_ENGINE 258 tristate 259 260comment "Authenticated Encryption with Associated Data" 261 262config CRYPTO_CCM 263 tristate "CCM support" 264 select CRYPTO_CTR 265 select CRYPTO_HASH 266 select CRYPTO_AEAD 267 help 268 Support for Counter with CBC MAC. Required for IPsec. 269 270config CRYPTO_GCM 271 tristate "GCM/GMAC support" 272 select CRYPTO_CTR 273 select CRYPTO_AEAD 274 select CRYPTO_GHASH 275 select CRYPTO_NULL 276 help 277 Support for Galois/Counter Mode (GCM) and Galois Message 278 Authentication Code (GMAC). Required for IPSec. 279 280config CRYPTO_CHACHA20POLY1305 281 tristate "ChaCha20-Poly1305 AEAD support" 282 select CRYPTO_CHACHA20 283 select CRYPTO_POLY1305 284 select CRYPTO_AEAD 285 help 286 ChaCha20-Poly1305 AEAD support, RFC7539. 287 288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 289 with the Poly1305 authenticator. It is defined in RFC7539 for use in 290 IETF protocols. 291 292config CRYPTO_AEGIS128 293 tristate "AEGIS-128 AEAD algorithm" 294 select CRYPTO_AEAD 295 select CRYPTO_AES # for AES S-box tables 296 help 297 Support for the AEGIS-128 dedicated AEAD algorithm. 298 299config CRYPTO_AEGIS128L 300 tristate "AEGIS-128L AEAD algorithm" 301 select CRYPTO_AEAD 302 select CRYPTO_AES # for AES S-box tables 303 help 304 Support for the AEGIS-128L dedicated AEAD algorithm. 305 306config CRYPTO_AEGIS256 307 tristate "AEGIS-256 AEAD algorithm" 308 select CRYPTO_AEAD 309 select CRYPTO_AES # for AES S-box tables 310 help 311 Support for the AEGIS-256 dedicated AEAD algorithm. 312 313config CRYPTO_AEGIS128_AESNI_SSE2 314 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 315 depends on X86 && 64BIT 316 select CRYPTO_AEAD 317 select CRYPTO_CRYPTD 318 help 319 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm. 320 321config CRYPTO_AEGIS128L_AESNI_SSE2 322 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 323 depends on X86 && 64BIT 324 select CRYPTO_AEAD 325 select CRYPTO_CRYPTD 326 help 327 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm. 328 329config CRYPTO_AEGIS256_AESNI_SSE2 330 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 331 depends on X86 && 64BIT 332 select CRYPTO_AEAD 333 select CRYPTO_CRYPTD 334 help 335 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm. 336 337config CRYPTO_MORUS640 338 tristate "MORUS-640 AEAD algorithm" 339 select CRYPTO_AEAD 340 help 341 Support for the MORUS-640 dedicated AEAD algorithm. 342 343config CRYPTO_MORUS640_GLUE 344 tristate 345 depends on X86 346 select CRYPTO_AEAD 347 select CRYPTO_CRYPTD 348 help 349 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD 350 algorithm. 351 352config CRYPTO_MORUS640_SSE2 353 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)" 354 depends on X86 && 64BIT 355 select CRYPTO_AEAD 356 select CRYPTO_MORUS640_GLUE 357 help 358 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm. 359 360config CRYPTO_MORUS1280 361 tristate "MORUS-1280 AEAD algorithm" 362 select CRYPTO_AEAD 363 help 364 Support for the MORUS-1280 dedicated AEAD algorithm. 365 366config CRYPTO_MORUS1280_GLUE 367 tristate 368 depends on X86 369 select CRYPTO_AEAD 370 select CRYPTO_CRYPTD 371 help 372 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD 373 algorithm. 374 375config CRYPTO_MORUS1280_SSE2 376 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)" 377 depends on X86 && 64BIT 378 select CRYPTO_AEAD 379 select CRYPTO_MORUS1280_GLUE 380 help 381 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD 382 algorithm. 383 384config CRYPTO_MORUS1280_AVX2 385 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)" 386 depends on X86 && 64BIT 387 select CRYPTO_AEAD 388 select CRYPTO_MORUS1280_GLUE 389 help 390 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD 391 algorithm. 392 393config CRYPTO_SEQIV 394 tristate "Sequence Number IV Generator" 395 select CRYPTO_AEAD 396 select CRYPTO_BLKCIPHER 397 select CRYPTO_NULL 398 select CRYPTO_RNG_DEFAULT 399 help 400 This IV generator generates an IV based on a sequence number by 401 xoring it with a salt. This algorithm is mainly useful for CTR 402 403config CRYPTO_ECHAINIV 404 tristate "Encrypted Chain IV Generator" 405 select CRYPTO_AEAD 406 select CRYPTO_NULL 407 select CRYPTO_RNG_DEFAULT 408 default m 409 help 410 This IV generator generates an IV based on the encryption of 411 a sequence number xored with a salt. This is the default 412 algorithm for CBC. 413 414comment "Block modes" 415 416config CRYPTO_CBC 417 tristate "CBC support" 418 select CRYPTO_BLKCIPHER 419 select CRYPTO_MANAGER 420 help 421 CBC: Cipher Block Chaining mode 422 This block cipher algorithm is required for IPSec. 423 424config CRYPTO_CFB 425 tristate "CFB support" 426 select CRYPTO_BLKCIPHER 427 select CRYPTO_MANAGER 428 help 429 CFB: Cipher FeedBack mode 430 This block cipher algorithm is required for TPM2 Cryptography. 431 432config CRYPTO_CTR 433 tristate "CTR support" 434 select CRYPTO_BLKCIPHER 435 select CRYPTO_SEQIV 436 select CRYPTO_MANAGER 437 help 438 CTR: Counter mode 439 This block cipher algorithm is required for IPSec. 440 441config CRYPTO_CTS 442 tristate "CTS support" 443 select CRYPTO_BLKCIPHER 444 help 445 CTS: Cipher Text Stealing 446 This is the Cipher Text Stealing mode as described by 447 Section 8 of rfc2040 and referenced by rfc3962. 448 (rfc3962 includes errata information in its Appendix A) 449 This mode is required for Kerberos gss mechanism support 450 for AES encryption. 451 452config CRYPTO_ECB 453 tristate "ECB support" 454 select CRYPTO_BLKCIPHER 455 select CRYPTO_MANAGER 456 help 457 ECB: Electronic CodeBook mode 458 This is the simplest block cipher algorithm. It simply encrypts 459 the input block by block. 460 461config CRYPTO_LRW 462 tristate "LRW support" 463 select CRYPTO_BLKCIPHER 464 select CRYPTO_MANAGER 465 select CRYPTO_GF128MUL 466 help 467 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 468 narrow block cipher mode for dm-crypt. Use it with cipher 469 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 470 The first 128, 192 or 256 bits in the key are used for AES and the 471 rest is used to tie each cipher block to its logical position. 472 473config CRYPTO_PCBC 474 tristate "PCBC support" 475 select CRYPTO_BLKCIPHER 476 select CRYPTO_MANAGER 477 help 478 PCBC: Propagating Cipher Block Chaining mode 479 This block cipher algorithm is required for RxRPC. 480 481config CRYPTO_XTS 482 tristate "XTS support" 483 select CRYPTO_BLKCIPHER 484 select CRYPTO_MANAGER 485 select CRYPTO_ECB 486 help 487 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 488 key size 256, 384 or 512 bits. This implementation currently 489 can't handle a sectorsize which is not a multiple of 16 bytes. 490 491config CRYPTO_KEYWRAP 492 tristate "Key wrapping support" 493 select CRYPTO_BLKCIPHER 494 help 495 Support for key wrapping (NIST SP800-38F / RFC3394) without 496 padding. 497 498comment "Hash modes" 499 500config CRYPTO_CMAC 501 tristate "CMAC support" 502 select CRYPTO_HASH 503 select CRYPTO_MANAGER 504 help 505 Cipher-based Message Authentication Code (CMAC) specified by 506 The National Institute of Standards and Technology (NIST). 507 508 https://tools.ietf.org/html/rfc4493 509 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 510 511config CRYPTO_HMAC 512 tristate "HMAC support" 513 select CRYPTO_HASH 514 select CRYPTO_MANAGER 515 help 516 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 517 This is required for IPSec. 518 519config CRYPTO_XCBC 520 tristate "XCBC support" 521 select CRYPTO_HASH 522 select CRYPTO_MANAGER 523 help 524 XCBC: Keyed-Hashing with encryption algorithm 525 http://www.ietf.org/rfc/rfc3566.txt 526 http://csrc.nist.gov/encryption/modes/proposedmodes/ 527 xcbc-mac/xcbc-mac-spec.pdf 528 529config CRYPTO_VMAC 530 tristate "VMAC support" 531 select CRYPTO_HASH 532 select CRYPTO_MANAGER 533 help 534 VMAC is a message authentication algorithm designed for 535 very high speed on 64-bit architectures. 536 537 See also: 538 <http://fastcrypto.org/vmac> 539 540comment "Digest" 541 542config CRYPTO_CRC32C 543 tristate "CRC32c CRC algorithm" 544 select CRYPTO_HASH 545 select CRC32 546 help 547 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 548 by iSCSI for header and data digests and by others. 549 See Castagnoli93. Module will be crc32c. 550 551config CRYPTO_CRC32C_INTEL 552 tristate "CRC32c INTEL hardware acceleration" 553 depends on X86 554 select CRYPTO_HASH 555 help 556 In Intel processor with SSE4.2 supported, the processor will 557 support CRC32C implementation using hardware accelerated CRC32 558 instruction. This option will create 'crc32c-intel' module, 559 which will enable any routine to use the CRC32 instruction to 560 gain performance compared with software implementation. 561 Module will be crc32c-intel. 562 563config CRYPTO_CRC32C_VPMSUM 564 tristate "CRC32c CRC algorithm (powerpc64)" 565 depends on PPC64 && ALTIVEC 566 select CRYPTO_HASH 567 select CRC32 568 help 569 CRC32c algorithm implemented using vector polynomial multiply-sum 570 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 571 and newer processors for improved performance. 572 573 574config CRYPTO_CRC32C_SPARC64 575 tristate "CRC32c CRC algorithm (SPARC64)" 576 depends on SPARC64 577 select CRYPTO_HASH 578 select CRC32 579 help 580 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 581 when available. 582 583config CRYPTO_CRC32 584 tristate "CRC32 CRC algorithm" 585 select CRYPTO_HASH 586 select CRC32 587 help 588 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 589 Shash crypto api wrappers to crc32_le function. 590 591config CRYPTO_CRC32_PCLMUL 592 tristate "CRC32 PCLMULQDQ hardware acceleration" 593 depends on X86 594 select CRYPTO_HASH 595 select CRC32 596 help 597 From Intel Westmere and AMD Bulldozer processor with SSE4.2 598 and PCLMULQDQ supported, the processor will support 599 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 600 instruction. This option will create 'crc32-plcmul' module, 601 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 602 and gain better performance as compared with the table implementation. 603 604config CRYPTO_CRC32_MIPS 605 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 606 depends on MIPS_CRC_SUPPORT 607 select CRYPTO_HASH 608 help 609 CRC32c and CRC32 CRC algorithms implemented using mips crypto 610 instructions, when available. 611 612 613config CRYPTO_CRCT10DIF 614 tristate "CRCT10DIF algorithm" 615 select CRYPTO_HASH 616 help 617 CRC T10 Data Integrity Field computation is being cast as 618 a crypto transform. This allows for faster crc t10 diff 619 transforms to be used if they are available. 620 621config CRYPTO_CRCT10DIF_PCLMUL 622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 623 depends on X86 && 64BIT && CRC_T10DIF 624 select CRYPTO_HASH 625 help 626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 627 CRC T10 DIF PCLMULQDQ computation can be hardware 628 accelerated PCLMULQDQ instruction. This option will create 629 'crct10dif-plcmul' module, which is faster when computing the 630 crct10dif checksum as compared with the generic table implementation. 631 632config CRYPTO_CRCT10DIF_VPMSUM 633 tristate "CRC32T10DIF powerpc64 hardware acceleration" 634 depends on PPC64 && ALTIVEC && CRC_T10DIF 635 select CRYPTO_HASH 636 help 637 CRC10T10DIF algorithm implemented using vector polynomial 638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 639 POWER8 and newer processors for improved performance. 640 641config CRYPTO_VPMSUM_TESTER 642 tristate "Powerpc64 vpmsum hardware acceleration tester" 643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 644 help 645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 646 POWER8 vpmsum instructions. 647 Unless you are testing these algorithms, you don't need this. 648 649config CRYPTO_GHASH 650 tristate "GHASH digest algorithm" 651 select CRYPTO_GF128MUL 652 select CRYPTO_HASH 653 help 654 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 655 656config CRYPTO_POLY1305 657 tristate "Poly1305 authenticator algorithm" 658 select CRYPTO_HASH 659 help 660 Poly1305 authenticator algorithm, RFC7539. 661 662 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 663 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 664 in IETF protocols. This is the portable C implementation of Poly1305. 665 666config CRYPTO_POLY1305_X86_64 667 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 668 depends on X86 && 64BIT 669 select CRYPTO_POLY1305 670 help 671 Poly1305 authenticator algorithm, RFC7539. 672 673 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 674 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 675 in IETF protocols. This is the x86_64 assembler implementation using SIMD 676 instructions. 677 678config CRYPTO_MD4 679 tristate "MD4 digest algorithm" 680 select CRYPTO_HASH 681 help 682 MD4 message digest algorithm (RFC1320). 683 684config CRYPTO_MD5 685 tristate "MD5 digest algorithm" 686 select CRYPTO_HASH 687 help 688 MD5 message digest algorithm (RFC1321). 689 690config CRYPTO_MD5_OCTEON 691 tristate "MD5 digest algorithm (OCTEON)" 692 depends on CPU_CAVIUM_OCTEON 693 select CRYPTO_MD5 694 select CRYPTO_HASH 695 help 696 MD5 message digest algorithm (RFC1321) implemented 697 using OCTEON crypto instructions, when available. 698 699config CRYPTO_MD5_PPC 700 tristate "MD5 digest algorithm (PPC)" 701 depends on PPC 702 select CRYPTO_HASH 703 help 704 MD5 message digest algorithm (RFC1321) implemented 705 in PPC assembler. 706 707config CRYPTO_MD5_SPARC64 708 tristate "MD5 digest algorithm (SPARC64)" 709 depends on SPARC64 710 select CRYPTO_MD5 711 select CRYPTO_HASH 712 help 713 MD5 message digest algorithm (RFC1321) implemented 714 using sparc64 crypto instructions, when available. 715 716config CRYPTO_MICHAEL_MIC 717 tristate "Michael MIC keyed digest algorithm" 718 select CRYPTO_HASH 719 help 720 Michael MIC is used for message integrity protection in TKIP 721 (IEEE 802.11i). This algorithm is required for TKIP, but it 722 should not be used for other purposes because of the weakness 723 of the algorithm. 724 725config CRYPTO_RMD128 726 tristate "RIPEMD-128 digest algorithm" 727 select CRYPTO_HASH 728 help 729 RIPEMD-128 (ISO/IEC 10118-3:2004). 730 731 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 732 be used as a secure replacement for RIPEMD. For other use cases, 733 RIPEMD-160 should be used. 734 735 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 736 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 737 738config CRYPTO_RMD160 739 tristate "RIPEMD-160 digest algorithm" 740 select CRYPTO_HASH 741 help 742 RIPEMD-160 (ISO/IEC 10118-3:2004). 743 744 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 745 to be used as a secure replacement for the 128-bit hash functions 746 MD4, MD5 and it's predecessor RIPEMD 747 (not to be confused with RIPEMD-128). 748 749 It's speed is comparable to SHA1 and there are no known attacks 750 against RIPEMD-160. 751 752 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 753 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 754 755config CRYPTO_RMD256 756 tristate "RIPEMD-256 digest algorithm" 757 select CRYPTO_HASH 758 help 759 RIPEMD-256 is an optional extension of RIPEMD-128 with a 760 256 bit hash. It is intended for applications that require 761 longer hash-results, without needing a larger security level 762 (than RIPEMD-128). 763 764 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 765 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 766 767config CRYPTO_RMD320 768 tristate "RIPEMD-320 digest algorithm" 769 select CRYPTO_HASH 770 help 771 RIPEMD-320 is an optional extension of RIPEMD-160 with a 772 320 bit hash. It is intended for applications that require 773 longer hash-results, without needing a larger security level 774 (than RIPEMD-160). 775 776 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 777 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 778 779config CRYPTO_SHA1 780 tristate "SHA1 digest algorithm" 781 select CRYPTO_HASH 782 help 783 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 784 785config CRYPTO_SHA1_SSSE3 786 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 787 depends on X86 && 64BIT 788 select CRYPTO_SHA1 789 select CRYPTO_HASH 790 help 791 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 792 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 793 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 794 when available. 795 796config CRYPTO_SHA256_SSSE3 797 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 798 depends on X86 && 64BIT 799 select CRYPTO_SHA256 800 select CRYPTO_HASH 801 help 802 SHA-256 secure hash standard (DFIPS 180-2) implemented 803 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 804 Extensions version 1 (AVX1), or Advanced Vector Extensions 805 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 806 Instructions) when available. 807 808config CRYPTO_SHA512_SSSE3 809 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 810 depends on X86 && 64BIT 811 select CRYPTO_SHA512 812 select CRYPTO_HASH 813 help 814 SHA-512 secure hash standard (DFIPS 180-2) implemented 815 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 816 Extensions version 1 (AVX1), or Advanced Vector Extensions 817 version 2 (AVX2) instructions, when available. 818 819config CRYPTO_SHA1_OCTEON 820 tristate "SHA1 digest algorithm (OCTEON)" 821 depends on CPU_CAVIUM_OCTEON 822 select CRYPTO_SHA1 823 select CRYPTO_HASH 824 help 825 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 826 using OCTEON crypto instructions, when available. 827 828config CRYPTO_SHA1_SPARC64 829 tristate "SHA1 digest algorithm (SPARC64)" 830 depends on SPARC64 831 select CRYPTO_SHA1 832 select CRYPTO_HASH 833 help 834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 835 using sparc64 crypto instructions, when available. 836 837config CRYPTO_SHA1_PPC 838 tristate "SHA1 digest algorithm (powerpc)" 839 depends on PPC 840 help 841 This is the powerpc hardware accelerated implementation of the 842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 843 844config CRYPTO_SHA1_PPC_SPE 845 tristate "SHA1 digest algorithm (PPC SPE)" 846 depends on PPC && SPE 847 help 848 SHA-1 secure hash standard (DFIPS 180-4) implemented 849 using powerpc SPE SIMD instruction set. 850 851config CRYPTO_SHA1_MB 852 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)" 853 depends on X86 && 64BIT 854 select CRYPTO_SHA1 855 select CRYPTO_HASH 856 select CRYPTO_MCRYPTD 857 help 858 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 859 using multi-buffer technique. This algorithm computes on 860 multiple data lanes concurrently with SIMD instructions for 861 better throughput. It should not be enabled by default but 862 used when there is significant amount of work to keep the keep 863 the data lanes filled to get performance benefit. If the data 864 lanes remain unfilled, a flush operation will be initiated to 865 process the crypto jobs, adding a slight latency. 866 867config CRYPTO_SHA256_MB 868 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)" 869 depends on X86 && 64BIT 870 select CRYPTO_SHA256 871 select CRYPTO_HASH 872 select CRYPTO_MCRYPTD 873 help 874 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 875 using multi-buffer technique. This algorithm computes on 876 multiple data lanes concurrently with SIMD instructions for 877 better throughput. It should not be enabled by default but 878 used when there is significant amount of work to keep the keep 879 the data lanes filled to get performance benefit. If the data 880 lanes remain unfilled, a flush operation will be initiated to 881 process the crypto jobs, adding a slight latency. 882 883config CRYPTO_SHA512_MB 884 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)" 885 depends on X86 && 64BIT 886 select CRYPTO_SHA512 887 select CRYPTO_HASH 888 select CRYPTO_MCRYPTD 889 help 890 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 891 using multi-buffer technique. This algorithm computes on 892 multiple data lanes concurrently with SIMD instructions for 893 better throughput. It should not be enabled by default but 894 used when there is significant amount of work to keep the keep 895 the data lanes filled to get performance benefit. If the data 896 lanes remain unfilled, a flush operation will be initiated to 897 process the crypto jobs, adding a slight latency. 898 899config CRYPTO_SHA256 900 tristate "SHA224 and SHA256 digest algorithm" 901 select CRYPTO_HASH 902 help 903 SHA256 secure hash standard (DFIPS 180-2). 904 905 This version of SHA implements a 256 bit hash with 128 bits of 906 security against collision attacks. 907 908 This code also includes SHA-224, a 224 bit hash with 112 bits 909 of security against collision attacks. 910 911config CRYPTO_SHA256_PPC_SPE 912 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 913 depends on PPC && SPE 914 select CRYPTO_SHA256 915 select CRYPTO_HASH 916 help 917 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 918 implemented using powerpc SPE SIMD instruction set. 919 920config CRYPTO_SHA256_OCTEON 921 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 922 depends on CPU_CAVIUM_OCTEON 923 select CRYPTO_SHA256 924 select CRYPTO_HASH 925 help 926 SHA-256 secure hash standard (DFIPS 180-2) implemented 927 using OCTEON crypto instructions, when available. 928 929config CRYPTO_SHA256_SPARC64 930 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 931 depends on SPARC64 932 select CRYPTO_SHA256 933 select CRYPTO_HASH 934 help 935 SHA-256 secure hash standard (DFIPS 180-2) implemented 936 using sparc64 crypto instructions, when available. 937 938config CRYPTO_SHA512 939 tristate "SHA384 and SHA512 digest algorithms" 940 select CRYPTO_HASH 941 help 942 SHA512 secure hash standard (DFIPS 180-2). 943 944 This version of SHA implements a 512 bit hash with 256 bits of 945 security against collision attacks. 946 947 This code also includes SHA-384, a 384 bit hash with 192 bits 948 of security against collision attacks. 949 950config CRYPTO_SHA512_OCTEON 951 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 952 depends on CPU_CAVIUM_OCTEON 953 select CRYPTO_SHA512 954 select CRYPTO_HASH 955 help 956 SHA-512 secure hash standard (DFIPS 180-2) implemented 957 using OCTEON crypto instructions, when available. 958 959config CRYPTO_SHA512_SPARC64 960 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 961 depends on SPARC64 962 select CRYPTO_SHA512 963 select CRYPTO_HASH 964 help 965 SHA-512 secure hash standard (DFIPS 180-2) implemented 966 using sparc64 crypto instructions, when available. 967 968config CRYPTO_SHA3 969 tristate "SHA3 digest algorithm" 970 select CRYPTO_HASH 971 help 972 SHA-3 secure hash standard (DFIPS 202). It's based on 973 cryptographic sponge function family called Keccak. 974 975 References: 976 http://keccak.noekeon.org/ 977 978config CRYPTO_SM3 979 tristate "SM3 digest algorithm" 980 select CRYPTO_HASH 981 help 982 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 983 It is part of the Chinese Commercial Cryptography suite. 984 985 References: 986 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 987 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 988 989config CRYPTO_TGR192 990 tristate "Tiger digest algorithms" 991 select CRYPTO_HASH 992 help 993 Tiger hash algorithm 192, 160 and 128-bit hashes 994 995 Tiger is a hash function optimized for 64-bit processors while 996 still having decent performance on 32-bit processors. 997 Tiger was developed by Ross Anderson and Eli Biham. 998 999 See also: 1000 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1001 1002config CRYPTO_WP512 1003 tristate "Whirlpool digest algorithms" 1004 select CRYPTO_HASH 1005 help 1006 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1007 1008 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1009 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1010 1011 See also: 1012 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1013 1014config CRYPTO_GHASH_CLMUL_NI_INTEL 1015 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 1016 depends on X86 && 64BIT 1017 select CRYPTO_CRYPTD 1018 help 1019 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 1020 The implementation is accelerated by CLMUL-NI of Intel. 1021 1022comment "Ciphers" 1023 1024config CRYPTO_AES 1025 tristate "AES cipher algorithms" 1026 select CRYPTO_ALGAPI 1027 help 1028 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1029 algorithm. 1030 1031 Rijndael appears to be consistently a very good performer in 1032 both hardware and software across a wide range of computing 1033 environments regardless of its use in feedback or non-feedback 1034 modes. Its key setup time is excellent, and its key agility is 1035 good. Rijndael's very low memory requirements make it very well 1036 suited for restricted-space environments, in which it also 1037 demonstrates excellent performance. Rijndael's operations are 1038 among the easiest to defend against power and timing attacks. 1039 1040 The AES specifies three key sizes: 128, 192 and 256 bits 1041 1042 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1043 1044config CRYPTO_AES_TI 1045 tristate "Fixed time AES cipher" 1046 select CRYPTO_ALGAPI 1047 help 1048 This is a generic implementation of AES that attempts to eliminate 1049 data dependent latencies as much as possible without affecting 1050 performance too much. It is intended for use by the generic CCM 1051 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1052 solely on encryption (although decryption is supported as well, but 1053 with a more dramatic performance hit) 1054 1055 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1056 8 for decryption), this implementation only uses just two S-boxes of 1057 256 bytes each, and attempts to eliminate data dependent latencies by 1058 prefetching the entire table into the cache at the start of each 1059 block. Interrupts are also disabled to avoid races where cachelines 1060 are evicted when the CPU is interrupted to do something else. 1061 1062config CRYPTO_AES_586 1063 tristate "AES cipher algorithms (i586)" 1064 depends on (X86 || UML_X86) && !64BIT 1065 select CRYPTO_ALGAPI 1066 select CRYPTO_AES 1067 help 1068 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1069 algorithm. 1070 1071 Rijndael appears to be consistently a very good performer in 1072 both hardware and software across a wide range of computing 1073 environments regardless of its use in feedback or non-feedback 1074 modes. Its key setup time is excellent, and its key agility is 1075 good. Rijndael's very low memory requirements make it very well 1076 suited for restricted-space environments, in which it also 1077 demonstrates excellent performance. Rijndael's operations are 1078 among the easiest to defend against power and timing attacks. 1079 1080 The AES specifies three key sizes: 128, 192 and 256 bits 1081 1082 See <http://csrc.nist.gov/encryption/aes/> for more information. 1083 1084config CRYPTO_AES_X86_64 1085 tristate "AES cipher algorithms (x86_64)" 1086 depends on (X86 || UML_X86) && 64BIT 1087 select CRYPTO_ALGAPI 1088 select CRYPTO_AES 1089 help 1090 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1091 algorithm. 1092 1093 Rijndael appears to be consistently a very good performer in 1094 both hardware and software across a wide range of computing 1095 environments regardless of its use in feedback or non-feedback 1096 modes. Its key setup time is excellent, and its key agility is 1097 good. Rijndael's very low memory requirements make it very well 1098 suited for restricted-space environments, in which it also 1099 demonstrates excellent performance. Rijndael's operations are 1100 among the easiest to defend against power and timing attacks. 1101 1102 The AES specifies three key sizes: 128, 192 and 256 bits 1103 1104 See <http://csrc.nist.gov/encryption/aes/> for more information. 1105 1106config CRYPTO_AES_NI_INTEL 1107 tristate "AES cipher algorithms (AES-NI)" 1108 depends on X86 1109 select CRYPTO_AEAD 1110 select CRYPTO_AES_X86_64 if 64BIT 1111 select CRYPTO_AES_586 if !64BIT 1112 select CRYPTO_ALGAPI 1113 select CRYPTO_BLKCIPHER 1114 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1115 select CRYPTO_SIMD 1116 help 1117 Use Intel AES-NI instructions for AES algorithm. 1118 1119 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1120 algorithm. 1121 1122 Rijndael appears to be consistently a very good performer in 1123 both hardware and software across a wide range of computing 1124 environments regardless of its use in feedback or non-feedback 1125 modes. Its key setup time is excellent, and its key agility is 1126 good. Rijndael's very low memory requirements make it very well 1127 suited for restricted-space environments, in which it also 1128 demonstrates excellent performance. Rijndael's operations are 1129 among the easiest to defend against power and timing attacks. 1130 1131 The AES specifies three key sizes: 128, 192 and 256 bits 1132 1133 See <http://csrc.nist.gov/encryption/aes/> for more information. 1134 1135 In addition to AES cipher algorithm support, the acceleration 1136 for some popular block cipher mode is supported too, including 1137 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 1138 acceleration for CTR. 1139 1140config CRYPTO_AES_SPARC64 1141 tristate "AES cipher algorithms (SPARC64)" 1142 depends on SPARC64 1143 select CRYPTO_CRYPTD 1144 select CRYPTO_ALGAPI 1145 help 1146 Use SPARC64 crypto opcodes for AES algorithm. 1147 1148 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1149 algorithm. 1150 1151 Rijndael appears to be consistently a very good performer in 1152 both hardware and software across a wide range of computing 1153 environments regardless of its use in feedback or non-feedback 1154 modes. Its key setup time is excellent, and its key agility is 1155 good. Rijndael's very low memory requirements make it very well 1156 suited for restricted-space environments, in which it also 1157 demonstrates excellent performance. Rijndael's operations are 1158 among the easiest to defend against power and timing attacks. 1159 1160 The AES specifies three key sizes: 128, 192 and 256 bits 1161 1162 See <http://csrc.nist.gov/encryption/aes/> for more information. 1163 1164 In addition to AES cipher algorithm support, the acceleration 1165 for some popular block cipher mode is supported too, including 1166 ECB and CBC. 1167 1168config CRYPTO_AES_PPC_SPE 1169 tristate "AES cipher algorithms (PPC SPE)" 1170 depends on PPC && SPE 1171 help 1172 AES cipher algorithms (FIPS-197). Additionally the acceleration 1173 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1174 This module should only be used for low power (router) devices 1175 without hardware AES acceleration (e.g. caam crypto). It reduces the 1176 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1177 timining attacks. Nevertheless it might be not as secure as other 1178 architecture specific assembler implementations that work on 1KB 1179 tables or 256 bytes S-boxes. 1180 1181config CRYPTO_ANUBIS 1182 tristate "Anubis cipher algorithm" 1183 select CRYPTO_ALGAPI 1184 help 1185 Anubis cipher algorithm. 1186 1187 Anubis is a variable key length cipher which can use keys from 1188 128 bits to 320 bits in length. It was evaluated as a entrant 1189 in the NESSIE competition. 1190 1191 See also: 1192 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1193 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1194 1195config CRYPTO_ARC4 1196 tristate "ARC4 cipher algorithm" 1197 select CRYPTO_BLKCIPHER 1198 help 1199 ARC4 cipher algorithm. 1200 1201 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1202 bits in length. This algorithm is required for driver-based 1203 WEP, but it should not be for other purposes because of the 1204 weakness of the algorithm. 1205 1206config CRYPTO_BLOWFISH 1207 tristate "Blowfish cipher algorithm" 1208 select CRYPTO_ALGAPI 1209 select CRYPTO_BLOWFISH_COMMON 1210 help 1211 Blowfish cipher algorithm, by Bruce Schneier. 1212 1213 This is a variable key length cipher which can use keys from 32 1214 bits to 448 bits in length. It's fast, simple and specifically 1215 designed for use on "large microprocessors". 1216 1217 See also: 1218 <http://www.schneier.com/blowfish.html> 1219 1220config CRYPTO_BLOWFISH_COMMON 1221 tristate 1222 help 1223 Common parts of the Blowfish cipher algorithm shared by the 1224 generic c and the assembler implementations. 1225 1226 See also: 1227 <http://www.schneier.com/blowfish.html> 1228 1229config CRYPTO_BLOWFISH_X86_64 1230 tristate "Blowfish cipher algorithm (x86_64)" 1231 depends on X86 && 64BIT 1232 select CRYPTO_BLKCIPHER 1233 select CRYPTO_BLOWFISH_COMMON 1234 help 1235 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1236 1237 This is a variable key length cipher which can use keys from 32 1238 bits to 448 bits in length. It's fast, simple and specifically 1239 designed for use on "large microprocessors". 1240 1241 See also: 1242 <http://www.schneier.com/blowfish.html> 1243 1244config CRYPTO_CAMELLIA 1245 tristate "Camellia cipher algorithms" 1246 depends on CRYPTO 1247 select CRYPTO_ALGAPI 1248 help 1249 Camellia cipher algorithms module. 1250 1251 Camellia is a symmetric key block cipher developed jointly 1252 at NTT and Mitsubishi Electric Corporation. 1253 1254 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1255 1256 See also: 1257 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1258 1259config CRYPTO_CAMELLIA_X86_64 1260 tristate "Camellia cipher algorithm (x86_64)" 1261 depends on X86 && 64BIT 1262 depends on CRYPTO 1263 select CRYPTO_BLKCIPHER 1264 select CRYPTO_GLUE_HELPER_X86 1265 help 1266 Camellia cipher algorithm module (x86_64). 1267 1268 Camellia is a symmetric key block cipher developed jointly 1269 at NTT and Mitsubishi Electric Corporation. 1270 1271 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1272 1273 See also: 1274 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1275 1276config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1277 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1278 depends on X86 && 64BIT 1279 depends on CRYPTO 1280 select CRYPTO_BLKCIPHER 1281 select CRYPTO_CAMELLIA_X86_64 1282 select CRYPTO_GLUE_HELPER_X86 1283 select CRYPTO_SIMD 1284 select CRYPTO_XTS 1285 help 1286 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1287 1288 Camellia is a symmetric key block cipher developed jointly 1289 at NTT and Mitsubishi Electric Corporation. 1290 1291 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1292 1293 See also: 1294 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1295 1296config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1297 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1298 depends on X86 && 64BIT 1299 depends on CRYPTO 1300 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1301 help 1302 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1303 1304 Camellia is a symmetric key block cipher developed jointly 1305 at NTT and Mitsubishi Electric Corporation. 1306 1307 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1308 1309 See also: 1310 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1311 1312config CRYPTO_CAMELLIA_SPARC64 1313 tristate "Camellia cipher algorithm (SPARC64)" 1314 depends on SPARC64 1315 depends on CRYPTO 1316 select CRYPTO_ALGAPI 1317 help 1318 Camellia cipher algorithm module (SPARC64). 1319 1320 Camellia is a symmetric key block cipher developed jointly 1321 at NTT and Mitsubishi Electric Corporation. 1322 1323 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1324 1325 See also: 1326 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1327 1328config CRYPTO_CAST_COMMON 1329 tristate 1330 help 1331 Common parts of the CAST cipher algorithms shared by the 1332 generic c and the assembler implementations. 1333 1334config CRYPTO_CAST5 1335 tristate "CAST5 (CAST-128) cipher algorithm" 1336 select CRYPTO_ALGAPI 1337 select CRYPTO_CAST_COMMON 1338 help 1339 The CAST5 encryption algorithm (synonymous with CAST-128) is 1340 described in RFC2144. 1341 1342config CRYPTO_CAST5_AVX_X86_64 1343 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1344 depends on X86 && 64BIT 1345 select CRYPTO_BLKCIPHER 1346 select CRYPTO_CAST5 1347 select CRYPTO_CAST_COMMON 1348 select CRYPTO_SIMD 1349 help 1350 The CAST5 encryption algorithm (synonymous with CAST-128) is 1351 described in RFC2144. 1352 1353 This module provides the Cast5 cipher algorithm that processes 1354 sixteen blocks parallel using the AVX instruction set. 1355 1356config CRYPTO_CAST6 1357 tristate "CAST6 (CAST-256) cipher algorithm" 1358 select CRYPTO_ALGAPI 1359 select CRYPTO_CAST_COMMON 1360 help 1361 The CAST6 encryption algorithm (synonymous with CAST-256) is 1362 described in RFC2612. 1363 1364config CRYPTO_CAST6_AVX_X86_64 1365 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1366 depends on X86 && 64BIT 1367 select CRYPTO_BLKCIPHER 1368 select CRYPTO_CAST6 1369 select CRYPTO_CAST_COMMON 1370 select CRYPTO_GLUE_HELPER_X86 1371 select CRYPTO_SIMD 1372 select CRYPTO_XTS 1373 help 1374 The CAST6 encryption algorithm (synonymous with CAST-256) is 1375 described in RFC2612. 1376 1377 This module provides the Cast6 cipher algorithm that processes 1378 eight blocks parallel using the AVX instruction set. 1379 1380config CRYPTO_DES 1381 tristate "DES and Triple DES EDE cipher algorithms" 1382 select CRYPTO_ALGAPI 1383 help 1384 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1385 1386config CRYPTO_DES_SPARC64 1387 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1388 depends on SPARC64 1389 select CRYPTO_ALGAPI 1390 select CRYPTO_DES 1391 help 1392 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1393 optimized using SPARC64 crypto opcodes. 1394 1395config CRYPTO_DES3_EDE_X86_64 1396 tristate "Triple DES EDE cipher algorithm (x86-64)" 1397 depends on X86 && 64BIT 1398 select CRYPTO_BLKCIPHER 1399 select CRYPTO_DES 1400 help 1401 Triple DES EDE (FIPS 46-3) algorithm. 1402 1403 This module provides implementation of the Triple DES EDE cipher 1404 algorithm that is optimized for x86-64 processors. Two versions of 1405 algorithm are provided; regular processing one input block and 1406 one that processes three blocks parallel. 1407 1408config CRYPTO_FCRYPT 1409 tristate "FCrypt cipher algorithm" 1410 select CRYPTO_ALGAPI 1411 select CRYPTO_BLKCIPHER 1412 help 1413 FCrypt algorithm used by RxRPC. 1414 1415config CRYPTO_KHAZAD 1416 tristate "Khazad cipher algorithm" 1417 select CRYPTO_ALGAPI 1418 help 1419 Khazad cipher algorithm. 1420 1421 Khazad was a finalist in the initial NESSIE competition. It is 1422 an algorithm optimized for 64-bit processors with good performance 1423 on 32-bit processors. Khazad uses an 128 bit key size. 1424 1425 See also: 1426 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1427 1428config CRYPTO_SALSA20 1429 tristate "Salsa20 stream cipher algorithm" 1430 select CRYPTO_BLKCIPHER 1431 help 1432 Salsa20 stream cipher algorithm. 1433 1434 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1435 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1436 1437 The Salsa20 stream cipher algorithm is designed by Daniel J. 1438 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1439 1440config CRYPTO_CHACHA20 1441 tristate "ChaCha20 cipher algorithm" 1442 select CRYPTO_BLKCIPHER 1443 help 1444 ChaCha20 cipher algorithm, RFC7539. 1445 1446 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1447 Bernstein and further specified in RFC7539 for use in IETF protocols. 1448 This is the portable C implementation of ChaCha20. 1449 1450 See also: 1451 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1452 1453config CRYPTO_CHACHA20_X86_64 1454 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)" 1455 depends on X86 && 64BIT 1456 select CRYPTO_BLKCIPHER 1457 select CRYPTO_CHACHA20 1458 help 1459 ChaCha20 cipher algorithm, RFC7539. 1460 1461 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1462 Bernstein and further specified in RFC7539 for use in IETF protocols. 1463 This is the x86_64 assembler implementation using SIMD instructions. 1464 1465 See also: 1466 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1467 1468config CRYPTO_SEED 1469 tristate "SEED cipher algorithm" 1470 select CRYPTO_ALGAPI 1471 help 1472 SEED cipher algorithm (RFC4269). 1473 1474 SEED is a 128-bit symmetric key block cipher that has been 1475 developed by KISA (Korea Information Security Agency) as a 1476 national standard encryption algorithm of the Republic of Korea. 1477 It is a 16 round block cipher with the key size of 128 bit. 1478 1479 See also: 1480 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1481 1482config CRYPTO_SERPENT 1483 tristate "Serpent cipher algorithm" 1484 select CRYPTO_ALGAPI 1485 help 1486 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1487 1488 Keys are allowed to be from 0 to 256 bits in length, in steps 1489 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1490 variant of Serpent for compatibility with old kerneli.org code. 1491 1492 See also: 1493 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1494 1495config CRYPTO_SERPENT_SSE2_X86_64 1496 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1497 depends on X86 && 64BIT 1498 select CRYPTO_BLKCIPHER 1499 select CRYPTO_GLUE_HELPER_X86 1500 select CRYPTO_SERPENT 1501 select CRYPTO_SIMD 1502 help 1503 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1504 1505 Keys are allowed to be from 0 to 256 bits in length, in steps 1506 of 8 bits. 1507 1508 This module provides Serpent cipher algorithm that processes eight 1509 blocks parallel using SSE2 instruction set. 1510 1511 See also: 1512 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1513 1514config CRYPTO_SERPENT_SSE2_586 1515 tristate "Serpent cipher algorithm (i586/SSE2)" 1516 depends on X86 && !64BIT 1517 select CRYPTO_BLKCIPHER 1518 select CRYPTO_GLUE_HELPER_X86 1519 select CRYPTO_SERPENT 1520 select CRYPTO_SIMD 1521 help 1522 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1523 1524 Keys are allowed to be from 0 to 256 bits in length, in steps 1525 of 8 bits. 1526 1527 This module provides Serpent cipher algorithm that processes four 1528 blocks parallel using SSE2 instruction set. 1529 1530 See also: 1531 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1532 1533config CRYPTO_SERPENT_AVX_X86_64 1534 tristate "Serpent cipher algorithm (x86_64/AVX)" 1535 depends on X86 && 64BIT 1536 select CRYPTO_BLKCIPHER 1537 select CRYPTO_GLUE_HELPER_X86 1538 select CRYPTO_SERPENT 1539 select CRYPTO_SIMD 1540 select CRYPTO_XTS 1541 help 1542 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1543 1544 Keys are allowed to be from 0 to 256 bits in length, in steps 1545 of 8 bits. 1546 1547 This module provides the Serpent cipher algorithm that processes 1548 eight blocks parallel using the AVX instruction set. 1549 1550 See also: 1551 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1552 1553config CRYPTO_SERPENT_AVX2_X86_64 1554 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1555 depends on X86 && 64BIT 1556 select CRYPTO_SERPENT_AVX_X86_64 1557 help 1558 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1559 1560 Keys are allowed to be from 0 to 256 bits in length, in steps 1561 of 8 bits. 1562 1563 This module provides Serpent cipher algorithm that processes 16 1564 blocks parallel using AVX2 instruction set. 1565 1566 See also: 1567 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1568 1569config CRYPTO_SM4 1570 tristate "SM4 cipher algorithm" 1571 select CRYPTO_ALGAPI 1572 help 1573 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1574 1575 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1576 Organization of State Commercial Administration of China (OSCCA) 1577 as an authorized cryptographic algorithms for the use within China. 1578 1579 SMS4 was originally created for use in protecting wireless 1580 networks, and is mandated in the Chinese National Standard for 1581 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1582 (GB.15629.11-2003). 1583 1584 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1585 standardized through TC 260 of the Standardization Administration 1586 of the People's Republic of China (SAC). 1587 1588 The input, output, and key of SMS4 are each 128 bits. 1589 1590 See also: <https://eprint.iacr.org/2008/329.pdf> 1591 1592 If unsure, say N. 1593 1594config CRYPTO_TEA 1595 tristate "TEA, XTEA and XETA cipher algorithms" 1596 select CRYPTO_ALGAPI 1597 help 1598 TEA cipher algorithm. 1599 1600 Tiny Encryption Algorithm is a simple cipher that uses 1601 many rounds for security. It is very fast and uses 1602 little memory. 1603 1604 Xtendend Tiny Encryption Algorithm is a modification to 1605 the TEA algorithm to address a potential key weakness 1606 in the TEA algorithm. 1607 1608 Xtendend Encryption Tiny Algorithm is a mis-implementation 1609 of the XTEA algorithm for compatibility purposes. 1610 1611config CRYPTO_TWOFISH 1612 tristate "Twofish cipher algorithm" 1613 select CRYPTO_ALGAPI 1614 select CRYPTO_TWOFISH_COMMON 1615 help 1616 Twofish cipher algorithm. 1617 1618 Twofish was submitted as an AES (Advanced Encryption Standard) 1619 candidate cipher by researchers at CounterPane Systems. It is a 1620 16 round block cipher supporting key sizes of 128, 192, and 256 1621 bits. 1622 1623 See also: 1624 <http://www.schneier.com/twofish.html> 1625 1626config CRYPTO_TWOFISH_COMMON 1627 tristate 1628 help 1629 Common parts of the Twofish cipher algorithm shared by the 1630 generic c and the assembler implementations. 1631 1632config CRYPTO_TWOFISH_586 1633 tristate "Twofish cipher algorithms (i586)" 1634 depends on (X86 || UML_X86) && !64BIT 1635 select CRYPTO_ALGAPI 1636 select CRYPTO_TWOFISH_COMMON 1637 help 1638 Twofish cipher algorithm. 1639 1640 Twofish was submitted as an AES (Advanced Encryption Standard) 1641 candidate cipher by researchers at CounterPane Systems. It is a 1642 16 round block cipher supporting key sizes of 128, 192, and 256 1643 bits. 1644 1645 See also: 1646 <http://www.schneier.com/twofish.html> 1647 1648config CRYPTO_TWOFISH_X86_64 1649 tristate "Twofish cipher algorithm (x86_64)" 1650 depends on (X86 || UML_X86) && 64BIT 1651 select CRYPTO_ALGAPI 1652 select CRYPTO_TWOFISH_COMMON 1653 help 1654 Twofish cipher algorithm (x86_64). 1655 1656 Twofish was submitted as an AES (Advanced Encryption Standard) 1657 candidate cipher by researchers at CounterPane Systems. It is a 1658 16 round block cipher supporting key sizes of 128, 192, and 256 1659 bits. 1660 1661 See also: 1662 <http://www.schneier.com/twofish.html> 1663 1664config CRYPTO_TWOFISH_X86_64_3WAY 1665 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1666 depends on X86 && 64BIT 1667 select CRYPTO_BLKCIPHER 1668 select CRYPTO_TWOFISH_COMMON 1669 select CRYPTO_TWOFISH_X86_64 1670 select CRYPTO_GLUE_HELPER_X86 1671 help 1672 Twofish cipher algorithm (x86_64, 3-way parallel). 1673 1674 Twofish was submitted as an AES (Advanced Encryption Standard) 1675 candidate cipher by researchers at CounterPane Systems. It is a 1676 16 round block cipher supporting key sizes of 128, 192, and 256 1677 bits. 1678 1679 This module provides Twofish cipher algorithm that processes three 1680 blocks parallel, utilizing resources of out-of-order CPUs better. 1681 1682 See also: 1683 <http://www.schneier.com/twofish.html> 1684 1685config CRYPTO_TWOFISH_AVX_X86_64 1686 tristate "Twofish cipher algorithm (x86_64/AVX)" 1687 depends on X86 && 64BIT 1688 select CRYPTO_BLKCIPHER 1689 select CRYPTO_GLUE_HELPER_X86 1690 select CRYPTO_SIMD 1691 select CRYPTO_TWOFISH_COMMON 1692 select CRYPTO_TWOFISH_X86_64 1693 select CRYPTO_TWOFISH_X86_64_3WAY 1694 help 1695 Twofish cipher algorithm (x86_64/AVX). 1696 1697 Twofish was submitted as an AES (Advanced Encryption Standard) 1698 candidate cipher by researchers at CounterPane Systems. It is a 1699 16 round block cipher supporting key sizes of 128, 192, and 256 1700 bits. 1701 1702 This module provides the Twofish cipher algorithm that processes 1703 eight blocks parallel using the AVX Instruction Set. 1704 1705 See also: 1706 <http://www.schneier.com/twofish.html> 1707 1708comment "Compression" 1709 1710config CRYPTO_DEFLATE 1711 tristate "Deflate compression algorithm" 1712 select CRYPTO_ALGAPI 1713 select CRYPTO_ACOMP2 1714 select ZLIB_INFLATE 1715 select ZLIB_DEFLATE 1716 help 1717 This is the Deflate algorithm (RFC1951), specified for use in 1718 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1719 1720 You will most probably want this if using IPSec. 1721 1722config CRYPTO_LZO 1723 tristate "LZO compression algorithm" 1724 select CRYPTO_ALGAPI 1725 select CRYPTO_ACOMP2 1726 select LZO_COMPRESS 1727 select LZO_DECOMPRESS 1728 help 1729 This is the LZO algorithm. 1730 1731config CRYPTO_842 1732 tristate "842 compression algorithm" 1733 select CRYPTO_ALGAPI 1734 select CRYPTO_ACOMP2 1735 select 842_COMPRESS 1736 select 842_DECOMPRESS 1737 help 1738 This is the 842 algorithm. 1739 1740config CRYPTO_LZ4 1741 tristate "LZ4 compression algorithm" 1742 select CRYPTO_ALGAPI 1743 select CRYPTO_ACOMP2 1744 select LZ4_COMPRESS 1745 select LZ4_DECOMPRESS 1746 help 1747 This is the LZ4 algorithm. 1748 1749config CRYPTO_LZ4HC 1750 tristate "LZ4HC compression algorithm" 1751 select CRYPTO_ALGAPI 1752 select CRYPTO_ACOMP2 1753 select LZ4HC_COMPRESS 1754 select LZ4_DECOMPRESS 1755 help 1756 This is the LZ4 high compression mode algorithm. 1757 1758config CRYPTO_ZSTD 1759 tristate "Zstd compression algorithm" 1760 select CRYPTO_ALGAPI 1761 select CRYPTO_ACOMP2 1762 select ZSTD_COMPRESS 1763 select ZSTD_DECOMPRESS 1764 help 1765 This is the zstd algorithm. 1766 1767comment "Random Number Generation" 1768 1769config CRYPTO_ANSI_CPRNG 1770 tristate "Pseudo Random Number Generation for Cryptographic modules" 1771 select CRYPTO_AES 1772 select CRYPTO_RNG 1773 help 1774 This option enables the generic pseudo random number generator 1775 for cryptographic modules. Uses the Algorithm specified in 1776 ANSI X9.31 A.2.4. Note that this option must be enabled if 1777 CRYPTO_FIPS is selected 1778 1779menuconfig CRYPTO_DRBG_MENU 1780 tristate "NIST SP800-90A DRBG" 1781 help 1782 NIST SP800-90A compliant DRBG. In the following submenu, one or 1783 more of the DRBG types must be selected. 1784 1785if CRYPTO_DRBG_MENU 1786 1787config CRYPTO_DRBG_HMAC 1788 bool 1789 default y 1790 select CRYPTO_HMAC 1791 select CRYPTO_SHA256 1792 1793config CRYPTO_DRBG_HASH 1794 bool "Enable Hash DRBG" 1795 select CRYPTO_SHA256 1796 help 1797 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1798 1799config CRYPTO_DRBG_CTR 1800 bool "Enable CTR DRBG" 1801 select CRYPTO_AES 1802 depends on CRYPTO_CTR 1803 help 1804 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1805 1806config CRYPTO_DRBG 1807 tristate 1808 default CRYPTO_DRBG_MENU 1809 select CRYPTO_RNG 1810 select CRYPTO_JITTERENTROPY 1811 1812endif # if CRYPTO_DRBG_MENU 1813 1814config CRYPTO_JITTERENTROPY 1815 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1816 select CRYPTO_RNG 1817 help 1818 The Jitterentropy RNG is a noise that is intended 1819 to provide seed to another RNG. The RNG does not 1820 perform any cryptographic whitening of the generated 1821 random numbers. This Jitterentropy RNG registers with 1822 the kernel crypto API and can be used by any caller. 1823 1824config CRYPTO_USER_API 1825 tristate 1826 1827config CRYPTO_USER_API_HASH 1828 tristate "User-space interface for hash algorithms" 1829 depends on NET 1830 select CRYPTO_HASH 1831 select CRYPTO_USER_API 1832 help 1833 This option enables the user-spaces interface for hash 1834 algorithms. 1835 1836config CRYPTO_USER_API_SKCIPHER 1837 tristate "User-space interface for symmetric key cipher algorithms" 1838 depends on NET 1839 select CRYPTO_BLKCIPHER 1840 select CRYPTO_USER_API 1841 help 1842 This option enables the user-spaces interface for symmetric 1843 key cipher algorithms. 1844 1845config CRYPTO_USER_API_RNG 1846 tristate "User-space interface for random number generator algorithms" 1847 depends on NET 1848 select CRYPTO_RNG 1849 select CRYPTO_USER_API 1850 help 1851 This option enables the user-spaces interface for random 1852 number generator algorithms. 1853 1854config CRYPTO_USER_API_AEAD 1855 tristate "User-space interface for AEAD cipher algorithms" 1856 depends on NET 1857 select CRYPTO_AEAD 1858 select CRYPTO_BLKCIPHER 1859 select CRYPTO_NULL 1860 select CRYPTO_USER_API 1861 help 1862 This option enables the user-spaces interface for AEAD 1863 cipher algorithms. 1864 1865config CRYPTO_HASH_INFO 1866 bool 1867 1868source "drivers/crypto/Kconfig" 1869source crypto/asymmetric_keys/Kconfig 1870source certs/Kconfig 1871 1872endif # if CRYPTO 1873