1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_RSA
117	tristate "RSA algorithm"
118	select CRYPTO_AKCIPHER
119	select CRYPTO_MANAGER
120	select MPILIB
121	select ASN1
122	help
123	  Generic implementation of the RSA public key algorithm.
124
125config CRYPTO_DH
126	tristate "Diffie-Hellman algorithm"
127	select CRYPTO_KPP
128	select MPILIB
129	help
130	  Generic implementation of the Diffie-Hellman algorithm.
131
132config CRYPTO_ECDH
133	tristate "ECDH algorithm"
134	select CRYPTO_KPP
135	select CRYPTO_RNG_DEFAULT
136	help
137	  Generic implementation of the ECDH algorithm
138
139config CRYPTO_MANAGER
140	tristate "Cryptographic algorithm manager"
141	select CRYPTO_MANAGER2
142	help
143	  Create default cryptographic template instantiations such as
144	  cbc(aes).
145
146config CRYPTO_MANAGER2
147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148	select CRYPTO_AEAD2
149	select CRYPTO_HASH2
150	select CRYPTO_BLKCIPHER2
151	select CRYPTO_AKCIPHER2
152	select CRYPTO_KPP2
153	select CRYPTO_ACOMP2
154
155config CRYPTO_USER
156	tristate "Userspace cryptographic algorithm configuration"
157	depends on NET
158	select CRYPTO_MANAGER
159	help
160	  Userspace configuration for cryptographic instantiations such as
161	  cbc(aes).
162
163config CRYPTO_MANAGER_DISABLE_TESTS
164	bool "Disable run-time self tests"
165	default y
166	depends on CRYPTO_MANAGER2
167	help
168	  Disable run-time self tests that normally take place at
169	  algorithm registration.
170
171config CRYPTO_GF128MUL
172	tristate "GF(2^128) multiplication functions"
173	help
174	  Efficient table driven implementation of multiplications in the
175	  field GF(2^128).  This is needed by some cypher modes. This
176	  option will be selected automatically if you select such a
177	  cipher mode.  Only select this option by hand if you expect to load
178	  an external module that requires these functions.
179
180config CRYPTO_NULL
181	tristate "Null algorithms"
182	select CRYPTO_NULL2
183	help
184	  These are 'Null' algorithms, used by IPsec, which do nothing.
185
186config CRYPTO_NULL2
187	tristate
188	select CRYPTO_ALGAPI2
189	select CRYPTO_BLKCIPHER2
190	select CRYPTO_HASH2
191
192config CRYPTO_PCRYPT
193	tristate "Parallel crypto engine"
194	depends on SMP
195	select PADATA
196	select CRYPTO_MANAGER
197	select CRYPTO_AEAD
198	help
199	  This converts an arbitrary crypto algorithm into a parallel
200	  algorithm that executes in kernel threads.
201
202config CRYPTO_WORKQUEUE
203       tristate
204
205config CRYPTO_CRYPTD
206	tristate "Software async crypto daemon"
207	select CRYPTO_BLKCIPHER
208	select CRYPTO_HASH
209	select CRYPTO_MANAGER
210	select CRYPTO_WORKQUEUE
211	help
212	  This is a generic software asynchronous crypto daemon that
213	  converts an arbitrary synchronous software crypto algorithm
214	  into an asynchronous algorithm that executes in a kernel thread.
215
216config CRYPTO_MCRYPTD
217	tristate "Software async multi-buffer crypto daemon"
218	select CRYPTO_BLKCIPHER
219	select CRYPTO_HASH
220	select CRYPTO_MANAGER
221	select CRYPTO_WORKQUEUE
222	help
223	  This is a generic software asynchronous crypto daemon that
224	  provides the kernel thread to assist multi-buffer crypto
225	  algorithms for submitting jobs and flushing jobs in multi-buffer
226	  crypto algorithms.  Multi-buffer crypto algorithms are executed
227	  in the context of this kernel thread and drivers can post
228	  their crypto request asynchronously to be processed by this daemon.
229
230config CRYPTO_AUTHENC
231	tristate "Authenc support"
232	select CRYPTO_AEAD
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	select CRYPTO_HASH
236	select CRYPTO_NULL
237	help
238	  Authenc: Combined mode wrapper for IPsec.
239	  This is required for IPSec.
240
241config CRYPTO_TEST
242	tristate "Testing module"
243	depends on m
244	select CRYPTO_MANAGER
245	help
246	  Quick & dirty crypto test module.
247
248config CRYPTO_SIMD
249	tristate
250	select CRYPTO_CRYPTD
251
252config CRYPTO_GLUE_HELPER_X86
253	tristate
254	depends on X86
255	select CRYPTO_BLKCIPHER
256
257config CRYPTO_ENGINE
258	tristate
259
260comment "Authenticated Encryption with Associated Data"
261
262config CRYPTO_CCM
263	tristate "CCM support"
264	select CRYPTO_CTR
265	select CRYPTO_HASH
266	select CRYPTO_AEAD
267	help
268	  Support for Counter with CBC MAC. Required for IPsec.
269
270config CRYPTO_GCM
271	tristate "GCM/GMAC support"
272	select CRYPTO_CTR
273	select CRYPTO_AEAD
274	select CRYPTO_GHASH
275	select CRYPTO_NULL
276	help
277	  Support for Galois/Counter Mode (GCM) and Galois Message
278	  Authentication Code (GMAC). Required for IPSec.
279
280config CRYPTO_CHACHA20POLY1305
281	tristate "ChaCha20-Poly1305 AEAD support"
282	select CRYPTO_CHACHA20
283	select CRYPTO_POLY1305
284	select CRYPTO_AEAD
285	help
286	  ChaCha20-Poly1305 AEAD support, RFC7539.
287
288	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
289	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
290	  IETF protocols.
291
292config CRYPTO_AEGIS128
293	tristate "AEGIS-128 AEAD algorithm"
294	select CRYPTO_AEAD
295	select CRYPTO_AES  # for AES S-box tables
296	help
297	 Support for the AEGIS-128 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128L
300	tristate "AEGIS-128L AEAD algorithm"
301	select CRYPTO_AEAD
302	select CRYPTO_AES  # for AES S-box tables
303	help
304	 Support for the AEGIS-128L dedicated AEAD algorithm.
305
306config CRYPTO_AEGIS256
307	tristate "AEGIS-256 AEAD algorithm"
308	select CRYPTO_AEAD
309	select CRYPTO_AES  # for AES S-box tables
310	help
311	 Support for the AEGIS-256 dedicated AEAD algorithm.
312
313config CRYPTO_AEGIS128_AESNI_SSE2
314	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
315	depends on X86 && 64BIT
316	select CRYPTO_AEAD
317	select CRYPTO_CRYPTD
318	help
319	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
320
321config CRYPTO_AEGIS128L_AESNI_SSE2
322	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
323	depends on X86 && 64BIT
324	select CRYPTO_AEAD
325	select CRYPTO_CRYPTD
326	help
327	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
328
329config CRYPTO_AEGIS256_AESNI_SSE2
330	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
331	depends on X86 && 64BIT
332	select CRYPTO_AEAD
333	select CRYPTO_CRYPTD
334	help
335	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
336
337config CRYPTO_MORUS640
338	tristate "MORUS-640 AEAD algorithm"
339	select CRYPTO_AEAD
340	help
341	  Support for the MORUS-640 dedicated AEAD algorithm.
342
343config CRYPTO_MORUS640_GLUE
344	tristate
345	depends on X86
346	select CRYPTO_AEAD
347	select CRYPTO_CRYPTD
348	help
349	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
350	  algorithm.
351
352config CRYPTO_MORUS640_SSE2
353	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
354	depends on X86 && 64BIT
355	select CRYPTO_AEAD
356	select CRYPTO_MORUS640_GLUE
357	help
358	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
359
360config CRYPTO_MORUS1280
361	tristate "MORUS-1280 AEAD algorithm"
362	select CRYPTO_AEAD
363	help
364	  Support for the MORUS-1280 dedicated AEAD algorithm.
365
366config CRYPTO_MORUS1280_GLUE
367	tristate
368	depends on X86
369	select CRYPTO_AEAD
370	select CRYPTO_CRYPTD
371	help
372	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
373	  algorithm.
374
375config CRYPTO_MORUS1280_SSE2
376	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
377	depends on X86 && 64BIT
378	select CRYPTO_AEAD
379	select CRYPTO_MORUS1280_GLUE
380	help
381	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
382	  algorithm.
383
384config CRYPTO_MORUS1280_AVX2
385	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
386	depends on X86 && 64BIT
387	select CRYPTO_AEAD
388	select CRYPTO_MORUS1280_GLUE
389	help
390	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
391	  algorithm.
392
393config CRYPTO_SEQIV
394	tristate "Sequence Number IV Generator"
395	select CRYPTO_AEAD
396	select CRYPTO_BLKCIPHER
397	select CRYPTO_NULL
398	select CRYPTO_RNG_DEFAULT
399	help
400	  This IV generator generates an IV based on a sequence number by
401	  xoring it with a salt.  This algorithm is mainly useful for CTR
402
403config CRYPTO_ECHAINIV
404	tristate "Encrypted Chain IV Generator"
405	select CRYPTO_AEAD
406	select CRYPTO_NULL
407	select CRYPTO_RNG_DEFAULT
408	default m
409	help
410	  This IV generator generates an IV based on the encryption of
411	  a sequence number xored with a salt.  This is the default
412	  algorithm for CBC.
413
414comment "Block modes"
415
416config CRYPTO_CBC
417	tristate "CBC support"
418	select CRYPTO_BLKCIPHER
419	select CRYPTO_MANAGER
420	help
421	  CBC: Cipher Block Chaining mode
422	  This block cipher algorithm is required for IPSec.
423
424config CRYPTO_CFB
425	tristate "CFB support"
426	select CRYPTO_BLKCIPHER
427	select CRYPTO_MANAGER
428	help
429	  CFB: Cipher FeedBack mode
430	  This block cipher algorithm is required for TPM2 Cryptography.
431
432config CRYPTO_CTR
433	tristate "CTR support"
434	select CRYPTO_BLKCIPHER
435	select CRYPTO_SEQIV
436	select CRYPTO_MANAGER
437	help
438	  CTR: Counter mode
439	  This block cipher algorithm is required for IPSec.
440
441config CRYPTO_CTS
442	tristate "CTS support"
443	select CRYPTO_BLKCIPHER
444	help
445	  CTS: Cipher Text Stealing
446	  This is the Cipher Text Stealing mode as described by
447	  Section 8 of rfc2040 and referenced by rfc3962.
448	  (rfc3962 includes errata information in its Appendix A)
449	  This mode is required for Kerberos gss mechanism support
450	  for AES encryption.
451
452config CRYPTO_ECB
453	tristate "ECB support"
454	select CRYPTO_BLKCIPHER
455	select CRYPTO_MANAGER
456	help
457	  ECB: Electronic CodeBook mode
458	  This is the simplest block cipher algorithm.  It simply encrypts
459	  the input block by block.
460
461config CRYPTO_LRW
462	tristate "LRW support"
463	select CRYPTO_BLKCIPHER
464	select CRYPTO_MANAGER
465	select CRYPTO_GF128MUL
466	help
467	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
468	  narrow block cipher mode for dm-crypt.  Use it with cipher
469	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
470	  The first 128, 192 or 256 bits in the key are used for AES and the
471	  rest is used to tie each cipher block to its logical position.
472
473config CRYPTO_PCBC
474	tristate "PCBC support"
475	select CRYPTO_BLKCIPHER
476	select CRYPTO_MANAGER
477	help
478	  PCBC: Propagating Cipher Block Chaining mode
479	  This block cipher algorithm is required for RxRPC.
480
481config CRYPTO_XTS
482	tristate "XTS support"
483	select CRYPTO_BLKCIPHER
484	select CRYPTO_MANAGER
485	select CRYPTO_ECB
486	help
487	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
488	  key size 256, 384 or 512 bits. This implementation currently
489	  can't handle a sectorsize which is not a multiple of 16 bytes.
490
491config CRYPTO_KEYWRAP
492	tristate "Key wrapping support"
493	select CRYPTO_BLKCIPHER
494	help
495	  Support for key wrapping (NIST SP800-38F / RFC3394) without
496	  padding.
497
498comment "Hash modes"
499
500config CRYPTO_CMAC
501	tristate "CMAC support"
502	select CRYPTO_HASH
503	select CRYPTO_MANAGER
504	help
505	  Cipher-based Message Authentication Code (CMAC) specified by
506	  The National Institute of Standards and Technology (NIST).
507
508	  https://tools.ietf.org/html/rfc4493
509	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
510
511config CRYPTO_HMAC
512	tristate "HMAC support"
513	select CRYPTO_HASH
514	select CRYPTO_MANAGER
515	help
516	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
517	  This is required for IPSec.
518
519config CRYPTO_XCBC
520	tristate "XCBC support"
521	select CRYPTO_HASH
522	select CRYPTO_MANAGER
523	help
524	  XCBC: Keyed-Hashing with encryption algorithm
525		http://www.ietf.org/rfc/rfc3566.txt
526		http://csrc.nist.gov/encryption/modes/proposedmodes/
527		 xcbc-mac/xcbc-mac-spec.pdf
528
529config CRYPTO_VMAC
530	tristate "VMAC support"
531	select CRYPTO_HASH
532	select CRYPTO_MANAGER
533	help
534	  VMAC is a message authentication algorithm designed for
535	  very high speed on 64-bit architectures.
536
537	  See also:
538	  <http://fastcrypto.org/vmac>
539
540comment "Digest"
541
542config CRYPTO_CRC32C
543	tristate "CRC32c CRC algorithm"
544	select CRYPTO_HASH
545	select CRC32
546	help
547	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
548	  by iSCSI for header and data digests and by others.
549	  See Castagnoli93.  Module will be crc32c.
550
551config CRYPTO_CRC32C_INTEL
552	tristate "CRC32c INTEL hardware acceleration"
553	depends on X86
554	select CRYPTO_HASH
555	help
556	  In Intel processor with SSE4.2 supported, the processor will
557	  support CRC32C implementation using hardware accelerated CRC32
558	  instruction. This option will create 'crc32c-intel' module,
559	  which will enable any routine to use the CRC32 instruction to
560	  gain performance compared with software implementation.
561	  Module will be crc32c-intel.
562
563config CRYPTO_CRC32C_VPMSUM
564	tristate "CRC32c CRC algorithm (powerpc64)"
565	depends on PPC64 && ALTIVEC
566	select CRYPTO_HASH
567	select CRC32
568	help
569	  CRC32c algorithm implemented using vector polynomial multiply-sum
570	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
571	  and newer processors for improved performance.
572
573
574config CRYPTO_CRC32C_SPARC64
575	tristate "CRC32c CRC algorithm (SPARC64)"
576	depends on SPARC64
577	select CRYPTO_HASH
578	select CRC32
579	help
580	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
581	  when available.
582
583config CRYPTO_CRC32
584	tristate "CRC32 CRC algorithm"
585	select CRYPTO_HASH
586	select CRC32
587	help
588	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
589	  Shash crypto api wrappers to crc32_le function.
590
591config CRYPTO_CRC32_PCLMUL
592	tristate "CRC32 PCLMULQDQ hardware acceleration"
593	depends on X86
594	select CRYPTO_HASH
595	select CRC32
596	help
597	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
598	  and PCLMULQDQ supported, the processor will support
599	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
600	  instruction. This option will create 'crc32-plcmul' module,
601	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
602	  and gain better performance as compared with the table implementation.
603
604config CRYPTO_CRC32_MIPS
605	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
606	depends on MIPS_CRC_SUPPORT
607	select CRYPTO_HASH
608	help
609	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
610	  instructions, when available.
611
612
613config CRYPTO_CRCT10DIF
614	tristate "CRCT10DIF algorithm"
615	select CRYPTO_HASH
616	help
617	  CRC T10 Data Integrity Field computation is being cast as
618	  a crypto transform.  This allows for faster crc t10 diff
619	  transforms to be used if they are available.
620
621config CRYPTO_CRCT10DIF_PCLMUL
622	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
623	depends on X86 && 64BIT && CRC_T10DIF
624	select CRYPTO_HASH
625	help
626	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
627	  CRC T10 DIF PCLMULQDQ computation can be hardware
628	  accelerated PCLMULQDQ instruction. This option will create
629	  'crct10dif-plcmul' module, which is faster when computing the
630	  crct10dif checksum as compared with the generic table implementation.
631
632config CRYPTO_CRCT10DIF_VPMSUM
633	tristate "CRC32T10DIF powerpc64 hardware acceleration"
634	depends on PPC64 && ALTIVEC && CRC_T10DIF
635	select CRYPTO_HASH
636	help
637	  CRC10T10DIF algorithm implemented using vector polynomial
638	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
639	  POWER8 and newer processors for improved performance.
640
641config CRYPTO_VPMSUM_TESTER
642	tristate "Powerpc64 vpmsum hardware acceleration tester"
643	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
644	help
645	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
646	  POWER8 vpmsum instructions.
647	  Unless you are testing these algorithms, you don't need this.
648
649config CRYPTO_GHASH
650	tristate "GHASH digest algorithm"
651	select CRYPTO_GF128MUL
652	select CRYPTO_HASH
653	help
654	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
655
656config CRYPTO_POLY1305
657	tristate "Poly1305 authenticator algorithm"
658	select CRYPTO_HASH
659	help
660	  Poly1305 authenticator algorithm, RFC7539.
661
662	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
663	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
664	  in IETF protocols. This is the portable C implementation of Poly1305.
665
666config CRYPTO_POLY1305_X86_64
667	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
668	depends on X86 && 64BIT
669	select CRYPTO_POLY1305
670	help
671	  Poly1305 authenticator algorithm, RFC7539.
672
673	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
674	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
675	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
676	  instructions.
677
678config CRYPTO_MD4
679	tristate "MD4 digest algorithm"
680	select CRYPTO_HASH
681	help
682	  MD4 message digest algorithm (RFC1320).
683
684config CRYPTO_MD5
685	tristate "MD5 digest algorithm"
686	select CRYPTO_HASH
687	help
688	  MD5 message digest algorithm (RFC1321).
689
690config CRYPTO_MD5_OCTEON
691	tristate "MD5 digest algorithm (OCTEON)"
692	depends on CPU_CAVIUM_OCTEON
693	select CRYPTO_MD5
694	select CRYPTO_HASH
695	help
696	  MD5 message digest algorithm (RFC1321) implemented
697	  using OCTEON crypto instructions, when available.
698
699config CRYPTO_MD5_PPC
700	tristate "MD5 digest algorithm (PPC)"
701	depends on PPC
702	select CRYPTO_HASH
703	help
704	  MD5 message digest algorithm (RFC1321) implemented
705	  in PPC assembler.
706
707config CRYPTO_MD5_SPARC64
708	tristate "MD5 digest algorithm (SPARC64)"
709	depends on SPARC64
710	select CRYPTO_MD5
711	select CRYPTO_HASH
712	help
713	  MD5 message digest algorithm (RFC1321) implemented
714	  using sparc64 crypto instructions, when available.
715
716config CRYPTO_MICHAEL_MIC
717	tristate "Michael MIC keyed digest algorithm"
718	select CRYPTO_HASH
719	help
720	  Michael MIC is used for message integrity protection in TKIP
721	  (IEEE 802.11i). This algorithm is required for TKIP, but it
722	  should not be used for other purposes because of the weakness
723	  of the algorithm.
724
725config CRYPTO_RMD128
726	tristate "RIPEMD-128 digest algorithm"
727	select CRYPTO_HASH
728	help
729	  RIPEMD-128 (ISO/IEC 10118-3:2004).
730
731	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
732	  be used as a secure replacement for RIPEMD. For other use cases,
733	  RIPEMD-160 should be used.
734
735	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
736	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
737
738config CRYPTO_RMD160
739	tristate "RIPEMD-160 digest algorithm"
740	select CRYPTO_HASH
741	help
742	  RIPEMD-160 (ISO/IEC 10118-3:2004).
743
744	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
745	  to be used as a secure replacement for the 128-bit hash functions
746	  MD4, MD5 and it's predecessor RIPEMD
747	  (not to be confused with RIPEMD-128).
748
749	  It's speed is comparable to SHA1 and there are no known attacks
750	  against RIPEMD-160.
751
752	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
753	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
754
755config CRYPTO_RMD256
756	tristate "RIPEMD-256 digest algorithm"
757	select CRYPTO_HASH
758	help
759	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
760	  256 bit hash. It is intended for applications that require
761	  longer hash-results, without needing a larger security level
762	  (than RIPEMD-128).
763
764	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
765	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
766
767config CRYPTO_RMD320
768	tristate "RIPEMD-320 digest algorithm"
769	select CRYPTO_HASH
770	help
771	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
772	  320 bit hash. It is intended for applications that require
773	  longer hash-results, without needing a larger security level
774	  (than RIPEMD-160).
775
776	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
777	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
778
779config CRYPTO_SHA1
780	tristate "SHA1 digest algorithm"
781	select CRYPTO_HASH
782	help
783	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
784
785config CRYPTO_SHA1_SSSE3
786	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
787	depends on X86 && 64BIT
788	select CRYPTO_SHA1
789	select CRYPTO_HASH
790	help
791	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
792	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
793	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
794	  when available.
795
796config CRYPTO_SHA256_SSSE3
797	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
798	depends on X86 && 64BIT
799	select CRYPTO_SHA256
800	select CRYPTO_HASH
801	help
802	  SHA-256 secure hash standard (DFIPS 180-2) implemented
803	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
804	  Extensions version 1 (AVX1), or Advanced Vector Extensions
805	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
806	  Instructions) when available.
807
808config CRYPTO_SHA512_SSSE3
809	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
810	depends on X86 && 64BIT
811	select CRYPTO_SHA512
812	select CRYPTO_HASH
813	help
814	  SHA-512 secure hash standard (DFIPS 180-2) implemented
815	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
816	  Extensions version 1 (AVX1), or Advanced Vector Extensions
817	  version 2 (AVX2) instructions, when available.
818
819config CRYPTO_SHA1_OCTEON
820	tristate "SHA1 digest algorithm (OCTEON)"
821	depends on CPU_CAVIUM_OCTEON
822	select CRYPTO_SHA1
823	select CRYPTO_HASH
824	help
825	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
826	  using OCTEON crypto instructions, when available.
827
828config CRYPTO_SHA1_SPARC64
829	tristate "SHA1 digest algorithm (SPARC64)"
830	depends on SPARC64
831	select CRYPTO_SHA1
832	select CRYPTO_HASH
833	help
834	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
835	  using sparc64 crypto instructions, when available.
836
837config CRYPTO_SHA1_PPC
838	tristate "SHA1 digest algorithm (powerpc)"
839	depends on PPC
840	help
841	  This is the powerpc hardware accelerated implementation of the
842	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
843
844config CRYPTO_SHA1_PPC_SPE
845	tristate "SHA1 digest algorithm (PPC SPE)"
846	depends on PPC && SPE
847	help
848	  SHA-1 secure hash standard (DFIPS 180-4) implemented
849	  using powerpc SPE SIMD instruction set.
850
851config CRYPTO_SHA1_MB
852	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
853	depends on X86 && 64BIT
854	select CRYPTO_SHA1
855	select CRYPTO_HASH
856	select CRYPTO_MCRYPTD
857	help
858	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
859	  using multi-buffer technique.  This algorithm computes on
860	  multiple data lanes concurrently with SIMD instructions for
861	  better throughput.  It should not be enabled by default but
862	  used when there is significant amount of work to keep the keep
863	  the data lanes filled to get performance benefit.  If the data
864	  lanes remain unfilled, a flush operation will be initiated to
865	  process the crypto jobs, adding a slight latency.
866
867config CRYPTO_SHA256_MB
868	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
869	depends on X86 && 64BIT
870	select CRYPTO_SHA256
871	select CRYPTO_HASH
872	select CRYPTO_MCRYPTD
873	help
874	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
875	  using multi-buffer technique.  This algorithm computes on
876	  multiple data lanes concurrently with SIMD instructions for
877	  better throughput.  It should not be enabled by default but
878	  used when there is significant amount of work to keep the keep
879	  the data lanes filled to get performance benefit.  If the data
880	  lanes remain unfilled, a flush operation will be initiated to
881	  process the crypto jobs, adding a slight latency.
882
883config CRYPTO_SHA512_MB
884        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
885        depends on X86 && 64BIT
886        select CRYPTO_SHA512
887        select CRYPTO_HASH
888        select CRYPTO_MCRYPTD
889        help
890          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
891          using multi-buffer technique.  This algorithm computes on
892          multiple data lanes concurrently with SIMD instructions for
893          better throughput.  It should not be enabled by default but
894          used when there is significant amount of work to keep the keep
895          the data lanes filled to get performance benefit.  If the data
896          lanes remain unfilled, a flush operation will be initiated to
897          process the crypto jobs, adding a slight latency.
898
899config CRYPTO_SHA256
900	tristate "SHA224 and SHA256 digest algorithm"
901	select CRYPTO_HASH
902	help
903	  SHA256 secure hash standard (DFIPS 180-2).
904
905	  This version of SHA implements a 256 bit hash with 128 bits of
906	  security against collision attacks.
907
908	  This code also includes SHA-224, a 224 bit hash with 112 bits
909	  of security against collision attacks.
910
911config CRYPTO_SHA256_PPC_SPE
912	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
913	depends on PPC && SPE
914	select CRYPTO_SHA256
915	select CRYPTO_HASH
916	help
917	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
918	  implemented using powerpc SPE SIMD instruction set.
919
920config CRYPTO_SHA256_OCTEON
921	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
922	depends on CPU_CAVIUM_OCTEON
923	select CRYPTO_SHA256
924	select CRYPTO_HASH
925	help
926	  SHA-256 secure hash standard (DFIPS 180-2) implemented
927	  using OCTEON crypto instructions, when available.
928
929config CRYPTO_SHA256_SPARC64
930	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
931	depends on SPARC64
932	select CRYPTO_SHA256
933	select CRYPTO_HASH
934	help
935	  SHA-256 secure hash standard (DFIPS 180-2) implemented
936	  using sparc64 crypto instructions, when available.
937
938config CRYPTO_SHA512
939	tristate "SHA384 and SHA512 digest algorithms"
940	select CRYPTO_HASH
941	help
942	  SHA512 secure hash standard (DFIPS 180-2).
943
944	  This version of SHA implements a 512 bit hash with 256 bits of
945	  security against collision attacks.
946
947	  This code also includes SHA-384, a 384 bit hash with 192 bits
948	  of security against collision attacks.
949
950config CRYPTO_SHA512_OCTEON
951	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
952	depends on CPU_CAVIUM_OCTEON
953	select CRYPTO_SHA512
954	select CRYPTO_HASH
955	help
956	  SHA-512 secure hash standard (DFIPS 180-2) implemented
957	  using OCTEON crypto instructions, when available.
958
959config CRYPTO_SHA512_SPARC64
960	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
961	depends on SPARC64
962	select CRYPTO_SHA512
963	select CRYPTO_HASH
964	help
965	  SHA-512 secure hash standard (DFIPS 180-2) implemented
966	  using sparc64 crypto instructions, when available.
967
968config CRYPTO_SHA3
969	tristate "SHA3 digest algorithm"
970	select CRYPTO_HASH
971	help
972	  SHA-3 secure hash standard (DFIPS 202). It's based on
973	  cryptographic sponge function family called Keccak.
974
975	  References:
976	  http://keccak.noekeon.org/
977
978config CRYPTO_SM3
979	tristate "SM3 digest algorithm"
980	select CRYPTO_HASH
981	help
982	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
983	  It is part of the Chinese Commercial Cryptography suite.
984
985	  References:
986	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
987	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
988
989config CRYPTO_TGR192
990	tristate "Tiger digest algorithms"
991	select CRYPTO_HASH
992	help
993	  Tiger hash algorithm 192, 160 and 128-bit hashes
994
995	  Tiger is a hash function optimized for 64-bit processors while
996	  still having decent performance on 32-bit processors.
997	  Tiger was developed by Ross Anderson and Eli Biham.
998
999	  See also:
1000	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1001
1002config CRYPTO_WP512
1003	tristate "Whirlpool digest algorithms"
1004	select CRYPTO_HASH
1005	help
1006	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1007
1008	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1009	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1010
1011	  See also:
1012	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1013
1014config CRYPTO_GHASH_CLMUL_NI_INTEL
1015	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1016	depends on X86 && 64BIT
1017	select CRYPTO_CRYPTD
1018	help
1019	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1020	  The implementation is accelerated by CLMUL-NI of Intel.
1021
1022comment "Ciphers"
1023
1024config CRYPTO_AES
1025	tristate "AES cipher algorithms"
1026	select CRYPTO_ALGAPI
1027	help
1028	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1029	  algorithm.
1030
1031	  Rijndael appears to be consistently a very good performer in
1032	  both hardware and software across a wide range of computing
1033	  environments regardless of its use in feedback or non-feedback
1034	  modes. Its key setup time is excellent, and its key agility is
1035	  good. Rijndael's very low memory requirements make it very well
1036	  suited for restricted-space environments, in which it also
1037	  demonstrates excellent performance. Rijndael's operations are
1038	  among the easiest to defend against power and timing attacks.
1039
1040	  The AES specifies three key sizes: 128, 192 and 256 bits
1041
1042	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1043
1044config CRYPTO_AES_TI
1045	tristate "Fixed time AES cipher"
1046	select CRYPTO_ALGAPI
1047	help
1048	  This is a generic implementation of AES that attempts to eliminate
1049	  data dependent latencies as much as possible without affecting
1050	  performance too much. It is intended for use by the generic CCM
1051	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1052	  solely on encryption (although decryption is supported as well, but
1053	  with a more dramatic performance hit)
1054
1055	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1056	  8 for decryption), this implementation only uses just two S-boxes of
1057	  256 bytes each, and attempts to eliminate data dependent latencies by
1058	  prefetching the entire table into the cache at the start of each
1059	  block. Interrupts are also disabled to avoid races where cachelines
1060	  are evicted when the CPU is interrupted to do something else.
1061
1062config CRYPTO_AES_586
1063	tristate "AES cipher algorithms (i586)"
1064	depends on (X86 || UML_X86) && !64BIT
1065	select CRYPTO_ALGAPI
1066	select CRYPTO_AES
1067	help
1068	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1069	  algorithm.
1070
1071	  Rijndael appears to be consistently a very good performer in
1072	  both hardware and software across a wide range of computing
1073	  environments regardless of its use in feedback or non-feedback
1074	  modes. Its key setup time is excellent, and its key agility is
1075	  good. Rijndael's very low memory requirements make it very well
1076	  suited for restricted-space environments, in which it also
1077	  demonstrates excellent performance. Rijndael's operations are
1078	  among the easiest to defend against power and timing attacks.
1079
1080	  The AES specifies three key sizes: 128, 192 and 256 bits
1081
1082	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1083
1084config CRYPTO_AES_X86_64
1085	tristate "AES cipher algorithms (x86_64)"
1086	depends on (X86 || UML_X86) && 64BIT
1087	select CRYPTO_ALGAPI
1088	select CRYPTO_AES
1089	help
1090	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1091	  algorithm.
1092
1093	  Rijndael appears to be consistently a very good performer in
1094	  both hardware and software across a wide range of computing
1095	  environments regardless of its use in feedback or non-feedback
1096	  modes. Its key setup time is excellent, and its key agility is
1097	  good. Rijndael's very low memory requirements make it very well
1098	  suited for restricted-space environments, in which it also
1099	  demonstrates excellent performance. Rijndael's operations are
1100	  among the easiest to defend against power and timing attacks.
1101
1102	  The AES specifies three key sizes: 128, 192 and 256 bits
1103
1104	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1105
1106config CRYPTO_AES_NI_INTEL
1107	tristate "AES cipher algorithms (AES-NI)"
1108	depends on X86
1109	select CRYPTO_AEAD
1110	select CRYPTO_AES_X86_64 if 64BIT
1111	select CRYPTO_AES_586 if !64BIT
1112	select CRYPTO_ALGAPI
1113	select CRYPTO_BLKCIPHER
1114	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1115	select CRYPTO_SIMD
1116	help
1117	  Use Intel AES-NI instructions for AES algorithm.
1118
1119	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1120	  algorithm.
1121
1122	  Rijndael appears to be consistently a very good performer in
1123	  both hardware and software across a wide range of computing
1124	  environments regardless of its use in feedback or non-feedback
1125	  modes. Its key setup time is excellent, and its key agility is
1126	  good. Rijndael's very low memory requirements make it very well
1127	  suited for restricted-space environments, in which it also
1128	  demonstrates excellent performance. Rijndael's operations are
1129	  among the easiest to defend against power and timing attacks.
1130
1131	  The AES specifies three key sizes: 128, 192 and 256 bits
1132
1133	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1134
1135	  In addition to AES cipher algorithm support, the acceleration
1136	  for some popular block cipher mode is supported too, including
1137	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1138	  acceleration for CTR.
1139
1140config CRYPTO_AES_SPARC64
1141	tristate "AES cipher algorithms (SPARC64)"
1142	depends on SPARC64
1143	select CRYPTO_CRYPTD
1144	select CRYPTO_ALGAPI
1145	help
1146	  Use SPARC64 crypto opcodes for AES algorithm.
1147
1148	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1149	  algorithm.
1150
1151	  Rijndael appears to be consistently a very good performer in
1152	  both hardware and software across a wide range of computing
1153	  environments regardless of its use in feedback or non-feedback
1154	  modes. Its key setup time is excellent, and its key agility is
1155	  good. Rijndael's very low memory requirements make it very well
1156	  suited for restricted-space environments, in which it also
1157	  demonstrates excellent performance. Rijndael's operations are
1158	  among the easiest to defend against power and timing attacks.
1159
1160	  The AES specifies three key sizes: 128, 192 and 256 bits
1161
1162	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1163
1164	  In addition to AES cipher algorithm support, the acceleration
1165	  for some popular block cipher mode is supported too, including
1166	  ECB and CBC.
1167
1168config CRYPTO_AES_PPC_SPE
1169	tristate "AES cipher algorithms (PPC SPE)"
1170	depends on PPC && SPE
1171	help
1172	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1173	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1174	  This module should only be used for low power (router) devices
1175	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1176	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1177	  timining attacks. Nevertheless it might be not as secure as other
1178	  architecture specific assembler implementations that work on 1KB
1179	  tables or 256 bytes S-boxes.
1180
1181config CRYPTO_ANUBIS
1182	tristate "Anubis cipher algorithm"
1183	select CRYPTO_ALGAPI
1184	help
1185	  Anubis cipher algorithm.
1186
1187	  Anubis is a variable key length cipher which can use keys from
1188	  128 bits to 320 bits in length.  It was evaluated as a entrant
1189	  in the NESSIE competition.
1190
1191	  See also:
1192	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1193	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1194
1195config CRYPTO_ARC4
1196	tristate "ARC4 cipher algorithm"
1197	select CRYPTO_BLKCIPHER
1198	help
1199	  ARC4 cipher algorithm.
1200
1201	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1202	  bits in length.  This algorithm is required for driver-based
1203	  WEP, but it should not be for other purposes because of the
1204	  weakness of the algorithm.
1205
1206config CRYPTO_BLOWFISH
1207	tristate "Blowfish cipher algorithm"
1208	select CRYPTO_ALGAPI
1209	select CRYPTO_BLOWFISH_COMMON
1210	help
1211	  Blowfish cipher algorithm, by Bruce Schneier.
1212
1213	  This is a variable key length cipher which can use keys from 32
1214	  bits to 448 bits in length.  It's fast, simple and specifically
1215	  designed for use on "large microprocessors".
1216
1217	  See also:
1218	  <http://www.schneier.com/blowfish.html>
1219
1220config CRYPTO_BLOWFISH_COMMON
1221	tristate
1222	help
1223	  Common parts of the Blowfish cipher algorithm shared by the
1224	  generic c and the assembler implementations.
1225
1226	  See also:
1227	  <http://www.schneier.com/blowfish.html>
1228
1229config CRYPTO_BLOWFISH_X86_64
1230	tristate "Blowfish cipher algorithm (x86_64)"
1231	depends on X86 && 64BIT
1232	select CRYPTO_BLKCIPHER
1233	select CRYPTO_BLOWFISH_COMMON
1234	help
1235	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1236
1237	  This is a variable key length cipher which can use keys from 32
1238	  bits to 448 bits in length.  It's fast, simple and specifically
1239	  designed for use on "large microprocessors".
1240
1241	  See also:
1242	  <http://www.schneier.com/blowfish.html>
1243
1244config CRYPTO_CAMELLIA
1245	tristate "Camellia cipher algorithms"
1246	depends on CRYPTO
1247	select CRYPTO_ALGAPI
1248	help
1249	  Camellia cipher algorithms module.
1250
1251	  Camellia is a symmetric key block cipher developed jointly
1252	  at NTT and Mitsubishi Electric Corporation.
1253
1254	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1255
1256	  See also:
1257	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1258
1259config CRYPTO_CAMELLIA_X86_64
1260	tristate "Camellia cipher algorithm (x86_64)"
1261	depends on X86 && 64BIT
1262	depends on CRYPTO
1263	select CRYPTO_BLKCIPHER
1264	select CRYPTO_GLUE_HELPER_X86
1265	help
1266	  Camellia cipher algorithm module (x86_64).
1267
1268	  Camellia is a symmetric key block cipher developed jointly
1269	  at NTT and Mitsubishi Electric Corporation.
1270
1271	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1272
1273	  See also:
1274	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1275
1276config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1277	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1278	depends on X86 && 64BIT
1279	depends on CRYPTO
1280	select CRYPTO_BLKCIPHER
1281	select CRYPTO_CAMELLIA_X86_64
1282	select CRYPTO_GLUE_HELPER_X86
1283	select CRYPTO_SIMD
1284	select CRYPTO_XTS
1285	help
1286	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1287
1288	  Camellia is a symmetric key block cipher developed jointly
1289	  at NTT and Mitsubishi Electric Corporation.
1290
1291	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1292
1293	  See also:
1294	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1295
1296config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1297	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1298	depends on X86 && 64BIT
1299	depends on CRYPTO
1300	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1301	help
1302	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1303
1304	  Camellia is a symmetric key block cipher developed jointly
1305	  at NTT and Mitsubishi Electric Corporation.
1306
1307	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1308
1309	  See also:
1310	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1311
1312config CRYPTO_CAMELLIA_SPARC64
1313	tristate "Camellia cipher algorithm (SPARC64)"
1314	depends on SPARC64
1315	depends on CRYPTO
1316	select CRYPTO_ALGAPI
1317	help
1318	  Camellia cipher algorithm module (SPARC64).
1319
1320	  Camellia is a symmetric key block cipher developed jointly
1321	  at NTT and Mitsubishi Electric Corporation.
1322
1323	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1324
1325	  See also:
1326	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1327
1328config CRYPTO_CAST_COMMON
1329	tristate
1330	help
1331	  Common parts of the CAST cipher algorithms shared by the
1332	  generic c and the assembler implementations.
1333
1334config CRYPTO_CAST5
1335	tristate "CAST5 (CAST-128) cipher algorithm"
1336	select CRYPTO_ALGAPI
1337	select CRYPTO_CAST_COMMON
1338	help
1339	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1340	  described in RFC2144.
1341
1342config CRYPTO_CAST5_AVX_X86_64
1343	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1344	depends on X86 && 64BIT
1345	select CRYPTO_BLKCIPHER
1346	select CRYPTO_CAST5
1347	select CRYPTO_CAST_COMMON
1348	select CRYPTO_SIMD
1349	help
1350	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1351	  described in RFC2144.
1352
1353	  This module provides the Cast5 cipher algorithm that processes
1354	  sixteen blocks parallel using the AVX instruction set.
1355
1356config CRYPTO_CAST6
1357	tristate "CAST6 (CAST-256) cipher algorithm"
1358	select CRYPTO_ALGAPI
1359	select CRYPTO_CAST_COMMON
1360	help
1361	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1362	  described in RFC2612.
1363
1364config CRYPTO_CAST6_AVX_X86_64
1365	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1366	depends on X86 && 64BIT
1367	select CRYPTO_BLKCIPHER
1368	select CRYPTO_CAST6
1369	select CRYPTO_CAST_COMMON
1370	select CRYPTO_GLUE_HELPER_X86
1371	select CRYPTO_SIMD
1372	select CRYPTO_XTS
1373	help
1374	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1375	  described in RFC2612.
1376
1377	  This module provides the Cast6 cipher algorithm that processes
1378	  eight blocks parallel using the AVX instruction set.
1379
1380config CRYPTO_DES
1381	tristate "DES and Triple DES EDE cipher algorithms"
1382	select CRYPTO_ALGAPI
1383	help
1384	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1385
1386config CRYPTO_DES_SPARC64
1387	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1388	depends on SPARC64
1389	select CRYPTO_ALGAPI
1390	select CRYPTO_DES
1391	help
1392	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1393	  optimized using SPARC64 crypto opcodes.
1394
1395config CRYPTO_DES3_EDE_X86_64
1396	tristate "Triple DES EDE cipher algorithm (x86-64)"
1397	depends on X86 && 64BIT
1398	select CRYPTO_BLKCIPHER
1399	select CRYPTO_DES
1400	help
1401	  Triple DES EDE (FIPS 46-3) algorithm.
1402
1403	  This module provides implementation of the Triple DES EDE cipher
1404	  algorithm that is optimized for x86-64 processors. Two versions of
1405	  algorithm are provided; regular processing one input block and
1406	  one that processes three blocks parallel.
1407
1408config CRYPTO_FCRYPT
1409	tristate "FCrypt cipher algorithm"
1410	select CRYPTO_ALGAPI
1411	select CRYPTO_BLKCIPHER
1412	help
1413	  FCrypt algorithm used by RxRPC.
1414
1415config CRYPTO_KHAZAD
1416	tristate "Khazad cipher algorithm"
1417	select CRYPTO_ALGAPI
1418	help
1419	  Khazad cipher algorithm.
1420
1421	  Khazad was a finalist in the initial NESSIE competition.  It is
1422	  an algorithm optimized for 64-bit processors with good performance
1423	  on 32-bit processors.  Khazad uses an 128 bit key size.
1424
1425	  See also:
1426	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1427
1428config CRYPTO_SALSA20
1429	tristate "Salsa20 stream cipher algorithm"
1430	select CRYPTO_BLKCIPHER
1431	help
1432	  Salsa20 stream cipher algorithm.
1433
1434	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1435	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1436
1437	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1438	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1439
1440config CRYPTO_CHACHA20
1441	tristate "ChaCha20 cipher algorithm"
1442	select CRYPTO_BLKCIPHER
1443	help
1444	  ChaCha20 cipher algorithm, RFC7539.
1445
1446	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1447	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1448	  This is the portable C implementation of ChaCha20.
1449
1450	  See also:
1451	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1452
1453config CRYPTO_CHACHA20_X86_64
1454	tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
1455	depends on X86 && 64BIT
1456	select CRYPTO_BLKCIPHER
1457	select CRYPTO_CHACHA20
1458	help
1459	  ChaCha20 cipher algorithm, RFC7539.
1460
1461	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1462	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1463	  This is the x86_64 assembler implementation using SIMD instructions.
1464
1465	  See also:
1466	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1467
1468config CRYPTO_SEED
1469	tristate "SEED cipher algorithm"
1470	select CRYPTO_ALGAPI
1471	help
1472	  SEED cipher algorithm (RFC4269).
1473
1474	  SEED is a 128-bit symmetric key block cipher that has been
1475	  developed by KISA (Korea Information Security Agency) as a
1476	  national standard encryption algorithm of the Republic of Korea.
1477	  It is a 16 round block cipher with the key size of 128 bit.
1478
1479	  See also:
1480	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1481
1482config CRYPTO_SERPENT
1483	tristate "Serpent cipher algorithm"
1484	select CRYPTO_ALGAPI
1485	help
1486	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1487
1488	  Keys are allowed to be from 0 to 256 bits in length, in steps
1489	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1490	  variant of Serpent for compatibility with old kerneli.org code.
1491
1492	  See also:
1493	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1494
1495config CRYPTO_SERPENT_SSE2_X86_64
1496	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1497	depends on X86 && 64BIT
1498	select CRYPTO_BLKCIPHER
1499	select CRYPTO_GLUE_HELPER_X86
1500	select CRYPTO_SERPENT
1501	select CRYPTO_SIMD
1502	help
1503	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1504
1505	  Keys are allowed to be from 0 to 256 bits in length, in steps
1506	  of 8 bits.
1507
1508	  This module provides Serpent cipher algorithm that processes eight
1509	  blocks parallel using SSE2 instruction set.
1510
1511	  See also:
1512	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1513
1514config CRYPTO_SERPENT_SSE2_586
1515	tristate "Serpent cipher algorithm (i586/SSE2)"
1516	depends on X86 && !64BIT
1517	select CRYPTO_BLKCIPHER
1518	select CRYPTO_GLUE_HELPER_X86
1519	select CRYPTO_SERPENT
1520	select CRYPTO_SIMD
1521	help
1522	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1523
1524	  Keys are allowed to be from 0 to 256 bits in length, in steps
1525	  of 8 bits.
1526
1527	  This module provides Serpent cipher algorithm that processes four
1528	  blocks parallel using SSE2 instruction set.
1529
1530	  See also:
1531	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1532
1533config CRYPTO_SERPENT_AVX_X86_64
1534	tristate "Serpent cipher algorithm (x86_64/AVX)"
1535	depends on X86 && 64BIT
1536	select CRYPTO_BLKCIPHER
1537	select CRYPTO_GLUE_HELPER_X86
1538	select CRYPTO_SERPENT
1539	select CRYPTO_SIMD
1540	select CRYPTO_XTS
1541	help
1542	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1543
1544	  Keys are allowed to be from 0 to 256 bits in length, in steps
1545	  of 8 bits.
1546
1547	  This module provides the Serpent cipher algorithm that processes
1548	  eight blocks parallel using the AVX instruction set.
1549
1550	  See also:
1551	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1552
1553config CRYPTO_SERPENT_AVX2_X86_64
1554	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1555	depends on X86 && 64BIT
1556	select CRYPTO_SERPENT_AVX_X86_64
1557	help
1558	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1559
1560	  Keys are allowed to be from 0 to 256 bits in length, in steps
1561	  of 8 bits.
1562
1563	  This module provides Serpent cipher algorithm that processes 16
1564	  blocks parallel using AVX2 instruction set.
1565
1566	  See also:
1567	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1568
1569config CRYPTO_SM4
1570	tristate "SM4 cipher algorithm"
1571	select CRYPTO_ALGAPI
1572	help
1573	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1574
1575	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1576	  Organization of State Commercial Administration of China (OSCCA)
1577	  as an authorized cryptographic algorithms for the use within China.
1578
1579	  SMS4 was originally created for use in protecting wireless
1580	  networks, and is mandated in the Chinese National Standard for
1581	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1582	  (GB.15629.11-2003).
1583
1584	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1585	  standardized through TC 260 of the Standardization Administration
1586	  of the People's Republic of China (SAC).
1587
1588	  The input, output, and key of SMS4 are each 128 bits.
1589
1590	  See also: <https://eprint.iacr.org/2008/329.pdf>
1591
1592	  If unsure, say N.
1593
1594config CRYPTO_TEA
1595	tristate "TEA, XTEA and XETA cipher algorithms"
1596	select CRYPTO_ALGAPI
1597	help
1598	  TEA cipher algorithm.
1599
1600	  Tiny Encryption Algorithm is a simple cipher that uses
1601	  many rounds for security.  It is very fast and uses
1602	  little memory.
1603
1604	  Xtendend Tiny Encryption Algorithm is a modification to
1605	  the TEA algorithm to address a potential key weakness
1606	  in the TEA algorithm.
1607
1608	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1609	  of the XTEA algorithm for compatibility purposes.
1610
1611config CRYPTO_TWOFISH
1612	tristate "Twofish cipher algorithm"
1613	select CRYPTO_ALGAPI
1614	select CRYPTO_TWOFISH_COMMON
1615	help
1616	  Twofish cipher algorithm.
1617
1618	  Twofish was submitted as an AES (Advanced Encryption Standard)
1619	  candidate cipher by researchers at CounterPane Systems.  It is a
1620	  16 round block cipher supporting key sizes of 128, 192, and 256
1621	  bits.
1622
1623	  See also:
1624	  <http://www.schneier.com/twofish.html>
1625
1626config CRYPTO_TWOFISH_COMMON
1627	tristate
1628	help
1629	  Common parts of the Twofish cipher algorithm shared by the
1630	  generic c and the assembler implementations.
1631
1632config CRYPTO_TWOFISH_586
1633	tristate "Twofish cipher algorithms (i586)"
1634	depends on (X86 || UML_X86) && !64BIT
1635	select CRYPTO_ALGAPI
1636	select CRYPTO_TWOFISH_COMMON
1637	help
1638	  Twofish cipher algorithm.
1639
1640	  Twofish was submitted as an AES (Advanced Encryption Standard)
1641	  candidate cipher by researchers at CounterPane Systems.  It is a
1642	  16 round block cipher supporting key sizes of 128, 192, and 256
1643	  bits.
1644
1645	  See also:
1646	  <http://www.schneier.com/twofish.html>
1647
1648config CRYPTO_TWOFISH_X86_64
1649	tristate "Twofish cipher algorithm (x86_64)"
1650	depends on (X86 || UML_X86) && 64BIT
1651	select CRYPTO_ALGAPI
1652	select CRYPTO_TWOFISH_COMMON
1653	help
1654	  Twofish cipher algorithm (x86_64).
1655
1656	  Twofish was submitted as an AES (Advanced Encryption Standard)
1657	  candidate cipher by researchers at CounterPane Systems.  It is a
1658	  16 round block cipher supporting key sizes of 128, 192, and 256
1659	  bits.
1660
1661	  See also:
1662	  <http://www.schneier.com/twofish.html>
1663
1664config CRYPTO_TWOFISH_X86_64_3WAY
1665	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1666	depends on X86 && 64BIT
1667	select CRYPTO_BLKCIPHER
1668	select CRYPTO_TWOFISH_COMMON
1669	select CRYPTO_TWOFISH_X86_64
1670	select CRYPTO_GLUE_HELPER_X86
1671	help
1672	  Twofish cipher algorithm (x86_64, 3-way parallel).
1673
1674	  Twofish was submitted as an AES (Advanced Encryption Standard)
1675	  candidate cipher by researchers at CounterPane Systems.  It is a
1676	  16 round block cipher supporting key sizes of 128, 192, and 256
1677	  bits.
1678
1679	  This module provides Twofish cipher algorithm that processes three
1680	  blocks parallel, utilizing resources of out-of-order CPUs better.
1681
1682	  See also:
1683	  <http://www.schneier.com/twofish.html>
1684
1685config CRYPTO_TWOFISH_AVX_X86_64
1686	tristate "Twofish cipher algorithm (x86_64/AVX)"
1687	depends on X86 && 64BIT
1688	select CRYPTO_BLKCIPHER
1689	select CRYPTO_GLUE_HELPER_X86
1690	select CRYPTO_SIMD
1691	select CRYPTO_TWOFISH_COMMON
1692	select CRYPTO_TWOFISH_X86_64
1693	select CRYPTO_TWOFISH_X86_64_3WAY
1694	help
1695	  Twofish cipher algorithm (x86_64/AVX).
1696
1697	  Twofish was submitted as an AES (Advanced Encryption Standard)
1698	  candidate cipher by researchers at CounterPane Systems.  It is a
1699	  16 round block cipher supporting key sizes of 128, 192, and 256
1700	  bits.
1701
1702	  This module provides the Twofish cipher algorithm that processes
1703	  eight blocks parallel using the AVX Instruction Set.
1704
1705	  See also:
1706	  <http://www.schneier.com/twofish.html>
1707
1708comment "Compression"
1709
1710config CRYPTO_DEFLATE
1711	tristate "Deflate compression algorithm"
1712	select CRYPTO_ALGAPI
1713	select CRYPTO_ACOMP2
1714	select ZLIB_INFLATE
1715	select ZLIB_DEFLATE
1716	help
1717	  This is the Deflate algorithm (RFC1951), specified for use in
1718	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1719
1720	  You will most probably want this if using IPSec.
1721
1722config CRYPTO_LZO
1723	tristate "LZO compression algorithm"
1724	select CRYPTO_ALGAPI
1725	select CRYPTO_ACOMP2
1726	select LZO_COMPRESS
1727	select LZO_DECOMPRESS
1728	help
1729	  This is the LZO algorithm.
1730
1731config CRYPTO_842
1732	tristate "842 compression algorithm"
1733	select CRYPTO_ALGAPI
1734	select CRYPTO_ACOMP2
1735	select 842_COMPRESS
1736	select 842_DECOMPRESS
1737	help
1738	  This is the 842 algorithm.
1739
1740config CRYPTO_LZ4
1741	tristate "LZ4 compression algorithm"
1742	select CRYPTO_ALGAPI
1743	select CRYPTO_ACOMP2
1744	select LZ4_COMPRESS
1745	select LZ4_DECOMPRESS
1746	help
1747	  This is the LZ4 algorithm.
1748
1749config CRYPTO_LZ4HC
1750	tristate "LZ4HC compression algorithm"
1751	select CRYPTO_ALGAPI
1752	select CRYPTO_ACOMP2
1753	select LZ4HC_COMPRESS
1754	select LZ4_DECOMPRESS
1755	help
1756	  This is the LZ4 high compression mode algorithm.
1757
1758config CRYPTO_ZSTD
1759	tristate "Zstd compression algorithm"
1760	select CRYPTO_ALGAPI
1761	select CRYPTO_ACOMP2
1762	select ZSTD_COMPRESS
1763	select ZSTD_DECOMPRESS
1764	help
1765	  This is the zstd algorithm.
1766
1767comment "Random Number Generation"
1768
1769config CRYPTO_ANSI_CPRNG
1770	tristate "Pseudo Random Number Generation for Cryptographic modules"
1771	select CRYPTO_AES
1772	select CRYPTO_RNG
1773	help
1774	  This option enables the generic pseudo random number generator
1775	  for cryptographic modules.  Uses the Algorithm specified in
1776	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1777	  CRYPTO_FIPS is selected
1778
1779menuconfig CRYPTO_DRBG_MENU
1780	tristate "NIST SP800-90A DRBG"
1781	help
1782	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1783	  more of the DRBG types must be selected.
1784
1785if CRYPTO_DRBG_MENU
1786
1787config CRYPTO_DRBG_HMAC
1788	bool
1789	default y
1790	select CRYPTO_HMAC
1791	select CRYPTO_SHA256
1792
1793config CRYPTO_DRBG_HASH
1794	bool "Enable Hash DRBG"
1795	select CRYPTO_SHA256
1796	help
1797	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1798
1799config CRYPTO_DRBG_CTR
1800	bool "Enable CTR DRBG"
1801	select CRYPTO_AES
1802	depends on CRYPTO_CTR
1803	help
1804	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1805
1806config CRYPTO_DRBG
1807	tristate
1808	default CRYPTO_DRBG_MENU
1809	select CRYPTO_RNG
1810	select CRYPTO_JITTERENTROPY
1811
1812endif	# if CRYPTO_DRBG_MENU
1813
1814config CRYPTO_JITTERENTROPY
1815	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1816	select CRYPTO_RNG
1817	help
1818	  The Jitterentropy RNG is a noise that is intended
1819	  to provide seed to another RNG. The RNG does not
1820	  perform any cryptographic whitening of the generated
1821	  random numbers. This Jitterentropy RNG registers with
1822	  the kernel crypto API and can be used by any caller.
1823
1824config CRYPTO_USER_API
1825	tristate
1826
1827config CRYPTO_USER_API_HASH
1828	tristate "User-space interface for hash algorithms"
1829	depends on NET
1830	select CRYPTO_HASH
1831	select CRYPTO_USER_API
1832	help
1833	  This option enables the user-spaces interface for hash
1834	  algorithms.
1835
1836config CRYPTO_USER_API_SKCIPHER
1837	tristate "User-space interface for symmetric key cipher algorithms"
1838	depends on NET
1839	select CRYPTO_BLKCIPHER
1840	select CRYPTO_USER_API
1841	help
1842	  This option enables the user-spaces interface for symmetric
1843	  key cipher algorithms.
1844
1845config CRYPTO_USER_API_RNG
1846	tristate "User-space interface for random number generator algorithms"
1847	depends on NET
1848	select CRYPTO_RNG
1849	select CRYPTO_USER_API
1850	help
1851	  This option enables the user-spaces interface for random
1852	  number generator algorithms.
1853
1854config CRYPTO_USER_API_AEAD
1855	tristate "User-space interface for AEAD cipher algorithms"
1856	depends on NET
1857	select CRYPTO_AEAD
1858	select CRYPTO_BLKCIPHER
1859	select CRYPTO_NULL
1860	select CRYPTO_USER_API
1861	help
1862	  This option enables the user-spaces interface for AEAD
1863	  cipher algorithms.
1864
1865config CRYPTO_HASH_INFO
1866	bool
1867
1868source "drivers/crypto/Kconfig"
1869source crypto/asymmetric_keys/Kconfig
1870source certs/Kconfig
1871
1872endif	# if CRYPTO
1873