2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
38 This option provides the API for cryptographic algorithms.
52 config CRYPTO_BLKCIPHER
54 select CRYPTO_BLKCIPHER2
57 config CRYPTO_BLKCIPHER2
61 select CRYPTO_WORKQUEUE
91 tristate "Cryptographic algorithm manager"
92 select CRYPTO_MANAGER2
94 Create default cryptographic template instantiations such as
97 config CRYPTO_MANAGER2
98 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
101 select CRYPTO_BLKCIPHER2
105 tristate "Userspace cryptographic algorithm configuration"
107 select CRYPTO_MANAGER
109 Userspace configuration for cryptographic instantiations such as
112 config CRYPTO_MANAGER_DISABLE_TESTS
113 bool "Disable run-time self tests"
115 depends on CRYPTO_MANAGER2
117 Disable run-time self tests that normally take place at
118 algorithm registration.
120 config CRYPTO_GF128MUL
121 tristate "GF(2^128) multiplication functions"
123 Efficient table driven implementation of multiplications in the
124 field GF(2^128). This is needed by some cypher modes. This
125 option will be selected automatically if you select such a
126 cipher mode. Only select this option by hand if you expect to load
127 an external module that requires these functions.
130 tristate "Null algorithms"
132 select CRYPTO_BLKCIPHER
135 These are 'Null' algorithms, used by IPsec, which do nothing.
138 tristate "Parallel crypto engine"
141 select CRYPTO_MANAGER
144 This converts an arbitrary crypto algorithm into a parallel
145 algorithm that executes in kernel threads.
147 config CRYPTO_WORKQUEUE
151 tristate "Software async crypto daemon"
152 select CRYPTO_BLKCIPHER
154 select CRYPTO_MANAGER
155 select CRYPTO_WORKQUEUE
157 This is a generic software asynchronous crypto daemon that
158 converts an arbitrary synchronous software crypto algorithm
159 into an asynchronous algorithm that executes in a kernel thread.
161 config CRYPTO_MCRYPTD
162 tristate "Software async multi-buffer crypto daemon"
163 select CRYPTO_BLKCIPHER
165 select CRYPTO_MANAGER
166 select CRYPTO_WORKQUEUE
168 This is a generic software asynchronous crypto daemon that
169 provides the kernel thread to assist multi-buffer crypto
170 algorithms for submitting jobs and flushing jobs in multi-buffer
171 crypto algorithms. Multi-buffer crypto algorithms are executed
172 in the context of this kernel thread and drivers can post
173 their crypto request asynchronously to be processed by this daemon.
175 config CRYPTO_AUTHENC
176 tristate "Authenc support"
178 select CRYPTO_BLKCIPHER
179 select CRYPTO_MANAGER
182 Authenc: Combined mode wrapper for IPsec.
183 This is required for IPSec.
186 tristate "Testing module"
188 select CRYPTO_MANAGER
190 Quick & dirty crypto test module.
192 config CRYPTO_ABLK_HELPER
196 config CRYPTO_GLUE_HELPER_X86
201 comment "Authenticated Encryption with Associated Data"
204 tristate "CCM support"
208 Support for Counter with CBC MAC. Required for IPsec.
211 tristate "GCM/GMAC support"
217 Support for Galois/Counter Mode (GCM) and Galois Message
218 Authentication Code (GMAC). Required for IPSec.
221 tristate "Sequence Number IV Generator"
223 select CRYPTO_BLKCIPHER
226 This IV generator generates an IV based on a sequence number by
227 xoring it with a salt. This algorithm is mainly useful for CTR
229 comment "Block modes"
232 tristate "CBC support"
233 select CRYPTO_BLKCIPHER
234 select CRYPTO_MANAGER
236 CBC: Cipher Block Chaining mode
237 This block cipher algorithm is required for IPSec.
240 tristate "CTR support"
241 select CRYPTO_BLKCIPHER
243 select CRYPTO_MANAGER
246 This block cipher algorithm is required for IPSec.
249 tristate "CTS support"
250 select CRYPTO_BLKCIPHER
252 CTS: Cipher Text Stealing
253 This is the Cipher Text Stealing mode as described by
254 Section 8 of rfc2040 and referenced by rfc3962.
255 (rfc3962 includes errata information in its Appendix A)
256 This mode is required for Kerberos gss mechanism support
260 tristate "ECB support"
261 select CRYPTO_BLKCIPHER
262 select CRYPTO_MANAGER
264 ECB: Electronic CodeBook mode
265 This is the simplest block cipher algorithm. It simply encrypts
266 the input block by block.
269 tristate "LRW support"
270 select CRYPTO_BLKCIPHER
271 select CRYPTO_MANAGER
272 select CRYPTO_GF128MUL
274 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
275 narrow block cipher mode for dm-crypt. Use it with cipher
276 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
277 The first 128, 192 or 256 bits in the key are used for AES and the
278 rest is used to tie each cipher block to its logical position.
281 tristate "PCBC support"
282 select CRYPTO_BLKCIPHER
283 select CRYPTO_MANAGER
285 PCBC: Propagating Cipher Block Chaining mode
286 This block cipher algorithm is required for RxRPC.
289 tristate "XTS support"
290 select CRYPTO_BLKCIPHER
291 select CRYPTO_MANAGER
292 select CRYPTO_GF128MUL
294 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
295 key size 256, 384 or 512 bits. This implementation currently
296 can't handle a sectorsize which is not a multiple of 16 bytes.
301 tristate "CMAC support"
303 select CRYPTO_MANAGER
305 Cipher-based Message Authentication Code (CMAC) specified by
306 The National Institute of Standards and Technology (NIST).
308 https://tools.ietf.org/html/rfc4493
309 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
312 tristate "HMAC support"
314 select CRYPTO_MANAGER
316 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
317 This is required for IPSec.
320 tristate "XCBC support"
322 select CRYPTO_MANAGER
324 XCBC: Keyed-Hashing with encryption algorithm
325 http://www.ietf.org/rfc/rfc3566.txt
326 http://csrc.nist.gov/encryption/modes/proposedmodes/
327 xcbc-mac/xcbc-mac-spec.pdf
330 tristate "VMAC support"
332 select CRYPTO_MANAGER
334 VMAC is a message authentication algorithm designed for
335 very high speed on 64-bit architectures.
338 <http://fastcrypto.org/vmac>
343 tristate "CRC32c CRC algorithm"
347 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
348 by iSCSI for header and data digests and by others.
349 See Castagnoli93. Module will be crc32c.
351 config CRYPTO_CRC32C_INTEL
352 tristate "CRC32c INTEL hardware acceleration"
356 In Intel processor with SSE4.2 supported, the processor will
357 support CRC32C implementation using hardware accelerated CRC32
358 instruction. This option will create 'crc32c-intel' module,
359 which will enable any routine to use the CRC32 instruction to
360 gain performance compared with software implementation.
361 Module will be crc32c-intel.
363 config CRYPTO_CRC32C_SPARC64
364 tristate "CRC32c CRC algorithm (SPARC64)"
369 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
373 tristate "CRC32 CRC algorithm"
377 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
378 Shash crypto api wrappers to crc32_le function.
380 config CRYPTO_CRC32_PCLMUL
381 tristate "CRC32 PCLMULQDQ hardware acceleration"
386 From Intel Westmere and AMD Bulldozer processor with SSE4.2
387 and PCLMULQDQ supported, the processor will support
388 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
389 instruction. This option will create 'crc32-plcmul' module,
390 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
391 and gain better performance as compared with the table implementation.
393 config CRYPTO_CRCT10DIF
394 tristate "CRCT10DIF algorithm"
397 CRC T10 Data Integrity Field computation is being cast as
398 a crypto transform. This allows for faster crc t10 diff
399 transforms to be used if they are available.
401 config CRYPTO_CRCT10DIF_PCLMUL
402 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
403 depends on X86 && 64BIT && CRC_T10DIF
406 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
407 CRC T10 DIF PCLMULQDQ computation can be hardware
408 accelerated PCLMULQDQ instruction. This option will create
409 'crct10dif-plcmul' module, which is faster when computing the
410 crct10dif checksum as compared with the generic table implementation.
413 tristate "GHASH digest algorithm"
414 select CRYPTO_GF128MUL
416 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
419 tristate "MD4 digest algorithm"
422 MD4 message digest algorithm (RFC1320).
425 tristate "MD5 digest algorithm"
428 MD5 message digest algorithm (RFC1321).
430 config CRYPTO_MD5_SPARC64
431 tristate "MD5 digest algorithm (SPARC64)"
436 MD5 message digest algorithm (RFC1321) implemented
437 using sparc64 crypto instructions, when available.
439 config CRYPTO_MICHAEL_MIC
440 tristate "Michael MIC keyed digest algorithm"
443 Michael MIC is used for message integrity protection in TKIP
444 (IEEE 802.11i). This algorithm is required for TKIP, but it
445 should not be used for other purposes because of the weakness
449 tristate "RIPEMD-128 digest algorithm"
452 RIPEMD-128 (ISO/IEC 10118-3:2004).
454 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
455 be used as a secure replacement for RIPEMD. For other use cases,
456 RIPEMD-160 should be used.
458 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
459 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
462 tristate "RIPEMD-160 digest algorithm"
465 RIPEMD-160 (ISO/IEC 10118-3:2004).
467 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
468 to be used as a secure replacement for the 128-bit hash functions
469 MD4, MD5 and it's predecessor RIPEMD
470 (not to be confused with RIPEMD-128).
472 It's speed is comparable to SHA1 and there are no known attacks
475 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
476 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
479 tristate "RIPEMD-256 digest algorithm"
482 RIPEMD-256 is an optional extension of RIPEMD-128 with a
483 256 bit hash. It is intended for applications that require
484 longer hash-results, without needing a larger security level
487 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
488 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
491 tristate "RIPEMD-320 digest algorithm"
494 RIPEMD-320 is an optional extension of RIPEMD-160 with a
495 320 bit hash. It is intended for applications that require
496 longer hash-results, without needing a larger security level
499 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
500 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
503 tristate "SHA1 digest algorithm"
506 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
508 config CRYPTO_SHA1_SSSE3
509 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
510 depends on X86 && 64BIT
514 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
515 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
516 Extensions (AVX/AVX2), when available.
518 config CRYPTO_SHA256_SSSE3
519 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
520 depends on X86 && 64BIT
524 SHA-256 secure hash standard (DFIPS 180-2) implemented
525 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
526 Extensions version 1 (AVX1), or Advanced Vector Extensions
527 version 2 (AVX2) instructions, when available.
529 config CRYPTO_SHA512_SSSE3
530 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
531 depends on X86 && 64BIT
535 SHA-512 secure hash standard (DFIPS 180-2) implemented
536 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
537 Extensions version 1 (AVX1), or Advanced Vector Extensions
538 version 2 (AVX2) instructions, when available.
540 config CRYPTO_SHA1_SPARC64
541 tristate "SHA1 digest algorithm (SPARC64)"
546 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
547 using sparc64 crypto instructions, when available.
549 config CRYPTO_SHA1_ARM
550 tristate "SHA1 digest algorithm (ARM-asm)"
555 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
556 using optimized ARM assembler.
558 config CRYPTO_SHA1_ARM_NEON
559 tristate "SHA1 digest algorithm (ARM NEON)"
560 depends on ARM && KERNEL_MODE_NEON
561 select CRYPTO_SHA1_ARM
565 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
566 using optimized ARM NEON assembly, when NEON instructions are
569 config CRYPTO_SHA1_PPC
570 tristate "SHA1 digest algorithm (powerpc)"
573 This is the powerpc hardware accelerated implementation of the
574 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
576 config CRYPTO_SHA1_MB
577 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
578 depends on X86 && 64BIT
581 select CRYPTO_MCRYPTD
583 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
584 using multi-buffer technique. This algorithm computes on
585 multiple data lanes concurrently with SIMD instructions for
586 better throughput. It should not be enabled by default but
587 used when there is significant amount of work to keep the keep
588 the data lanes filled to get performance benefit. If the data
589 lanes remain unfilled, a flush operation will be initiated to
590 process the crypto jobs, adding a slight latency.
593 tristate "SHA224 and SHA256 digest algorithm"
596 SHA256 secure hash standard (DFIPS 180-2).
598 This version of SHA implements a 256 bit hash with 128 bits of
599 security against collision attacks.
601 This code also includes SHA-224, a 224 bit hash with 112 bits
602 of security against collision attacks.
604 config CRYPTO_SHA256_SPARC64
605 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
610 SHA-256 secure hash standard (DFIPS 180-2) implemented
611 using sparc64 crypto instructions, when available.
614 tristate "SHA384 and SHA512 digest algorithms"
617 SHA512 secure hash standard (DFIPS 180-2).
619 This version of SHA implements a 512 bit hash with 256 bits of
620 security against collision attacks.
622 This code also includes SHA-384, a 384 bit hash with 192 bits
623 of security against collision attacks.
625 config CRYPTO_SHA512_SPARC64
626 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
631 SHA-512 secure hash standard (DFIPS 180-2) implemented
632 using sparc64 crypto instructions, when available.
634 config CRYPTO_SHA512_ARM_NEON
635 tristate "SHA384 and SHA512 digest algorithm (ARM NEON)"
636 depends on ARM && KERNEL_MODE_NEON
640 SHA-512 secure hash standard (DFIPS 180-2) implemented
641 using ARM NEON instructions, when available.
643 This version of SHA implements a 512 bit hash with 256 bits of
644 security against collision attacks.
646 This code also includes SHA-384, a 384 bit hash with 192 bits
647 of security against collision attacks.
650 tristate "Tiger digest algorithms"
653 Tiger hash algorithm 192, 160 and 128-bit hashes
655 Tiger is a hash function optimized for 64-bit processors while
656 still having decent performance on 32-bit processors.
657 Tiger was developed by Ross Anderson and Eli Biham.
660 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
663 tristate "Whirlpool digest algorithms"
666 Whirlpool hash algorithm 512, 384 and 256-bit hashes
668 Whirlpool-512 is part of the NESSIE cryptographic primitives.
669 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
672 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
674 config CRYPTO_GHASH_CLMUL_NI_INTEL
675 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
676 depends on X86 && 64BIT
679 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
680 The implementation is accelerated by CLMUL-NI of Intel.
685 tristate "AES cipher algorithms"
688 AES cipher algorithms (FIPS-197). AES uses the Rijndael
691 Rijndael appears to be consistently a very good performer in
692 both hardware and software across a wide range of computing
693 environments regardless of its use in feedback or non-feedback
694 modes. Its key setup time is excellent, and its key agility is
695 good. Rijndael's very low memory requirements make it very well
696 suited for restricted-space environments, in which it also
697 demonstrates excellent performance. Rijndael's operations are
698 among the easiest to defend against power and timing attacks.
700 The AES specifies three key sizes: 128, 192 and 256 bits
702 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
704 config CRYPTO_AES_586
705 tristate "AES cipher algorithms (i586)"
706 depends on (X86 || UML_X86) && !64BIT
710 AES cipher algorithms (FIPS-197). AES uses the Rijndael
713 Rijndael appears to be consistently a very good performer in
714 both hardware and software across a wide range of computing
715 environments regardless of its use in feedback or non-feedback
716 modes. Its key setup time is excellent, and its key agility is
717 good. Rijndael's very low memory requirements make it very well
718 suited for restricted-space environments, in which it also
719 demonstrates excellent performance. Rijndael's operations are
720 among the easiest to defend against power and timing attacks.
722 The AES specifies three key sizes: 128, 192 and 256 bits
724 See <http://csrc.nist.gov/encryption/aes/> for more information.
726 config CRYPTO_AES_X86_64
727 tristate "AES cipher algorithms (x86_64)"
728 depends on (X86 || UML_X86) && 64BIT
732 AES cipher algorithms (FIPS-197). AES uses the Rijndael
735 Rijndael appears to be consistently a very good performer in
736 both hardware and software across a wide range of computing
737 environments regardless of its use in feedback or non-feedback
738 modes. Its key setup time is excellent, and its key agility is
739 good. Rijndael's very low memory requirements make it very well
740 suited for restricted-space environments, in which it also
741 demonstrates excellent performance. Rijndael's operations are
742 among the easiest to defend against power and timing attacks.
744 The AES specifies three key sizes: 128, 192 and 256 bits
746 See <http://csrc.nist.gov/encryption/aes/> for more information.
748 config CRYPTO_AES_NI_INTEL
749 tristate "AES cipher algorithms (AES-NI)"
751 select CRYPTO_AES_X86_64 if 64BIT
752 select CRYPTO_AES_586 if !64BIT
754 select CRYPTO_ABLK_HELPER
756 select CRYPTO_GLUE_HELPER_X86 if 64BIT
760 Use Intel AES-NI instructions for AES algorithm.
762 AES cipher algorithms (FIPS-197). AES uses the Rijndael
765 Rijndael appears to be consistently a very good performer in
766 both hardware and software across a wide range of computing
767 environments regardless of its use in feedback or non-feedback
768 modes. Its key setup time is excellent, and its key agility is
769 good. Rijndael's very low memory requirements make it very well
770 suited for restricted-space environments, in which it also
771 demonstrates excellent performance. Rijndael's operations are
772 among the easiest to defend against power and timing attacks.
774 The AES specifies three key sizes: 128, 192 and 256 bits
776 See <http://csrc.nist.gov/encryption/aes/> for more information.
778 In addition to AES cipher algorithm support, the acceleration
779 for some popular block cipher mode is supported too, including
780 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
781 acceleration for CTR.
783 config CRYPTO_AES_SPARC64
784 tristate "AES cipher algorithms (SPARC64)"
789 Use SPARC64 crypto opcodes for AES algorithm.
791 AES cipher algorithms (FIPS-197). AES uses the Rijndael
794 Rijndael appears to be consistently a very good performer in
795 both hardware and software across a wide range of computing
796 environments regardless of its use in feedback or non-feedback
797 modes. Its key setup time is excellent, and its key agility is
798 good. Rijndael's very low memory requirements make it very well
799 suited for restricted-space environments, in which it also
800 demonstrates excellent performance. Rijndael's operations are
801 among the easiest to defend against power and timing attacks.
803 The AES specifies three key sizes: 128, 192 and 256 bits
805 See <http://csrc.nist.gov/encryption/aes/> for more information.
807 In addition to AES cipher algorithm support, the acceleration
808 for some popular block cipher mode is supported too, including
811 config CRYPTO_AES_ARM
812 tristate "AES cipher algorithms (ARM-asm)"
817 Use optimized AES assembler routines for ARM platforms.
819 AES cipher algorithms (FIPS-197). AES uses the Rijndael
822 Rijndael appears to be consistently a very good performer in
823 both hardware and software across a wide range of computing
824 environments regardless of its use in feedback or non-feedback
825 modes. Its key setup time is excellent, and its key agility is
826 good. Rijndael's very low memory requirements make it very well
827 suited for restricted-space environments, in which it also
828 demonstrates excellent performance. Rijndael's operations are
829 among the easiest to defend against power and timing attacks.
831 The AES specifies three key sizes: 128, 192 and 256 bits
833 See <http://csrc.nist.gov/encryption/aes/> for more information.
835 config CRYPTO_AES_ARM_BS
836 tristate "Bit sliced AES using NEON instructions"
837 depends on ARM && KERNEL_MODE_NEON
839 select CRYPTO_AES_ARM
840 select CRYPTO_ABLK_HELPER
842 Use a faster and more secure NEON based implementation of AES in CBC,
845 Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
846 and for XTS mode encryption, CBC and XTS mode decryption speedup is
847 around 25%. (CBC encryption speed is not affected by this driver.)
848 This implementation does not rely on any lookup tables so it is
849 believed to be invulnerable to cache timing attacks.
852 tristate "Anubis cipher algorithm"
855 Anubis cipher algorithm.
857 Anubis is a variable key length cipher which can use keys from
858 128 bits to 320 bits in length. It was evaluated as a entrant
859 in the NESSIE competition.
862 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
863 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
866 tristate "ARC4 cipher algorithm"
867 select CRYPTO_BLKCIPHER
869 ARC4 cipher algorithm.
871 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
872 bits in length. This algorithm is required for driver-based
873 WEP, but it should not be for other purposes because of the
874 weakness of the algorithm.
876 config CRYPTO_BLOWFISH
877 tristate "Blowfish cipher algorithm"
879 select CRYPTO_BLOWFISH_COMMON
881 Blowfish cipher algorithm, by Bruce Schneier.
883 This is a variable key length cipher which can use keys from 32
884 bits to 448 bits in length. It's fast, simple and specifically
885 designed for use on "large microprocessors".
888 <http://www.schneier.com/blowfish.html>
890 config CRYPTO_BLOWFISH_COMMON
893 Common parts of the Blowfish cipher algorithm shared by the
894 generic c and the assembler implementations.
897 <http://www.schneier.com/blowfish.html>
899 config CRYPTO_BLOWFISH_X86_64
900 tristate "Blowfish cipher algorithm (x86_64)"
901 depends on X86 && 64BIT
903 select CRYPTO_BLOWFISH_COMMON
905 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
907 This is a variable key length cipher which can use keys from 32
908 bits to 448 bits in length. It's fast, simple and specifically
909 designed for use on "large microprocessors".
912 <http://www.schneier.com/blowfish.html>
914 config CRYPTO_CAMELLIA
915 tristate "Camellia cipher algorithms"
919 Camellia cipher algorithms module.
921 Camellia is a symmetric key block cipher developed jointly
922 at NTT and Mitsubishi Electric Corporation.
924 The Camellia specifies three key sizes: 128, 192 and 256 bits.
927 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
929 config CRYPTO_CAMELLIA_X86_64
930 tristate "Camellia cipher algorithm (x86_64)"
931 depends on X86 && 64BIT
934 select CRYPTO_GLUE_HELPER_X86
938 Camellia cipher algorithm module (x86_64).
940 Camellia is a symmetric key block cipher developed jointly
941 at NTT and Mitsubishi Electric Corporation.
943 The Camellia specifies three key sizes: 128, 192 and 256 bits.
946 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
948 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
949 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
950 depends on X86 && 64BIT
954 select CRYPTO_ABLK_HELPER
955 select CRYPTO_GLUE_HELPER_X86
956 select CRYPTO_CAMELLIA_X86_64
960 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
962 Camellia is a symmetric key block cipher developed jointly
963 at NTT and Mitsubishi Electric Corporation.
965 The Camellia specifies three key sizes: 128, 192 and 256 bits.
968 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
970 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
971 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
972 depends on X86 && 64BIT
976 select CRYPTO_ABLK_HELPER
977 select CRYPTO_GLUE_HELPER_X86
978 select CRYPTO_CAMELLIA_X86_64
979 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
983 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
985 Camellia is a symmetric key block cipher developed jointly
986 at NTT and Mitsubishi Electric Corporation.
988 The Camellia specifies three key sizes: 128, 192 and 256 bits.
991 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
993 config CRYPTO_CAMELLIA_SPARC64
994 tristate "Camellia cipher algorithm (SPARC64)"
999 Camellia cipher algorithm module (SPARC64).
1001 Camellia is a symmetric key block cipher developed jointly
1002 at NTT and Mitsubishi Electric Corporation.
1004 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1007 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1009 config CRYPTO_CAST_COMMON
1012 Common parts of the CAST cipher algorithms shared by the
1013 generic c and the assembler implementations.
1016 tristate "CAST5 (CAST-128) cipher algorithm"
1017 select CRYPTO_ALGAPI
1018 select CRYPTO_CAST_COMMON
1020 The CAST5 encryption algorithm (synonymous with CAST-128) is
1021 described in RFC2144.
1023 config CRYPTO_CAST5_AVX_X86_64
1024 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1025 depends on X86 && 64BIT
1026 select CRYPTO_ALGAPI
1027 select CRYPTO_CRYPTD
1028 select CRYPTO_ABLK_HELPER
1029 select CRYPTO_CAST_COMMON
1032 The CAST5 encryption algorithm (synonymous with CAST-128) is
1033 described in RFC2144.
1035 This module provides the Cast5 cipher algorithm that processes
1036 sixteen blocks parallel using the AVX instruction set.
1039 tristate "CAST6 (CAST-256) cipher algorithm"
1040 select CRYPTO_ALGAPI
1041 select CRYPTO_CAST_COMMON
1043 The CAST6 encryption algorithm (synonymous with CAST-256) is
1044 described in RFC2612.
1046 config CRYPTO_CAST6_AVX_X86_64
1047 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1048 depends on X86 && 64BIT
1049 select CRYPTO_ALGAPI
1050 select CRYPTO_CRYPTD
1051 select CRYPTO_ABLK_HELPER
1052 select CRYPTO_GLUE_HELPER_X86
1053 select CRYPTO_CAST_COMMON
1058 The CAST6 encryption algorithm (synonymous with CAST-256) is
1059 described in RFC2612.
1061 This module provides the Cast6 cipher algorithm that processes
1062 eight blocks parallel using the AVX instruction set.
1065 tristate "DES and Triple DES EDE cipher algorithms"
1066 select CRYPTO_ALGAPI
1068 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1070 config CRYPTO_DES_SPARC64
1071 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1073 select CRYPTO_ALGAPI
1076 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1077 optimized using SPARC64 crypto opcodes.
1079 config CRYPTO_DES3_EDE_X86_64
1080 tristate "Triple DES EDE cipher algorithm (x86-64)"
1081 depends on X86 && 64BIT
1082 select CRYPTO_ALGAPI
1085 Triple DES EDE (FIPS 46-3) algorithm.
1087 This module provides implementation of the Triple DES EDE cipher
1088 algorithm that is optimized for x86-64 processors. Two versions of
1089 algorithm are provided; regular processing one input block and
1090 one that processes three blocks parallel.
1092 config CRYPTO_FCRYPT
1093 tristate "FCrypt cipher algorithm"
1094 select CRYPTO_ALGAPI
1095 select CRYPTO_BLKCIPHER
1097 FCrypt algorithm used by RxRPC.
1099 config CRYPTO_KHAZAD
1100 tristate "Khazad cipher algorithm"
1101 select CRYPTO_ALGAPI
1103 Khazad cipher algorithm.
1105 Khazad was a finalist in the initial NESSIE competition. It is
1106 an algorithm optimized for 64-bit processors with good performance
1107 on 32-bit processors. Khazad uses an 128 bit key size.
1110 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1112 config CRYPTO_SALSA20
1113 tristate "Salsa20 stream cipher algorithm"
1114 select CRYPTO_BLKCIPHER
1116 Salsa20 stream cipher algorithm.
1118 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1119 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1121 The Salsa20 stream cipher algorithm is designed by Daniel J.
1122 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1124 config CRYPTO_SALSA20_586
1125 tristate "Salsa20 stream cipher algorithm (i586)"
1126 depends on (X86 || UML_X86) && !64BIT
1127 select CRYPTO_BLKCIPHER
1129 Salsa20 stream cipher algorithm.
1131 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1132 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1134 The Salsa20 stream cipher algorithm is designed by Daniel J.
1135 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1137 config CRYPTO_SALSA20_X86_64
1138 tristate "Salsa20 stream cipher algorithm (x86_64)"
1139 depends on (X86 || UML_X86) && 64BIT
1140 select CRYPTO_BLKCIPHER
1142 Salsa20 stream cipher algorithm.
1144 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1145 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1147 The Salsa20 stream cipher algorithm is designed by Daniel J.
1148 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1151 tristate "SEED cipher algorithm"
1152 select CRYPTO_ALGAPI
1154 SEED cipher algorithm (RFC4269).
1156 SEED is a 128-bit symmetric key block cipher that has been
1157 developed by KISA (Korea Information Security Agency) as a
1158 national standard encryption algorithm of the Republic of Korea.
1159 It is a 16 round block cipher with the key size of 128 bit.
1162 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1164 config CRYPTO_SERPENT
1165 tristate "Serpent cipher algorithm"
1166 select CRYPTO_ALGAPI
1168 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1170 Keys are allowed to be from 0 to 256 bits in length, in steps
1171 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1172 variant of Serpent for compatibility with old kerneli.org code.
1175 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1177 config CRYPTO_SERPENT_SSE2_X86_64
1178 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1179 depends on X86 && 64BIT
1180 select CRYPTO_ALGAPI
1181 select CRYPTO_CRYPTD
1182 select CRYPTO_ABLK_HELPER
1183 select CRYPTO_GLUE_HELPER_X86
1184 select CRYPTO_SERPENT
1188 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1190 Keys are allowed to be from 0 to 256 bits in length, in steps
1193 This module provides Serpent cipher algorithm that processes eigth
1194 blocks parallel using SSE2 instruction set.
1197 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1199 config CRYPTO_SERPENT_SSE2_586
1200 tristate "Serpent cipher algorithm (i586/SSE2)"
1201 depends on X86 && !64BIT
1202 select CRYPTO_ALGAPI
1203 select CRYPTO_CRYPTD
1204 select CRYPTO_ABLK_HELPER
1205 select CRYPTO_GLUE_HELPER_X86
1206 select CRYPTO_SERPENT
1210 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1212 Keys are allowed to be from 0 to 256 bits in length, in steps
1215 This module provides Serpent cipher algorithm that processes four
1216 blocks parallel using SSE2 instruction set.
1219 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1221 config CRYPTO_SERPENT_AVX_X86_64
1222 tristate "Serpent cipher algorithm (x86_64/AVX)"
1223 depends on X86 && 64BIT
1224 select CRYPTO_ALGAPI
1225 select CRYPTO_CRYPTD
1226 select CRYPTO_ABLK_HELPER
1227 select CRYPTO_GLUE_HELPER_X86
1228 select CRYPTO_SERPENT
1232 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1234 Keys are allowed to be from 0 to 256 bits in length, in steps
1237 This module provides the Serpent cipher algorithm that processes
1238 eight blocks parallel using the AVX instruction set.
1241 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1243 config CRYPTO_SERPENT_AVX2_X86_64
1244 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1245 depends on X86 && 64BIT
1246 select CRYPTO_ALGAPI
1247 select CRYPTO_CRYPTD
1248 select CRYPTO_ABLK_HELPER
1249 select CRYPTO_GLUE_HELPER_X86
1250 select CRYPTO_SERPENT
1251 select CRYPTO_SERPENT_AVX_X86_64
1255 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1257 Keys are allowed to be from 0 to 256 bits in length, in steps
1260 This module provides Serpent cipher algorithm that processes 16
1261 blocks parallel using AVX2 instruction set.
1264 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1267 tristate "TEA, XTEA and XETA cipher algorithms"
1268 select CRYPTO_ALGAPI
1270 TEA cipher algorithm.
1272 Tiny Encryption Algorithm is a simple cipher that uses
1273 many rounds for security. It is very fast and uses
1276 Xtendend Tiny Encryption Algorithm is a modification to
1277 the TEA algorithm to address a potential key weakness
1278 in the TEA algorithm.
1280 Xtendend Encryption Tiny Algorithm is a mis-implementation
1281 of the XTEA algorithm for compatibility purposes.
1283 config CRYPTO_TWOFISH
1284 tristate "Twofish cipher algorithm"
1285 select CRYPTO_ALGAPI
1286 select CRYPTO_TWOFISH_COMMON
1288 Twofish cipher algorithm.
1290 Twofish was submitted as an AES (Advanced Encryption Standard)
1291 candidate cipher by researchers at CounterPane Systems. It is a
1292 16 round block cipher supporting key sizes of 128, 192, and 256
1296 <http://www.schneier.com/twofish.html>
1298 config CRYPTO_TWOFISH_COMMON
1301 Common parts of the Twofish cipher algorithm shared by the
1302 generic c and the assembler implementations.
1304 config CRYPTO_TWOFISH_586
1305 tristate "Twofish cipher algorithms (i586)"
1306 depends on (X86 || UML_X86) && !64BIT
1307 select CRYPTO_ALGAPI
1308 select CRYPTO_TWOFISH_COMMON
1310 Twofish cipher algorithm.
1312 Twofish was submitted as an AES (Advanced Encryption Standard)
1313 candidate cipher by researchers at CounterPane Systems. It is a
1314 16 round block cipher supporting key sizes of 128, 192, and 256
1318 <http://www.schneier.com/twofish.html>
1320 config CRYPTO_TWOFISH_X86_64
1321 tristate "Twofish cipher algorithm (x86_64)"
1322 depends on (X86 || UML_X86) && 64BIT
1323 select CRYPTO_ALGAPI
1324 select CRYPTO_TWOFISH_COMMON
1326 Twofish cipher algorithm (x86_64).
1328 Twofish was submitted as an AES (Advanced Encryption Standard)
1329 candidate cipher by researchers at CounterPane Systems. It is a
1330 16 round block cipher supporting key sizes of 128, 192, and 256
1334 <http://www.schneier.com/twofish.html>
1336 config CRYPTO_TWOFISH_X86_64_3WAY
1337 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1338 depends on X86 && 64BIT
1339 select CRYPTO_ALGAPI
1340 select CRYPTO_TWOFISH_COMMON
1341 select CRYPTO_TWOFISH_X86_64
1342 select CRYPTO_GLUE_HELPER_X86
1346 Twofish cipher algorithm (x86_64, 3-way parallel).
1348 Twofish was submitted as an AES (Advanced Encryption Standard)
1349 candidate cipher by researchers at CounterPane Systems. It is a
1350 16 round block cipher supporting key sizes of 128, 192, and 256
1353 This module provides Twofish cipher algorithm that processes three
1354 blocks parallel, utilizing resources of out-of-order CPUs better.
1357 <http://www.schneier.com/twofish.html>
1359 config CRYPTO_TWOFISH_AVX_X86_64
1360 tristate "Twofish cipher algorithm (x86_64/AVX)"
1361 depends on X86 && 64BIT
1362 select CRYPTO_ALGAPI
1363 select CRYPTO_CRYPTD
1364 select CRYPTO_ABLK_HELPER
1365 select CRYPTO_GLUE_HELPER_X86
1366 select CRYPTO_TWOFISH_COMMON
1367 select CRYPTO_TWOFISH_X86_64
1368 select CRYPTO_TWOFISH_X86_64_3WAY
1372 Twofish cipher algorithm (x86_64/AVX).
1374 Twofish was submitted as an AES (Advanced Encryption Standard)
1375 candidate cipher by researchers at CounterPane Systems. It is a
1376 16 round block cipher supporting key sizes of 128, 192, and 256
1379 This module provides the Twofish cipher algorithm that processes
1380 eight blocks parallel using the AVX Instruction Set.
1383 <http://www.schneier.com/twofish.html>
1385 comment "Compression"
1387 config CRYPTO_DEFLATE
1388 tristate "Deflate compression algorithm"
1389 select CRYPTO_ALGAPI
1393 This is the Deflate algorithm (RFC1951), specified for use in
1394 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1396 You will most probably want this if using IPSec.
1399 tristate "Zlib compression algorithm"
1405 This is the zlib algorithm.
1408 tristate "LZO compression algorithm"
1409 select CRYPTO_ALGAPI
1411 select LZO_DECOMPRESS
1413 This is the LZO algorithm.
1416 tristate "842 compression algorithm"
1417 depends on CRYPTO_DEV_NX_COMPRESS
1418 # 842 uses lzo if the hardware becomes unavailable
1420 select LZO_DECOMPRESS
1422 This is the 842 algorithm.
1425 tristate "LZ4 compression algorithm"
1426 select CRYPTO_ALGAPI
1428 select LZ4_DECOMPRESS
1430 This is the LZ4 algorithm.
1433 tristate "LZ4HC compression algorithm"
1434 select CRYPTO_ALGAPI
1435 select LZ4HC_COMPRESS
1436 select LZ4_DECOMPRESS
1438 This is the LZ4 high compression mode algorithm.
1440 comment "Random Number Generation"
1442 config CRYPTO_ANSI_CPRNG
1443 tristate "Pseudo Random Number Generation for Cryptographic modules"
1448 This option enables the generic pseudo random number generator
1449 for cryptographic modules. Uses the Algorithm specified in
1450 ANSI X9.31 A.2.4. Note that this option must be enabled if
1451 CRYPTO_FIPS is selected
1453 menuconfig CRYPTO_DRBG_MENU
1454 tristate "NIST SP800-90A DRBG"
1456 NIST SP800-90A compliant DRBG. In the following submenu, one or
1457 more of the DRBG types must be selected.
1461 config CRYPTO_DRBG_HMAC
1462 bool "Enable HMAC DRBG"
1466 Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1468 config CRYPTO_DRBG_HASH
1469 bool "Enable Hash DRBG"
1472 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1474 config CRYPTO_DRBG_CTR
1475 bool "Enable CTR DRBG"
1478 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1482 default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1485 endif # if CRYPTO_DRBG_MENU
1487 config CRYPTO_USER_API
1490 config CRYPTO_USER_API_HASH
1491 tristate "User-space interface for hash algorithms"
1494 select CRYPTO_USER_API
1496 This option enables the user-spaces interface for hash
1499 config CRYPTO_USER_API_SKCIPHER
1500 tristate "User-space interface for symmetric key cipher algorithms"
1502 select CRYPTO_BLKCIPHER
1503 select CRYPTO_USER_API
1505 This option enables the user-spaces interface for symmetric
1506 key cipher algorithms.
1508 config CRYPTO_HASH_INFO
1511 source "drivers/crypto/Kconfig"
1512 source crypto/asymmetric_keys/Kconfig