1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_FIPS
25	bool "FIPS 200 compliance"
26	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
27	depends on MODULE_SIG
28	help
29	  This options enables the fips boot option which is
30	  required if you want to system to operate in a FIPS 200
31	  certification.  You should say no unless you know what
32	  this is.
33
34config CRYPTO_ALGAPI
35	tristate
36	select CRYPTO_ALGAPI2
37	help
38	  This option provides the API for cryptographic algorithms.
39
40config CRYPTO_ALGAPI2
41	tristate
42
43config CRYPTO_AEAD
44	tristate
45	select CRYPTO_AEAD2
46	select CRYPTO_ALGAPI
47
48config CRYPTO_AEAD2
49	tristate
50	select CRYPTO_ALGAPI2
51
52config CRYPTO_BLKCIPHER
53	tristate
54	select CRYPTO_BLKCIPHER2
55	select CRYPTO_ALGAPI
56
57config CRYPTO_BLKCIPHER2
58	tristate
59	select CRYPTO_ALGAPI2
60	select CRYPTO_RNG2
61	select CRYPTO_WORKQUEUE
62
63config CRYPTO_HASH
64	tristate
65	select CRYPTO_HASH2
66	select CRYPTO_ALGAPI
67
68config CRYPTO_HASH2
69	tristate
70	select CRYPTO_ALGAPI2
71
72config CRYPTO_RNG
73	tristate
74	select CRYPTO_RNG2
75	select CRYPTO_ALGAPI
76
77config CRYPTO_RNG2
78	tristate
79	select CRYPTO_ALGAPI2
80
81config CRYPTO_PCOMP
82	tristate
83	select CRYPTO_PCOMP2
84	select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
87	tristate
88	select CRYPTO_ALGAPI2
89
90config CRYPTO_MANAGER
91	tristate "Cryptographic algorithm manager"
92	select CRYPTO_MANAGER2
93	help
94	  Create default cryptographic template instantiations such as
95	  cbc(aes).
96
97config CRYPTO_MANAGER2
98	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99	select CRYPTO_AEAD2
100	select CRYPTO_HASH2
101	select CRYPTO_BLKCIPHER2
102	select CRYPTO_PCOMP2
103
104config CRYPTO_USER
105	tristate "Userspace cryptographic algorithm configuration"
106	depends on NET
107	select CRYPTO_MANAGER
108	help
109	  Userspace configuration for cryptographic instantiations such as
110	  cbc(aes).
111
112config CRYPTO_MANAGER_DISABLE_TESTS
113	bool "Disable run-time self tests"
114	default y
115	depends on CRYPTO_MANAGER2
116	help
117	  Disable run-time self tests that normally take place at
118	  algorithm registration.
119
120config CRYPTO_GF128MUL
121	tristate "GF(2^128) multiplication functions"
122	help
123	  Efficient table driven implementation of multiplications in the
124	  field GF(2^128).  This is needed by some cypher modes. This
125	  option will be selected automatically if you select such a
126	  cipher mode.  Only select this option by hand if you expect to load
127	  an external module that requires these functions.
128
129config CRYPTO_NULL
130	tristate "Null algorithms"
131	select CRYPTO_ALGAPI
132	select CRYPTO_BLKCIPHER
133	select CRYPTO_HASH
134	help
135	  These are 'Null' algorithms, used by IPsec, which do nothing.
136
137config CRYPTO_PCRYPT
138	tristate "Parallel crypto engine"
139	depends on SMP
140	select PADATA
141	select CRYPTO_MANAGER
142	select CRYPTO_AEAD
143	help
144	  This converts an arbitrary crypto algorithm into a parallel
145	  algorithm that executes in kernel threads.
146
147config CRYPTO_WORKQUEUE
148       tristate
149
150config CRYPTO_CRYPTD
151	tristate "Software async crypto daemon"
152	select CRYPTO_BLKCIPHER
153	select CRYPTO_HASH
154	select CRYPTO_MANAGER
155	select CRYPTO_WORKQUEUE
156	help
157	  This is a generic software asynchronous crypto daemon that
158	  converts an arbitrary synchronous software crypto algorithm
159	  into an asynchronous algorithm that executes in a kernel thread.
160
161config CRYPTO_MCRYPTD
162	tristate "Software async multi-buffer crypto daemon"
163	select CRYPTO_BLKCIPHER
164	select CRYPTO_HASH
165	select CRYPTO_MANAGER
166	select CRYPTO_WORKQUEUE
167	help
168	  This is a generic software asynchronous crypto daemon that
169	  provides the kernel thread to assist multi-buffer crypto
170	  algorithms for submitting jobs and flushing jobs in multi-buffer
171	  crypto algorithms.  Multi-buffer crypto algorithms are executed
172	  in the context of this kernel thread and drivers can post
173	  their crypto request asynchronously to be processed by this daemon.
174
175config CRYPTO_AUTHENC
176	tristate "Authenc support"
177	select CRYPTO_AEAD
178	select CRYPTO_BLKCIPHER
179	select CRYPTO_MANAGER
180	select CRYPTO_HASH
181	help
182	  Authenc: Combined mode wrapper for IPsec.
183	  This is required for IPSec.
184
185config CRYPTO_TEST
186	tristate "Testing module"
187	depends on m
188	select CRYPTO_MANAGER
189	help
190	  Quick & dirty crypto test module.
191
192config CRYPTO_ABLK_HELPER
193	tristate
194	select CRYPTO_CRYPTD
195
196config CRYPTO_GLUE_HELPER_X86
197	tristate
198	depends on X86
199	select CRYPTO_ALGAPI
200
201comment "Authenticated Encryption with Associated Data"
202
203config CRYPTO_CCM
204	tristate "CCM support"
205	select CRYPTO_CTR
206	select CRYPTO_AEAD
207	help
208	  Support for Counter with CBC MAC. Required for IPsec.
209
210config CRYPTO_GCM
211	tristate "GCM/GMAC support"
212	select CRYPTO_CTR
213	select CRYPTO_AEAD
214	select CRYPTO_GHASH
215	select CRYPTO_NULL
216	help
217	  Support for Galois/Counter Mode (GCM) and Galois Message
218	  Authentication Code (GMAC). Required for IPSec.
219
220config CRYPTO_SEQIV
221	tristate "Sequence Number IV Generator"
222	select CRYPTO_AEAD
223	select CRYPTO_BLKCIPHER
224	select CRYPTO_RNG
225	help
226	  This IV generator generates an IV based on a sequence number by
227	  xoring it with a salt.  This algorithm is mainly useful for CTR
228
229comment "Block modes"
230
231config CRYPTO_CBC
232	tristate "CBC support"
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	help
236	  CBC: Cipher Block Chaining mode
237	  This block cipher algorithm is required for IPSec.
238
239config CRYPTO_CTR
240	tristate "CTR support"
241	select CRYPTO_BLKCIPHER
242	select CRYPTO_SEQIV
243	select CRYPTO_MANAGER
244	help
245	  CTR: Counter mode
246	  This block cipher algorithm is required for IPSec.
247
248config CRYPTO_CTS
249	tristate "CTS support"
250	select CRYPTO_BLKCIPHER
251	help
252	  CTS: Cipher Text Stealing
253	  This is the Cipher Text Stealing mode as described by
254	  Section 8 of rfc2040 and referenced by rfc3962.
255	  (rfc3962 includes errata information in its Appendix A)
256	  This mode is required for Kerberos gss mechanism support
257	  for AES encryption.
258
259config CRYPTO_ECB
260	tristate "ECB support"
261	select CRYPTO_BLKCIPHER
262	select CRYPTO_MANAGER
263	help
264	  ECB: Electronic CodeBook mode
265	  This is the simplest block cipher algorithm.  It simply encrypts
266	  the input block by block.
267
268config CRYPTO_LRW
269	tristate "LRW support"
270	select CRYPTO_BLKCIPHER
271	select CRYPTO_MANAGER
272	select CRYPTO_GF128MUL
273	help
274	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
275	  narrow block cipher mode for dm-crypt.  Use it with cipher
276	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
277	  The first 128, 192 or 256 bits in the key are used for AES and the
278	  rest is used to tie each cipher block to its logical position.
279
280config CRYPTO_PCBC
281	tristate "PCBC support"
282	select CRYPTO_BLKCIPHER
283	select CRYPTO_MANAGER
284	help
285	  PCBC: Propagating Cipher Block Chaining mode
286	  This block cipher algorithm is required for RxRPC.
287
288config CRYPTO_XTS
289	tristate "XTS support"
290	select CRYPTO_BLKCIPHER
291	select CRYPTO_MANAGER
292	select CRYPTO_GF128MUL
293	help
294	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
295	  key size 256, 384 or 512 bits. This implementation currently
296	  can't handle a sectorsize which is not a multiple of 16 bytes.
297
298comment "Hash modes"
299
300config CRYPTO_CMAC
301	tristate "CMAC support"
302	select CRYPTO_HASH
303	select CRYPTO_MANAGER
304	help
305	  Cipher-based Message Authentication Code (CMAC) specified by
306	  The National Institute of Standards and Technology (NIST).
307
308	  https://tools.ietf.org/html/rfc4493
309	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
310
311config CRYPTO_HMAC
312	tristate "HMAC support"
313	select CRYPTO_HASH
314	select CRYPTO_MANAGER
315	help
316	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
317	  This is required for IPSec.
318
319config CRYPTO_XCBC
320	tristate "XCBC support"
321	select CRYPTO_HASH
322	select CRYPTO_MANAGER
323	help
324	  XCBC: Keyed-Hashing with encryption algorithm
325		http://www.ietf.org/rfc/rfc3566.txt
326		http://csrc.nist.gov/encryption/modes/proposedmodes/
327		 xcbc-mac/xcbc-mac-spec.pdf
328
329config CRYPTO_VMAC
330	tristate "VMAC support"
331	select CRYPTO_HASH
332	select CRYPTO_MANAGER
333	help
334	  VMAC is a message authentication algorithm designed for
335	  very high speed on 64-bit architectures.
336
337	  See also:
338	  <http://fastcrypto.org/vmac>
339
340comment "Digest"
341
342config CRYPTO_CRC32C
343	tristate "CRC32c CRC algorithm"
344	select CRYPTO_HASH
345	select CRC32
346	help
347	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
348	  by iSCSI for header and data digests and by others.
349	  See Castagnoli93.  Module will be crc32c.
350
351config CRYPTO_CRC32C_INTEL
352	tristate "CRC32c INTEL hardware acceleration"
353	depends on X86
354	select CRYPTO_HASH
355	help
356	  In Intel processor with SSE4.2 supported, the processor will
357	  support CRC32C implementation using hardware accelerated CRC32
358	  instruction. This option will create 'crc32c-intel' module,
359	  which will enable any routine to use the CRC32 instruction to
360	  gain performance compared with software implementation.
361	  Module will be crc32c-intel.
362
363config CRYPTO_CRC32C_SPARC64
364	tristate "CRC32c CRC algorithm (SPARC64)"
365	depends on SPARC64
366	select CRYPTO_HASH
367	select CRC32
368	help
369	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
370	  when available.
371
372config CRYPTO_CRC32
373	tristate "CRC32 CRC algorithm"
374	select CRYPTO_HASH
375	select CRC32
376	help
377	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
378	  Shash crypto api wrappers to crc32_le function.
379
380config CRYPTO_CRC32_PCLMUL
381	tristate "CRC32 PCLMULQDQ hardware acceleration"
382	depends on X86
383	select CRYPTO_HASH
384	select CRC32
385	help
386	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
387	  and PCLMULQDQ supported, the processor will support
388	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
389	  instruction. This option will create 'crc32-plcmul' module,
390	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
391	  and gain better performance as compared with the table implementation.
392
393config CRYPTO_CRCT10DIF
394	tristate "CRCT10DIF algorithm"
395	select CRYPTO_HASH
396	help
397	  CRC T10 Data Integrity Field computation is being cast as
398	  a crypto transform.  This allows for faster crc t10 diff
399	  transforms to be used if they are available.
400
401config CRYPTO_CRCT10DIF_PCLMUL
402	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
403	depends on X86 && 64BIT && CRC_T10DIF
404	select CRYPTO_HASH
405	help
406	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
407	  CRC T10 DIF PCLMULQDQ computation can be hardware
408	  accelerated PCLMULQDQ instruction. This option will create
409	  'crct10dif-plcmul' module, which is faster when computing the
410	  crct10dif checksum as compared with the generic table implementation.
411
412config CRYPTO_GHASH
413	tristate "GHASH digest algorithm"
414	select CRYPTO_GF128MUL
415	help
416	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
417
418config CRYPTO_MD4
419	tristate "MD4 digest algorithm"
420	select CRYPTO_HASH
421	help
422	  MD4 message digest algorithm (RFC1320).
423
424config CRYPTO_MD5
425	tristate "MD5 digest algorithm"
426	select CRYPTO_HASH
427	help
428	  MD5 message digest algorithm (RFC1321).
429
430config CRYPTO_MD5_OCTEON
431	tristate "MD5 digest algorithm (OCTEON)"
432	depends on CPU_CAVIUM_OCTEON
433	select CRYPTO_MD5
434	select CRYPTO_HASH
435	help
436	  MD5 message digest algorithm (RFC1321) implemented
437	  using OCTEON crypto instructions, when available.
438
439config CRYPTO_MD5_PPC
440	tristate "MD5 digest algorithm (PPC)"
441	depends on PPC
442	select CRYPTO_HASH
443	help
444	  MD5 message digest algorithm (RFC1321) implemented
445	  in PPC assembler.
446
447config CRYPTO_MD5_SPARC64
448	tristate "MD5 digest algorithm (SPARC64)"
449	depends on SPARC64
450	select CRYPTO_MD5
451	select CRYPTO_HASH
452	help
453	  MD5 message digest algorithm (RFC1321) implemented
454	  using sparc64 crypto instructions, when available.
455
456config CRYPTO_MICHAEL_MIC
457	tristate "Michael MIC keyed digest algorithm"
458	select CRYPTO_HASH
459	help
460	  Michael MIC is used for message integrity protection in TKIP
461	  (IEEE 802.11i). This algorithm is required for TKIP, but it
462	  should not be used for other purposes because of the weakness
463	  of the algorithm.
464
465config CRYPTO_RMD128
466	tristate "RIPEMD-128 digest algorithm"
467	select CRYPTO_HASH
468	help
469	  RIPEMD-128 (ISO/IEC 10118-3:2004).
470
471	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
472	  be used as a secure replacement for RIPEMD. For other use cases,
473	  RIPEMD-160 should be used.
474
475	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
476	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
477
478config CRYPTO_RMD160
479	tristate "RIPEMD-160 digest algorithm"
480	select CRYPTO_HASH
481	help
482	  RIPEMD-160 (ISO/IEC 10118-3:2004).
483
484	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
485	  to be used as a secure replacement for the 128-bit hash functions
486	  MD4, MD5 and it's predecessor RIPEMD
487	  (not to be confused with RIPEMD-128).
488
489	  It's speed is comparable to SHA1 and there are no known attacks
490	  against RIPEMD-160.
491
492	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
493	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
494
495config CRYPTO_RMD256
496	tristate "RIPEMD-256 digest algorithm"
497	select CRYPTO_HASH
498	help
499	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
500	  256 bit hash. It is intended for applications that require
501	  longer hash-results, without needing a larger security level
502	  (than RIPEMD-128).
503
504	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
505	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
506
507config CRYPTO_RMD320
508	tristate "RIPEMD-320 digest algorithm"
509	select CRYPTO_HASH
510	help
511	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
512	  320 bit hash. It is intended for applications that require
513	  longer hash-results, without needing a larger security level
514	  (than RIPEMD-160).
515
516	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
517	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
518
519config CRYPTO_SHA1
520	tristate "SHA1 digest algorithm"
521	select CRYPTO_HASH
522	help
523	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
524
525config CRYPTO_SHA1_SSSE3
526	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
527	depends on X86 && 64BIT
528	select CRYPTO_SHA1
529	select CRYPTO_HASH
530	help
531	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
532	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
533	  Extensions (AVX/AVX2), when available.
534
535config CRYPTO_SHA256_SSSE3
536	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
537	depends on X86 && 64BIT
538	select CRYPTO_SHA256
539	select CRYPTO_HASH
540	help
541	  SHA-256 secure hash standard (DFIPS 180-2) implemented
542	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
543	  Extensions version 1 (AVX1), or Advanced Vector Extensions
544	  version 2 (AVX2) instructions, when available.
545
546config CRYPTO_SHA512_SSSE3
547	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
548	depends on X86 && 64BIT
549	select CRYPTO_SHA512
550	select CRYPTO_HASH
551	help
552	  SHA-512 secure hash standard (DFIPS 180-2) implemented
553	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
554	  Extensions version 1 (AVX1), or Advanced Vector Extensions
555	  version 2 (AVX2) instructions, when available.
556
557config CRYPTO_SHA1_OCTEON
558	tristate "SHA1 digest algorithm (OCTEON)"
559	depends on CPU_CAVIUM_OCTEON
560	select CRYPTO_SHA1
561	select CRYPTO_HASH
562	help
563	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
564	  using OCTEON crypto instructions, when available.
565
566config CRYPTO_SHA1_SPARC64
567	tristate "SHA1 digest algorithm (SPARC64)"
568	depends on SPARC64
569	select CRYPTO_SHA1
570	select CRYPTO_HASH
571	help
572	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
573	  using sparc64 crypto instructions, when available.
574
575config CRYPTO_SHA1_PPC
576	tristate "SHA1 digest algorithm (powerpc)"
577	depends on PPC
578	help
579	  This is the powerpc hardware accelerated implementation of the
580	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
581
582config CRYPTO_SHA1_PPC_SPE
583	tristate "SHA1 digest algorithm (PPC SPE)"
584	depends on PPC && SPE
585	help
586	  SHA-1 secure hash standard (DFIPS 180-4) implemented
587	  using powerpc SPE SIMD instruction set.
588
589config CRYPTO_SHA1_MB
590	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
591	depends on X86 && 64BIT
592	select CRYPTO_SHA1
593	select CRYPTO_HASH
594	select CRYPTO_MCRYPTD
595	help
596	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
597	  using multi-buffer technique.  This algorithm computes on
598	  multiple data lanes concurrently with SIMD instructions for
599	  better throughput.  It should not be enabled by default but
600	  used when there is significant amount of work to keep the keep
601	  the data lanes filled to get performance benefit.  If the data
602	  lanes remain unfilled, a flush operation will be initiated to
603	  process the crypto jobs, adding a slight latency.
604
605config CRYPTO_SHA256
606	tristate "SHA224 and SHA256 digest algorithm"
607	select CRYPTO_HASH
608	help
609	  SHA256 secure hash standard (DFIPS 180-2).
610
611	  This version of SHA implements a 256 bit hash with 128 bits of
612	  security against collision attacks.
613
614	  This code also includes SHA-224, a 224 bit hash with 112 bits
615	  of security against collision attacks.
616
617config CRYPTO_SHA256_PPC_SPE
618	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
619	depends on PPC && SPE
620	select CRYPTO_SHA256
621	select CRYPTO_HASH
622	help
623	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
624	  implemented using powerpc SPE SIMD instruction set.
625
626config CRYPTO_SHA256_OCTEON
627	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
628	depends on CPU_CAVIUM_OCTEON
629	select CRYPTO_SHA256
630	select CRYPTO_HASH
631	help
632	  SHA-256 secure hash standard (DFIPS 180-2) implemented
633	  using OCTEON crypto instructions, when available.
634
635config CRYPTO_SHA256_SPARC64
636	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
637	depends on SPARC64
638	select CRYPTO_SHA256
639	select CRYPTO_HASH
640	help
641	  SHA-256 secure hash standard (DFIPS 180-2) implemented
642	  using sparc64 crypto instructions, when available.
643
644config CRYPTO_SHA512
645	tristate "SHA384 and SHA512 digest algorithms"
646	select CRYPTO_HASH
647	help
648	  SHA512 secure hash standard (DFIPS 180-2).
649
650	  This version of SHA implements a 512 bit hash with 256 bits of
651	  security against collision attacks.
652
653	  This code also includes SHA-384, a 384 bit hash with 192 bits
654	  of security against collision attacks.
655
656config CRYPTO_SHA512_OCTEON
657	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
658	depends on CPU_CAVIUM_OCTEON
659	select CRYPTO_SHA512
660	select CRYPTO_HASH
661	help
662	  SHA-512 secure hash standard (DFIPS 180-2) implemented
663	  using OCTEON crypto instructions, when available.
664
665config CRYPTO_SHA512_SPARC64
666	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
667	depends on SPARC64
668	select CRYPTO_SHA512
669	select CRYPTO_HASH
670	help
671	  SHA-512 secure hash standard (DFIPS 180-2) implemented
672	  using sparc64 crypto instructions, when available.
673
674config CRYPTO_TGR192
675	tristate "Tiger digest algorithms"
676	select CRYPTO_HASH
677	help
678	  Tiger hash algorithm 192, 160 and 128-bit hashes
679
680	  Tiger is a hash function optimized for 64-bit processors while
681	  still having decent performance on 32-bit processors.
682	  Tiger was developed by Ross Anderson and Eli Biham.
683
684	  See also:
685	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
686
687config CRYPTO_WP512
688	tristate "Whirlpool digest algorithms"
689	select CRYPTO_HASH
690	help
691	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
692
693	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
694	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
695
696	  See also:
697	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
698
699config CRYPTO_GHASH_CLMUL_NI_INTEL
700	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
701	depends on X86 && 64BIT
702	select CRYPTO_CRYPTD
703	help
704	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
705	  The implementation is accelerated by CLMUL-NI of Intel.
706
707comment "Ciphers"
708
709config CRYPTO_AES
710	tristate "AES cipher algorithms"
711	select CRYPTO_ALGAPI
712	help
713	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
714	  algorithm.
715
716	  Rijndael appears to be consistently a very good performer in
717	  both hardware and software across a wide range of computing
718	  environments regardless of its use in feedback or non-feedback
719	  modes. Its key setup time is excellent, and its key agility is
720	  good. Rijndael's very low memory requirements make it very well
721	  suited for restricted-space environments, in which it also
722	  demonstrates excellent performance. Rijndael's operations are
723	  among the easiest to defend against power and timing attacks.
724
725	  The AES specifies three key sizes: 128, 192 and 256 bits
726
727	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
728
729config CRYPTO_AES_586
730	tristate "AES cipher algorithms (i586)"
731	depends on (X86 || UML_X86) && !64BIT
732	select CRYPTO_ALGAPI
733	select CRYPTO_AES
734	help
735	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
736	  algorithm.
737
738	  Rijndael appears to be consistently a very good performer in
739	  both hardware and software across a wide range of computing
740	  environments regardless of its use in feedback or non-feedback
741	  modes. Its key setup time is excellent, and its key agility is
742	  good. Rijndael's very low memory requirements make it very well
743	  suited for restricted-space environments, in which it also
744	  demonstrates excellent performance. Rijndael's operations are
745	  among the easiest to defend against power and timing attacks.
746
747	  The AES specifies three key sizes: 128, 192 and 256 bits
748
749	  See <http://csrc.nist.gov/encryption/aes/> for more information.
750
751config CRYPTO_AES_X86_64
752	tristate "AES cipher algorithms (x86_64)"
753	depends on (X86 || UML_X86) && 64BIT
754	select CRYPTO_ALGAPI
755	select CRYPTO_AES
756	help
757	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
758	  algorithm.
759
760	  Rijndael appears to be consistently a very good performer in
761	  both hardware and software across a wide range of computing
762	  environments regardless of its use in feedback or non-feedback
763	  modes. Its key setup time is excellent, and its key agility is
764	  good. Rijndael's very low memory requirements make it very well
765	  suited for restricted-space environments, in which it also
766	  demonstrates excellent performance. Rijndael's operations are
767	  among the easiest to defend against power and timing attacks.
768
769	  The AES specifies three key sizes: 128, 192 and 256 bits
770
771	  See <http://csrc.nist.gov/encryption/aes/> for more information.
772
773config CRYPTO_AES_NI_INTEL
774	tristate "AES cipher algorithms (AES-NI)"
775	depends on X86
776	select CRYPTO_AES_X86_64 if 64BIT
777	select CRYPTO_AES_586 if !64BIT
778	select CRYPTO_CRYPTD
779	select CRYPTO_ABLK_HELPER
780	select CRYPTO_ALGAPI
781	select CRYPTO_GLUE_HELPER_X86 if 64BIT
782	select CRYPTO_LRW
783	select CRYPTO_XTS
784	help
785	  Use Intel AES-NI instructions for AES algorithm.
786
787	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
788	  algorithm.
789
790	  Rijndael appears to be consistently a very good performer in
791	  both hardware and software across a wide range of computing
792	  environments regardless of its use in feedback or non-feedback
793	  modes. Its key setup time is excellent, and its key agility is
794	  good. Rijndael's very low memory requirements make it very well
795	  suited for restricted-space environments, in which it also
796	  demonstrates excellent performance. Rijndael's operations are
797	  among the easiest to defend against power and timing attacks.
798
799	  The AES specifies three key sizes: 128, 192 and 256 bits
800
801	  See <http://csrc.nist.gov/encryption/aes/> for more information.
802
803	  In addition to AES cipher algorithm support, the acceleration
804	  for some popular block cipher mode is supported too, including
805	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
806	  acceleration for CTR.
807
808config CRYPTO_AES_SPARC64
809	tristate "AES cipher algorithms (SPARC64)"
810	depends on SPARC64
811	select CRYPTO_CRYPTD
812	select CRYPTO_ALGAPI
813	help
814	  Use SPARC64 crypto opcodes for AES algorithm.
815
816	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
817	  algorithm.
818
819	  Rijndael appears to be consistently a very good performer in
820	  both hardware and software across a wide range of computing
821	  environments regardless of its use in feedback or non-feedback
822	  modes. Its key setup time is excellent, and its key agility is
823	  good. Rijndael's very low memory requirements make it very well
824	  suited for restricted-space environments, in which it also
825	  demonstrates excellent performance. Rijndael's operations are
826	  among the easiest to defend against power and timing attacks.
827
828	  The AES specifies three key sizes: 128, 192 and 256 bits
829
830	  See <http://csrc.nist.gov/encryption/aes/> for more information.
831
832	  In addition to AES cipher algorithm support, the acceleration
833	  for some popular block cipher mode is supported too, including
834	  ECB and CBC.
835
836config CRYPTO_AES_PPC_SPE
837	tristate "AES cipher algorithms (PPC SPE)"
838	depends on PPC && SPE
839	help
840	  AES cipher algorithms (FIPS-197). Additionally the acceleration
841	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
842	  This module should only be used for low power (router) devices
843	  without hardware AES acceleration (e.g. caam crypto). It reduces the
844	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
845	  timining attacks. Nevertheless it might be not as secure as other
846	  architecture specific assembler implementations that work on 1KB
847	  tables or 256 bytes S-boxes.
848
849config CRYPTO_ANUBIS
850	tristate "Anubis cipher algorithm"
851	select CRYPTO_ALGAPI
852	help
853	  Anubis cipher algorithm.
854
855	  Anubis is a variable key length cipher which can use keys from
856	  128 bits to 320 bits in length.  It was evaluated as a entrant
857	  in the NESSIE competition.
858
859	  See also:
860	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
861	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
862
863config CRYPTO_ARC4
864	tristate "ARC4 cipher algorithm"
865	select CRYPTO_BLKCIPHER
866	help
867	  ARC4 cipher algorithm.
868
869	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
870	  bits in length.  This algorithm is required for driver-based
871	  WEP, but it should not be for other purposes because of the
872	  weakness of the algorithm.
873
874config CRYPTO_BLOWFISH
875	tristate "Blowfish cipher algorithm"
876	select CRYPTO_ALGAPI
877	select CRYPTO_BLOWFISH_COMMON
878	help
879	  Blowfish cipher algorithm, by Bruce Schneier.
880
881	  This is a variable key length cipher which can use keys from 32
882	  bits to 448 bits in length.  It's fast, simple and specifically
883	  designed for use on "large microprocessors".
884
885	  See also:
886	  <http://www.schneier.com/blowfish.html>
887
888config CRYPTO_BLOWFISH_COMMON
889	tristate
890	help
891	  Common parts of the Blowfish cipher algorithm shared by the
892	  generic c and the assembler implementations.
893
894	  See also:
895	  <http://www.schneier.com/blowfish.html>
896
897config CRYPTO_BLOWFISH_X86_64
898	tristate "Blowfish cipher algorithm (x86_64)"
899	depends on X86 && 64BIT
900	select CRYPTO_ALGAPI
901	select CRYPTO_BLOWFISH_COMMON
902	help
903	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
904
905	  This is a variable key length cipher which can use keys from 32
906	  bits to 448 bits in length.  It's fast, simple and specifically
907	  designed for use on "large microprocessors".
908
909	  See also:
910	  <http://www.schneier.com/blowfish.html>
911
912config CRYPTO_CAMELLIA
913	tristate "Camellia cipher algorithms"
914	depends on CRYPTO
915	select CRYPTO_ALGAPI
916	help
917	  Camellia cipher algorithms module.
918
919	  Camellia is a symmetric key block cipher developed jointly
920	  at NTT and Mitsubishi Electric Corporation.
921
922	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
923
924	  See also:
925	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
926
927config CRYPTO_CAMELLIA_X86_64
928	tristate "Camellia cipher algorithm (x86_64)"
929	depends on X86 && 64BIT
930	depends on CRYPTO
931	select CRYPTO_ALGAPI
932	select CRYPTO_GLUE_HELPER_X86
933	select CRYPTO_LRW
934	select CRYPTO_XTS
935	help
936	  Camellia cipher algorithm module (x86_64).
937
938	  Camellia is a symmetric key block cipher developed jointly
939	  at NTT and Mitsubishi Electric Corporation.
940
941	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
942
943	  See also:
944	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
945
946config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
947	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
948	depends on X86 && 64BIT
949	depends on CRYPTO
950	select CRYPTO_ALGAPI
951	select CRYPTO_CRYPTD
952	select CRYPTO_ABLK_HELPER
953	select CRYPTO_GLUE_HELPER_X86
954	select CRYPTO_CAMELLIA_X86_64
955	select CRYPTO_LRW
956	select CRYPTO_XTS
957	help
958	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
959
960	  Camellia is a symmetric key block cipher developed jointly
961	  at NTT and Mitsubishi Electric Corporation.
962
963	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
964
965	  See also:
966	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
967
968config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
969	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
970	depends on X86 && 64BIT
971	depends on CRYPTO
972	select CRYPTO_ALGAPI
973	select CRYPTO_CRYPTD
974	select CRYPTO_ABLK_HELPER
975	select CRYPTO_GLUE_HELPER_X86
976	select CRYPTO_CAMELLIA_X86_64
977	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
978	select CRYPTO_LRW
979	select CRYPTO_XTS
980	help
981	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
982
983	  Camellia is a symmetric key block cipher developed jointly
984	  at NTT and Mitsubishi Electric Corporation.
985
986	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
987
988	  See also:
989	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
990
991config CRYPTO_CAMELLIA_SPARC64
992	tristate "Camellia cipher algorithm (SPARC64)"
993	depends on SPARC64
994	depends on CRYPTO
995	select CRYPTO_ALGAPI
996	help
997	  Camellia cipher algorithm module (SPARC64).
998
999	  Camellia is a symmetric key block cipher developed jointly
1000	  at NTT and Mitsubishi Electric Corporation.
1001
1002	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1003
1004	  See also:
1005	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1006
1007config CRYPTO_CAST_COMMON
1008	tristate
1009	help
1010	  Common parts of the CAST cipher algorithms shared by the
1011	  generic c and the assembler implementations.
1012
1013config CRYPTO_CAST5
1014	tristate "CAST5 (CAST-128) cipher algorithm"
1015	select CRYPTO_ALGAPI
1016	select CRYPTO_CAST_COMMON
1017	help
1018	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1019	  described in RFC2144.
1020
1021config CRYPTO_CAST5_AVX_X86_64
1022	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1023	depends on X86 && 64BIT
1024	select CRYPTO_ALGAPI
1025	select CRYPTO_CRYPTD
1026	select CRYPTO_ABLK_HELPER
1027	select CRYPTO_CAST_COMMON
1028	select CRYPTO_CAST5
1029	help
1030	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1031	  described in RFC2144.
1032
1033	  This module provides the Cast5 cipher algorithm that processes
1034	  sixteen blocks parallel using the AVX instruction set.
1035
1036config CRYPTO_CAST6
1037	tristate "CAST6 (CAST-256) cipher algorithm"
1038	select CRYPTO_ALGAPI
1039	select CRYPTO_CAST_COMMON
1040	help
1041	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1042	  described in RFC2612.
1043
1044config CRYPTO_CAST6_AVX_X86_64
1045	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1046	depends on X86 && 64BIT
1047	select CRYPTO_ALGAPI
1048	select CRYPTO_CRYPTD
1049	select CRYPTO_ABLK_HELPER
1050	select CRYPTO_GLUE_HELPER_X86
1051	select CRYPTO_CAST_COMMON
1052	select CRYPTO_CAST6
1053	select CRYPTO_LRW
1054	select CRYPTO_XTS
1055	help
1056	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1057	  described in RFC2612.
1058
1059	  This module provides the Cast6 cipher algorithm that processes
1060	  eight blocks parallel using the AVX instruction set.
1061
1062config CRYPTO_DES
1063	tristate "DES and Triple DES EDE cipher algorithms"
1064	select CRYPTO_ALGAPI
1065	help
1066	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1067
1068config CRYPTO_DES_SPARC64
1069	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1070	depends on SPARC64
1071	select CRYPTO_ALGAPI
1072	select CRYPTO_DES
1073	help
1074	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1075	  optimized using SPARC64 crypto opcodes.
1076
1077config CRYPTO_DES3_EDE_X86_64
1078	tristate "Triple DES EDE cipher algorithm (x86-64)"
1079	depends on X86 && 64BIT
1080	select CRYPTO_ALGAPI
1081	select CRYPTO_DES
1082	help
1083	  Triple DES EDE (FIPS 46-3) algorithm.
1084
1085	  This module provides implementation of the Triple DES EDE cipher
1086	  algorithm that is optimized for x86-64 processors. Two versions of
1087	  algorithm are provided; regular processing one input block and
1088	  one that processes three blocks parallel.
1089
1090config CRYPTO_FCRYPT
1091	tristate "FCrypt cipher algorithm"
1092	select CRYPTO_ALGAPI
1093	select CRYPTO_BLKCIPHER
1094	help
1095	  FCrypt algorithm used by RxRPC.
1096
1097config CRYPTO_KHAZAD
1098	tristate "Khazad cipher algorithm"
1099	select CRYPTO_ALGAPI
1100	help
1101	  Khazad cipher algorithm.
1102
1103	  Khazad was a finalist in the initial NESSIE competition.  It is
1104	  an algorithm optimized for 64-bit processors with good performance
1105	  on 32-bit processors.  Khazad uses an 128 bit key size.
1106
1107	  See also:
1108	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1109
1110config CRYPTO_SALSA20
1111	tristate "Salsa20 stream cipher algorithm"
1112	select CRYPTO_BLKCIPHER
1113	help
1114	  Salsa20 stream cipher algorithm.
1115
1116	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1117	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1118
1119	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1120	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1121
1122config CRYPTO_SALSA20_586
1123	tristate "Salsa20 stream cipher algorithm (i586)"
1124	depends on (X86 || UML_X86) && !64BIT
1125	select CRYPTO_BLKCIPHER
1126	help
1127	  Salsa20 stream cipher algorithm.
1128
1129	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1130	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1131
1132	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1133	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1134
1135config CRYPTO_SALSA20_X86_64
1136	tristate "Salsa20 stream cipher algorithm (x86_64)"
1137	depends on (X86 || UML_X86) && 64BIT
1138	select CRYPTO_BLKCIPHER
1139	help
1140	  Salsa20 stream cipher algorithm.
1141
1142	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1143	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1144
1145	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1146	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1147
1148config CRYPTO_SEED
1149	tristate "SEED cipher algorithm"
1150	select CRYPTO_ALGAPI
1151	help
1152	  SEED cipher algorithm (RFC4269).
1153
1154	  SEED is a 128-bit symmetric key block cipher that has been
1155	  developed by KISA (Korea Information Security Agency) as a
1156	  national standard encryption algorithm of the Republic of Korea.
1157	  It is a 16 round block cipher with the key size of 128 bit.
1158
1159	  See also:
1160	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1161
1162config CRYPTO_SERPENT
1163	tristate "Serpent cipher algorithm"
1164	select CRYPTO_ALGAPI
1165	help
1166	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1167
1168	  Keys are allowed to be from 0 to 256 bits in length, in steps
1169	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1170	  variant of Serpent for compatibility with old kerneli.org code.
1171
1172	  See also:
1173	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1174
1175config CRYPTO_SERPENT_SSE2_X86_64
1176	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1177	depends on X86 && 64BIT
1178	select CRYPTO_ALGAPI
1179	select CRYPTO_CRYPTD
1180	select CRYPTO_ABLK_HELPER
1181	select CRYPTO_GLUE_HELPER_X86
1182	select CRYPTO_SERPENT
1183	select CRYPTO_LRW
1184	select CRYPTO_XTS
1185	help
1186	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1187
1188	  Keys are allowed to be from 0 to 256 bits in length, in steps
1189	  of 8 bits.
1190
1191	  This module provides Serpent cipher algorithm that processes eight
1192	  blocks parallel using SSE2 instruction set.
1193
1194	  See also:
1195	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1196
1197config CRYPTO_SERPENT_SSE2_586
1198	tristate "Serpent cipher algorithm (i586/SSE2)"
1199	depends on X86 && !64BIT
1200	select CRYPTO_ALGAPI
1201	select CRYPTO_CRYPTD
1202	select CRYPTO_ABLK_HELPER
1203	select CRYPTO_GLUE_HELPER_X86
1204	select CRYPTO_SERPENT
1205	select CRYPTO_LRW
1206	select CRYPTO_XTS
1207	help
1208	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1209
1210	  Keys are allowed to be from 0 to 256 bits in length, in steps
1211	  of 8 bits.
1212
1213	  This module provides Serpent cipher algorithm that processes four
1214	  blocks parallel using SSE2 instruction set.
1215
1216	  See also:
1217	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1218
1219config CRYPTO_SERPENT_AVX_X86_64
1220	tristate "Serpent cipher algorithm (x86_64/AVX)"
1221	depends on X86 && 64BIT
1222	select CRYPTO_ALGAPI
1223	select CRYPTO_CRYPTD
1224	select CRYPTO_ABLK_HELPER
1225	select CRYPTO_GLUE_HELPER_X86
1226	select CRYPTO_SERPENT
1227	select CRYPTO_LRW
1228	select CRYPTO_XTS
1229	help
1230	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1231
1232	  Keys are allowed to be from 0 to 256 bits in length, in steps
1233	  of 8 bits.
1234
1235	  This module provides the Serpent cipher algorithm that processes
1236	  eight blocks parallel using the AVX instruction set.
1237
1238	  See also:
1239	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1240
1241config CRYPTO_SERPENT_AVX2_X86_64
1242	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1243	depends on X86 && 64BIT
1244	select CRYPTO_ALGAPI
1245	select CRYPTO_CRYPTD
1246	select CRYPTO_ABLK_HELPER
1247	select CRYPTO_GLUE_HELPER_X86
1248	select CRYPTO_SERPENT
1249	select CRYPTO_SERPENT_AVX_X86_64
1250	select CRYPTO_LRW
1251	select CRYPTO_XTS
1252	help
1253	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1254
1255	  Keys are allowed to be from 0 to 256 bits in length, in steps
1256	  of 8 bits.
1257
1258	  This module provides Serpent cipher algorithm that processes 16
1259	  blocks parallel using AVX2 instruction set.
1260
1261	  See also:
1262	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1263
1264config CRYPTO_TEA
1265	tristate "TEA, XTEA and XETA cipher algorithms"
1266	select CRYPTO_ALGAPI
1267	help
1268	  TEA cipher algorithm.
1269
1270	  Tiny Encryption Algorithm is a simple cipher that uses
1271	  many rounds for security.  It is very fast and uses
1272	  little memory.
1273
1274	  Xtendend Tiny Encryption Algorithm is a modification to
1275	  the TEA algorithm to address a potential key weakness
1276	  in the TEA algorithm.
1277
1278	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1279	  of the XTEA algorithm for compatibility purposes.
1280
1281config CRYPTO_TWOFISH
1282	tristate "Twofish cipher algorithm"
1283	select CRYPTO_ALGAPI
1284	select CRYPTO_TWOFISH_COMMON
1285	help
1286	  Twofish cipher algorithm.
1287
1288	  Twofish was submitted as an AES (Advanced Encryption Standard)
1289	  candidate cipher by researchers at CounterPane Systems.  It is a
1290	  16 round block cipher supporting key sizes of 128, 192, and 256
1291	  bits.
1292
1293	  See also:
1294	  <http://www.schneier.com/twofish.html>
1295
1296config CRYPTO_TWOFISH_COMMON
1297	tristate
1298	help
1299	  Common parts of the Twofish cipher algorithm shared by the
1300	  generic c and the assembler implementations.
1301
1302config CRYPTO_TWOFISH_586
1303	tristate "Twofish cipher algorithms (i586)"
1304	depends on (X86 || UML_X86) && !64BIT
1305	select CRYPTO_ALGAPI
1306	select CRYPTO_TWOFISH_COMMON
1307	help
1308	  Twofish cipher algorithm.
1309
1310	  Twofish was submitted as an AES (Advanced Encryption Standard)
1311	  candidate cipher by researchers at CounterPane Systems.  It is a
1312	  16 round block cipher supporting key sizes of 128, 192, and 256
1313	  bits.
1314
1315	  See also:
1316	  <http://www.schneier.com/twofish.html>
1317
1318config CRYPTO_TWOFISH_X86_64
1319	tristate "Twofish cipher algorithm (x86_64)"
1320	depends on (X86 || UML_X86) && 64BIT
1321	select CRYPTO_ALGAPI
1322	select CRYPTO_TWOFISH_COMMON
1323	help
1324	  Twofish cipher algorithm (x86_64).
1325
1326	  Twofish was submitted as an AES (Advanced Encryption Standard)
1327	  candidate cipher by researchers at CounterPane Systems.  It is a
1328	  16 round block cipher supporting key sizes of 128, 192, and 256
1329	  bits.
1330
1331	  See also:
1332	  <http://www.schneier.com/twofish.html>
1333
1334config CRYPTO_TWOFISH_X86_64_3WAY
1335	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1336	depends on X86 && 64BIT
1337	select CRYPTO_ALGAPI
1338	select CRYPTO_TWOFISH_COMMON
1339	select CRYPTO_TWOFISH_X86_64
1340	select CRYPTO_GLUE_HELPER_X86
1341	select CRYPTO_LRW
1342	select CRYPTO_XTS
1343	help
1344	  Twofish cipher algorithm (x86_64, 3-way parallel).
1345
1346	  Twofish was submitted as an AES (Advanced Encryption Standard)
1347	  candidate cipher by researchers at CounterPane Systems.  It is a
1348	  16 round block cipher supporting key sizes of 128, 192, and 256
1349	  bits.
1350
1351	  This module provides Twofish cipher algorithm that processes three
1352	  blocks parallel, utilizing resources of out-of-order CPUs better.
1353
1354	  See also:
1355	  <http://www.schneier.com/twofish.html>
1356
1357config CRYPTO_TWOFISH_AVX_X86_64
1358	tristate "Twofish cipher algorithm (x86_64/AVX)"
1359	depends on X86 && 64BIT
1360	select CRYPTO_ALGAPI
1361	select CRYPTO_CRYPTD
1362	select CRYPTO_ABLK_HELPER
1363	select CRYPTO_GLUE_HELPER_X86
1364	select CRYPTO_TWOFISH_COMMON
1365	select CRYPTO_TWOFISH_X86_64
1366	select CRYPTO_TWOFISH_X86_64_3WAY
1367	select CRYPTO_LRW
1368	select CRYPTO_XTS
1369	help
1370	  Twofish cipher algorithm (x86_64/AVX).
1371
1372	  Twofish was submitted as an AES (Advanced Encryption Standard)
1373	  candidate cipher by researchers at CounterPane Systems.  It is a
1374	  16 round block cipher supporting key sizes of 128, 192, and 256
1375	  bits.
1376
1377	  This module provides the Twofish cipher algorithm that processes
1378	  eight blocks parallel using the AVX Instruction Set.
1379
1380	  See also:
1381	  <http://www.schneier.com/twofish.html>
1382
1383comment "Compression"
1384
1385config CRYPTO_DEFLATE
1386	tristate "Deflate compression algorithm"
1387	select CRYPTO_ALGAPI
1388	select ZLIB_INFLATE
1389	select ZLIB_DEFLATE
1390	help
1391	  This is the Deflate algorithm (RFC1951), specified for use in
1392	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1393
1394	  You will most probably want this if using IPSec.
1395
1396config CRYPTO_ZLIB
1397	tristate "Zlib compression algorithm"
1398	select CRYPTO_PCOMP
1399	select ZLIB_INFLATE
1400	select ZLIB_DEFLATE
1401	select NLATTR
1402	help
1403	  This is the zlib algorithm.
1404
1405config CRYPTO_LZO
1406	tristate "LZO compression algorithm"
1407	select CRYPTO_ALGAPI
1408	select LZO_COMPRESS
1409	select LZO_DECOMPRESS
1410	help
1411	  This is the LZO algorithm.
1412
1413config CRYPTO_842
1414	tristate "842 compression algorithm"
1415	depends on CRYPTO_DEV_NX_COMPRESS
1416	# 842 uses lzo if the hardware becomes unavailable
1417	select LZO_COMPRESS
1418	select LZO_DECOMPRESS
1419	help
1420	  This is the 842 algorithm.
1421
1422config CRYPTO_LZ4
1423	tristate "LZ4 compression algorithm"
1424	select CRYPTO_ALGAPI
1425	select LZ4_COMPRESS
1426	select LZ4_DECOMPRESS
1427	help
1428	  This is the LZ4 algorithm.
1429
1430config CRYPTO_LZ4HC
1431	tristate "LZ4HC compression algorithm"
1432	select CRYPTO_ALGAPI
1433	select LZ4HC_COMPRESS
1434	select LZ4_DECOMPRESS
1435	help
1436	  This is the LZ4 high compression mode algorithm.
1437
1438comment "Random Number Generation"
1439
1440config CRYPTO_ANSI_CPRNG
1441	tristate "Pseudo Random Number Generation for Cryptographic modules"
1442	default m
1443	select CRYPTO_AES
1444	select CRYPTO_RNG
1445	help
1446	  This option enables the generic pseudo random number generator
1447	  for cryptographic modules.  Uses the Algorithm specified in
1448	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1449	  CRYPTO_FIPS is selected
1450
1451menuconfig CRYPTO_DRBG_MENU
1452	tristate "NIST SP800-90A DRBG"
1453	help
1454	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1455	  more of the DRBG types must be selected.
1456
1457if CRYPTO_DRBG_MENU
1458
1459config CRYPTO_DRBG_HMAC
1460	bool "Enable HMAC DRBG"
1461	default y
1462	select CRYPTO_HMAC
1463	help
1464	  Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1465
1466config CRYPTO_DRBG_HASH
1467	bool "Enable Hash DRBG"
1468	select CRYPTO_HASH
1469	help
1470	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1471
1472config CRYPTO_DRBG_CTR
1473	bool "Enable CTR DRBG"
1474	select CRYPTO_AES
1475	help
1476	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1477
1478config CRYPTO_DRBG
1479	tristate
1480	default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1481	select CRYPTO_RNG
1482
1483endif	# if CRYPTO_DRBG_MENU
1484
1485config CRYPTO_USER_API
1486	tristate
1487
1488config CRYPTO_USER_API_HASH
1489	tristate "User-space interface for hash algorithms"
1490	depends on NET
1491	select CRYPTO_HASH
1492	select CRYPTO_USER_API
1493	help
1494	  This option enables the user-spaces interface for hash
1495	  algorithms.
1496
1497config CRYPTO_USER_API_SKCIPHER
1498	tristate "User-space interface for symmetric key cipher algorithms"
1499	depends on NET
1500	select CRYPTO_BLKCIPHER
1501	select CRYPTO_USER_API
1502	help
1503	  This option enables the user-spaces interface for symmetric
1504	  key cipher algorithms.
1505
1506config CRYPTO_USER_API_RNG
1507	tristate "User-space interface for random number generator algorithms"
1508	depends on NET
1509	select CRYPTO_RNG
1510	select CRYPTO_USER_API
1511	help
1512	  This option enables the user-spaces interface for random
1513	  number generator algorithms.
1514
1515config CRYPTO_HASH_INFO
1516	bool
1517
1518source "drivers/crypto/Kconfig"
1519source crypto/asymmetric_keys/Kconfig
1520
1521endif	# if CRYPTO
1522