| # SPDX-License-Identifier: GPL-2.0 |
| |
| menu "Accelerated Cryptographic Algorithms for CPU (x86)" |
| |
| config CRYPTO_CURVE25519_X86 |
| tristate "Public key crypto: Curve25519 (ADX)" |
| depends on X86 && 64BIT |
| select CRYPTO_LIB_CURVE25519_GENERIC |
| select CRYPTO_ARCH_HAVE_LIB_CURVE25519 |
| help |
| Curve25519 algorithm |
| |
| Architecture: x86_64 using: |
| - ADX (large integer arithmetic) |
| |
| config CRYPTO_AES_NI_INTEL |
| tristate "AES cipher algorithms (AES-NI)" |
| depends on X86 |
| select CRYPTO_AEAD |
| select CRYPTO_LIB_AES |
| select CRYPTO_ALGAPI |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SIMD |
| help |
| Use Intel AES-NI instructions for AES algorithm. |
| |
| AES cipher algorithms (FIPS-197). AES uses the Rijndael |
| algorithm. |
| |
| Rijndael appears to be consistently a very good performer in |
| both hardware and software across a wide range of computing |
| environments regardless of its use in feedback or non-feedback |
| modes. Its key setup time is excellent, and its key agility is |
| good. Rijndael's very low memory requirements make it very well |
| suited for restricted-space environments, in which it also |
| demonstrates excellent performance. Rijndael's operations are |
| among the easiest to defend against power and timing attacks. |
| |
| The AES specifies three key sizes: 128, 192 and 256 bits |
| |
| See <http://csrc.nist.gov/encryption/aes/> for more information. |
| |
| In addition to AES cipher algorithm support, the acceleration |
| for some popular block cipher mode is supported too, including |
| ECB, CBC, LRW, XTS. The 64 bit version has additional |
| acceleration for CTR and XCTR. |
| |
| config CRYPTO_BLOWFISH_X86_64 |
| tristate "Blowfish cipher algorithm (x86_64)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_BLOWFISH_COMMON |
| imply CRYPTO_CTR |
| help |
| Blowfish cipher algorithm (x86_64), by Bruce Schneier. |
| |
| This is a variable key length cipher which can use keys from 32 |
| bits to 448 bits in length. It's fast, simple and specifically |
| designed for use on "large microprocessors". |
| |
| See also: |
| <https://www.schneier.com/blowfish.html> |
| |
| config CRYPTO_CAMELLIA_X86_64 |
| tristate "Camellia cipher algorithm (x86_64)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| imply CRYPTO_CTR |
| help |
| Camellia cipher algorithm module (x86_64). |
| |
| Camellia is a symmetric key block cipher developed jointly |
| at NTT and Mitsubishi Electric Corporation. |
| |
| The Camellia specifies three key sizes: 128, 192 and 256 bits. |
| |
| See also: |
| <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> |
| |
| config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 |
| tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_CAMELLIA_X86_64 |
| select CRYPTO_SIMD |
| imply CRYPTO_XTS |
| help |
| Camellia cipher algorithm module (x86_64/AES-NI/AVX). |
| |
| Camellia is a symmetric key block cipher developed jointly |
| at NTT and Mitsubishi Electric Corporation. |
| |
| The Camellia specifies three key sizes: 128, 192 and 256 bits. |
| |
| See also: |
| <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> |
| |
| config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 |
| tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 |
| help |
| Camellia cipher algorithm module (x86_64/AES-NI/AVX2). |
| |
| Camellia is a symmetric key block cipher developed jointly |
| at NTT and Mitsubishi Electric Corporation. |
| |
| The Camellia specifies three key sizes: 128, 192 and 256 bits. |
| |
| See also: |
| <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> |
| |
| config CRYPTO_CAST5_AVX_X86_64 |
| tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_CAST5 |
| select CRYPTO_CAST_COMMON |
| select CRYPTO_SIMD |
| imply CRYPTO_CTR |
| help |
| The CAST5 encryption algorithm (synonymous with CAST-128) is |
| described in RFC2144. |
| |
| This module provides the Cast5 cipher algorithm that processes |
| sixteen blocks parallel using the AVX instruction set. |
| |
| config CRYPTO_CAST6_AVX_X86_64 |
| tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_CAST6 |
| select CRYPTO_CAST_COMMON |
| select CRYPTO_SIMD |
| imply CRYPTO_XTS |
| imply CRYPTO_CTR |
| help |
| The CAST6 encryption algorithm (synonymous with CAST-256) is |
| described in RFC2612. |
| |
| This module provides the Cast6 cipher algorithm that processes |
| eight blocks parallel using the AVX instruction set. |
| |
| config CRYPTO_DES3_EDE_X86_64 |
| tristate "Triple DES EDE cipher algorithm (x86-64)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_LIB_DES |
| imply CRYPTO_CTR |
| help |
| Triple DES EDE (FIPS 46-3) algorithm. |
| |
| This module provides implementation of the Triple DES EDE cipher |
| algorithm that is optimized for x86-64 processors. Two versions of |
| algorithm are provided; regular processing one input block and |
| one that processes three blocks parallel. |
| |
| config CRYPTO_SERPENT_SSE2_X86_64 |
| tristate "Serpent cipher algorithm (x86_64/SSE2)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SERPENT |
| select CRYPTO_SIMD |
| imply CRYPTO_CTR |
| help |
| Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
| |
| Keys are allowed to be from 0 to 256 bits in length, in steps |
| of 8 bits. |
| |
| This module provides Serpent cipher algorithm that processes eight |
| blocks parallel using SSE2 instruction set. |
| |
| See also: |
| <https://www.cl.cam.ac.uk/~rja14/serpent.html> |
| |
| config CRYPTO_SERPENT_SSE2_586 |
| tristate "Serpent cipher algorithm (i586/SSE2)" |
| depends on X86 && !64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SERPENT |
| select CRYPTO_SIMD |
| imply CRYPTO_CTR |
| help |
| Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
| |
| Keys are allowed to be from 0 to 256 bits in length, in steps |
| of 8 bits. |
| |
| This module provides Serpent cipher algorithm that processes four |
| blocks parallel using SSE2 instruction set. |
| |
| See also: |
| <https://www.cl.cam.ac.uk/~rja14/serpent.html> |
| |
| config CRYPTO_SERPENT_AVX_X86_64 |
| tristate "Serpent cipher algorithm (x86_64/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SERPENT |
| select CRYPTO_SIMD |
| imply CRYPTO_XTS |
| imply CRYPTO_CTR |
| help |
| Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
| |
| Keys are allowed to be from 0 to 256 bits in length, in steps |
| of 8 bits. |
| |
| This module provides the Serpent cipher algorithm that processes |
| eight blocks parallel using the AVX instruction set. |
| |
| See also: |
| <https://www.cl.cam.ac.uk/~rja14/serpent.html> |
| |
| config CRYPTO_SERPENT_AVX2_X86_64 |
| tristate "Serpent cipher algorithm (x86_64/AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_SERPENT_AVX_X86_64 |
| help |
| Serpent cipher algorithm, by Anderson, Biham & Knudsen. |
| |
| Keys are allowed to be from 0 to 256 bits in length, in steps |
| of 8 bits. |
| |
| This module provides Serpent cipher algorithm that processes 16 |
| blocks parallel using AVX2 instruction set. |
| |
| See also: |
| <https://www.cl.cam.ac.uk/~rja14/serpent.html> |
| |
| config CRYPTO_SM4_AESNI_AVX_X86_64 |
| tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SIMD |
| select CRYPTO_ALGAPI |
| select CRYPTO_SM4 |
| help |
| SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). |
| |
| SM4 (GBT.32907-2016) is a cryptographic standard issued by the |
| Organization of State Commercial Administration of China (OSCCA) |
| as an authorized cryptographic algorithms for the use within China. |
| |
| This is SM4 optimized implementation using AES-NI/AVX/x86_64 |
| instruction set for block cipher. Through two affine transforms, |
| we can use the AES S-Box to simulate the SM4 S-Box to achieve the |
| effect of instruction acceleration. |
| |
| If unsure, say N. |
| |
| config CRYPTO_SM4_AESNI_AVX2_X86_64 |
| tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SIMD |
| select CRYPTO_ALGAPI |
| select CRYPTO_SM4 |
| select CRYPTO_SM4_AESNI_AVX_X86_64 |
| help |
| SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). |
| |
| SM4 (GBT.32907-2016) is a cryptographic standard issued by the |
| Organization of State Commercial Administration of China (OSCCA) |
| as an authorized cryptographic algorithms for the use within China. |
| |
| This is SM4 optimized implementation using AES-NI/AVX2/x86_64 |
| instruction set for block cipher. Through two affine transforms, |
| we can use the AES S-Box to simulate the SM4 S-Box to achieve the |
| effect of instruction acceleration. |
| |
| If unsure, say N. |
| |
| config CRYPTO_TWOFISH_586 |
| tristate "Twofish cipher algorithms (i586)" |
| depends on (X86 || UML_X86) && !64BIT |
| select CRYPTO_ALGAPI |
| select CRYPTO_TWOFISH_COMMON |
| imply CRYPTO_CTR |
| help |
| Twofish cipher algorithm. |
| |
| Twofish was submitted as an AES (Advanced Encryption Standard) |
| candidate cipher by researchers at CounterPane Systems. It is a |
| 16 round block cipher supporting key sizes of 128, 192, and 256 |
| bits. |
| |
| See also: |
| <https://www.schneier.com/twofish.html> |
| |
| config CRYPTO_TWOFISH_X86_64 |
| tristate "Twofish cipher algorithm (x86_64)" |
| depends on (X86 || UML_X86) && 64BIT |
| select CRYPTO_ALGAPI |
| select CRYPTO_TWOFISH_COMMON |
| imply CRYPTO_CTR |
| help |
| Twofish cipher algorithm (x86_64). |
| |
| Twofish was submitted as an AES (Advanced Encryption Standard) |
| candidate cipher by researchers at CounterPane Systems. It is a |
| 16 round block cipher supporting key sizes of 128, 192, and 256 |
| bits. |
| |
| See also: |
| <https://www.schneier.com/twofish.html> |
| |
| config CRYPTO_TWOFISH_X86_64_3WAY |
| tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_TWOFISH_COMMON |
| select CRYPTO_TWOFISH_X86_64 |
| help |
| Twofish cipher algorithm (x86_64, 3-way parallel). |
| |
| Twofish was submitted as an AES (Advanced Encryption Standard) |
| candidate cipher by researchers at CounterPane Systems. It is a |
| 16 round block cipher supporting key sizes of 128, 192, and 256 |
| bits. |
| |
| This module provides Twofish cipher algorithm that processes three |
| blocks parallel, utilizing resources of out-of-order CPUs better. |
| |
| See also: |
| <https://www.schneier.com/twofish.html> |
| |
| config CRYPTO_TWOFISH_AVX_X86_64 |
| tristate "Twofish cipher algorithm (x86_64/AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_SIMD |
| select CRYPTO_TWOFISH_COMMON |
| select CRYPTO_TWOFISH_X86_64 |
| select CRYPTO_TWOFISH_X86_64_3WAY |
| imply CRYPTO_XTS |
| help |
| Twofish cipher algorithm (x86_64/AVX). |
| |
| Twofish was submitted as an AES (Advanced Encryption Standard) |
| candidate cipher by researchers at CounterPane Systems. It is a |
| 16 round block cipher supporting key sizes of 128, 192, and 256 |
| bits. |
| |
| This module provides the Twofish cipher algorithm that processes |
| eight blocks parallel using the AVX Instruction Set. |
| |
| See also: |
| <https://www.schneier.com/twofish.html> |
| |
| config CRYPTO_CHACHA20_X86_64 |
| tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" |
| depends on X86 && 64BIT |
| select CRYPTO_SKCIPHER |
| select CRYPTO_LIB_CHACHA_GENERIC |
| select CRYPTO_ARCH_HAVE_LIB_CHACHA |
| help |
| SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, |
| XChaCha20, and XChaCha12 stream ciphers. |
| |
| config CRYPTO_AEGIS128_AESNI_SSE2 |
| tristate "AEAD ciphers: AEGIS-128 (AES-NI/SSE2)" |
| depends on X86 && 64BIT |
| select CRYPTO_AEAD |
| select CRYPTO_SIMD |
| help |
| AEGIS-128 AEAD algorithm |
| |
| Architecture: x86_64 using: |
| - AES-NI (AES New Instructions) |
| - SSE2 (Streaming SIMD Extensions 2) |
| |
| config CRYPTO_NHPOLY1305_SSE2 |
| tristate "Hash functions: NHPoly1305 (SSE2)" |
| depends on X86 && 64BIT |
| select CRYPTO_NHPOLY1305 |
| help |
| NHPoly1305 hash function for Adiantum |
| |
| Architecture: x86_64 using: |
| - SSE2 (Streaming SIMD Extensions 2) |
| |
| config CRYPTO_NHPOLY1305_AVX2 |
| tristate "Hash functions: NHPoly1305 (AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_NHPOLY1305 |
| help |
| NHPoly1305 hash function for Adiantum |
| |
| Architecture: x86_64 using: |
| - AVX2 (Advanced Vector Extensions 2) |
| |
| config CRYPTO_BLAKE2S_X86 |
| bool "Hash functions: BLAKE2s (SSSE3/AVX-512)" |
| depends on X86 && 64BIT |
| select CRYPTO_LIB_BLAKE2S_GENERIC |
| select CRYPTO_ARCH_HAVE_LIB_BLAKE2S |
| help |
| BLAKE2s cryptographic hash function (RFC 7693) |
| |
| Architecture: x86_64 using: |
| - SSSE3 (Supplemental SSE3) |
| - AVX-512 (Advanced Vector Extensions-512) |
| |
| config CRYPTO_POLYVAL_CLMUL_NI |
| tristate "Hash functions: POLYVAL (CLMUL-NI)" |
| depends on X86 && 64BIT |
| select CRYPTO_POLYVAL |
| help |
| POLYVAL hash function for HCTR2 |
| |
| Architecture: x86_64 using: |
| - CLMUL-NI (carry-less multiplication new instructions) |
| |
| config CRYPTO_POLY1305_X86_64 |
| tristate "Hash functions: Poly1305 (SSE2/AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_LIB_POLY1305_GENERIC |
| select CRYPTO_ARCH_HAVE_LIB_POLY1305 |
| help |
| Poly1305 authenticator algorithm (RFC7539) |
| |
| Architecture: x86_64 using: |
| - SSE2 (Streaming SIMD Extensions 2) |
| - AVX2 (Advanced Vector Extensions 2) |
| |
| config CRYPTO_SHA1_SSSE3 |
| tristate "Hash functions: SHA-1 (SSSE3/AVX/AVX2/SHA-NI)" |
| depends on X86 && 64BIT |
| select CRYPTO_SHA1 |
| select CRYPTO_HASH |
| help |
| SHA-1 secure hash algorithm (FIPS 180) |
| |
| Architecture: x86_64 using: |
| - SSSE3 (Supplemental SSE3) |
| - AVX (Advanced Vector Extensions) |
| - AVX2 (Advanced Vector Extensions 2) |
| - SHA-NI (SHA Extensions New Instructions) |
| |
| config CRYPTO_SHA256_SSSE3 |
| tristate "Hash functions: SHA-224 and SHA-256 (SSSE3/AVX/AVX2/SHA-NI)" |
| depends on X86 && 64BIT |
| select CRYPTO_SHA256 |
| select CRYPTO_HASH |
| help |
| SHA-224 and SHA-256 secure hash algorithms (FIPS 180) |
| |
| Architecture: x86_64 using: |
| - SSSE3 (Supplemental SSE3) |
| - AVX (Advanced Vector Extensions) |
| - AVX2 (Advanced Vector Extensions 2) |
| - SHA-NI (SHA Extensions New Instructions) |
| |
| config CRYPTO_SHA512_SSSE3 |
| tristate "Hash functions: SHA-384 and SHA-512 (SSSE3/AVX/AVX2)" |
| depends on X86 && 64BIT |
| select CRYPTO_SHA512 |
| select CRYPTO_HASH |
| help |
| SHA-384 and SHA-512 secure hash algorithms (FIPS 180) |
| |
| Architecture: x86_64 using: |
| - SSSE3 (Supplemental SSE3) |
| - AVX (Advanced Vector Extensions) |
| - AVX2 (Advanced Vector Extensions 2) |
| |
| config CRYPTO_SM3_AVX_X86_64 |
| tristate "Hash functions: SM3 (AVX)" |
| depends on X86 && 64BIT |
| select CRYPTO_HASH |
| select CRYPTO_SM3 |
| help |
| SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3 |
| |
| Architecture: x86_64 using: |
| - AVX (Advanced Vector Extensions) |
| |
| If unsure, say N. |
| |
| config CRYPTO_GHASH_CLMUL_NI_INTEL |
| tristate "Hash functions: GHASH (CLMUL-NI)" |
| depends on X86 && 64BIT |
| select CRYPTO_CRYPTD |
| help |
| GCM GHASH hash function (NIST SP800-38D) |
| |
| Architecture: x86_64 using: |
| - CLMUL-NI (carry-less multiplication new instructions) |
| |
| config CRYPTO_CRC32C_INTEL |
| tristate "CRC32c (SSE4.2/PCLMULQDQ)" |
| depends on X86 |
| select CRYPTO_HASH |
| help |
| CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) |
| |
| Architecture: x86 (32-bit and 64-bit) using: |
| - SSE4.2 (Streaming SIMD Extensions 4.2) CRC32 instruction |
| - PCLMULQDQ (carry-less multiplication) |
| |
| config CRYPTO_CRC32_PCLMUL |
| tristate "CRC32 (PCLMULQDQ)" |
| depends on X86 |
| select CRYPTO_HASH |
| select CRC32 |
| help |
| CRC32 CRC algorithm (IEEE 802.3) |
| |
| Architecture: x86 (32-bit and 64-bit) using: |
| - PCLMULQDQ (carry-less multiplication) |
| |
| config CRYPTO_CRCT10DIF_PCLMUL |
| tristate "CRCT10DIF (PCLMULQDQ)" |
| depends on X86 && 64BIT && CRC_T10DIF |
| select CRYPTO_HASH |
| help |
| CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) |
| |
| Architecture: x86_64 using: |
| - PCLMULQDQ (carry-less multiplication) |
| |
| endmenu |