linux/arch/x86/crypto/Kconfig

# SPDX-License-Identifier: GPL-2.0

menu "Accelerated Cryptographic Algorithms for CPU (x86)"

config CRYPTO_CURVE25519_X86
	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
	depends on X86 && 64BIT
	select CRYPTO_LIB_CURVE25519_GENERIC
	select CRYPTO_ARCH_HAVE_LIB_CURVE25519

config CRYPTO_AES_NI_INTEL
	tristate "AES cipher algorithms (AES-NI)"
	depends on X86
	select CRYPTO_AEAD
	select CRYPTO_LIB_AES
	select CRYPTO_ALGAPI
	select CRYPTO_SKCIPHER
	select CRYPTO_SIMD
	help
	  Use Intel AES-NI instructions for AES algorithm.

	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
	  algorithm.

	  Rijndael appears to be consistently a very good performer in
	  both hardware and software across a wide range of computing
	  environments regardless of its use in feedback or non-feedback
	  modes. Its key setup time is excellent, and its key agility is
	  good. Rijndael's very low memory requirements make it very well
	  suited for restricted-space environments, in which it also
	  demonstrates excellent performance. Rijndael's operations are
	  among the easiest to defend against power and timing attacks.

	  The AES specifies three key sizes: 128, 192 and 256 bits

	  See <http://csrc.nist.gov/encryption/aes/> for more information.

	  In addition to AES cipher algorithm support, the acceleration
	  for some popular block cipher mode is supported too, including
	  ECB, CBC, LRW, XTS. The 64 bit version has additional
	  acceleration for CTR and XCTR.

config CRYPTO_BLOWFISH_X86_64
	tristate "Blowfish cipher algorithm (x86_64)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_BLOWFISH_COMMON
	imply CRYPTO_CTR
	help
	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.

	  This is a variable key length cipher which can use keys from 32
	  bits to 448 bits in length.  It's fast, simple and specifically
	  designed for use on "large microprocessors".

	  See also:
	  <https://www.schneier.com/blowfish.html>

config CRYPTO_CAMELLIA_X86_64
	tristate "Camellia cipher algorithm (x86_64)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	imply CRYPTO_CTR
	help
	  Camellia cipher algorithm module (x86_64).

	  Camellia is a symmetric key block cipher developed jointly
	  at NTT and Mitsubishi Electric Corporation.

	  The Camellia specifies three key sizes: 128, 192 and 256 bits.

	  See also:
	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>

config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_CAMELLIA_X86_64
	select CRYPTO_SIMD
	imply CRYPTO_XTS
	help
	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).

	  Camellia is a symmetric key block cipher developed jointly
	  at NTT and Mitsubishi Electric Corporation.

	  The Camellia specifies three key sizes: 128, 192 and 256 bits.

	  See also:
	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>

config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
	depends on X86 && 64BIT
	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
	help
	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).

	  Camellia is a symmetric key block cipher developed jointly
	  at NTT and Mitsubishi Electric Corporation.

	  The Camellia specifies three key sizes: 128, 192 and 256 bits.

	  See also:
	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>

config CRYPTO_CAST5_AVX_X86_64
	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_CAST5
	select CRYPTO_CAST_COMMON
	select CRYPTO_SIMD
	imply CRYPTO_CTR
	help
	  The CAST5 encryption algorithm (synonymous with CAST-128) is
	  described in RFC2144.

	  This module provides the Cast5 cipher algorithm that processes
	  sixteen blocks parallel using the AVX instruction set.

config CRYPTO_CAST6_AVX_X86_64
	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_CAST6
	select CRYPTO_CAST_COMMON
	select CRYPTO_SIMD
	imply CRYPTO_XTS
	imply CRYPTO_CTR
	help
	  The CAST6 encryption algorithm (synonymous with CAST-256) is
	  described in RFC2612.

	  This module provides the Cast6 cipher algorithm that processes
	  eight blocks parallel using the AVX instruction set.

config CRYPTO_DES3_EDE_X86_64
	tristate "Triple DES EDE cipher algorithm (x86-64)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_LIB_DES
	imply CRYPTO_CTR
	help
	  Triple DES EDE (FIPS 46-3) algorithm.

	  This module provides implementation of the Triple DES EDE cipher
	  algorithm that is optimized for x86-64 processors. Two versions of
	  algorithm are provided; regular processing one input block and
	  one that processes three blocks parallel.

config CRYPTO_SERPENT_SSE2_X86_64
	tristate "Serpent cipher algorithm (x86_64/SSE2)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SERPENT
	select CRYPTO_SIMD
	imply CRYPTO_CTR
	help
	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.

	  Keys are allowed to be from 0 to 256 bits in length, in steps
	  of 8 bits.

	  This module provides Serpent cipher algorithm that processes eight
	  blocks parallel using SSE2 instruction set.

	  See also:
	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>

config CRYPTO_SERPENT_SSE2_586
	tristate "Serpent cipher algorithm (i586/SSE2)"
	depends on X86 && !64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SERPENT
	select CRYPTO_SIMD
	imply CRYPTO_CTR
	help
	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.

	  Keys are allowed to be from 0 to 256 bits in length, in steps
	  of 8 bits.

	  This module provides Serpent cipher algorithm that processes four
	  blocks parallel using SSE2 instruction set.

	  See also:
	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>

config CRYPTO_SERPENT_AVX_X86_64
	tristate "Serpent cipher algorithm (x86_64/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SERPENT
	select CRYPTO_SIMD
	imply CRYPTO_XTS
	imply CRYPTO_CTR
	help
	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.

	  Keys are allowed to be from 0 to 256 bits in length, in steps
	  of 8 bits.

	  This module provides the Serpent cipher algorithm that processes
	  eight blocks parallel using the AVX instruction set.

	  See also:
	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>

config CRYPTO_SERPENT_AVX2_X86_64
	tristate "Serpent cipher algorithm (x86_64/AVX2)"
	depends on X86 && 64BIT
	select CRYPTO_SERPENT_AVX_X86_64
	help
	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.

	  Keys are allowed to be from 0 to 256 bits in length, in steps
	  of 8 bits.

	  This module provides Serpent cipher algorithm that processes 16
	  blocks parallel using AVX2 instruction set.

	  See also:
	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>

config CRYPTO_SM4_AESNI_AVX_X86_64
	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SIMD
	select CRYPTO_ALGAPI
	select CRYPTO_SM4
	help
	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).

	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
	  Organization of State Commercial Administration of China (OSCCA)
	  as an authorized cryptographic algorithms for the use within China.

	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
	  instruction set for block cipher. Through two affine transforms,
	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
	  effect of instruction acceleration.

	  If unsure, say N.

config CRYPTO_SM4_AESNI_AVX2_X86_64
	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SIMD
	select CRYPTO_ALGAPI
	select CRYPTO_SM4
	select CRYPTO_SM4_AESNI_AVX_X86_64
	help
	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).

	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
	  Organization of State Commercial Administration of China (OSCCA)
	  as an authorized cryptographic algorithms for the use within China.

	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
	  instruction set for block cipher. Through two affine transforms,
	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
	  effect of instruction acceleration.

	  If unsure, say N.

config CRYPTO_TWOFISH_586
	tristate "Twofish cipher algorithms (i586)"
	depends on (X86 || UML_X86) && !64BIT
	select CRYPTO_ALGAPI
	select CRYPTO_TWOFISH_COMMON
	imply CRYPTO_CTR
	help
	  Twofish cipher algorithm.

	  Twofish was submitted as an AES (Advanced Encryption Standard)
	  candidate cipher by researchers at CounterPane Systems.  It is a
	  16 round block cipher supporting key sizes of 128, 192, and 256
	  bits.

	  See also:
	  <https://www.schneier.com/twofish.html>

config CRYPTO_TWOFISH_X86_64
	tristate "Twofish cipher algorithm (x86_64)"
	depends on (X86 || UML_X86) && 64BIT
	select CRYPTO_ALGAPI
	select CRYPTO_TWOFISH_COMMON
	imply CRYPTO_CTR
	help
	  Twofish cipher algorithm (x86_64).

	  Twofish was submitted as an AES (Advanced Encryption Standard)
	  candidate cipher by researchers at CounterPane Systems.  It is a
	  16 round block cipher supporting key sizes of 128, 192, and 256
	  bits.

	  See also:
	  <https://www.schneier.com/twofish.html>

config CRYPTO_TWOFISH_X86_64_3WAY
	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_TWOFISH_COMMON
	select CRYPTO_TWOFISH_X86_64
	help
	  Twofish cipher algorithm (x86_64, 3-way parallel).

	  Twofish was submitted as an AES (Advanced Encryption Standard)
	  candidate cipher by researchers at CounterPane Systems.  It is a
	  16 round block cipher supporting key sizes of 128, 192, and 256
	  bits.

	  This module provides Twofish cipher algorithm that processes three
	  blocks parallel, utilizing resources of out-of-order CPUs better.

	  See also:
	  <https://www.schneier.com/twofish.html>

config CRYPTO_TWOFISH_AVX_X86_64
	tristate "Twofish cipher algorithm (x86_64/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_SIMD
	select CRYPTO_TWOFISH_COMMON
	select CRYPTO_TWOFISH_X86_64
	select CRYPTO_TWOFISH_X86_64_3WAY
	imply CRYPTO_XTS
	help
	  Twofish cipher algorithm (x86_64/AVX).

	  Twofish was submitted as an AES (Advanced Encryption Standard)
	  candidate cipher by researchers at CounterPane Systems.  It is a
	  16 round block cipher supporting key sizes of 128, 192, and 256
	  bits.

	  This module provides the Twofish cipher algorithm that processes
	  eight blocks parallel using the AVX Instruction Set.

	  See also:
	  <https://www.schneier.com/twofish.html>

config CRYPTO_CHACHA20_X86_64
	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
	depends on X86 && 64BIT
	select CRYPTO_SKCIPHER
	select CRYPTO_LIB_CHACHA_GENERIC
	select CRYPTO_ARCH_HAVE_LIB_CHACHA
	help
	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
	  XChaCha20, and XChaCha12 stream ciphers.

config CRYPTO_AEGIS128_AESNI_SSE2
	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
	depends on X86 && 64BIT
	select CRYPTO_AEAD
	select CRYPTO_SIMD
	help
	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.

config CRYPTO_NHPOLY1305_SSE2
	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
	depends on X86 && 64BIT
	select CRYPTO_NHPOLY1305
	help
	  SSE2 optimized implementation of the hash function used by the
	  Adiantum encryption mode.

config CRYPTO_NHPOLY1305_AVX2
	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
	depends on X86 && 64BIT
	select CRYPTO_NHPOLY1305
	help
	  AVX2 optimized implementation of the hash function used by the
	  Adiantum encryption mode.

config CRYPTO_BLAKE2S_X86
	bool "BLAKE2s digest algorithm (x86 accelerated version)"
	depends on X86 && 64BIT
	select CRYPTO_LIB_BLAKE2S_GENERIC
	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S

config CRYPTO_POLYVAL_CLMUL_NI
	tristate "POLYVAL hash function (CLMUL-NI accelerated)"
	depends on X86 && 64BIT
	select CRYPTO_POLYVAL
	help
	  This is the x86_64 CLMUL-NI accelerated implementation of POLYVAL. It is
	  used to efficiently implement HCTR2 on x86-64 processors that support
	  carry-less multiplication instructions.

config CRYPTO_POLY1305_X86_64
	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
	depends on X86 && 64BIT
	select CRYPTO_LIB_POLY1305_GENERIC
	select CRYPTO_ARCH_HAVE_LIB_POLY1305
	help
	  Poly1305 authenticator algorithm, RFC7539.

	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
	  instructions.

config CRYPTO_SHA1_SSSE3
	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
	depends on X86 && 64BIT
	select CRYPTO_SHA1
	select CRYPTO_HASH
	help
	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
	  when available.

config CRYPTO_SHA256_SSSE3
	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
	depends on X86 && 64BIT
	select CRYPTO_SHA256
	select CRYPTO_HASH
	help
	  SHA-256 secure hash standard (DFIPS 180-2) implemented
	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
	  Extensions version 1 (AVX1), or Advanced Vector Extensions
	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
	  Instructions) when available.

config CRYPTO_SHA512_SSSE3
	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
	depends on X86 && 64BIT
	select CRYPTO_SHA512
	select CRYPTO_HASH
	help
	  SHA-512 secure hash standard (DFIPS 180-2) implemented
	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
	  Extensions version 1 (AVX1), or Advanced Vector Extensions
	  version 2 (AVX2) instructions, when available.

config CRYPTO_SM3_AVX_X86_64
	tristate "SM3 digest algorithm (x86_64/AVX)"
	depends on X86 && 64BIT
	select CRYPTO_HASH
	select CRYPTO_SM3
	help
	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
	  It is part of the Chinese Commercial Cryptography suite. This is
	  SM3 optimized implementation using Advanced Vector Extensions (AVX)
	  when available.

	  If unsure, say N.

config CRYPTO_GHASH_CLMUL_NI_INTEL
	tristate "GHASH hash function (CLMUL-NI accelerated)"
	depends on X86 && 64BIT
	select CRYPTO_CRYPTD
	help
	  This is the x86_64 CLMUL-NI accelerated implementation of
	  GHASH, the hash function used in GCM (Galois/Counter mode).

config CRYPTO_CRC32C_INTEL
	tristate "CRC32c INTEL hardware acceleration"
	depends on X86
	select CRYPTO_HASH
	help
	  In Intel processor with SSE4.2 supported, the processor will
	  support CRC32C implementation using hardware accelerated CRC32
	  instruction. This option will create 'crc32c-intel' module,
	  which will enable any routine to use the CRC32 instruction to
	  gain performance compared with software implementation.
	  Module will be crc32c-intel.

config CRYPTO_CRC32_PCLMUL
	tristate "CRC32 PCLMULQDQ hardware acceleration"
	depends on X86
	select CRYPTO_HASH
	select CRC32
	help
	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
	  and PCLMULQDQ supported, the processor will support
	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
	  instruction. This option will create 'crc32-pclmul' module,
	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
	  and gain better performance as compared with the table implementation.

config CRYPTO_CRCT10DIF_PCLMUL
	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
	depends on X86 && 64BIT && CRC_T10DIF
	select CRYPTO_HASH
	help
	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
	  CRC T10 DIF PCLMULQDQ computation can be hardware
	  accelerated PCLMULQDQ instruction. This option will create
	  'crct10dif-pclmul' module, which is faster when computing the
	  crct10dif checksum as compared with the generic table implementation.

endmenu