linux/crypto/Kconfig
<<
>>
Prefs
   1# SPDX-License-Identifier: GPL-2.0
   2#
   3# Generic algorithms support
   4#
   5config XOR_BLOCKS
   6        tristate
   7
   8#
   9# async_tx api: hardware offloaded memory transfer/transform support
  10#
  11source "crypto/async_tx/Kconfig"
  12
  13#
  14# Cryptographic API Configuration
  15#
  16menuconfig CRYPTO
  17        tristate "Cryptographic API"
  18        help
  19          This option provides the core Cryptographic API.
  20
  21if CRYPTO
  22
  23comment "Crypto core or helper"
  24
  25config CRYPTO_FIPS
  26        bool "FIPS 200 compliance"
  27        depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
  28        depends on (MODULE_SIG || !MODULES)
  29        help
  30          This option enables the fips boot option which is
  31          required if you want the system to operate in a FIPS 200
  32          certification.  You should say no unless you know what
  33          this is.
  34
  35config CRYPTO_ALGAPI
  36        tristate
  37        select CRYPTO_ALGAPI2
  38        help
  39          This option provides the API for cryptographic algorithms.
  40
  41config CRYPTO_ALGAPI2
  42        tristate
  43
  44config CRYPTO_AEAD
  45        tristate
  46        select CRYPTO_AEAD2
  47        select CRYPTO_ALGAPI
  48
  49config CRYPTO_AEAD2
  50        tristate
  51        select CRYPTO_ALGAPI2
  52        select CRYPTO_NULL2
  53        select CRYPTO_RNG2
  54
  55config CRYPTO_SKCIPHER
  56        tristate
  57        select CRYPTO_SKCIPHER2
  58        select CRYPTO_ALGAPI
  59
  60config CRYPTO_SKCIPHER2
  61        tristate
  62        select CRYPTO_ALGAPI2
  63        select CRYPTO_RNG2
  64
  65config CRYPTO_HASH
  66        tristate
  67        select CRYPTO_HASH2
  68        select CRYPTO_ALGAPI
  69
  70config CRYPTO_HASH2
  71        tristate
  72        select CRYPTO_ALGAPI2
  73
  74config CRYPTO_RNG
  75        tristate
  76        select CRYPTO_RNG2
  77        select CRYPTO_ALGAPI
  78
  79config CRYPTO_RNG2
  80        tristate
  81        select CRYPTO_ALGAPI2
  82
  83config CRYPTO_RNG_DEFAULT
  84        tristate
  85        select CRYPTO_DRBG_MENU
  86
  87config CRYPTO_AKCIPHER2
  88        tristate
  89        select CRYPTO_ALGAPI2
  90
  91config CRYPTO_AKCIPHER
  92        tristate
  93        select CRYPTO_AKCIPHER2
  94        select CRYPTO_ALGAPI
  95
  96config CRYPTO_KPP2
  97        tristate
  98        select CRYPTO_ALGAPI2
  99
 100config CRYPTO_KPP
 101        tristate
 102        select CRYPTO_ALGAPI
 103        select CRYPTO_KPP2
 104
 105config CRYPTO_ACOMP2
 106        tristate
 107        select CRYPTO_ALGAPI2
 108        select SGL_ALLOC
 109
 110config CRYPTO_ACOMP
 111        tristate
 112        select CRYPTO_ALGAPI
 113        select CRYPTO_ACOMP2
 114
 115config CRYPTO_MANAGER
 116        tristate "Cryptographic algorithm manager"
 117        select CRYPTO_MANAGER2
 118        help
 119          Create default cryptographic template instantiations such as
 120          cbc(aes).
 121
 122config CRYPTO_MANAGER2
 123        def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
 124        select CRYPTO_AEAD2
 125        select CRYPTO_HASH2
 126        select CRYPTO_SKCIPHER2
 127        select CRYPTO_AKCIPHER2
 128        select CRYPTO_KPP2
 129        select CRYPTO_ACOMP2
 130
 131config CRYPTO_USER
 132        tristate "Userspace cryptographic algorithm configuration"
 133        depends on NET
 134        select CRYPTO_MANAGER
 135        help
 136          Userspace configuration for cryptographic instantiations such as
 137          cbc(aes).
 138
 139config CRYPTO_MANAGER_DISABLE_TESTS
 140        bool "Disable run-time self tests"
 141        default y
 142        help
 143          Disable run-time self tests that normally take place at
 144          algorithm registration.
 145
 146config CRYPTO_MANAGER_EXTRA_TESTS
 147        bool "Enable extra run-time crypto self tests"
 148        depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
 149        help
 150          Enable extra run-time self tests of registered crypto algorithms,
 151          including randomized fuzz tests.
 152
 153          This is intended for developer use only, as these tests take much
 154          longer to run than the normal self tests.
 155
 156config CRYPTO_GF128MUL
 157        tristate
 158
 159config CRYPTO_NULL
 160        tristate "Null algorithms"
 161        select CRYPTO_NULL2
 162        help
 163          These are 'Null' algorithms, used by IPsec, which do nothing.
 164
 165config CRYPTO_NULL2
 166        tristate
 167        select CRYPTO_ALGAPI2
 168        select CRYPTO_SKCIPHER2
 169        select CRYPTO_HASH2
 170
 171config CRYPTO_PCRYPT
 172        tristate "Parallel crypto engine"
 173        depends on SMP
 174        select PADATA
 175        select CRYPTO_MANAGER
 176        select CRYPTO_AEAD
 177        help
 178          This converts an arbitrary crypto algorithm into a parallel
 179          algorithm that executes in kernel threads.
 180
 181config CRYPTO_CRYPTD
 182        tristate "Software async crypto daemon"
 183        select CRYPTO_SKCIPHER
 184        select CRYPTO_HASH
 185        select CRYPTO_MANAGER
 186        help
 187          This is a generic software asynchronous crypto daemon that
 188          converts an arbitrary synchronous software crypto algorithm
 189          into an asynchronous algorithm that executes in a kernel thread.
 190
 191config CRYPTO_AUTHENC
 192        tristate "Authenc support"
 193        select CRYPTO_AEAD
 194        select CRYPTO_SKCIPHER
 195        select CRYPTO_MANAGER
 196        select CRYPTO_HASH
 197        select CRYPTO_NULL
 198        help
 199          Authenc: Combined mode wrapper for IPsec.
 200          This is required for IPSec.
 201
 202config CRYPTO_TEST
 203        tristate "Testing module"
 204        depends on m || EXPERT
 205        select CRYPTO_MANAGER
 206        help
 207          Quick & dirty crypto test module.
 208
 209config CRYPTO_SIMD
 210        tristate
 211        select CRYPTO_CRYPTD
 212
 213config CRYPTO_ENGINE
 214        tristate
 215
 216comment "Public-key cryptography"
 217
 218config CRYPTO_RSA
 219        tristate "RSA algorithm"
 220        select CRYPTO_AKCIPHER
 221        select CRYPTO_MANAGER
 222        select MPILIB
 223        select ASN1
 224        help
 225          Generic implementation of the RSA public key algorithm.
 226
 227config CRYPTO_DH
 228        tristate "Diffie-Hellman algorithm"
 229        select CRYPTO_KPP
 230        select MPILIB
 231        help
 232          Generic implementation of the Diffie-Hellman algorithm.
 233
 234config CRYPTO_ECC
 235        tristate
 236
 237config CRYPTO_ECDH
 238        tristate "ECDH algorithm"
 239        select CRYPTO_ECC
 240        select CRYPTO_KPP
 241        select CRYPTO_RNG_DEFAULT
 242        help
 243          Generic implementation of the ECDH algorithm
 244
 245config CRYPTO_ECDSA
 246        tristate "ECDSA (NIST P192, P256 etc.) algorithm"
 247        select CRYPTO_ECC
 248        select CRYPTO_AKCIPHER
 249        select ASN1
 250        help
 251          Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
 252          is A NIST cryptographic standard algorithm. Only signature verification
 253          is implemented.
 254
 255config CRYPTO_ECRDSA
 256        tristate "EC-RDSA (GOST 34.10) algorithm"
 257        select CRYPTO_ECC
 258        select CRYPTO_AKCIPHER
 259        select CRYPTO_STREEBOG
 260        select OID_REGISTRY
 261        select ASN1
 262        help
 263          Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
 264          RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
 265          standard algorithms (called GOST algorithms). Only signature verification
 266          is implemented.
 267
 268config CRYPTO_SM2
 269        tristate "SM2 algorithm"
 270        select CRYPTO_SM3
 271        select CRYPTO_AKCIPHER
 272        select CRYPTO_MANAGER
 273        select MPILIB
 274        select ASN1
 275        help
 276          Generic implementation of the SM2 public key algorithm. It was
 277          published by State Encryption Management Bureau, China.
 278          as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
 279
 280          References:
 281          https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
 282          http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
 283          http://www.gmbz.org.cn/main/bzlb.html
 284
 285config CRYPTO_CURVE25519
 286        tristate "Curve25519 algorithm"
 287        select CRYPTO_KPP
 288        select CRYPTO_LIB_CURVE25519_GENERIC
 289
 290config CRYPTO_CURVE25519_X86
 291        tristate "x86_64 accelerated Curve25519 scalar multiplication library"
 292        depends on X86 && 64BIT
 293        select CRYPTO_LIB_CURVE25519_GENERIC
 294        select CRYPTO_ARCH_HAVE_LIB_CURVE25519
 295
 296comment "Authenticated Encryption with Associated Data"
 297
 298config CRYPTO_CCM
 299        tristate "CCM support"
 300        select CRYPTO_CTR
 301        select CRYPTO_HASH
 302        select CRYPTO_AEAD
 303        select CRYPTO_MANAGER
 304        help
 305          Support for Counter with CBC MAC. Required for IPsec.
 306
 307config CRYPTO_GCM
 308        tristate "GCM/GMAC support"
 309        select CRYPTO_CTR
 310        select CRYPTO_AEAD
 311        select CRYPTO_GHASH
 312        select CRYPTO_NULL
 313        select CRYPTO_MANAGER
 314        help
 315          Support for Galois/Counter Mode (GCM) and Galois Message
 316          Authentication Code (GMAC). Required for IPSec.
 317
 318config CRYPTO_CHACHA20POLY1305
 319        tristate "ChaCha20-Poly1305 AEAD support"
 320        select CRYPTO_CHACHA20
 321        select CRYPTO_POLY1305
 322        select CRYPTO_AEAD
 323        select CRYPTO_MANAGER
 324        help
 325          ChaCha20-Poly1305 AEAD support, RFC7539.
 326
 327          Support for the AEAD wrapper using the ChaCha20 stream cipher combined
 328          with the Poly1305 authenticator. It is defined in RFC7539 for use in
 329          IETF protocols.
 330
 331config CRYPTO_AEGIS128
 332        tristate "AEGIS-128 AEAD algorithm"
 333        select CRYPTO_AEAD
 334        select CRYPTO_AES  # for AES S-box tables
 335        help
 336         Support for the AEGIS-128 dedicated AEAD algorithm.
 337
 338config CRYPTO_AEGIS128_SIMD
 339        bool "Support SIMD acceleration for AEGIS-128"
 340        depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
 341        default y
 342
 343config CRYPTO_AEGIS128_AESNI_SSE2
 344        tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
 345        depends on X86 && 64BIT
 346        select CRYPTO_AEAD
 347        select CRYPTO_SIMD
 348        help
 349         AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
 350
 351config CRYPTO_SEQIV
 352        tristate "Sequence Number IV Generator"
 353        select CRYPTO_AEAD
 354        select CRYPTO_SKCIPHER
 355        select CRYPTO_NULL
 356        select CRYPTO_RNG_DEFAULT
 357        select CRYPTO_MANAGER
 358        help
 359          This IV generator generates an IV based on a sequence number by
 360          xoring it with a salt.  This algorithm is mainly useful for CTR
 361
 362config CRYPTO_ECHAINIV
 363        tristate "Encrypted Chain IV Generator"
 364        select CRYPTO_AEAD
 365        select CRYPTO_NULL
 366        select CRYPTO_RNG_DEFAULT
 367        select CRYPTO_MANAGER
 368        help
 369          This IV generator generates an IV based on the encryption of
 370          a sequence number xored with a salt.  This is the default
 371          algorithm for CBC.
 372
 373comment "Block modes"
 374
 375config CRYPTO_CBC
 376        tristate "CBC support"
 377        select CRYPTO_SKCIPHER
 378        select CRYPTO_MANAGER
 379        help
 380          CBC: Cipher Block Chaining mode
 381          This block cipher algorithm is required for IPSec.
 382
 383config CRYPTO_CFB
 384        tristate "CFB support"
 385        select CRYPTO_SKCIPHER
 386        select CRYPTO_MANAGER
 387        help
 388          CFB: Cipher FeedBack mode
 389          This block cipher algorithm is required for TPM2 Cryptography.
 390
 391config CRYPTO_CTR
 392        tristate "CTR support"
 393        select CRYPTO_SKCIPHER
 394        select CRYPTO_MANAGER
 395        help
 396          CTR: Counter mode
 397          This block cipher algorithm is required for IPSec.
 398
 399config CRYPTO_CTS
 400        tristate "CTS support"
 401        select CRYPTO_SKCIPHER
 402        select CRYPTO_MANAGER
 403        help
 404          CTS: Cipher Text Stealing
 405          This is the Cipher Text Stealing mode as described by
 406          Section 8 of rfc2040 and referenced by rfc3962
 407          (rfc3962 includes errata information in its Appendix A) or
 408          CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
 409          This mode is required for Kerberos gss mechanism support
 410          for AES encryption.
 411
 412          See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
 413
 414config CRYPTO_ECB
 415        tristate "ECB support"
 416        select CRYPTO_SKCIPHER
 417        select CRYPTO_MANAGER
 418        help
 419          ECB: Electronic CodeBook mode
 420          This is the simplest block cipher algorithm.  It simply encrypts
 421          the input block by block.
 422
 423config CRYPTO_LRW
 424        tristate "LRW support"
 425        select CRYPTO_SKCIPHER
 426        select CRYPTO_MANAGER
 427        select CRYPTO_GF128MUL
 428        help
 429          LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
 430          narrow block cipher mode for dm-crypt.  Use it with cipher
 431          specification string aes-lrw-benbi, the key must be 256, 320 or 384.
 432          The first 128, 192 or 256 bits in the key are used for AES and the
 433          rest is used to tie each cipher block to its logical position.
 434
 435config CRYPTO_OFB
 436        tristate "OFB support"
 437        select CRYPTO_SKCIPHER
 438        select CRYPTO_MANAGER
 439        help
 440          OFB: the Output Feedback mode makes a block cipher into a synchronous
 441          stream cipher. It generates keystream blocks, which are then XORed
 442          with the plaintext blocks to get the ciphertext. Flipping a bit in the
 443          ciphertext produces a flipped bit in the plaintext at the same
 444          location. This property allows many error correcting codes to function
 445          normally even when applied before encryption.
 446
 447config CRYPTO_PCBC
 448        tristate "PCBC support"
 449        select CRYPTO_SKCIPHER
 450        select CRYPTO_MANAGER
 451        help
 452          PCBC: Propagating Cipher Block Chaining mode
 453          This block cipher algorithm is required for RxRPC.
 454
 455config CRYPTO_XTS
 456        tristate "XTS support"
 457        select CRYPTO_SKCIPHER
 458        select CRYPTO_MANAGER
 459        select CRYPTO_ECB
 460        help
 461          XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
 462          key size 256, 384 or 512 bits. This implementation currently
 463          can't handle a sectorsize which is not a multiple of 16 bytes.
 464
 465config CRYPTO_KEYWRAP
 466        tristate "Key wrapping support"
 467        select CRYPTO_SKCIPHER
 468        select CRYPTO_MANAGER
 469        help
 470          Support for key wrapping (NIST SP800-38F / RFC3394) without
 471          padding.
 472
 473config CRYPTO_NHPOLY1305
 474        tristate
 475        select CRYPTO_HASH
 476        select CRYPTO_LIB_POLY1305_GENERIC
 477
 478config CRYPTO_NHPOLY1305_SSE2
 479        tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
 480        depends on X86 && 64BIT
 481        select CRYPTO_NHPOLY1305
 482        help
 483          SSE2 optimized implementation of the hash function used by the
 484          Adiantum encryption mode.
 485
 486config CRYPTO_NHPOLY1305_AVX2
 487        tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
 488        depends on X86 && 64BIT
 489        select CRYPTO_NHPOLY1305
 490        help
 491          AVX2 optimized implementation of the hash function used by the
 492          Adiantum encryption mode.
 493
 494config CRYPTO_ADIANTUM
 495        tristate "Adiantum support"
 496        select CRYPTO_CHACHA20
 497        select CRYPTO_LIB_POLY1305_GENERIC
 498        select CRYPTO_NHPOLY1305
 499        select CRYPTO_MANAGER
 500        help
 501          Adiantum is a tweakable, length-preserving encryption mode
 502          designed for fast and secure disk encryption, especially on
 503          CPUs without dedicated crypto instructions.  It encrypts
 504          each sector using the XChaCha12 stream cipher, two passes of
 505          an ε-almost-∆-universal hash function, and an invocation of
 506          the AES-256 block cipher on a single 16-byte block.  On CPUs
 507          without AES instructions, Adiantum is much faster than
 508          AES-XTS.
 509
 510          Adiantum's security is provably reducible to that of its
 511          underlying stream and block ciphers, subject to a security
 512          bound.  Unlike XTS, Adiantum is a true wide-block encryption
 513          mode, so it actually provides an even stronger notion of
 514          security than XTS, subject to the security bound.
 515
 516          If unsure, say N.
 517
 518config CRYPTO_ESSIV
 519        tristate "ESSIV support for block encryption"
 520        select CRYPTO_AUTHENC
 521        help
 522          Encrypted salt-sector initialization vector (ESSIV) is an IV
 523          generation method that is used in some cases by fscrypt and/or
 524          dm-crypt. It uses the hash of the block encryption key as the
 525          symmetric key for a block encryption pass applied to the input
 526          IV, making low entropy IV sources more suitable for block
 527          encryption.
 528
 529          This driver implements a crypto API template that can be
 530          instantiated either as an skcipher or as an AEAD (depending on the
 531          type of the first template argument), and which defers encryption
 532          and decryption requests to the encapsulated cipher after applying
 533          ESSIV to the input IV. Note that in the AEAD case, it is assumed
 534          that the keys are presented in the same format used by the authenc
 535          template, and that the IV appears at the end of the authenticated
 536          associated data (AAD) region (which is how dm-crypt uses it.)
 537
 538          Note that the use of ESSIV is not recommended for new deployments,
 539          and so this only needs to be enabled when interoperability with
 540          existing encrypted volumes of filesystems is required, or when
 541          building for a particular system that requires it (e.g., when
 542          the SoC in question has accelerated CBC but not XTS, making CBC
 543          combined with ESSIV the only feasible mode for h/w accelerated
 544          block encryption)
 545
 546comment "Hash modes"
 547
 548config CRYPTO_CMAC
 549        tristate "CMAC support"
 550        select CRYPTO_HASH
 551        select CRYPTO_MANAGER
 552        help
 553          Cipher-based Message Authentication Code (CMAC) specified by
 554          The National Institute of Standards and Technology (NIST).
 555
 556          https://tools.ietf.org/html/rfc4493
 557          http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
 558
 559config CRYPTO_HMAC
 560        tristate "HMAC support"
 561        select CRYPTO_HASH
 562        select CRYPTO_MANAGER
 563        help
 564          HMAC: Keyed-Hashing for Message Authentication (RFC2104).
 565          This is required for IPSec.
 566
 567config CRYPTO_XCBC
 568        tristate "XCBC support"
 569        select CRYPTO_HASH
 570        select CRYPTO_MANAGER
 571        help
 572          XCBC: Keyed-Hashing with encryption algorithm
 573                https://www.ietf.org/rfc/rfc3566.txt
 574                http://csrc.nist.gov/encryption/modes/proposedmodes/
 575                 xcbc-mac/xcbc-mac-spec.pdf
 576
 577config CRYPTO_VMAC
 578        tristate "VMAC support"
 579        select CRYPTO_HASH
 580        select CRYPTO_MANAGER
 581        help
 582          VMAC is a message authentication algorithm designed for
 583          very high speed on 64-bit architectures.
 584
 585          See also:
 586          <https://fastcrypto.org/vmac>
 587
 588comment "Digest"
 589
 590config CRYPTO_CRC32C
 591        tristate "CRC32c CRC algorithm"
 592        select CRYPTO_HASH
 593        select CRC32
 594        help
 595          Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
 596          by iSCSI for header and data digests and by others.
 597          See Castagnoli93.  Module will be crc32c.
 598
 599config CRYPTO_CRC32C_INTEL
 600        tristate "CRC32c INTEL hardware acceleration"
 601        depends on X86
 602        select CRYPTO_HASH
 603        help
 604          In Intel processor with SSE4.2 supported, the processor will
 605          support CRC32C implementation using hardware accelerated CRC32
 606          instruction. This option will create 'crc32c-intel' module,
 607          which will enable any routine to use the CRC32 instruction to
 608          gain performance compared with software implementation.
 609          Module will be crc32c-intel.
 610
 611config CRYPTO_CRC32C_VPMSUM
 612        tristate "CRC32c CRC algorithm (powerpc64)"
 613        depends on PPC64 && ALTIVEC
 614        select CRYPTO_HASH
 615        select CRC32
 616        help
 617          CRC32c algorithm implemented using vector polynomial multiply-sum
 618          (vpmsum) instructions, introduced in POWER8. Enable on POWER8
 619          and newer processors for improved performance.
 620
 621
 622config CRYPTO_CRC32C_SPARC64
 623        tristate "CRC32c CRC algorithm (SPARC64)"
 624        depends on SPARC64
 625        select CRYPTO_HASH
 626        select CRC32
 627        help
 628          CRC32c CRC algorithm implemented using sparc64 crypto instructions,
 629          when available.
 630
 631config CRYPTO_CRC32
 632        tristate "CRC32 CRC algorithm"
 633        select CRYPTO_HASH
 634        select CRC32
 635        help
 636          CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
 637          Shash crypto api wrappers to crc32_le function.
 638
 639config CRYPTO_CRC32_PCLMUL
 640        tristate "CRC32 PCLMULQDQ hardware acceleration"
 641        depends on X86
 642        select CRYPTO_HASH
 643        select CRC32
 644        help
 645          From Intel Westmere and AMD Bulldozer processor with SSE4.2
 646          and PCLMULQDQ supported, the processor will support
 647          CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
 648          instruction. This option will create 'crc32-pclmul' module,
 649          which will enable any routine to use the CRC-32-IEEE 802.3 checksum
 650          and gain better performance as compared with the table implementation.
 651
 652config CRYPTO_CRC32_MIPS
 653        tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
 654        depends on MIPS_CRC_SUPPORT
 655        select CRYPTO_HASH
 656        help
 657          CRC32c and CRC32 CRC algorithms implemented using mips crypto
 658          instructions, when available.
 659
 660
 661config CRYPTO_XXHASH
 662        tristate "xxHash hash algorithm"
 663        select CRYPTO_HASH
 664        select XXHASH
 665        help
 666          xxHash non-cryptographic hash algorithm. Extremely fast, working at
 667          speeds close to RAM limits.
 668
 669config CRYPTO_BLAKE2B
 670        tristate "BLAKE2b digest algorithm"
 671        select CRYPTO_HASH
 672        help
 673          Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
 674          optimized for 64bit platforms and can produce digests of any size
 675          between 1 to 64.  The keyed hash is also implemented.
 676
 677          This module provides the following algorithms:
 678
 679          - blake2b-160
 680          - blake2b-256
 681          - blake2b-384
 682          - blake2b-512
 683
 684          See https://blake2.net for further information.
 685
 686config CRYPTO_BLAKE2S
 687        tristate "BLAKE2s digest algorithm"
 688        select CRYPTO_LIB_BLAKE2S_GENERIC
 689        select CRYPTO_HASH
 690        help
 691          Implementation of cryptographic hash function BLAKE2s
 692          optimized for 8-32bit platforms and can produce digests of any size
 693          between 1 to 32.  The keyed hash is also implemented.
 694
 695          This module provides the following algorithms:
 696
 697          - blake2s-128
 698          - blake2s-160
 699          - blake2s-224
 700          - blake2s-256
 701
 702          See https://blake2.net for further information.
 703
 704config CRYPTO_BLAKE2S_X86
 705        tristate "BLAKE2s digest algorithm (x86 accelerated version)"
 706        depends on X86 && 64BIT
 707        select CRYPTO_LIB_BLAKE2S_GENERIC
 708        select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
 709
 710config CRYPTO_CRCT10DIF
 711        tristate "CRCT10DIF algorithm"
 712        select CRYPTO_HASH
 713        help
 714          CRC T10 Data Integrity Field computation is being cast as
 715          a crypto transform.  This allows for faster crc t10 diff
 716          transforms to be used if they are available.
 717
 718config CRYPTO_CRCT10DIF_PCLMUL
 719        tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
 720        depends on X86 && 64BIT && CRC_T10DIF
 721        select CRYPTO_HASH
 722        help
 723          For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
 724          CRC T10 DIF PCLMULQDQ computation can be hardware
 725          accelerated PCLMULQDQ instruction. This option will create
 726          'crct10dif-pclmul' module, which is faster when computing the
 727          crct10dif checksum as compared with the generic table implementation.
 728
 729config CRYPTO_CRCT10DIF_VPMSUM
 730        tristate "CRC32T10DIF powerpc64 hardware acceleration"
 731        depends on PPC64 && ALTIVEC && CRC_T10DIF
 732        select CRYPTO_HASH
 733        help
 734          CRC10T10DIF algorithm implemented using vector polynomial
 735          multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
 736          POWER8 and newer processors for improved performance.
 737
 738config CRYPTO_VPMSUM_TESTER
 739        tristate "Powerpc64 vpmsum hardware acceleration tester"
 740        depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
 741        help
 742          Stress test for CRC32c and CRC-T10DIF algorithms implemented with
 743          POWER8 vpmsum instructions.
 744          Unless you are testing these algorithms, you don't need this.
 745
 746config CRYPTO_GHASH
 747        tristate "GHASH hash function"
 748        select CRYPTO_GF128MUL
 749        select CRYPTO_HASH
 750        help
 751          GHASH is the hash function used in GCM (Galois/Counter Mode).
 752          It is not a general-purpose cryptographic hash function.
 753
 754config CRYPTO_POLY1305
 755        tristate "Poly1305 authenticator algorithm"
 756        select CRYPTO_HASH
 757        select CRYPTO_LIB_POLY1305_GENERIC
 758        help
 759          Poly1305 authenticator algorithm, RFC7539.
 760
 761          Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 762          It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 763          in IETF protocols. This is the portable C implementation of Poly1305.
 764
 765config CRYPTO_POLY1305_X86_64
 766        tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
 767        depends on X86 && 64BIT
 768        select CRYPTO_LIB_POLY1305_GENERIC
 769        select CRYPTO_ARCH_HAVE_LIB_POLY1305
 770        help
 771          Poly1305 authenticator algorithm, RFC7539.
 772
 773          Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 774          It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 775          in IETF protocols. This is the x86_64 assembler implementation using SIMD
 776          instructions.
 777
 778config CRYPTO_POLY1305_MIPS
 779        tristate "Poly1305 authenticator algorithm (MIPS optimized)"
 780        depends on MIPS
 781        select CRYPTO_ARCH_HAVE_LIB_POLY1305
 782
 783config CRYPTO_MD4
 784        tristate "MD4 digest algorithm"
 785        select CRYPTO_HASH
 786        help
 787          MD4 message digest algorithm (RFC1320).
 788
 789config CRYPTO_MD5
 790        tristate "MD5 digest algorithm"
 791        select CRYPTO_HASH
 792        help
 793          MD5 message digest algorithm (RFC1321).
 794
 795config CRYPTO_MD5_OCTEON
 796        tristate "MD5 digest algorithm (OCTEON)"
 797        depends on CPU_CAVIUM_OCTEON
 798        select CRYPTO_MD5
 799        select CRYPTO_HASH
 800        help
 801          MD5 message digest algorithm (RFC1321) implemented
 802          using OCTEON crypto instructions, when available.
 803
 804config CRYPTO_MD5_PPC
 805        tristate "MD5 digest algorithm (PPC)"
 806        depends on PPC
 807        select CRYPTO_HASH
 808        help
 809          MD5 message digest algorithm (RFC1321) implemented
 810          in PPC assembler.
 811
 812config CRYPTO_MD5_SPARC64
 813        tristate "MD5 digest algorithm (SPARC64)"
 814        depends on SPARC64
 815        select CRYPTO_MD5
 816        select CRYPTO_HASH
 817        help
 818          MD5 message digest algorithm (RFC1321) implemented
 819          using sparc64 crypto instructions, when available.
 820
 821config CRYPTO_MICHAEL_MIC
 822        tristate "Michael MIC keyed digest algorithm"
 823        select CRYPTO_HASH
 824        help
 825          Michael MIC is used for message integrity protection in TKIP
 826          (IEEE 802.11i). This algorithm is required for TKIP, but it
 827          should not be used for other purposes because of the weakness
 828          of the algorithm.
 829
 830config CRYPTO_RMD160
 831        tristate "RIPEMD-160 digest algorithm"
 832        select CRYPTO_HASH
 833        help
 834          RIPEMD-160 (ISO/IEC 10118-3:2004).
 835
 836          RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
 837          to be used as a secure replacement for the 128-bit hash functions
 838          MD4, MD5 and it's predecessor RIPEMD
 839          (not to be confused with RIPEMD-128).
 840
 841          It's speed is comparable to SHA1 and there are no known attacks
 842          against RIPEMD-160.
 843
 844          Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 845          See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 846
 847config CRYPTO_SHA1
 848        tristate "SHA1 digest algorithm"
 849        select CRYPTO_HASH
 850        help
 851          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 852
 853config CRYPTO_SHA1_SSSE3
 854        tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 855        depends on X86 && 64BIT
 856        select CRYPTO_SHA1
 857        select CRYPTO_HASH
 858        help
 859          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 860          using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
 861          Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
 862          when available.
 863
 864config CRYPTO_SHA256_SSSE3
 865        tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 866        depends on X86 && 64BIT
 867        select CRYPTO_SHA256
 868        select CRYPTO_HASH
 869        help
 870          SHA-256 secure hash standard (DFIPS 180-2) implemented
 871          using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 872          Extensions version 1 (AVX1), or Advanced Vector Extensions
 873          version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
 874          Instructions) when available.
 875
 876config CRYPTO_SHA512_SSSE3
 877        tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
 878        depends on X86 && 64BIT
 879        select CRYPTO_SHA512
 880        select CRYPTO_HASH
 881        help
 882          SHA-512 secure hash standard (DFIPS 180-2) implemented
 883          using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 884          Extensions version 1 (AVX1), or Advanced Vector Extensions
 885          version 2 (AVX2) instructions, when available.
 886
 887config CRYPTO_SHA1_OCTEON
 888        tristate "SHA1 digest algorithm (OCTEON)"
 889        depends on CPU_CAVIUM_OCTEON
 890        select CRYPTO_SHA1
 891        select CRYPTO_HASH
 892        help
 893          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 894          using OCTEON crypto instructions, when available.
 895
 896config CRYPTO_SHA1_SPARC64
 897        tristate "SHA1 digest algorithm (SPARC64)"
 898        depends on SPARC64
 899        select CRYPTO_SHA1
 900        select CRYPTO_HASH
 901        help
 902          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 903          using sparc64 crypto instructions, when available.
 904
 905config CRYPTO_SHA1_PPC
 906        tristate "SHA1 digest algorithm (powerpc)"
 907        depends on PPC
 908        help
 909          This is the powerpc hardware accelerated implementation of the
 910          SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 911
 912config CRYPTO_SHA1_PPC_SPE
 913        tristate "SHA1 digest algorithm (PPC SPE)"
 914        depends on PPC && SPE
 915        help
 916          SHA-1 secure hash standard (DFIPS 180-4) implemented
 917          using powerpc SPE SIMD instruction set.
 918
 919config CRYPTO_SHA256
 920        tristate "SHA224 and SHA256 digest algorithm"
 921        select CRYPTO_HASH
 922        select CRYPTO_LIB_SHA256
 923        help
 924          SHA256 secure hash standard (DFIPS 180-2).
 925
 926          This version of SHA implements a 256 bit hash with 128 bits of
 927          security against collision attacks.
 928
 929          This code also includes SHA-224, a 224 bit hash with 112 bits
 930          of security against collision attacks.
 931
 932config CRYPTO_SHA256_PPC_SPE
 933        tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
 934        depends on PPC && SPE
 935        select CRYPTO_SHA256
 936        select CRYPTO_HASH
 937        help
 938          SHA224 and SHA256 secure hash standard (DFIPS 180-2)
 939          implemented using powerpc SPE SIMD instruction set.
 940
 941config CRYPTO_SHA256_OCTEON
 942        tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
 943        depends on CPU_CAVIUM_OCTEON
 944        select CRYPTO_SHA256
 945        select CRYPTO_HASH
 946        help
 947          SHA-256 secure hash standard (DFIPS 180-2) implemented
 948          using OCTEON crypto instructions, when available.
 949
 950config CRYPTO_SHA256_SPARC64
 951        tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
 952        depends on SPARC64
 953        select CRYPTO_SHA256
 954        select CRYPTO_HASH
 955        help
 956          SHA-256 secure hash standard (DFIPS 180-2) implemented
 957          using sparc64 crypto instructions, when available.
 958
 959config CRYPTO_SHA512
 960        tristate "SHA384 and SHA512 digest algorithms"
 961        select CRYPTO_HASH
 962        help
 963          SHA512 secure hash standard (DFIPS 180-2).
 964
 965          This version of SHA implements a 512 bit hash with 256 bits of
 966          security against collision attacks.
 967
 968          This code also includes SHA-384, a 384 bit hash with 192 bits
 969          of security against collision attacks.
 970
 971config CRYPTO_SHA512_OCTEON
 972        tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
 973        depends on CPU_CAVIUM_OCTEON
 974        select CRYPTO_SHA512
 975        select CRYPTO_HASH
 976        help
 977          SHA-512 secure hash standard (DFIPS 180-2) implemented
 978          using OCTEON crypto instructions, when available.
 979
 980config CRYPTO_SHA512_SPARC64
 981        tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
 982        depends on SPARC64
 983        select CRYPTO_SHA512
 984        select CRYPTO_HASH
 985        help
 986          SHA-512 secure hash standard (DFIPS 180-2) implemented
 987          using sparc64 crypto instructions, when available.
 988
 989config CRYPTO_SHA3
 990        tristate "SHA3 digest algorithm"
 991        select CRYPTO_HASH
 992        help
 993          SHA-3 secure hash standard (DFIPS 202). It's based on
 994          cryptographic sponge function family called Keccak.
 995
 996          References:
 997          http://keccak.noekeon.org/
 998
 999config CRYPTO_SM3
1000        tristate "SM3 digest algorithm"
1001        select CRYPTO_HASH
1002        help
1003          SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1004          It is part of the Chinese Commercial Cryptography suite.
1005
1006          References:
1007          http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1008          https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1009
1010config CRYPTO_STREEBOG
1011        tristate "Streebog Hash Function"
1012        select CRYPTO_HASH
1013        help
1014          Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1015          cryptographic standard algorithms (called GOST algorithms).
1016          This setting enables two hash algorithms with 256 and 512 bits output.
1017
1018          References:
1019          https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1020          https://tools.ietf.org/html/rfc6986
1021
1022config CRYPTO_WP512
1023        tristate "Whirlpool digest algorithms"
1024        select CRYPTO_HASH
1025        help
1026          Whirlpool hash algorithm 512, 384 and 256-bit hashes
1027
1028          Whirlpool-512 is part of the NESSIE cryptographic primitives.
1029          Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1030
1031          See also:
1032          <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1033
1034config CRYPTO_GHASH_CLMUL_NI_INTEL
1035        tristate "GHASH hash function (CLMUL-NI accelerated)"
1036        depends on X86 && 64BIT
1037        select CRYPTO_CRYPTD
1038        help
1039          This is the x86_64 CLMUL-NI accelerated implementation of
1040          GHASH, the hash function used in GCM (Galois/Counter mode).
1041
1042comment "Ciphers"
1043
1044config CRYPTO_AES
1045        tristate "AES cipher algorithms"
1046        select CRYPTO_ALGAPI
1047        select CRYPTO_LIB_AES
1048        help
1049          AES cipher algorithms (FIPS-197). AES uses the Rijndael
1050          algorithm.
1051
1052          Rijndael appears to be consistently a very good performer in
1053          both hardware and software across a wide range of computing
1054          environments regardless of its use in feedback or non-feedback
1055          modes. Its key setup time is excellent, and its key agility is
1056          good. Rijndael's very low memory requirements make it very well
1057          suited for restricted-space environments, in which it also
1058          demonstrates excellent performance. Rijndael's operations are
1059          among the easiest to defend against power and timing attacks.
1060
1061          The AES specifies three key sizes: 128, 192 and 256 bits
1062
1063          See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1064
1065config CRYPTO_AES_TI
1066        tristate "Fixed time AES cipher"
1067        select CRYPTO_ALGAPI
1068        select CRYPTO_LIB_AES
1069        help
1070          This is a generic implementation of AES that attempts to eliminate
1071          data dependent latencies as much as possible without affecting
1072          performance too much. It is intended for use by the generic CCM
1073          and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1074          solely on encryption (although decryption is supported as well, but
1075          with a more dramatic performance hit)
1076
1077          Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1078          8 for decryption), this implementation only uses just two S-boxes of
1079          256 bytes each, and attempts to eliminate data dependent latencies by
1080          prefetching the entire table into the cache at the start of each
1081          block. Interrupts are also disabled to avoid races where cachelines
1082          are evicted when the CPU is interrupted to do something else.
1083
1084config CRYPTO_AES_NI_INTEL
1085        tristate "AES cipher algorithms (AES-NI)"
1086        depends on X86
1087        select CRYPTO_AEAD
1088        select CRYPTO_LIB_AES
1089        select CRYPTO_ALGAPI
1090        select CRYPTO_SKCIPHER
1091        select CRYPTO_SIMD
1092        help
1093          Use Intel AES-NI instructions for AES algorithm.
1094
1095          AES cipher algorithms (FIPS-197). AES uses the Rijndael
1096          algorithm.
1097
1098          Rijndael appears to be consistently a very good performer in
1099          both hardware and software across a wide range of computing
1100          environments regardless of its use in feedback or non-feedback
1101          modes. Its key setup time is excellent, and its key agility is
1102          good. Rijndael's very low memory requirements make it very well
1103          suited for restricted-space environments, in which it also
1104          demonstrates excellent performance. Rijndael's operations are
1105          among the easiest to defend against power and timing attacks.
1106
1107          The AES specifies three key sizes: 128, 192 and 256 bits
1108
1109          See <http://csrc.nist.gov/encryption/aes/> for more information.
1110
1111          In addition to AES cipher algorithm support, the acceleration
1112          for some popular block cipher mode is supported too, including
1113          ECB, CBC, LRW, XTS. The 64 bit version has additional
1114          acceleration for CTR.
1115
1116config CRYPTO_AES_SPARC64
1117        tristate "AES cipher algorithms (SPARC64)"
1118        depends on SPARC64
1119        select CRYPTO_SKCIPHER
1120        help
1121          Use SPARC64 crypto opcodes for AES algorithm.
1122
1123          AES cipher algorithms (FIPS-197). AES uses the Rijndael
1124          algorithm.
1125
1126          Rijndael appears to be consistently a very good performer in
1127          both hardware and software across a wide range of computing
1128          environments regardless of its use in feedback or non-feedback
1129          modes. Its key setup time is excellent, and its key agility is
1130          good. Rijndael's very low memory requirements make it very well
1131          suited for restricted-space environments, in which it also
1132          demonstrates excellent performance. Rijndael's operations are
1133          among the easiest to defend against power and timing attacks.
1134
1135          The AES specifies three key sizes: 128, 192 and 256 bits
1136
1137          See <http://csrc.nist.gov/encryption/aes/> for more information.
1138
1139          In addition to AES cipher algorithm support, the acceleration
1140          for some popular block cipher mode is supported too, including
1141          ECB and CBC.
1142
1143config CRYPTO_AES_PPC_SPE
1144        tristate "AES cipher algorithms (PPC SPE)"
1145        depends on PPC && SPE
1146        select CRYPTO_SKCIPHER
1147        help
1148          AES cipher algorithms (FIPS-197). Additionally the acceleration
1149          for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1150          This module should only be used for low power (router) devices
1151          without hardware AES acceleration (e.g. caam crypto). It reduces the
1152          size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1153          timining attacks. Nevertheless it might be not as secure as other
1154          architecture specific assembler implementations that work on 1KB
1155          tables or 256 bytes S-boxes.
1156
1157config CRYPTO_ANUBIS
1158        tristate "Anubis cipher algorithm"
1159        depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1160        select CRYPTO_ALGAPI
1161        help
1162          Anubis cipher algorithm.
1163
1164          Anubis is a variable key length cipher which can use keys from
1165          128 bits to 320 bits in length.  It was evaluated as a entrant
1166          in the NESSIE competition.
1167
1168          See also:
1169          <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1170          <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1171
1172config CRYPTO_ARC4
1173        tristate "ARC4 cipher algorithm"
1174        depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1175        select CRYPTO_SKCIPHER
1176        select CRYPTO_LIB_ARC4
1177        help
1178          ARC4 cipher algorithm.
1179
1180          ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1181          bits in length.  This algorithm is required for driver-based
1182          WEP, but it should not be for other purposes because of the
1183          weakness of the algorithm.
1184
1185config CRYPTO_BLOWFISH
1186        tristate "Blowfish cipher algorithm"
1187        select CRYPTO_ALGAPI
1188        select CRYPTO_BLOWFISH_COMMON
1189        help
1190          Blowfish cipher algorithm, by Bruce Schneier.
1191
1192          This is a variable key length cipher which can use keys from 32
1193          bits to 448 bits in length.  It's fast, simple and specifically
1194          designed for use on "large microprocessors".
1195
1196          See also:
1197          <https://www.schneier.com/blowfish.html>
1198
1199config CRYPTO_BLOWFISH_COMMON
1200        tristate
1201        help
1202          Common parts of the Blowfish cipher algorithm shared by the
1203          generic c and the assembler implementations.
1204
1205          See also:
1206          <https://www.schneier.com/blowfish.html>
1207
1208config CRYPTO_BLOWFISH_X86_64
1209        tristate "Blowfish cipher algorithm (x86_64)"
1210        depends on X86 && 64BIT
1211        select CRYPTO_SKCIPHER
1212        select CRYPTO_BLOWFISH_COMMON
1213        imply CRYPTO_CTR
1214        help
1215          Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1216
1217          This is a variable key length cipher which can use keys from 32
1218          bits to 448 bits in length.  It's fast, simple and specifically
1219          designed for use on "large microprocessors".
1220
1221          See also:
1222          <https://www.schneier.com/blowfish.html>
1223
1224config CRYPTO_CAMELLIA
1225        tristate "Camellia cipher algorithms"
1226        select CRYPTO_ALGAPI
1227        help
1228          Camellia cipher algorithms module.
1229
1230          Camellia is a symmetric key block cipher developed jointly
1231          at NTT and Mitsubishi Electric Corporation.
1232
1233          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1234
1235          See also:
1236          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1237
1238config CRYPTO_CAMELLIA_X86_64
1239        tristate "Camellia cipher algorithm (x86_64)"
1240        depends on X86 && 64BIT
1241        select CRYPTO_SKCIPHER
1242        imply CRYPTO_CTR
1243        help
1244          Camellia cipher algorithm module (x86_64).
1245
1246          Camellia is a symmetric key block cipher developed jointly
1247          at NTT and Mitsubishi Electric Corporation.
1248
1249          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1250
1251          See also:
1252          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1253
1254config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1255        tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1256        depends on X86 && 64BIT
1257        select CRYPTO_SKCIPHER
1258        select CRYPTO_CAMELLIA_X86_64
1259        select CRYPTO_SIMD
1260        imply CRYPTO_XTS
1261        help
1262          Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1263
1264          Camellia is a symmetric key block cipher developed jointly
1265          at NTT and Mitsubishi Electric Corporation.
1266
1267          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1268
1269          See also:
1270          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1271
1272config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1273        tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1274        depends on X86 && 64BIT
1275        select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1276        help
1277          Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1278
1279          Camellia is a symmetric key block cipher developed jointly
1280          at NTT and Mitsubishi Electric Corporation.
1281
1282          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1283
1284          See also:
1285          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1286
1287config CRYPTO_CAMELLIA_SPARC64
1288        tristate "Camellia cipher algorithm (SPARC64)"
1289        depends on SPARC64
1290        select CRYPTO_ALGAPI
1291        select CRYPTO_SKCIPHER
1292        help
1293          Camellia cipher algorithm module (SPARC64).
1294
1295          Camellia is a symmetric key block cipher developed jointly
1296          at NTT and Mitsubishi Electric Corporation.
1297
1298          The Camellia specifies three key sizes: 128, 192 and 256 bits.
1299
1300          See also:
1301          <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1302
1303config CRYPTO_CAST_COMMON
1304        tristate
1305        help
1306          Common parts of the CAST cipher algorithms shared by the
1307          generic c and the assembler implementations.
1308
1309config CRYPTO_CAST5
1310        tristate "CAST5 (CAST-128) cipher algorithm"
1311        select CRYPTO_ALGAPI
1312        select CRYPTO_CAST_COMMON
1313        help
1314          The CAST5 encryption algorithm (synonymous with CAST-128) is
1315          described in RFC2144.
1316
1317config CRYPTO_CAST5_AVX_X86_64
1318        tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1319        depends on X86 && 64BIT
1320        select CRYPTO_SKCIPHER
1321        select CRYPTO_CAST5
1322        select CRYPTO_CAST_COMMON
1323        select CRYPTO_SIMD
1324        imply CRYPTO_CTR
1325        help
1326          The CAST5 encryption algorithm (synonymous with CAST-128) is
1327          described in RFC2144.
1328
1329          This module provides the Cast5 cipher algorithm that processes
1330          sixteen blocks parallel using the AVX instruction set.
1331
1332config CRYPTO_CAST6
1333        tristate "CAST6 (CAST-256) cipher algorithm"
1334        select CRYPTO_ALGAPI
1335        select CRYPTO_CAST_COMMON
1336        help
1337          The CAST6 encryption algorithm (synonymous with CAST-256) is
1338          described in RFC2612.
1339
1340config CRYPTO_CAST6_AVX_X86_64
1341        tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1342        depends on X86 && 64BIT
1343        select CRYPTO_SKCIPHER
1344        select CRYPTO_CAST6
1345        select CRYPTO_CAST_COMMON
1346        select CRYPTO_SIMD
1347        imply CRYPTO_XTS
1348        imply CRYPTO_CTR
1349        help
1350          The CAST6 encryption algorithm (synonymous with CAST-256) is
1351          described in RFC2612.
1352
1353          This module provides the Cast6 cipher algorithm that processes
1354          eight blocks parallel using the AVX instruction set.
1355
1356config CRYPTO_DES
1357        tristate "DES and Triple DES EDE cipher algorithms"
1358        select CRYPTO_ALGAPI
1359        select CRYPTO_LIB_DES
1360        help
1361          DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1362
1363config CRYPTO_DES_SPARC64
1364        tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1365        depends on SPARC64
1366        select CRYPTO_ALGAPI
1367        select CRYPTO_LIB_DES
1368        select CRYPTO_SKCIPHER
1369        help
1370          DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1371          optimized using SPARC64 crypto opcodes.
1372
1373config CRYPTO_DES3_EDE_X86_64
1374        tristate "Triple DES EDE cipher algorithm (x86-64)"
1375        depends on X86 && 64BIT
1376        select CRYPTO_SKCIPHER
1377        select CRYPTO_LIB_DES
1378        imply CRYPTO_CTR
1379        help
1380          Triple DES EDE (FIPS 46-3) algorithm.
1381
1382          This module provides implementation of the Triple DES EDE cipher
1383          algorithm that is optimized for x86-64 processors. Two versions of
1384          algorithm are provided; regular processing one input block and
1385          one that processes three blocks parallel.
1386
1387config CRYPTO_FCRYPT
1388        tristate "FCrypt cipher algorithm"
1389        select CRYPTO_ALGAPI
1390        select CRYPTO_SKCIPHER
1391        help
1392          FCrypt algorithm used by RxRPC.
1393
1394config CRYPTO_KHAZAD
1395        tristate "Khazad cipher algorithm"
1396        depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1397        select CRYPTO_ALGAPI
1398        help
1399          Khazad cipher algorithm.
1400
1401          Khazad was a finalist in the initial NESSIE competition.  It is
1402          an algorithm optimized for 64-bit processors with good performance
1403          on 32-bit processors.  Khazad uses an 128 bit key size.
1404
1405          See also:
1406          <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1407
1408config CRYPTO_CHACHA20
1409        tristate "ChaCha stream cipher algorithms"
1410        select CRYPTO_LIB_CHACHA_GENERIC
1411        select CRYPTO_SKCIPHER
1412        help
1413          The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1414
1415          ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1416          Bernstein and further specified in RFC7539 for use in IETF protocols.
1417          This is the portable C implementation of ChaCha20.  See also:
1418          <https://cr.yp.to/chacha/chacha-20080128.pdf>
1419
1420          XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1421          rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1422          from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1423          while provably retaining ChaCha20's security.  See also:
1424          <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1425
1426          XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1427          reduced security margin but increased performance.  It can be needed
1428          in some performance-sensitive scenarios.
1429
1430config CRYPTO_CHACHA20_X86_64
1431        tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1432        depends on X86 && 64BIT
1433        select CRYPTO_SKCIPHER
1434        select CRYPTO_LIB_CHACHA_GENERIC
1435        select CRYPTO_ARCH_HAVE_LIB_CHACHA
1436        help
1437          SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1438          XChaCha20, and XChaCha12 stream ciphers.
1439
1440config CRYPTO_CHACHA_MIPS
1441        tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1442        depends on CPU_MIPS32_R2
1443        select CRYPTO_SKCIPHER
1444        select CRYPTO_ARCH_HAVE_LIB_CHACHA
1445
1446config CRYPTO_SEED
1447        tristate "SEED cipher algorithm"
1448        depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1449        select CRYPTO_ALGAPI
1450        help
1451          SEED cipher algorithm (RFC4269).
1452
1453          SEED is a 128-bit symmetric key block cipher that has been
1454          developed by KISA (Korea Information Security Agency) as a
1455          national standard encryption algorithm of the Republic of Korea.
1456          It is a 16 round block cipher with the key size of 128 bit.
1457
1458          See also:
1459          <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1460
1461config CRYPTO_SERPENT
1462        tristate "Serpent cipher algorithm"
1463        select CRYPTO_ALGAPI
1464        help
1465          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1466
1467          Keys are allowed to be from 0 to 256 bits in length, in steps
1468          of 8 bits.
1469
1470          See also:
1471          <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1472
1473config CRYPTO_SERPENT_SSE2_X86_64
1474        tristate "Serpent cipher algorithm (x86_64/SSE2)"
1475        depends on X86 && 64BIT
1476        select CRYPTO_SKCIPHER
1477        select CRYPTO_SERPENT
1478        select CRYPTO_SIMD
1479        imply CRYPTO_CTR
1480        help
1481          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1482
1483          Keys are allowed to be from 0 to 256 bits in length, in steps
1484          of 8 bits.
1485
1486          This module provides Serpent cipher algorithm that processes eight
1487          blocks parallel using SSE2 instruction set.
1488
1489          See also:
1490          <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1491
1492config CRYPTO_SERPENT_SSE2_586
1493        tristate "Serpent cipher algorithm (i586/SSE2)"
1494        depends on X86 && !64BIT
1495        select CRYPTO_SKCIPHER
1496        select CRYPTO_SERPENT
1497        select CRYPTO_SIMD
1498        imply CRYPTO_CTR
1499        help
1500          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1501
1502          Keys are allowed to be from 0 to 256 bits in length, in steps
1503          of 8 bits.
1504
1505          This module provides Serpent cipher algorithm that processes four
1506          blocks parallel using SSE2 instruction set.
1507
1508          See also:
1509          <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1510
1511config CRYPTO_SERPENT_AVX_X86_64
1512        tristate "Serpent cipher algorithm (x86_64/AVX)"
1513        depends on X86 && 64BIT
1514        select CRYPTO_SKCIPHER
1515        select CRYPTO_SERPENT
1516        select CRYPTO_SIMD
1517        imply CRYPTO_XTS
1518        imply CRYPTO_CTR
1519        help
1520          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1521
1522          Keys are allowed to be from 0 to 256 bits in length, in steps
1523          of 8 bits.
1524
1525          This module provides the Serpent cipher algorithm that processes
1526          eight blocks parallel using the AVX instruction set.
1527
1528          See also:
1529          <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1530
1531config CRYPTO_SERPENT_AVX2_X86_64
1532        tristate "Serpent cipher algorithm (x86_64/AVX2)"
1533        depends on X86 && 64BIT
1534        select CRYPTO_SERPENT_AVX_X86_64
1535        help
1536          Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1537
1538          Keys are allowed to be from 0 to 256 bits in length, in steps
1539          of 8 bits.
1540
1541          This module provides Serpent cipher algorithm that processes 16
1542          blocks parallel using AVX2 instruction set.
1543
1544          See also:
1545          <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1546
1547config CRYPTO_SM4
1548        tristate "SM4 cipher algorithm"
1549        select CRYPTO_ALGAPI
1550        select CRYPTO_LIB_SM4
1551        help
1552          SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1553
1554          SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1555          Organization of State Commercial Administration of China (OSCCA)
1556          as an authorized cryptographic algorithms for the use within China.
1557
1558          SMS4 was originally created for use in protecting wireless
1559          networks, and is mandated in the Chinese National Standard for
1560          Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1561          (GB.15629.11-2003).
1562
1563          The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1564          standardized through TC 260 of the Standardization Administration
1565          of the People's Republic of China (SAC).
1566
1567          The input, output, and key of SMS4 are each 128 bits.
1568
1569          See also: <https://eprint.iacr.org/2008/329.pdf>
1570
1571          If unsure, say N.
1572
1573config CRYPTO_SM4_AESNI_AVX_X86_64
1574        tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1575        depends on X86 && 64BIT
1576        select CRYPTO_SKCIPHER
1577        select CRYPTO_SIMD
1578        select CRYPTO_ALGAPI
1579        select CRYPTO_LIB_SM4
1580        help
1581          SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1582
1583          SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1584          Organization of State Commercial Administration of China (OSCCA)
1585          as an authorized cryptographic algorithms for the use within China.
1586
1587          This is SM4 optimized implementation using AES-NI/AVX/x86_64
1588          instruction set for block cipher. Through two affine transforms,
1589          we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1590          effect of instruction acceleration.
1591
1592          If unsure, say N.
1593
1594config CRYPTO_SM4_AESNI_AVX2_X86_64
1595        tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1596        depends on X86 && 64BIT
1597        select CRYPTO_SKCIPHER
1598        select CRYPTO_SIMD
1599        select CRYPTO_ALGAPI
1600        select CRYPTO_LIB_SM4
1601        select CRYPTO_SM4_AESNI_AVX_X86_64
1602        help
1603          SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1604
1605          SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1606          Organization of State Commercial Administration of China (OSCCA)
1607          as an authorized cryptographic algorithms for the use within China.
1608
1609          This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1610          instruction set for block cipher. Through two affine transforms,
1611          we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1612          effect of instruction acceleration.
1613
1614          If unsure, say N.
1615
1616config CRYPTO_TEA
1617        tristate "TEA, XTEA and XETA cipher algorithms"
1618        depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1619        select CRYPTO_ALGAPI
1620        help
1621          TEA cipher algorithm.
1622
1623          Tiny Encryption Algorithm is a simple cipher that uses
1624          many rounds for security.  It is very fast and uses
1625          little memory.
1626
1627          Xtendend Tiny Encryption Algorithm is a modification to
1628          the TEA algorithm to address a potential key weakness
1629          in the TEA algorithm.
1630
1631          Xtendend Encryption Tiny Algorithm is a mis-implementation
1632          of the XTEA algorithm for compatibility purposes.
1633
1634config CRYPTO_TWOFISH
1635        tristate "Twofish cipher algorithm"
1636        select CRYPTO_ALGAPI
1637        select CRYPTO_TWOFISH_COMMON
1638        help
1639          Twofish cipher algorithm.
1640
1641          Twofish was submitted as an AES (Advanced Encryption Standard)
1642          candidate cipher by researchers at CounterPane Systems.  It is a
1643          16 round block cipher supporting key sizes of 128, 192, and 256
1644          bits.
1645
1646          See also:
1647          <https://www.schneier.com/twofish.html>
1648
1649config CRYPTO_TWOFISH_COMMON
1650        tristate
1651        help
1652          Common parts of the Twofish cipher algorithm shared by the
1653          generic c and the assembler implementations.
1654
1655config CRYPTO_TWOFISH_586
1656        tristate "Twofish cipher algorithms (i586)"
1657        depends on (X86 || UML_X86) && !64BIT
1658        select CRYPTO_ALGAPI
1659        select CRYPTO_TWOFISH_COMMON
1660        imply CRYPTO_CTR
1661        help
1662          Twofish cipher algorithm.
1663
1664          Twofish was submitted as an AES (Advanced Encryption Standard)
1665          candidate cipher by researchers at CounterPane Systems.  It is a
1666          16 round block cipher supporting key sizes of 128, 192, and 256
1667          bits.
1668
1669          See also:
1670          <https://www.schneier.com/twofish.html>
1671
1672config CRYPTO_TWOFISH_X86_64
1673        tristate "Twofish cipher algorithm (x86_64)"
1674        depends on (X86 || UML_X86) && 64BIT
1675        select CRYPTO_ALGAPI
1676        select CRYPTO_TWOFISH_COMMON
1677        imply CRYPTO_CTR
1678        help
1679          Twofish cipher algorithm (x86_64).
1680
1681          Twofish was submitted as an AES (Advanced Encryption Standard)
1682          candidate cipher by researchers at CounterPane Systems.  It is a
1683          16 round block cipher supporting key sizes of 128, 192, and 256
1684          bits.
1685
1686          See also:
1687          <https://www.schneier.com/twofish.html>
1688
1689config CRYPTO_TWOFISH_X86_64_3WAY
1690        tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1691        depends on X86 && 64BIT
1692        select CRYPTO_SKCIPHER
1693        select CRYPTO_TWOFISH_COMMON
1694        select CRYPTO_TWOFISH_X86_64
1695        help
1696          Twofish cipher algorithm (x86_64, 3-way parallel).
1697
1698          Twofish was submitted as an AES (Advanced Encryption Standard)
1699          candidate cipher by researchers at CounterPane Systems.  It is a
1700          16 round block cipher supporting key sizes of 128, 192, and 256
1701          bits.
1702
1703          This module provides Twofish cipher algorithm that processes three
1704          blocks parallel, utilizing resources of out-of-order CPUs better.
1705
1706          See also:
1707          <https://www.schneier.com/twofish.html>
1708
1709config CRYPTO_TWOFISH_AVX_X86_64
1710        tristate "Twofish cipher algorithm (x86_64/AVX)"
1711        depends on X86 && 64BIT
1712        select CRYPTO_SKCIPHER
1713        select CRYPTO_SIMD
1714        select CRYPTO_TWOFISH_COMMON
1715        select CRYPTO_TWOFISH_X86_64
1716        select CRYPTO_TWOFISH_X86_64_3WAY
1717        imply CRYPTO_XTS
1718        help
1719          Twofish cipher algorithm (x86_64/AVX).
1720
1721          Twofish was submitted as an AES (Advanced Encryption Standard)
1722          candidate cipher by researchers at CounterPane Systems.  It is a
1723          16 round block cipher supporting key sizes of 128, 192, and 256
1724          bits.
1725
1726          This module provides the Twofish cipher algorithm that processes
1727          eight blocks parallel using the AVX Instruction Set.
1728
1729          See also:
1730          <https://www.schneier.com/twofish.html>
1731
1732comment "Compression"
1733
1734config CRYPTO_DEFLATE
1735        tristate "Deflate compression algorithm"
1736        select CRYPTO_ALGAPI
1737        select CRYPTO_ACOMP2
1738        select ZLIB_INFLATE
1739        select ZLIB_DEFLATE
1740        help
1741          This is the Deflate algorithm (RFC1951), specified for use in
1742          IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1743
1744          You will most probably want this if using IPSec.
1745
1746config CRYPTO_LZO
1747        tristate "LZO compression algorithm"
1748        select CRYPTO_ALGAPI
1749        select CRYPTO_ACOMP2
1750        select LZO_COMPRESS
1751        select LZO_DECOMPRESS
1752        help
1753          This is the LZO algorithm.
1754
1755config CRYPTO_842
1756        tristate "842 compression algorithm"
1757        select CRYPTO_ALGAPI
1758        select CRYPTO_ACOMP2
1759        select 842_COMPRESS
1760        select 842_DECOMPRESS
1761        help
1762          This is the 842 algorithm.
1763
1764config CRYPTO_LZ4
1765        tristate "LZ4 compression algorithm"
1766        select CRYPTO_ALGAPI
1767        select CRYPTO_ACOMP2
1768        select LZ4_COMPRESS
1769        select LZ4_DECOMPRESS
1770        help
1771          This is the LZ4 algorithm.
1772
1773config CRYPTO_LZ4HC
1774        tristate "LZ4HC compression algorithm"
1775        select CRYPTO_ALGAPI
1776        select CRYPTO_ACOMP2
1777        select LZ4HC_COMPRESS
1778        select LZ4_DECOMPRESS
1779        help
1780          This is the LZ4 high compression mode algorithm.
1781
1782config CRYPTO_ZSTD
1783        tristate "Zstd compression algorithm"
1784        select CRYPTO_ALGAPI
1785        select CRYPTO_ACOMP2
1786        select ZSTD_COMPRESS
1787        select ZSTD_DECOMPRESS
1788        help
1789          This is the zstd algorithm.
1790
1791comment "Random Number Generation"
1792
1793config CRYPTO_ANSI_CPRNG
1794        tristate "Pseudo Random Number Generation for Cryptographic modules"
1795        select CRYPTO_AES
1796        select CRYPTO_RNG
1797        help
1798          This option enables the generic pseudo random number generator
1799          for cryptographic modules.  Uses the Algorithm specified in
1800          ANSI X9.31 A.2.4. Note that this option must be enabled if
1801          CRYPTO_FIPS is selected
1802
1803menuconfig CRYPTO_DRBG_MENU
1804        tristate "NIST SP800-90A DRBG"
1805        help
1806          NIST SP800-90A compliant DRBG. In the following submenu, one or
1807          more of the DRBG types must be selected.
1808
1809if CRYPTO_DRBG_MENU
1810
1811config CRYPTO_DRBG_HMAC
1812        bool
1813        default y
1814        select CRYPTO_HMAC
1815        select CRYPTO_SHA512
1816
1817config CRYPTO_DRBG_HASH
1818        bool "Enable Hash DRBG"
1819        select CRYPTO_SHA256
1820        help
1821          Enable the Hash DRBG variant as defined in NIST SP800-90A.
1822
1823config CRYPTO_DRBG_CTR
1824        bool "Enable CTR DRBG"
1825        select CRYPTO_AES
1826        select CRYPTO_CTR
1827        help
1828          Enable the CTR DRBG variant as defined in NIST SP800-90A.
1829
1830config CRYPTO_DRBG
1831        tristate
1832        default CRYPTO_DRBG_MENU
1833        select CRYPTO_RNG
1834        select CRYPTO_JITTERENTROPY
1835
1836endif   # if CRYPTO_DRBG_MENU
1837
1838config CRYPTO_JITTERENTROPY
1839        tristate "Jitterentropy Non-Deterministic Random Number Generator"
1840        select CRYPTO_RNG
1841        help
1842          The Jitterentropy RNG is a noise that is intended
1843          to provide seed to another RNG. The RNG does not
1844          perform any cryptographic whitening of the generated
1845          random numbers. This Jitterentropy RNG registers with
1846          the kernel crypto API and can be used by any caller.
1847
1848config CRYPTO_USER_API
1849        tristate
1850
1851config CRYPTO_USER_API_HASH
1852        tristate "User-space interface for hash algorithms"
1853        depends on NET
1854        select CRYPTO_HASH
1855        select CRYPTO_USER_API
1856        help
1857          This option enables the user-spaces interface for hash
1858          algorithms.
1859
1860config CRYPTO_USER_API_SKCIPHER
1861        tristate "User-space interface for symmetric key cipher algorithms"
1862        depends on NET
1863        select CRYPTO_SKCIPHER
1864        select CRYPTO_USER_API
1865        help
1866          This option enables the user-spaces interface for symmetric
1867          key cipher algorithms.
1868
1869config CRYPTO_USER_API_RNG
1870        tristate "User-space interface for random number generator algorithms"
1871        depends on NET
1872        select CRYPTO_RNG
1873        select CRYPTO_USER_API
1874        help
1875          This option enables the user-spaces interface for random
1876          number generator algorithms.
1877
1878config CRYPTO_USER_API_RNG_CAVP
1879        bool "Enable CAVP testing of DRBG"
1880        depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1881        help
1882          This option enables extra API for CAVP testing via the user-space
1883          interface: resetting of DRBG entropy, and providing Additional Data.
1884          This should only be enabled for CAVP testing. You should say
1885          no unless you know what this is.
1886
1887config CRYPTO_USER_API_AEAD
1888        tristate "User-space interface for AEAD cipher algorithms"
1889        depends on NET
1890        select CRYPTO_AEAD
1891        select CRYPTO_SKCIPHER
1892        select CRYPTO_NULL
1893        select CRYPTO_USER_API
1894        help
1895          This option enables the user-spaces interface for AEAD
1896          cipher algorithms.
1897
1898config CRYPTO_USER_API_ENABLE_OBSOLETE
1899        bool "Enable obsolete cryptographic algorithms for userspace"
1900        depends on CRYPTO_USER_API
1901        default y
1902        help
1903          Allow obsolete cryptographic algorithms to be selected that have
1904          already been phased out from internal use by the kernel, and are
1905          only useful for userspace clients that still rely on them.
1906
1907config CRYPTO_STATS
1908        bool "Crypto usage statistics for User-space"
1909        depends on CRYPTO_USER
1910        help
1911          This option enables the gathering of crypto stats.
1912          This will collect:
1913          - encrypt/decrypt size and numbers of symmeric operations
1914          - compress/decompress size and numbers of compress operations
1915          - size and numbers of hash operations
1916          - encrypt/decrypt/sign/verify numbers for asymmetric operations
1917          - generate/seed numbers for rng operations
1918
1919config CRYPTO_HASH_INFO
1920        bool
1921
1922source "lib/crypto/Kconfig"
1923source "drivers/crypto/Kconfig"
1924source "crypto/asymmetric_keys/Kconfig"
1925source "certs/Kconfig"
1926
1927endif   # if CRYPTO
1928