xref: /openbmc/linux/crypto/Kconfig (revision 27f937cc)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139config CRYPTO_MANAGER_DISABLE_TESTS
140	bool "Disable run-time self tests"
141	default y
142	help
143	  Disable run-time self tests that normally take place at
144	  algorithm registration.
145
146config CRYPTO_MANAGER_EXTRA_TESTS
147	bool "Enable extra run-time crypto self tests"
148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
149	help
150	  Enable extra run-time self tests of registered crypto algorithms,
151	  including randomized fuzz tests.
152
153	  This is intended for developer use only, as these tests take much
154	  longer to run than the normal self tests.
155
156config CRYPTO_GF128MUL
157	tristate
158
159config CRYPTO_NULL
160	tristate "Null algorithms"
161	select CRYPTO_NULL2
162	help
163	  These are 'Null' algorithms, used by IPsec, which do nothing.
164
165config CRYPTO_NULL2
166	tristate
167	select CRYPTO_ALGAPI2
168	select CRYPTO_SKCIPHER2
169	select CRYPTO_HASH2
170
171config CRYPTO_PCRYPT
172	tristate "Parallel crypto engine"
173	depends on SMP
174	select PADATA
175	select CRYPTO_MANAGER
176	select CRYPTO_AEAD
177	help
178	  This converts an arbitrary crypto algorithm into a parallel
179	  algorithm that executes in kernel threads.
180
181config CRYPTO_CRYPTD
182	tristate "Software async crypto daemon"
183	select CRYPTO_SKCIPHER
184	select CRYPTO_HASH
185	select CRYPTO_MANAGER
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  converts an arbitrary synchronous software crypto algorithm
189	  into an asynchronous algorithm that executes in a kernel thread.
190
191config CRYPTO_AUTHENC
192	tristate "Authenc support"
193	select CRYPTO_AEAD
194	select CRYPTO_SKCIPHER
195	select CRYPTO_MANAGER
196	select CRYPTO_HASH
197	select CRYPTO_NULL
198	help
199	  Authenc: Combined mode wrapper for IPsec.
200	  This is required for IPSec.
201
202config CRYPTO_TEST
203	tristate "Testing module"
204	depends on m
205	select CRYPTO_MANAGER
206	help
207	  Quick & dirty crypto test module.
208
209config CRYPTO_SIMD
210	tristate
211	select CRYPTO_CRYPTD
212
213config CRYPTO_GLUE_HELPER_X86
214	tristate
215	depends on X86
216	select CRYPTO_SKCIPHER
217
218config CRYPTO_ENGINE
219	tristate
220
221comment "Public-key cryptography"
222
223config CRYPTO_RSA
224	tristate "RSA algorithm"
225	select CRYPTO_AKCIPHER
226	select CRYPTO_MANAGER
227	select MPILIB
228	select ASN1
229	help
230	  Generic implementation of the RSA public key algorithm.
231
232config CRYPTO_DH
233	tristate "Diffie-Hellman algorithm"
234	select CRYPTO_KPP
235	select MPILIB
236	help
237	  Generic implementation of the Diffie-Hellman algorithm.
238
239config CRYPTO_ECC
240	tristate
241
242config CRYPTO_ECDH
243	tristate "ECDH algorithm"
244	select CRYPTO_ECC
245	select CRYPTO_KPP
246	select CRYPTO_RNG_DEFAULT
247	help
248	  Generic implementation of the ECDH algorithm
249
250config CRYPTO_ECRDSA
251	tristate "EC-RDSA (GOST 34.10) algorithm"
252	select CRYPTO_ECC
253	select CRYPTO_AKCIPHER
254	select CRYPTO_STREEBOG
255	select OID_REGISTRY
256	select ASN1
257	help
258	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
259	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
260	  standard algorithms (called GOST algorithms). Only signature verification
261	  is implemented.
262
263config CRYPTO_CURVE25519
264	tristate "Curve25519 algorithm"
265	select CRYPTO_KPP
266	select CRYPTO_LIB_CURVE25519_GENERIC
267
268config CRYPTO_CURVE25519_X86
269	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
270	depends on X86 && 64BIT
271	select CRYPTO_LIB_CURVE25519_GENERIC
272	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
273
274comment "Authenticated Encryption with Associated Data"
275
276config CRYPTO_CCM
277	tristate "CCM support"
278	select CRYPTO_CTR
279	select CRYPTO_HASH
280	select CRYPTO_AEAD
281	select CRYPTO_MANAGER
282	help
283	  Support for Counter with CBC MAC. Required for IPsec.
284
285config CRYPTO_GCM
286	tristate "GCM/GMAC support"
287	select CRYPTO_CTR
288	select CRYPTO_AEAD
289	select CRYPTO_GHASH
290	select CRYPTO_NULL
291	select CRYPTO_MANAGER
292	help
293	  Support for Galois/Counter Mode (GCM) and Galois Message
294	  Authentication Code (GMAC). Required for IPSec.
295
296config CRYPTO_CHACHA20POLY1305
297	tristate "ChaCha20-Poly1305 AEAD support"
298	select CRYPTO_CHACHA20
299	select CRYPTO_POLY1305
300	select CRYPTO_AEAD
301	select CRYPTO_MANAGER
302	help
303	  ChaCha20-Poly1305 AEAD support, RFC7539.
304
305	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
306	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
307	  IETF protocols.
308
309config CRYPTO_AEGIS128
310	tristate "AEGIS-128 AEAD algorithm"
311	select CRYPTO_AEAD
312	select CRYPTO_AES  # for AES S-box tables
313	help
314	 Support for the AEGIS-128 dedicated AEAD algorithm.
315
316config CRYPTO_AEGIS128_SIMD
317	bool "Support SIMD acceleration for AEGIS-128"
318	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
319	depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800
320	default y
321
322config CRYPTO_AEGIS128_AESNI_SSE2
323	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
324	depends on X86 && 64BIT
325	select CRYPTO_AEAD
326	select CRYPTO_SIMD
327	help
328	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
329
330config CRYPTO_SEQIV
331	tristate "Sequence Number IV Generator"
332	select CRYPTO_AEAD
333	select CRYPTO_SKCIPHER
334	select CRYPTO_NULL
335	select CRYPTO_RNG_DEFAULT
336	select CRYPTO_MANAGER
337	help
338	  This IV generator generates an IV based on a sequence number by
339	  xoring it with a salt.  This algorithm is mainly useful for CTR
340
341config CRYPTO_ECHAINIV
342	tristate "Encrypted Chain IV Generator"
343	select CRYPTO_AEAD
344	select CRYPTO_NULL
345	select CRYPTO_RNG_DEFAULT
346	select CRYPTO_MANAGER
347	help
348	  This IV generator generates an IV based on the encryption of
349	  a sequence number xored with a salt.  This is the default
350	  algorithm for CBC.
351
352comment "Block modes"
353
354config CRYPTO_CBC
355	tristate "CBC support"
356	select CRYPTO_SKCIPHER
357	select CRYPTO_MANAGER
358	help
359	  CBC: Cipher Block Chaining mode
360	  This block cipher algorithm is required for IPSec.
361
362config CRYPTO_CFB
363	tristate "CFB support"
364	select CRYPTO_SKCIPHER
365	select CRYPTO_MANAGER
366	help
367	  CFB: Cipher FeedBack mode
368	  This block cipher algorithm is required for TPM2 Cryptography.
369
370config CRYPTO_CTR
371	tristate "CTR support"
372	select CRYPTO_SKCIPHER
373	select CRYPTO_SEQIV
374	select CRYPTO_MANAGER
375	help
376	  CTR: Counter mode
377	  This block cipher algorithm is required for IPSec.
378
379config CRYPTO_CTS
380	tristate "CTS support"
381	select CRYPTO_SKCIPHER
382	select CRYPTO_MANAGER
383	help
384	  CTS: Cipher Text Stealing
385	  This is the Cipher Text Stealing mode as described by
386	  Section 8 of rfc2040 and referenced by rfc3962
387	  (rfc3962 includes errata information in its Appendix A) or
388	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
389	  This mode is required for Kerberos gss mechanism support
390	  for AES encryption.
391
392	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
393
394config CRYPTO_ECB
395	tristate "ECB support"
396	select CRYPTO_SKCIPHER
397	select CRYPTO_MANAGER
398	help
399	  ECB: Electronic CodeBook mode
400	  This is the simplest block cipher algorithm.  It simply encrypts
401	  the input block by block.
402
403config CRYPTO_LRW
404	tristate "LRW support"
405	select CRYPTO_SKCIPHER
406	select CRYPTO_MANAGER
407	select CRYPTO_GF128MUL
408	help
409	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
410	  narrow block cipher mode for dm-crypt.  Use it with cipher
411	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
412	  The first 128, 192 or 256 bits in the key are used for AES and the
413	  rest is used to tie each cipher block to its logical position.
414
415config CRYPTO_OFB
416	tristate "OFB support"
417	select CRYPTO_SKCIPHER
418	select CRYPTO_MANAGER
419	help
420	  OFB: the Output Feedback mode makes a block cipher into a synchronous
421	  stream cipher. It generates keystream blocks, which are then XORed
422	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
423	  ciphertext produces a flipped bit in the plaintext at the same
424	  location. This property allows many error correcting codes to function
425	  normally even when applied before encryption.
426
427config CRYPTO_PCBC
428	tristate "PCBC support"
429	select CRYPTO_SKCIPHER
430	select CRYPTO_MANAGER
431	help
432	  PCBC: Propagating Cipher Block Chaining mode
433	  This block cipher algorithm is required for RxRPC.
434
435config CRYPTO_XTS
436	tristate "XTS support"
437	select CRYPTO_SKCIPHER
438	select CRYPTO_MANAGER
439	select CRYPTO_ECB
440	help
441	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
442	  key size 256, 384 or 512 bits. This implementation currently
443	  can't handle a sectorsize which is not a multiple of 16 bytes.
444
445config CRYPTO_KEYWRAP
446	tristate "Key wrapping support"
447	select CRYPTO_SKCIPHER
448	select CRYPTO_MANAGER
449	help
450	  Support for key wrapping (NIST SP800-38F / RFC3394) without
451	  padding.
452
453config CRYPTO_NHPOLY1305
454	tristate
455	select CRYPTO_HASH
456	select CRYPTO_LIB_POLY1305_GENERIC
457
458config CRYPTO_NHPOLY1305_SSE2
459	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
460	depends on X86 && 64BIT
461	select CRYPTO_NHPOLY1305
462	help
463	  SSE2 optimized implementation of the hash function used by the
464	  Adiantum encryption mode.
465
466config CRYPTO_NHPOLY1305_AVX2
467	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
468	depends on X86 && 64BIT
469	select CRYPTO_NHPOLY1305
470	help
471	  AVX2 optimized implementation of the hash function used by the
472	  Adiantum encryption mode.
473
474config CRYPTO_ADIANTUM
475	tristate "Adiantum support"
476	select CRYPTO_CHACHA20
477	select CRYPTO_LIB_POLY1305_GENERIC
478	select CRYPTO_NHPOLY1305
479	select CRYPTO_MANAGER
480	help
481	  Adiantum is a tweakable, length-preserving encryption mode
482	  designed for fast and secure disk encryption, especially on
483	  CPUs without dedicated crypto instructions.  It encrypts
484	  each sector using the XChaCha12 stream cipher, two passes of
485	  an ε-almost-∆-universal hash function, and an invocation of
486	  the AES-256 block cipher on a single 16-byte block.  On CPUs
487	  without AES instructions, Adiantum is much faster than
488	  AES-XTS.
489
490	  Adiantum's security is provably reducible to that of its
491	  underlying stream and block ciphers, subject to a security
492	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
493	  mode, so it actually provides an even stronger notion of
494	  security than XTS, subject to the security bound.
495
496	  If unsure, say N.
497
498config CRYPTO_ESSIV
499	tristate "ESSIV support for block encryption"
500	select CRYPTO_AUTHENC
501	help
502	  Encrypted salt-sector initialization vector (ESSIV) is an IV
503	  generation method that is used in some cases by fscrypt and/or
504	  dm-crypt. It uses the hash of the block encryption key as the
505	  symmetric key for a block encryption pass applied to the input
506	  IV, making low entropy IV sources more suitable for block
507	  encryption.
508
509	  This driver implements a crypto API template that can be
510	  instantiated either as an skcipher or as an AEAD (depending on the
511	  type of the first template argument), and which defers encryption
512	  and decryption requests to the encapsulated cipher after applying
513	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
514	  that the keys are presented in the same format used by the authenc
515	  template, and that the IV appears at the end of the authenticated
516	  associated data (AAD) region (which is how dm-crypt uses it.)
517
518	  Note that the use of ESSIV is not recommended for new deployments,
519	  and so this only needs to be enabled when interoperability with
520	  existing encrypted volumes of filesystems is required, or when
521	  building for a particular system that requires it (e.g., when
522	  the SoC in question has accelerated CBC but not XTS, making CBC
523	  combined with ESSIV the only feasible mode for h/w accelerated
524	  block encryption)
525
526comment "Hash modes"
527
528config CRYPTO_CMAC
529	tristate "CMAC support"
530	select CRYPTO_HASH
531	select CRYPTO_MANAGER
532	help
533	  Cipher-based Message Authentication Code (CMAC) specified by
534	  The National Institute of Standards and Technology (NIST).
535
536	  https://tools.ietf.org/html/rfc4493
537	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
538
539config CRYPTO_HMAC
540	tristate "HMAC support"
541	select CRYPTO_HASH
542	select CRYPTO_MANAGER
543	help
544	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
545	  This is required for IPSec.
546
547config CRYPTO_XCBC
548	tristate "XCBC support"
549	select CRYPTO_HASH
550	select CRYPTO_MANAGER
551	help
552	  XCBC: Keyed-Hashing with encryption algorithm
553		http://www.ietf.org/rfc/rfc3566.txt
554		http://csrc.nist.gov/encryption/modes/proposedmodes/
555		 xcbc-mac/xcbc-mac-spec.pdf
556
557config CRYPTO_VMAC
558	tristate "VMAC support"
559	select CRYPTO_HASH
560	select CRYPTO_MANAGER
561	help
562	  VMAC is a message authentication algorithm designed for
563	  very high speed on 64-bit architectures.
564
565	  See also:
566	  <http://fastcrypto.org/vmac>
567
568comment "Digest"
569
570config CRYPTO_CRC32C
571	tristate "CRC32c CRC algorithm"
572	select CRYPTO_HASH
573	select CRC32
574	help
575	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
576	  by iSCSI for header and data digests and by others.
577	  See Castagnoli93.  Module will be crc32c.
578
579config CRYPTO_CRC32C_INTEL
580	tristate "CRC32c INTEL hardware acceleration"
581	depends on X86
582	select CRYPTO_HASH
583	help
584	  In Intel processor with SSE4.2 supported, the processor will
585	  support CRC32C implementation using hardware accelerated CRC32
586	  instruction. This option will create 'crc32c-intel' module,
587	  which will enable any routine to use the CRC32 instruction to
588	  gain performance compared with software implementation.
589	  Module will be crc32c-intel.
590
591config CRYPTO_CRC32C_VPMSUM
592	tristate "CRC32c CRC algorithm (powerpc64)"
593	depends on PPC64 && ALTIVEC
594	select CRYPTO_HASH
595	select CRC32
596	help
597	  CRC32c algorithm implemented using vector polynomial multiply-sum
598	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
599	  and newer processors for improved performance.
600
601
602config CRYPTO_CRC32C_SPARC64
603	tristate "CRC32c CRC algorithm (SPARC64)"
604	depends on SPARC64
605	select CRYPTO_HASH
606	select CRC32
607	help
608	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
609	  when available.
610
611config CRYPTO_CRC32
612	tristate "CRC32 CRC algorithm"
613	select CRYPTO_HASH
614	select CRC32
615	help
616	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
617	  Shash crypto api wrappers to crc32_le function.
618
619config CRYPTO_CRC32_PCLMUL
620	tristate "CRC32 PCLMULQDQ hardware acceleration"
621	depends on X86
622	select CRYPTO_HASH
623	select CRC32
624	help
625	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
626	  and PCLMULQDQ supported, the processor will support
627	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
628	  instruction. This option will create 'crc32-pclmul' module,
629	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
630	  and gain better performance as compared with the table implementation.
631
632config CRYPTO_CRC32_MIPS
633	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
634	depends on MIPS_CRC_SUPPORT
635	select CRYPTO_HASH
636	help
637	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
638	  instructions, when available.
639
640
641config CRYPTO_XXHASH
642	tristate "xxHash hash algorithm"
643	select CRYPTO_HASH
644	select XXHASH
645	help
646	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
647	  speeds close to RAM limits.
648
649config CRYPTO_BLAKE2B
650	tristate "BLAKE2b digest algorithm"
651	select CRYPTO_HASH
652	help
653	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
654	  optimized for 64bit platforms and can produce digests of any size
655	  between 1 to 64.  The keyed hash is also implemented.
656
657	  This module provides the following algorithms:
658
659	  - blake2b-160
660	  - blake2b-256
661	  - blake2b-384
662	  - blake2b-512
663
664	  See https://blake2.net for further information.
665
666config CRYPTO_BLAKE2S
667	tristate "BLAKE2s digest algorithm"
668	select CRYPTO_LIB_BLAKE2S_GENERIC
669	select CRYPTO_HASH
670	help
671	  Implementation of cryptographic hash function BLAKE2s
672	  optimized for 8-32bit platforms and can produce digests of any size
673	  between 1 to 32.  The keyed hash is also implemented.
674
675	  This module provides the following algorithms:
676
677	  - blake2s-128
678	  - blake2s-160
679	  - blake2s-224
680	  - blake2s-256
681
682	  See https://blake2.net for further information.
683
684config CRYPTO_BLAKE2S_X86
685	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
686	depends on X86 && 64BIT
687	select CRYPTO_LIB_BLAKE2S_GENERIC
688	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
689
690config CRYPTO_CRCT10DIF
691	tristate "CRCT10DIF algorithm"
692	select CRYPTO_HASH
693	help
694	  CRC T10 Data Integrity Field computation is being cast as
695	  a crypto transform.  This allows for faster crc t10 diff
696	  transforms to be used if they are available.
697
698config CRYPTO_CRCT10DIF_PCLMUL
699	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
700	depends on X86 && 64BIT && CRC_T10DIF
701	select CRYPTO_HASH
702	help
703	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
704	  CRC T10 DIF PCLMULQDQ computation can be hardware
705	  accelerated PCLMULQDQ instruction. This option will create
706	  'crct10dif-pclmul' module, which is faster when computing the
707	  crct10dif checksum as compared with the generic table implementation.
708
709config CRYPTO_CRCT10DIF_VPMSUM
710	tristate "CRC32T10DIF powerpc64 hardware acceleration"
711	depends on PPC64 && ALTIVEC && CRC_T10DIF
712	select CRYPTO_HASH
713	help
714	  CRC10T10DIF algorithm implemented using vector polynomial
715	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
716	  POWER8 and newer processors for improved performance.
717
718config CRYPTO_VPMSUM_TESTER
719	tristate "Powerpc64 vpmsum hardware acceleration tester"
720	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
721	help
722	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
723	  POWER8 vpmsum instructions.
724	  Unless you are testing these algorithms, you don't need this.
725
726config CRYPTO_GHASH
727	tristate "GHASH hash function"
728	select CRYPTO_GF128MUL
729	select CRYPTO_HASH
730	help
731	  GHASH is the hash function used in GCM (Galois/Counter Mode).
732	  It is not a general-purpose cryptographic hash function.
733
734config CRYPTO_POLY1305
735	tristate "Poly1305 authenticator algorithm"
736	select CRYPTO_HASH
737	select CRYPTO_LIB_POLY1305_GENERIC
738	help
739	  Poly1305 authenticator algorithm, RFC7539.
740
741	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
742	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
743	  in IETF protocols. This is the portable C implementation of Poly1305.
744
745config CRYPTO_POLY1305_X86_64
746	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
747	depends on X86 && 64BIT
748	select CRYPTO_LIB_POLY1305_GENERIC
749	select CRYPTO_ARCH_HAVE_LIB_POLY1305
750	help
751	  Poly1305 authenticator algorithm, RFC7539.
752
753	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
754	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
755	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
756	  instructions.
757
758config CRYPTO_POLY1305_MIPS
759	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
760	depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
761	select CRYPTO_ARCH_HAVE_LIB_POLY1305
762
763config CRYPTO_MD4
764	tristate "MD4 digest algorithm"
765	select CRYPTO_HASH
766	help
767	  MD4 message digest algorithm (RFC1320).
768
769config CRYPTO_MD5
770	tristate "MD5 digest algorithm"
771	select CRYPTO_HASH
772	help
773	  MD5 message digest algorithm (RFC1321).
774
775config CRYPTO_MD5_OCTEON
776	tristate "MD5 digest algorithm (OCTEON)"
777	depends on CPU_CAVIUM_OCTEON
778	select CRYPTO_MD5
779	select CRYPTO_HASH
780	help
781	  MD5 message digest algorithm (RFC1321) implemented
782	  using OCTEON crypto instructions, when available.
783
784config CRYPTO_MD5_PPC
785	tristate "MD5 digest algorithm (PPC)"
786	depends on PPC
787	select CRYPTO_HASH
788	help
789	  MD5 message digest algorithm (RFC1321) implemented
790	  in PPC assembler.
791
792config CRYPTO_MD5_SPARC64
793	tristate "MD5 digest algorithm (SPARC64)"
794	depends on SPARC64
795	select CRYPTO_MD5
796	select CRYPTO_HASH
797	help
798	  MD5 message digest algorithm (RFC1321) implemented
799	  using sparc64 crypto instructions, when available.
800
801config CRYPTO_MICHAEL_MIC
802	tristate "Michael MIC keyed digest algorithm"
803	select CRYPTO_HASH
804	help
805	  Michael MIC is used for message integrity protection in TKIP
806	  (IEEE 802.11i). This algorithm is required for TKIP, but it
807	  should not be used for other purposes because of the weakness
808	  of the algorithm.
809
810config CRYPTO_RMD128
811	tristate "RIPEMD-128 digest algorithm"
812	select CRYPTO_HASH
813	help
814	  RIPEMD-128 (ISO/IEC 10118-3:2004).
815
816	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
817	  be used as a secure replacement for RIPEMD. For other use cases,
818	  RIPEMD-160 should be used.
819
820	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
821	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
822
823config CRYPTO_RMD160
824	tristate "RIPEMD-160 digest algorithm"
825	select CRYPTO_HASH
826	help
827	  RIPEMD-160 (ISO/IEC 10118-3:2004).
828
829	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
830	  to be used as a secure replacement for the 128-bit hash functions
831	  MD4, MD5 and it's predecessor RIPEMD
832	  (not to be confused with RIPEMD-128).
833
834	  It's speed is comparable to SHA1 and there are no known attacks
835	  against RIPEMD-160.
836
837	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
838	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
839
840config CRYPTO_RMD256
841	tristate "RIPEMD-256 digest algorithm"
842	select CRYPTO_HASH
843	help
844	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
845	  256 bit hash. It is intended for applications that require
846	  longer hash-results, without needing a larger security level
847	  (than RIPEMD-128).
848
849	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
850	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
851
852config CRYPTO_RMD320
853	tristate "RIPEMD-320 digest algorithm"
854	select CRYPTO_HASH
855	help
856	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
857	  320 bit hash. It is intended for applications that require
858	  longer hash-results, without needing a larger security level
859	  (than RIPEMD-160).
860
861	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
862	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
863
864config CRYPTO_SHA1
865	tristate "SHA1 digest algorithm"
866	select CRYPTO_HASH
867	help
868	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
869
870config CRYPTO_SHA1_SSSE3
871	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
872	depends on X86 && 64BIT
873	select CRYPTO_SHA1
874	select CRYPTO_HASH
875	help
876	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
877	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
878	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
879	  when available.
880
881config CRYPTO_SHA256_SSSE3
882	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
883	depends on X86 && 64BIT
884	select CRYPTO_SHA256
885	select CRYPTO_HASH
886	help
887	  SHA-256 secure hash standard (DFIPS 180-2) implemented
888	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
889	  Extensions version 1 (AVX1), or Advanced Vector Extensions
890	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
891	  Instructions) when available.
892
893config CRYPTO_SHA512_SSSE3
894	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
895	depends on X86 && 64BIT
896	select CRYPTO_SHA512
897	select CRYPTO_HASH
898	help
899	  SHA-512 secure hash standard (DFIPS 180-2) implemented
900	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
901	  Extensions version 1 (AVX1), or Advanced Vector Extensions
902	  version 2 (AVX2) instructions, when available.
903
904config CRYPTO_SHA1_OCTEON
905	tristate "SHA1 digest algorithm (OCTEON)"
906	depends on CPU_CAVIUM_OCTEON
907	select CRYPTO_SHA1
908	select CRYPTO_HASH
909	help
910	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
911	  using OCTEON crypto instructions, when available.
912
913config CRYPTO_SHA1_SPARC64
914	tristate "SHA1 digest algorithm (SPARC64)"
915	depends on SPARC64
916	select CRYPTO_SHA1
917	select CRYPTO_HASH
918	help
919	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
920	  using sparc64 crypto instructions, when available.
921
922config CRYPTO_SHA1_PPC
923	tristate "SHA1 digest algorithm (powerpc)"
924	depends on PPC
925	help
926	  This is the powerpc hardware accelerated implementation of the
927	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
928
929config CRYPTO_SHA1_PPC_SPE
930	tristate "SHA1 digest algorithm (PPC SPE)"
931	depends on PPC && SPE
932	help
933	  SHA-1 secure hash standard (DFIPS 180-4) implemented
934	  using powerpc SPE SIMD instruction set.
935
936config CRYPTO_SHA256
937	tristate "SHA224 and SHA256 digest algorithm"
938	select CRYPTO_HASH
939	select CRYPTO_LIB_SHA256
940	help
941	  SHA256 secure hash standard (DFIPS 180-2).
942
943	  This version of SHA implements a 256 bit hash with 128 bits of
944	  security against collision attacks.
945
946	  This code also includes SHA-224, a 224 bit hash with 112 bits
947	  of security against collision attacks.
948
949config CRYPTO_SHA256_PPC_SPE
950	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
951	depends on PPC && SPE
952	select CRYPTO_SHA256
953	select CRYPTO_HASH
954	help
955	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
956	  implemented using powerpc SPE SIMD instruction set.
957
958config CRYPTO_SHA256_OCTEON
959	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
960	depends on CPU_CAVIUM_OCTEON
961	select CRYPTO_SHA256
962	select CRYPTO_HASH
963	help
964	  SHA-256 secure hash standard (DFIPS 180-2) implemented
965	  using OCTEON crypto instructions, when available.
966
967config CRYPTO_SHA256_SPARC64
968	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
969	depends on SPARC64
970	select CRYPTO_SHA256
971	select CRYPTO_HASH
972	help
973	  SHA-256 secure hash standard (DFIPS 180-2) implemented
974	  using sparc64 crypto instructions, when available.
975
976config CRYPTO_SHA512
977	tristate "SHA384 and SHA512 digest algorithms"
978	select CRYPTO_HASH
979	help
980	  SHA512 secure hash standard (DFIPS 180-2).
981
982	  This version of SHA implements a 512 bit hash with 256 bits of
983	  security against collision attacks.
984
985	  This code also includes SHA-384, a 384 bit hash with 192 bits
986	  of security against collision attacks.
987
988config CRYPTO_SHA512_OCTEON
989	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
990	depends on CPU_CAVIUM_OCTEON
991	select CRYPTO_SHA512
992	select CRYPTO_HASH
993	help
994	  SHA-512 secure hash standard (DFIPS 180-2) implemented
995	  using OCTEON crypto instructions, when available.
996
997config CRYPTO_SHA512_SPARC64
998	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
999	depends on SPARC64
1000	select CRYPTO_SHA512
1001	select CRYPTO_HASH
1002	help
1003	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1004	  using sparc64 crypto instructions, when available.
1005
1006config CRYPTO_SHA3
1007	tristate "SHA3 digest algorithm"
1008	select CRYPTO_HASH
1009	help
1010	  SHA-3 secure hash standard (DFIPS 202). It's based on
1011	  cryptographic sponge function family called Keccak.
1012
1013	  References:
1014	  http://keccak.noekeon.org/
1015
1016config CRYPTO_SM3
1017	tristate "SM3 digest algorithm"
1018	select CRYPTO_HASH
1019	help
1020	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1021	  It is part of the Chinese Commercial Cryptography suite.
1022
1023	  References:
1024	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1025	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1026
1027config CRYPTO_STREEBOG
1028	tristate "Streebog Hash Function"
1029	select CRYPTO_HASH
1030	help
1031	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1032	  cryptographic standard algorithms (called GOST algorithms).
1033	  This setting enables two hash algorithms with 256 and 512 bits output.
1034
1035	  References:
1036	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1037	  https://tools.ietf.org/html/rfc6986
1038
1039config CRYPTO_TGR192
1040	tristate "Tiger digest algorithms"
1041	select CRYPTO_HASH
1042	help
1043	  Tiger hash algorithm 192, 160 and 128-bit hashes
1044
1045	  Tiger is a hash function optimized for 64-bit processors while
1046	  still having decent performance on 32-bit processors.
1047	  Tiger was developed by Ross Anderson and Eli Biham.
1048
1049	  See also:
1050	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1051
1052config CRYPTO_WP512
1053	tristate "Whirlpool digest algorithms"
1054	select CRYPTO_HASH
1055	help
1056	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1057
1058	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1059	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1060
1061	  See also:
1062	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1063
1064config CRYPTO_GHASH_CLMUL_NI_INTEL
1065	tristate "GHASH hash function (CLMUL-NI accelerated)"
1066	depends on X86 && 64BIT
1067	select CRYPTO_CRYPTD
1068	help
1069	  This is the x86_64 CLMUL-NI accelerated implementation of
1070	  GHASH, the hash function used in GCM (Galois/Counter mode).
1071
1072comment "Ciphers"
1073
1074config CRYPTO_AES
1075	tristate "AES cipher algorithms"
1076	select CRYPTO_ALGAPI
1077	select CRYPTO_LIB_AES
1078	help
1079	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1080	  algorithm.
1081
1082	  Rijndael appears to be consistently a very good performer in
1083	  both hardware and software across a wide range of computing
1084	  environments regardless of its use in feedback or non-feedback
1085	  modes. Its key setup time is excellent, and its key agility is
1086	  good. Rijndael's very low memory requirements make it very well
1087	  suited for restricted-space environments, in which it also
1088	  demonstrates excellent performance. Rijndael's operations are
1089	  among the easiest to defend against power and timing attacks.
1090
1091	  The AES specifies three key sizes: 128, 192 and 256 bits
1092
1093	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1094
1095config CRYPTO_AES_TI
1096	tristate "Fixed time AES cipher"
1097	select CRYPTO_ALGAPI
1098	select CRYPTO_LIB_AES
1099	help
1100	  This is a generic implementation of AES that attempts to eliminate
1101	  data dependent latencies as much as possible without affecting
1102	  performance too much. It is intended for use by the generic CCM
1103	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1104	  solely on encryption (although decryption is supported as well, but
1105	  with a more dramatic performance hit)
1106
1107	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1108	  8 for decryption), this implementation only uses just two S-boxes of
1109	  256 bytes each, and attempts to eliminate data dependent latencies by
1110	  prefetching the entire table into the cache at the start of each
1111	  block. Interrupts are also disabled to avoid races where cachelines
1112	  are evicted when the CPU is interrupted to do something else.
1113
1114config CRYPTO_AES_NI_INTEL
1115	tristate "AES cipher algorithms (AES-NI)"
1116	depends on X86
1117	select CRYPTO_AEAD
1118	select CRYPTO_LIB_AES
1119	select CRYPTO_ALGAPI
1120	select CRYPTO_SKCIPHER
1121	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1122	select CRYPTO_SIMD
1123	help
1124	  Use Intel AES-NI instructions for AES algorithm.
1125
1126	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1127	  algorithm.
1128
1129	  Rijndael appears to be consistently a very good performer in
1130	  both hardware and software across a wide range of computing
1131	  environments regardless of its use in feedback or non-feedback
1132	  modes. Its key setup time is excellent, and its key agility is
1133	  good. Rijndael's very low memory requirements make it very well
1134	  suited for restricted-space environments, in which it also
1135	  demonstrates excellent performance. Rijndael's operations are
1136	  among the easiest to defend against power and timing attacks.
1137
1138	  The AES specifies three key sizes: 128, 192 and 256 bits
1139
1140	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1141
1142	  In addition to AES cipher algorithm support, the acceleration
1143	  for some popular block cipher mode is supported too, including
1144	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1145	  acceleration for CTR.
1146
1147config CRYPTO_AES_SPARC64
1148	tristate "AES cipher algorithms (SPARC64)"
1149	depends on SPARC64
1150	select CRYPTO_SKCIPHER
1151	help
1152	  Use SPARC64 crypto opcodes for AES algorithm.
1153
1154	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1155	  algorithm.
1156
1157	  Rijndael appears to be consistently a very good performer in
1158	  both hardware and software across a wide range of computing
1159	  environments regardless of its use in feedback or non-feedback
1160	  modes. Its key setup time is excellent, and its key agility is
1161	  good. Rijndael's very low memory requirements make it very well
1162	  suited for restricted-space environments, in which it also
1163	  demonstrates excellent performance. Rijndael's operations are
1164	  among the easiest to defend against power and timing attacks.
1165
1166	  The AES specifies three key sizes: 128, 192 and 256 bits
1167
1168	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1169
1170	  In addition to AES cipher algorithm support, the acceleration
1171	  for some popular block cipher mode is supported too, including
1172	  ECB and CBC.
1173
1174config CRYPTO_AES_PPC_SPE
1175	tristate "AES cipher algorithms (PPC SPE)"
1176	depends on PPC && SPE
1177	select CRYPTO_SKCIPHER
1178	help
1179	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1180	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1181	  This module should only be used for low power (router) devices
1182	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1183	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1184	  timining attacks. Nevertheless it might be not as secure as other
1185	  architecture specific assembler implementations that work on 1KB
1186	  tables or 256 bytes S-boxes.
1187
1188config CRYPTO_ANUBIS
1189	tristate "Anubis cipher algorithm"
1190	select CRYPTO_ALGAPI
1191	help
1192	  Anubis cipher algorithm.
1193
1194	  Anubis is a variable key length cipher which can use keys from
1195	  128 bits to 320 bits in length.  It was evaluated as a entrant
1196	  in the NESSIE competition.
1197
1198	  See also:
1199	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1200	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1201
1202config CRYPTO_ARC4
1203	tristate "ARC4 cipher algorithm"
1204	select CRYPTO_SKCIPHER
1205	select CRYPTO_LIB_ARC4
1206	help
1207	  ARC4 cipher algorithm.
1208
1209	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1210	  bits in length.  This algorithm is required for driver-based
1211	  WEP, but it should not be for other purposes because of the
1212	  weakness of the algorithm.
1213
1214config CRYPTO_BLOWFISH
1215	tristate "Blowfish cipher algorithm"
1216	select CRYPTO_ALGAPI
1217	select CRYPTO_BLOWFISH_COMMON
1218	help
1219	  Blowfish cipher algorithm, by Bruce Schneier.
1220
1221	  This is a variable key length cipher which can use keys from 32
1222	  bits to 448 bits in length.  It's fast, simple and specifically
1223	  designed for use on "large microprocessors".
1224
1225	  See also:
1226	  <http://www.schneier.com/blowfish.html>
1227
1228config CRYPTO_BLOWFISH_COMMON
1229	tristate
1230	help
1231	  Common parts of the Blowfish cipher algorithm shared by the
1232	  generic c and the assembler implementations.
1233
1234	  See also:
1235	  <http://www.schneier.com/blowfish.html>
1236
1237config CRYPTO_BLOWFISH_X86_64
1238	tristate "Blowfish cipher algorithm (x86_64)"
1239	depends on X86 && 64BIT
1240	select CRYPTO_SKCIPHER
1241	select CRYPTO_BLOWFISH_COMMON
1242	help
1243	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1244
1245	  This is a variable key length cipher which can use keys from 32
1246	  bits to 448 bits in length.  It's fast, simple and specifically
1247	  designed for use on "large microprocessors".
1248
1249	  See also:
1250	  <http://www.schneier.com/blowfish.html>
1251
1252config CRYPTO_CAMELLIA
1253	tristate "Camellia cipher algorithms"
1254	depends on CRYPTO
1255	select CRYPTO_ALGAPI
1256	help
1257	  Camellia cipher algorithms module.
1258
1259	  Camellia is a symmetric key block cipher developed jointly
1260	  at NTT and Mitsubishi Electric Corporation.
1261
1262	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1263
1264	  See also:
1265	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1266
1267config CRYPTO_CAMELLIA_X86_64
1268	tristate "Camellia cipher algorithm (x86_64)"
1269	depends on X86 && 64BIT
1270	depends on CRYPTO
1271	select CRYPTO_SKCIPHER
1272	select CRYPTO_GLUE_HELPER_X86
1273	help
1274	  Camellia cipher algorithm module (x86_64).
1275
1276	  Camellia is a symmetric key block cipher developed jointly
1277	  at NTT and Mitsubishi Electric Corporation.
1278
1279	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1280
1281	  See also:
1282	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1283
1284config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1285	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1286	depends on X86 && 64BIT
1287	depends on CRYPTO
1288	select CRYPTO_SKCIPHER
1289	select CRYPTO_CAMELLIA_X86_64
1290	select CRYPTO_GLUE_HELPER_X86
1291	select CRYPTO_SIMD
1292	select CRYPTO_XTS
1293	help
1294	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1295
1296	  Camellia is a symmetric key block cipher developed jointly
1297	  at NTT and Mitsubishi Electric Corporation.
1298
1299	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1300
1301	  See also:
1302	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1303
1304config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1305	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1306	depends on X86 && 64BIT
1307	depends on CRYPTO
1308	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1309	help
1310	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1311
1312	  Camellia is a symmetric key block cipher developed jointly
1313	  at NTT and Mitsubishi Electric Corporation.
1314
1315	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1316
1317	  See also:
1318	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1319
1320config CRYPTO_CAMELLIA_SPARC64
1321	tristate "Camellia cipher algorithm (SPARC64)"
1322	depends on SPARC64
1323	depends on CRYPTO
1324	select CRYPTO_ALGAPI
1325	select CRYPTO_SKCIPHER
1326	help
1327	  Camellia cipher algorithm module (SPARC64).
1328
1329	  Camellia is a symmetric key block cipher developed jointly
1330	  at NTT and Mitsubishi Electric Corporation.
1331
1332	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1333
1334	  See also:
1335	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1336
1337config CRYPTO_CAST_COMMON
1338	tristate
1339	help
1340	  Common parts of the CAST cipher algorithms shared by the
1341	  generic c and the assembler implementations.
1342
1343config CRYPTO_CAST5
1344	tristate "CAST5 (CAST-128) cipher algorithm"
1345	select CRYPTO_ALGAPI
1346	select CRYPTO_CAST_COMMON
1347	help
1348	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1349	  described in RFC2144.
1350
1351config CRYPTO_CAST5_AVX_X86_64
1352	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1353	depends on X86 && 64BIT
1354	select CRYPTO_SKCIPHER
1355	select CRYPTO_CAST5
1356	select CRYPTO_CAST_COMMON
1357	select CRYPTO_SIMD
1358	help
1359	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1360	  described in RFC2144.
1361
1362	  This module provides the Cast5 cipher algorithm that processes
1363	  sixteen blocks parallel using the AVX instruction set.
1364
1365config CRYPTO_CAST6
1366	tristate "CAST6 (CAST-256) cipher algorithm"
1367	select CRYPTO_ALGAPI
1368	select CRYPTO_CAST_COMMON
1369	help
1370	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1371	  described in RFC2612.
1372
1373config CRYPTO_CAST6_AVX_X86_64
1374	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1375	depends on X86 && 64BIT
1376	select CRYPTO_SKCIPHER
1377	select CRYPTO_CAST6
1378	select CRYPTO_CAST_COMMON
1379	select CRYPTO_GLUE_HELPER_X86
1380	select CRYPTO_SIMD
1381	select CRYPTO_XTS
1382	help
1383	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1384	  described in RFC2612.
1385
1386	  This module provides the Cast6 cipher algorithm that processes
1387	  eight blocks parallel using the AVX instruction set.
1388
1389config CRYPTO_DES
1390	tristate "DES and Triple DES EDE cipher algorithms"
1391	select CRYPTO_ALGAPI
1392	select CRYPTO_LIB_DES
1393	help
1394	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1395
1396config CRYPTO_DES_SPARC64
1397	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1398	depends on SPARC64
1399	select CRYPTO_ALGAPI
1400	select CRYPTO_LIB_DES
1401	select CRYPTO_SKCIPHER
1402	help
1403	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1404	  optimized using SPARC64 crypto opcodes.
1405
1406config CRYPTO_DES3_EDE_X86_64
1407	tristate "Triple DES EDE cipher algorithm (x86-64)"
1408	depends on X86 && 64BIT
1409	select CRYPTO_SKCIPHER
1410	select CRYPTO_LIB_DES
1411	help
1412	  Triple DES EDE (FIPS 46-3) algorithm.
1413
1414	  This module provides implementation of the Triple DES EDE cipher
1415	  algorithm that is optimized for x86-64 processors. Two versions of
1416	  algorithm are provided; regular processing one input block and
1417	  one that processes three blocks parallel.
1418
1419config CRYPTO_FCRYPT
1420	tristate "FCrypt cipher algorithm"
1421	select CRYPTO_ALGAPI
1422	select CRYPTO_SKCIPHER
1423	help
1424	  FCrypt algorithm used by RxRPC.
1425
1426config CRYPTO_KHAZAD
1427	tristate "Khazad cipher algorithm"
1428	select CRYPTO_ALGAPI
1429	help
1430	  Khazad cipher algorithm.
1431
1432	  Khazad was a finalist in the initial NESSIE competition.  It is
1433	  an algorithm optimized for 64-bit processors with good performance
1434	  on 32-bit processors.  Khazad uses an 128 bit key size.
1435
1436	  See also:
1437	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1438
1439config CRYPTO_SALSA20
1440	tristate "Salsa20 stream cipher algorithm"
1441	select CRYPTO_SKCIPHER
1442	help
1443	  Salsa20 stream cipher algorithm.
1444
1445	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1446	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1447
1448	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1449	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1450
1451config CRYPTO_CHACHA20
1452	tristate "ChaCha stream cipher algorithms"
1453	select CRYPTO_LIB_CHACHA_GENERIC
1454	select CRYPTO_SKCIPHER
1455	help
1456	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1457
1458	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1459	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1460	  This is the portable C implementation of ChaCha20.  See also:
1461	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1462
1463	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1464	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1465	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1466	  while provably retaining ChaCha20's security.  See also:
1467	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1468
1469	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1470	  reduced security margin but increased performance.  It can be needed
1471	  in some performance-sensitive scenarios.
1472
1473config CRYPTO_CHACHA20_X86_64
1474	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1475	depends on X86 && 64BIT
1476	select CRYPTO_SKCIPHER
1477	select CRYPTO_LIB_CHACHA_GENERIC
1478	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1479	help
1480	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1481	  XChaCha20, and XChaCha12 stream ciphers.
1482
1483config CRYPTO_CHACHA_MIPS
1484	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1485	depends on CPU_MIPS32_R2
1486	select CRYPTO_SKCIPHER
1487	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1488
1489config CRYPTO_SEED
1490	tristate "SEED cipher algorithm"
1491	select CRYPTO_ALGAPI
1492	help
1493	  SEED cipher algorithm (RFC4269).
1494
1495	  SEED is a 128-bit symmetric key block cipher that has been
1496	  developed by KISA (Korea Information Security Agency) as a
1497	  national standard encryption algorithm of the Republic of Korea.
1498	  It is a 16 round block cipher with the key size of 128 bit.
1499
1500	  See also:
1501	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1502
1503config CRYPTO_SERPENT
1504	tristate "Serpent cipher algorithm"
1505	select CRYPTO_ALGAPI
1506	help
1507	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1508
1509	  Keys are allowed to be from 0 to 256 bits in length, in steps
1510	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1511	  variant of Serpent for compatibility with old kerneli.org code.
1512
1513	  See also:
1514	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1515
1516config CRYPTO_SERPENT_SSE2_X86_64
1517	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1518	depends on X86 && 64BIT
1519	select CRYPTO_SKCIPHER
1520	select CRYPTO_GLUE_HELPER_X86
1521	select CRYPTO_SERPENT
1522	select CRYPTO_SIMD
1523	help
1524	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1525
1526	  Keys are allowed to be from 0 to 256 bits in length, in steps
1527	  of 8 bits.
1528
1529	  This module provides Serpent cipher algorithm that processes eight
1530	  blocks parallel using SSE2 instruction set.
1531
1532	  See also:
1533	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1534
1535config CRYPTO_SERPENT_SSE2_586
1536	tristate "Serpent cipher algorithm (i586/SSE2)"
1537	depends on X86 && !64BIT
1538	select CRYPTO_SKCIPHER
1539	select CRYPTO_GLUE_HELPER_X86
1540	select CRYPTO_SERPENT
1541	select CRYPTO_SIMD
1542	help
1543	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544
1545	  Keys are allowed to be from 0 to 256 bits in length, in steps
1546	  of 8 bits.
1547
1548	  This module provides Serpent cipher algorithm that processes four
1549	  blocks parallel using SSE2 instruction set.
1550
1551	  See also:
1552	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1553
1554config CRYPTO_SERPENT_AVX_X86_64
1555	tristate "Serpent cipher algorithm (x86_64/AVX)"
1556	depends on X86 && 64BIT
1557	select CRYPTO_SKCIPHER
1558	select CRYPTO_GLUE_HELPER_X86
1559	select CRYPTO_SERPENT
1560	select CRYPTO_SIMD
1561	select CRYPTO_XTS
1562	help
1563	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1564
1565	  Keys are allowed to be from 0 to 256 bits in length, in steps
1566	  of 8 bits.
1567
1568	  This module provides the Serpent cipher algorithm that processes
1569	  eight blocks parallel using the AVX instruction set.
1570
1571	  See also:
1572	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1573
1574config CRYPTO_SERPENT_AVX2_X86_64
1575	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1576	depends on X86 && 64BIT
1577	select CRYPTO_SERPENT_AVX_X86_64
1578	help
1579	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1580
1581	  Keys are allowed to be from 0 to 256 bits in length, in steps
1582	  of 8 bits.
1583
1584	  This module provides Serpent cipher algorithm that processes 16
1585	  blocks parallel using AVX2 instruction set.
1586
1587	  See also:
1588	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1589
1590config CRYPTO_SM4
1591	tristate "SM4 cipher algorithm"
1592	select CRYPTO_ALGAPI
1593	help
1594	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1595
1596	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1597	  Organization of State Commercial Administration of China (OSCCA)
1598	  as an authorized cryptographic algorithms for the use within China.
1599
1600	  SMS4 was originally created for use in protecting wireless
1601	  networks, and is mandated in the Chinese National Standard for
1602	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1603	  (GB.15629.11-2003).
1604
1605	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1606	  standardized through TC 260 of the Standardization Administration
1607	  of the People's Republic of China (SAC).
1608
1609	  The input, output, and key of SMS4 are each 128 bits.
1610
1611	  See also: <https://eprint.iacr.org/2008/329.pdf>
1612
1613	  If unsure, say N.
1614
1615config CRYPTO_TEA
1616	tristate "TEA, XTEA and XETA cipher algorithms"
1617	select CRYPTO_ALGAPI
1618	help
1619	  TEA cipher algorithm.
1620
1621	  Tiny Encryption Algorithm is a simple cipher that uses
1622	  many rounds for security.  It is very fast and uses
1623	  little memory.
1624
1625	  Xtendend Tiny Encryption Algorithm is a modification to
1626	  the TEA algorithm to address a potential key weakness
1627	  in the TEA algorithm.
1628
1629	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1630	  of the XTEA algorithm for compatibility purposes.
1631
1632config CRYPTO_TWOFISH
1633	tristate "Twofish cipher algorithm"
1634	select CRYPTO_ALGAPI
1635	select CRYPTO_TWOFISH_COMMON
1636	help
1637	  Twofish cipher algorithm.
1638
1639	  Twofish was submitted as an AES (Advanced Encryption Standard)
1640	  candidate cipher by researchers at CounterPane Systems.  It is a
1641	  16 round block cipher supporting key sizes of 128, 192, and 256
1642	  bits.
1643
1644	  See also:
1645	  <http://www.schneier.com/twofish.html>
1646
1647config CRYPTO_TWOFISH_COMMON
1648	tristate
1649	help
1650	  Common parts of the Twofish cipher algorithm shared by the
1651	  generic c and the assembler implementations.
1652
1653config CRYPTO_TWOFISH_586
1654	tristate "Twofish cipher algorithms (i586)"
1655	depends on (X86 || UML_X86) && !64BIT
1656	select CRYPTO_ALGAPI
1657	select CRYPTO_TWOFISH_COMMON
1658	help
1659	  Twofish cipher algorithm.
1660
1661	  Twofish was submitted as an AES (Advanced Encryption Standard)
1662	  candidate cipher by researchers at CounterPane Systems.  It is a
1663	  16 round block cipher supporting key sizes of 128, 192, and 256
1664	  bits.
1665
1666	  See also:
1667	  <http://www.schneier.com/twofish.html>
1668
1669config CRYPTO_TWOFISH_X86_64
1670	tristate "Twofish cipher algorithm (x86_64)"
1671	depends on (X86 || UML_X86) && 64BIT
1672	select CRYPTO_ALGAPI
1673	select CRYPTO_TWOFISH_COMMON
1674	help
1675	  Twofish cipher algorithm (x86_64).
1676
1677	  Twofish was submitted as an AES (Advanced Encryption Standard)
1678	  candidate cipher by researchers at CounterPane Systems.  It is a
1679	  16 round block cipher supporting key sizes of 128, 192, and 256
1680	  bits.
1681
1682	  See also:
1683	  <http://www.schneier.com/twofish.html>
1684
1685config CRYPTO_TWOFISH_X86_64_3WAY
1686	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1687	depends on X86 && 64BIT
1688	select CRYPTO_SKCIPHER
1689	select CRYPTO_TWOFISH_COMMON
1690	select CRYPTO_TWOFISH_X86_64
1691	select CRYPTO_GLUE_HELPER_X86
1692	help
1693	  Twofish cipher algorithm (x86_64, 3-way parallel).
1694
1695	  Twofish was submitted as an AES (Advanced Encryption Standard)
1696	  candidate cipher by researchers at CounterPane Systems.  It is a
1697	  16 round block cipher supporting key sizes of 128, 192, and 256
1698	  bits.
1699
1700	  This module provides Twofish cipher algorithm that processes three
1701	  blocks parallel, utilizing resources of out-of-order CPUs better.
1702
1703	  See also:
1704	  <http://www.schneier.com/twofish.html>
1705
1706config CRYPTO_TWOFISH_AVX_X86_64
1707	tristate "Twofish cipher algorithm (x86_64/AVX)"
1708	depends on X86 && 64BIT
1709	select CRYPTO_SKCIPHER
1710	select CRYPTO_GLUE_HELPER_X86
1711	select CRYPTO_SIMD
1712	select CRYPTO_TWOFISH_COMMON
1713	select CRYPTO_TWOFISH_X86_64
1714	select CRYPTO_TWOFISH_X86_64_3WAY
1715	help
1716	  Twofish cipher algorithm (x86_64/AVX).
1717
1718	  Twofish was submitted as an AES (Advanced Encryption Standard)
1719	  candidate cipher by researchers at CounterPane Systems.  It is a
1720	  16 round block cipher supporting key sizes of 128, 192, and 256
1721	  bits.
1722
1723	  This module provides the Twofish cipher algorithm that processes
1724	  eight blocks parallel using the AVX Instruction Set.
1725
1726	  See also:
1727	  <http://www.schneier.com/twofish.html>
1728
1729comment "Compression"
1730
1731config CRYPTO_DEFLATE
1732	tristate "Deflate compression algorithm"
1733	select CRYPTO_ALGAPI
1734	select CRYPTO_ACOMP2
1735	select ZLIB_INFLATE
1736	select ZLIB_DEFLATE
1737	help
1738	  This is the Deflate algorithm (RFC1951), specified for use in
1739	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1740
1741	  You will most probably want this if using IPSec.
1742
1743config CRYPTO_LZO
1744	tristate "LZO compression algorithm"
1745	select CRYPTO_ALGAPI
1746	select CRYPTO_ACOMP2
1747	select LZO_COMPRESS
1748	select LZO_DECOMPRESS
1749	help
1750	  This is the LZO algorithm.
1751
1752config CRYPTO_842
1753	tristate "842 compression algorithm"
1754	select CRYPTO_ALGAPI
1755	select CRYPTO_ACOMP2
1756	select 842_COMPRESS
1757	select 842_DECOMPRESS
1758	help
1759	  This is the 842 algorithm.
1760
1761config CRYPTO_LZ4
1762	tristate "LZ4 compression algorithm"
1763	select CRYPTO_ALGAPI
1764	select CRYPTO_ACOMP2
1765	select LZ4_COMPRESS
1766	select LZ4_DECOMPRESS
1767	help
1768	  This is the LZ4 algorithm.
1769
1770config CRYPTO_LZ4HC
1771	tristate "LZ4HC compression algorithm"
1772	select CRYPTO_ALGAPI
1773	select CRYPTO_ACOMP2
1774	select LZ4HC_COMPRESS
1775	select LZ4_DECOMPRESS
1776	help
1777	  This is the LZ4 high compression mode algorithm.
1778
1779config CRYPTO_ZSTD
1780	tristate "Zstd compression algorithm"
1781	select CRYPTO_ALGAPI
1782	select CRYPTO_ACOMP2
1783	select ZSTD_COMPRESS
1784	select ZSTD_DECOMPRESS
1785	help
1786	  This is the zstd algorithm.
1787
1788comment "Random Number Generation"
1789
1790config CRYPTO_ANSI_CPRNG
1791	tristate "Pseudo Random Number Generation for Cryptographic modules"
1792	select CRYPTO_AES
1793	select CRYPTO_RNG
1794	help
1795	  This option enables the generic pseudo random number generator
1796	  for cryptographic modules.  Uses the Algorithm specified in
1797	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1798	  CRYPTO_FIPS is selected
1799
1800menuconfig CRYPTO_DRBG_MENU
1801	tristate "NIST SP800-90A DRBG"
1802	help
1803	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1804	  more of the DRBG types must be selected.
1805
1806if CRYPTO_DRBG_MENU
1807
1808config CRYPTO_DRBG_HMAC
1809	bool
1810	default y
1811	select CRYPTO_HMAC
1812	select CRYPTO_SHA256
1813
1814config CRYPTO_DRBG_HASH
1815	bool "Enable Hash DRBG"
1816	select CRYPTO_SHA256
1817	help
1818	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1819
1820config CRYPTO_DRBG_CTR
1821	bool "Enable CTR DRBG"
1822	select CRYPTO_AES
1823	depends on CRYPTO_CTR
1824	help
1825	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1826
1827config CRYPTO_DRBG
1828	tristate
1829	default CRYPTO_DRBG_MENU
1830	select CRYPTO_RNG
1831	select CRYPTO_JITTERENTROPY
1832
1833endif	# if CRYPTO_DRBG_MENU
1834
1835config CRYPTO_JITTERENTROPY
1836	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1837	select CRYPTO_RNG
1838	help
1839	  The Jitterentropy RNG is a noise that is intended
1840	  to provide seed to another RNG. The RNG does not
1841	  perform any cryptographic whitening of the generated
1842	  random numbers. This Jitterentropy RNG registers with
1843	  the kernel crypto API and can be used by any caller.
1844
1845config CRYPTO_USER_API
1846	tristate
1847
1848config CRYPTO_USER_API_HASH
1849	tristate "User-space interface for hash algorithms"
1850	depends on NET
1851	select CRYPTO_HASH
1852	select CRYPTO_USER_API
1853	help
1854	  This option enables the user-spaces interface for hash
1855	  algorithms.
1856
1857config CRYPTO_USER_API_SKCIPHER
1858	tristate "User-space interface for symmetric key cipher algorithms"
1859	depends on NET
1860	select CRYPTO_SKCIPHER
1861	select CRYPTO_USER_API
1862	help
1863	  This option enables the user-spaces interface for symmetric
1864	  key cipher algorithms.
1865
1866config CRYPTO_USER_API_RNG
1867	tristate "User-space interface for random number generator algorithms"
1868	depends on NET
1869	select CRYPTO_RNG
1870	select CRYPTO_USER_API
1871	help
1872	  This option enables the user-spaces interface for random
1873	  number generator algorithms.
1874
1875config CRYPTO_USER_API_AEAD
1876	tristate "User-space interface for AEAD cipher algorithms"
1877	depends on NET
1878	select CRYPTO_AEAD
1879	select CRYPTO_SKCIPHER
1880	select CRYPTO_NULL
1881	select CRYPTO_USER_API
1882	help
1883	  This option enables the user-spaces interface for AEAD
1884	  cipher algorithms.
1885
1886config CRYPTO_STATS
1887	bool "Crypto usage statistics for User-space"
1888	depends on CRYPTO_USER
1889	help
1890	  This option enables the gathering of crypto stats.
1891	  This will collect:
1892	  - encrypt/decrypt size and numbers of symmeric operations
1893	  - compress/decompress size and numbers of compress operations
1894	  - size and numbers of hash operations
1895	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1896	  - generate/seed numbers for rng operations
1897
1898config CRYPTO_HASH_INFO
1899	bool
1900
1901source "lib/crypto/Kconfig"
1902source "drivers/crypto/Kconfig"
1903source "crypto/asymmetric_keys/Kconfig"
1904source "certs/Kconfig"
1905
1906endif	# if CRYPTO
1907