xref: /openbmc/linux/crypto/Kconfig (revision 37b9c7bb)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139config CRYPTO_MANAGER_DISABLE_TESTS
140	bool "Disable run-time self tests"
141	default y
142	help
143	  Disable run-time self tests that normally take place at
144	  algorithm registration.
145
146config CRYPTO_MANAGER_EXTRA_TESTS
147	bool "Enable extra run-time crypto self tests"
148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
149	help
150	  Enable extra run-time self tests of registered crypto algorithms,
151	  including randomized fuzz tests.
152
153	  This is intended for developer use only, as these tests take much
154	  longer to run than the normal self tests.
155
156config CRYPTO_GF128MUL
157	tristate
158
159config CRYPTO_NULL
160	tristate "Null algorithms"
161	select CRYPTO_NULL2
162	help
163	  These are 'Null' algorithms, used by IPsec, which do nothing.
164
165config CRYPTO_NULL2
166	tristate
167	select CRYPTO_ALGAPI2
168	select CRYPTO_SKCIPHER2
169	select CRYPTO_HASH2
170
171config CRYPTO_PCRYPT
172	tristate "Parallel crypto engine"
173	depends on SMP
174	select PADATA
175	select CRYPTO_MANAGER
176	select CRYPTO_AEAD
177	help
178	  This converts an arbitrary crypto algorithm into a parallel
179	  algorithm that executes in kernel threads.
180
181config CRYPTO_CRYPTD
182	tristate "Software async crypto daemon"
183	select CRYPTO_SKCIPHER
184	select CRYPTO_HASH
185	select CRYPTO_MANAGER
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  converts an arbitrary synchronous software crypto algorithm
189	  into an asynchronous algorithm that executes in a kernel thread.
190
191config CRYPTO_AUTHENC
192	tristate "Authenc support"
193	select CRYPTO_AEAD
194	select CRYPTO_SKCIPHER
195	select CRYPTO_MANAGER
196	select CRYPTO_HASH
197	select CRYPTO_NULL
198	help
199	  Authenc: Combined mode wrapper for IPsec.
200	  This is required for IPSec.
201
202config CRYPTO_TEST
203	tristate "Testing module"
204	depends on m || EXPERT
205	select CRYPTO_MANAGER
206	help
207	  Quick & dirty crypto test module.
208
209config CRYPTO_SIMD
210	tristate
211	select CRYPTO_CRYPTD
212
213config CRYPTO_GLUE_HELPER_X86
214	tristate
215	depends on X86
216	select CRYPTO_SKCIPHER
217
218config CRYPTO_ENGINE
219	tristate
220
221comment "Public-key cryptography"
222
223config CRYPTO_RSA
224	tristate "RSA algorithm"
225	select CRYPTO_AKCIPHER
226	select CRYPTO_MANAGER
227	select MPILIB
228	select ASN1
229	help
230	  Generic implementation of the RSA public key algorithm.
231
232config CRYPTO_DH
233	tristate "Diffie-Hellman algorithm"
234	select CRYPTO_KPP
235	select MPILIB
236	help
237	  Generic implementation of the Diffie-Hellman algorithm.
238
239config CRYPTO_ECC
240	tristate
241
242config CRYPTO_ECDH
243	tristate "ECDH algorithm"
244	select CRYPTO_ECC
245	select CRYPTO_KPP
246	select CRYPTO_RNG_DEFAULT
247	help
248	  Generic implementation of the ECDH algorithm
249
250config CRYPTO_ECRDSA
251	tristate "EC-RDSA (GOST 34.10) algorithm"
252	select CRYPTO_ECC
253	select CRYPTO_AKCIPHER
254	select CRYPTO_STREEBOG
255	select OID_REGISTRY
256	select ASN1
257	help
258	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
259	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
260	  standard algorithms (called GOST algorithms). Only signature verification
261	  is implemented.
262
263config CRYPTO_SM2
264	tristate "SM2 algorithm"
265	select CRYPTO_SM3
266	select CRYPTO_AKCIPHER
267	select CRYPTO_MANAGER
268	select MPILIB
269	select ASN1
270	help
271	  Generic implementation of the SM2 public key algorithm. It was
272	  published by State Encryption Management Bureau, China.
273	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
274
275	  References:
276	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
277	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
278	  http://www.gmbz.org.cn/main/bzlb.html
279
280config CRYPTO_CURVE25519
281	tristate "Curve25519 algorithm"
282	select CRYPTO_KPP
283	select CRYPTO_LIB_CURVE25519_GENERIC
284
285config CRYPTO_CURVE25519_X86
286	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
287	depends on X86 && 64BIT
288	select CRYPTO_LIB_CURVE25519_GENERIC
289	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
290
291comment "Authenticated Encryption with Associated Data"
292
293config CRYPTO_CCM
294	tristate "CCM support"
295	select CRYPTO_CTR
296	select CRYPTO_HASH
297	select CRYPTO_AEAD
298	select CRYPTO_MANAGER
299	help
300	  Support for Counter with CBC MAC. Required for IPsec.
301
302config CRYPTO_GCM
303	tristate "GCM/GMAC support"
304	select CRYPTO_CTR
305	select CRYPTO_AEAD
306	select CRYPTO_GHASH
307	select CRYPTO_NULL
308	select CRYPTO_MANAGER
309	help
310	  Support for Galois/Counter Mode (GCM) and Galois Message
311	  Authentication Code (GMAC). Required for IPSec.
312
313config CRYPTO_CHACHA20POLY1305
314	tristate "ChaCha20-Poly1305 AEAD support"
315	select CRYPTO_CHACHA20
316	select CRYPTO_POLY1305
317	select CRYPTO_AEAD
318	select CRYPTO_MANAGER
319	help
320	  ChaCha20-Poly1305 AEAD support, RFC7539.
321
322	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
323	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
324	  IETF protocols.
325
326config CRYPTO_AEGIS128
327	tristate "AEGIS-128 AEAD algorithm"
328	select CRYPTO_AEAD
329	select CRYPTO_AES  # for AES S-box tables
330	help
331	 Support for the AEGIS-128 dedicated AEAD algorithm.
332
333config CRYPTO_AEGIS128_SIMD
334	bool "Support SIMD acceleration for AEGIS-128"
335	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
336	default y
337
338config CRYPTO_AEGIS128_AESNI_SSE2
339	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
340	depends on X86 && 64BIT
341	select CRYPTO_AEAD
342	select CRYPTO_SIMD
343	help
344	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
345
346config CRYPTO_SEQIV
347	tristate "Sequence Number IV Generator"
348	select CRYPTO_AEAD
349	select CRYPTO_SKCIPHER
350	select CRYPTO_NULL
351	select CRYPTO_RNG_DEFAULT
352	select CRYPTO_MANAGER
353	help
354	  This IV generator generates an IV based on a sequence number by
355	  xoring it with a salt.  This algorithm is mainly useful for CTR
356
357config CRYPTO_ECHAINIV
358	tristate "Encrypted Chain IV Generator"
359	select CRYPTO_AEAD
360	select CRYPTO_NULL
361	select CRYPTO_RNG_DEFAULT
362	select CRYPTO_MANAGER
363	help
364	  This IV generator generates an IV based on the encryption of
365	  a sequence number xored with a salt.  This is the default
366	  algorithm for CBC.
367
368comment "Block modes"
369
370config CRYPTO_CBC
371	tristate "CBC support"
372	select CRYPTO_SKCIPHER
373	select CRYPTO_MANAGER
374	help
375	  CBC: Cipher Block Chaining mode
376	  This block cipher algorithm is required for IPSec.
377
378config CRYPTO_CFB
379	tristate "CFB support"
380	select CRYPTO_SKCIPHER
381	select CRYPTO_MANAGER
382	help
383	  CFB: Cipher FeedBack mode
384	  This block cipher algorithm is required for TPM2 Cryptography.
385
386config CRYPTO_CTR
387	tristate "CTR support"
388	select CRYPTO_SKCIPHER
389	select CRYPTO_MANAGER
390	help
391	  CTR: Counter mode
392	  This block cipher algorithm is required for IPSec.
393
394config CRYPTO_CTS
395	tristate "CTS support"
396	select CRYPTO_SKCIPHER
397	select CRYPTO_MANAGER
398	help
399	  CTS: Cipher Text Stealing
400	  This is the Cipher Text Stealing mode as described by
401	  Section 8 of rfc2040 and referenced by rfc3962
402	  (rfc3962 includes errata information in its Appendix A) or
403	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
404	  This mode is required for Kerberos gss mechanism support
405	  for AES encryption.
406
407	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
408
409config CRYPTO_ECB
410	tristate "ECB support"
411	select CRYPTO_SKCIPHER
412	select CRYPTO_MANAGER
413	help
414	  ECB: Electronic CodeBook mode
415	  This is the simplest block cipher algorithm.  It simply encrypts
416	  the input block by block.
417
418config CRYPTO_LRW
419	tristate "LRW support"
420	select CRYPTO_SKCIPHER
421	select CRYPTO_MANAGER
422	select CRYPTO_GF128MUL
423	help
424	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
425	  narrow block cipher mode for dm-crypt.  Use it with cipher
426	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
427	  The first 128, 192 or 256 bits in the key are used for AES and the
428	  rest is used to tie each cipher block to its logical position.
429
430config CRYPTO_OFB
431	tristate "OFB support"
432	select CRYPTO_SKCIPHER
433	select CRYPTO_MANAGER
434	help
435	  OFB: the Output Feedback mode makes a block cipher into a synchronous
436	  stream cipher. It generates keystream blocks, which are then XORed
437	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
438	  ciphertext produces a flipped bit in the plaintext at the same
439	  location. This property allows many error correcting codes to function
440	  normally even when applied before encryption.
441
442config CRYPTO_PCBC
443	tristate "PCBC support"
444	select CRYPTO_SKCIPHER
445	select CRYPTO_MANAGER
446	help
447	  PCBC: Propagating Cipher Block Chaining mode
448	  This block cipher algorithm is required for RxRPC.
449
450config CRYPTO_XTS
451	tristate "XTS support"
452	select CRYPTO_SKCIPHER
453	select CRYPTO_MANAGER
454	select CRYPTO_ECB
455	help
456	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
457	  key size 256, 384 or 512 bits. This implementation currently
458	  can't handle a sectorsize which is not a multiple of 16 bytes.
459
460config CRYPTO_KEYWRAP
461	tristate "Key wrapping support"
462	select CRYPTO_SKCIPHER
463	select CRYPTO_MANAGER
464	help
465	  Support for key wrapping (NIST SP800-38F / RFC3394) without
466	  padding.
467
468config CRYPTO_NHPOLY1305
469	tristate
470	select CRYPTO_HASH
471	select CRYPTO_LIB_POLY1305_GENERIC
472
473config CRYPTO_NHPOLY1305_SSE2
474	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
475	depends on X86 && 64BIT
476	select CRYPTO_NHPOLY1305
477	help
478	  SSE2 optimized implementation of the hash function used by the
479	  Adiantum encryption mode.
480
481config CRYPTO_NHPOLY1305_AVX2
482	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
483	depends on X86 && 64BIT
484	select CRYPTO_NHPOLY1305
485	help
486	  AVX2 optimized implementation of the hash function used by the
487	  Adiantum encryption mode.
488
489config CRYPTO_ADIANTUM
490	tristate "Adiantum support"
491	select CRYPTO_CHACHA20
492	select CRYPTO_LIB_POLY1305_GENERIC
493	select CRYPTO_NHPOLY1305
494	select CRYPTO_MANAGER
495	help
496	  Adiantum is a tweakable, length-preserving encryption mode
497	  designed for fast and secure disk encryption, especially on
498	  CPUs without dedicated crypto instructions.  It encrypts
499	  each sector using the XChaCha12 stream cipher, two passes of
500	  an ε-almost-∆-universal hash function, and an invocation of
501	  the AES-256 block cipher on a single 16-byte block.  On CPUs
502	  without AES instructions, Adiantum is much faster than
503	  AES-XTS.
504
505	  Adiantum's security is provably reducible to that of its
506	  underlying stream and block ciphers, subject to a security
507	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
508	  mode, so it actually provides an even stronger notion of
509	  security than XTS, subject to the security bound.
510
511	  If unsure, say N.
512
513config CRYPTO_ESSIV
514	tristate "ESSIV support for block encryption"
515	select CRYPTO_AUTHENC
516	help
517	  Encrypted salt-sector initialization vector (ESSIV) is an IV
518	  generation method that is used in some cases by fscrypt and/or
519	  dm-crypt. It uses the hash of the block encryption key as the
520	  symmetric key for a block encryption pass applied to the input
521	  IV, making low entropy IV sources more suitable for block
522	  encryption.
523
524	  This driver implements a crypto API template that can be
525	  instantiated either as an skcipher or as an AEAD (depending on the
526	  type of the first template argument), and which defers encryption
527	  and decryption requests to the encapsulated cipher after applying
528	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
529	  that the keys are presented in the same format used by the authenc
530	  template, and that the IV appears at the end of the authenticated
531	  associated data (AAD) region (which is how dm-crypt uses it.)
532
533	  Note that the use of ESSIV is not recommended for new deployments,
534	  and so this only needs to be enabled when interoperability with
535	  existing encrypted volumes of filesystems is required, or when
536	  building for a particular system that requires it (e.g., when
537	  the SoC in question has accelerated CBC but not XTS, making CBC
538	  combined with ESSIV the only feasible mode for h/w accelerated
539	  block encryption)
540
541comment "Hash modes"
542
543config CRYPTO_CMAC
544	tristate "CMAC support"
545	select CRYPTO_HASH
546	select CRYPTO_MANAGER
547	help
548	  Cipher-based Message Authentication Code (CMAC) specified by
549	  The National Institute of Standards and Technology (NIST).
550
551	  https://tools.ietf.org/html/rfc4493
552	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
553
554config CRYPTO_HMAC
555	tristate "HMAC support"
556	select CRYPTO_HASH
557	select CRYPTO_MANAGER
558	help
559	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
560	  This is required for IPSec.
561
562config CRYPTO_XCBC
563	tristate "XCBC support"
564	select CRYPTO_HASH
565	select CRYPTO_MANAGER
566	help
567	  XCBC: Keyed-Hashing with encryption algorithm
568		https://www.ietf.org/rfc/rfc3566.txt
569		http://csrc.nist.gov/encryption/modes/proposedmodes/
570		 xcbc-mac/xcbc-mac-spec.pdf
571
572config CRYPTO_VMAC
573	tristate "VMAC support"
574	select CRYPTO_HASH
575	select CRYPTO_MANAGER
576	help
577	  VMAC is a message authentication algorithm designed for
578	  very high speed on 64-bit architectures.
579
580	  See also:
581	  <https://fastcrypto.org/vmac>
582
583comment "Digest"
584
585config CRYPTO_CRC32C
586	tristate "CRC32c CRC algorithm"
587	select CRYPTO_HASH
588	select CRC32
589	help
590	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
591	  by iSCSI for header and data digests and by others.
592	  See Castagnoli93.  Module will be crc32c.
593
594config CRYPTO_CRC32C_INTEL
595	tristate "CRC32c INTEL hardware acceleration"
596	depends on X86
597	select CRYPTO_HASH
598	help
599	  In Intel processor with SSE4.2 supported, the processor will
600	  support CRC32C implementation using hardware accelerated CRC32
601	  instruction. This option will create 'crc32c-intel' module,
602	  which will enable any routine to use the CRC32 instruction to
603	  gain performance compared with software implementation.
604	  Module will be crc32c-intel.
605
606config CRYPTO_CRC32C_VPMSUM
607	tristate "CRC32c CRC algorithm (powerpc64)"
608	depends on PPC64 && ALTIVEC
609	select CRYPTO_HASH
610	select CRC32
611	help
612	  CRC32c algorithm implemented using vector polynomial multiply-sum
613	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
614	  and newer processors for improved performance.
615
616
617config CRYPTO_CRC32C_SPARC64
618	tristate "CRC32c CRC algorithm (SPARC64)"
619	depends on SPARC64
620	select CRYPTO_HASH
621	select CRC32
622	help
623	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
624	  when available.
625
626config CRYPTO_CRC32
627	tristate "CRC32 CRC algorithm"
628	select CRYPTO_HASH
629	select CRC32
630	help
631	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
632	  Shash crypto api wrappers to crc32_le function.
633
634config CRYPTO_CRC32_PCLMUL
635	tristate "CRC32 PCLMULQDQ hardware acceleration"
636	depends on X86
637	select CRYPTO_HASH
638	select CRC32
639	help
640	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
641	  and PCLMULQDQ supported, the processor will support
642	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
643	  instruction. This option will create 'crc32-pclmul' module,
644	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
645	  and gain better performance as compared with the table implementation.
646
647config CRYPTO_CRC32_MIPS
648	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
649	depends on MIPS_CRC_SUPPORT
650	select CRYPTO_HASH
651	help
652	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
653	  instructions, when available.
654
655
656config CRYPTO_XXHASH
657	tristate "xxHash hash algorithm"
658	select CRYPTO_HASH
659	select XXHASH
660	help
661	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
662	  speeds close to RAM limits.
663
664config CRYPTO_BLAKE2B
665	tristate "BLAKE2b digest algorithm"
666	select CRYPTO_HASH
667	help
668	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
669	  optimized for 64bit platforms and can produce digests of any size
670	  between 1 to 64.  The keyed hash is also implemented.
671
672	  This module provides the following algorithms:
673
674	  - blake2b-160
675	  - blake2b-256
676	  - blake2b-384
677	  - blake2b-512
678
679	  See https://blake2.net for further information.
680
681config CRYPTO_BLAKE2S
682	tristate "BLAKE2s digest algorithm"
683	select CRYPTO_LIB_BLAKE2S_GENERIC
684	select CRYPTO_HASH
685	help
686	  Implementation of cryptographic hash function BLAKE2s
687	  optimized for 8-32bit platforms and can produce digests of any size
688	  between 1 to 32.  The keyed hash is also implemented.
689
690	  This module provides the following algorithms:
691
692	  - blake2s-128
693	  - blake2s-160
694	  - blake2s-224
695	  - blake2s-256
696
697	  See https://blake2.net for further information.
698
699config CRYPTO_BLAKE2S_X86
700	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
701	depends on X86 && 64BIT
702	select CRYPTO_LIB_BLAKE2S_GENERIC
703	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
704
705config CRYPTO_CRCT10DIF
706	tristate "CRCT10DIF algorithm"
707	select CRYPTO_HASH
708	help
709	  CRC T10 Data Integrity Field computation is being cast as
710	  a crypto transform.  This allows for faster crc t10 diff
711	  transforms to be used if they are available.
712
713config CRYPTO_CRCT10DIF_PCLMUL
714	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
715	depends on X86 && 64BIT && CRC_T10DIF
716	select CRYPTO_HASH
717	help
718	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
719	  CRC T10 DIF PCLMULQDQ computation can be hardware
720	  accelerated PCLMULQDQ instruction. This option will create
721	  'crct10dif-pclmul' module, which is faster when computing the
722	  crct10dif checksum as compared with the generic table implementation.
723
724config CRYPTO_CRCT10DIF_VPMSUM
725	tristate "CRC32T10DIF powerpc64 hardware acceleration"
726	depends on PPC64 && ALTIVEC && CRC_T10DIF
727	select CRYPTO_HASH
728	help
729	  CRC10T10DIF algorithm implemented using vector polynomial
730	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
731	  POWER8 and newer processors for improved performance.
732
733config CRYPTO_VPMSUM_TESTER
734	tristate "Powerpc64 vpmsum hardware acceleration tester"
735	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
736	help
737	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
738	  POWER8 vpmsum instructions.
739	  Unless you are testing these algorithms, you don't need this.
740
741config CRYPTO_GHASH
742	tristate "GHASH hash function"
743	select CRYPTO_GF128MUL
744	select CRYPTO_HASH
745	help
746	  GHASH is the hash function used in GCM (Galois/Counter Mode).
747	  It is not a general-purpose cryptographic hash function.
748
749config CRYPTO_POLY1305
750	tristate "Poly1305 authenticator algorithm"
751	select CRYPTO_HASH
752	select CRYPTO_LIB_POLY1305_GENERIC
753	help
754	  Poly1305 authenticator algorithm, RFC7539.
755
756	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
757	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
758	  in IETF protocols. This is the portable C implementation of Poly1305.
759
760config CRYPTO_POLY1305_X86_64
761	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
762	depends on X86 && 64BIT
763	select CRYPTO_LIB_POLY1305_GENERIC
764	select CRYPTO_ARCH_HAVE_LIB_POLY1305
765	help
766	  Poly1305 authenticator algorithm, RFC7539.
767
768	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
769	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
770	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
771	  instructions.
772
773config CRYPTO_POLY1305_MIPS
774	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
775	depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
776	select CRYPTO_ARCH_HAVE_LIB_POLY1305
777
778config CRYPTO_MD4
779	tristate "MD4 digest algorithm"
780	select CRYPTO_HASH
781	help
782	  MD4 message digest algorithm (RFC1320).
783
784config CRYPTO_MD5
785	tristate "MD5 digest algorithm"
786	select CRYPTO_HASH
787	help
788	  MD5 message digest algorithm (RFC1321).
789
790config CRYPTO_MD5_OCTEON
791	tristate "MD5 digest algorithm (OCTEON)"
792	depends on CPU_CAVIUM_OCTEON
793	select CRYPTO_MD5
794	select CRYPTO_HASH
795	help
796	  MD5 message digest algorithm (RFC1321) implemented
797	  using OCTEON crypto instructions, when available.
798
799config CRYPTO_MD5_PPC
800	tristate "MD5 digest algorithm (PPC)"
801	depends on PPC
802	select CRYPTO_HASH
803	help
804	  MD5 message digest algorithm (RFC1321) implemented
805	  in PPC assembler.
806
807config CRYPTO_MD5_SPARC64
808	tristate "MD5 digest algorithm (SPARC64)"
809	depends on SPARC64
810	select CRYPTO_MD5
811	select CRYPTO_HASH
812	help
813	  MD5 message digest algorithm (RFC1321) implemented
814	  using sparc64 crypto instructions, when available.
815
816config CRYPTO_MICHAEL_MIC
817	tristate "Michael MIC keyed digest algorithm"
818	select CRYPTO_HASH
819	help
820	  Michael MIC is used for message integrity protection in TKIP
821	  (IEEE 802.11i). This algorithm is required for TKIP, but it
822	  should not be used for other purposes because of the weakness
823	  of the algorithm.
824
825config CRYPTO_RMD128
826	tristate "RIPEMD-128 digest algorithm"
827	select CRYPTO_HASH
828	help
829	  RIPEMD-128 (ISO/IEC 10118-3:2004).
830
831	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
832	  be used as a secure replacement for RIPEMD. For other use cases,
833	  RIPEMD-160 should be used.
834
835	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
836	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
837
838config CRYPTO_RMD160
839	tristate "RIPEMD-160 digest algorithm"
840	select CRYPTO_HASH
841	help
842	  RIPEMD-160 (ISO/IEC 10118-3:2004).
843
844	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
845	  to be used as a secure replacement for the 128-bit hash functions
846	  MD4, MD5 and it's predecessor RIPEMD
847	  (not to be confused with RIPEMD-128).
848
849	  It's speed is comparable to SHA1 and there are no known attacks
850	  against RIPEMD-160.
851
852	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
853	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
854
855config CRYPTO_RMD256
856	tristate "RIPEMD-256 digest algorithm"
857	select CRYPTO_HASH
858	help
859	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
860	  256 bit hash. It is intended for applications that require
861	  longer hash-results, without needing a larger security level
862	  (than RIPEMD-128).
863
864	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
865	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
866
867config CRYPTO_RMD320
868	tristate "RIPEMD-320 digest algorithm"
869	select CRYPTO_HASH
870	help
871	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
872	  320 bit hash. It is intended for applications that require
873	  longer hash-results, without needing a larger security level
874	  (than RIPEMD-160).
875
876	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
877	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
878
879config CRYPTO_SHA1
880	tristate "SHA1 digest algorithm"
881	select CRYPTO_HASH
882	help
883	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
884
885config CRYPTO_SHA1_SSSE3
886	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
887	depends on X86 && 64BIT
888	select CRYPTO_SHA1
889	select CRYPTO_HASH
890	help
891	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
892	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
893	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
894	  when available.
895
896config CRYPTO_SHA256_SSSE3
897	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
898	depends on X86 && 64BIT
899	select CRYPTO_SHA256
900	select CRYPTO_HASH
901	help
902	  SHA-256 secure hash standard (DFIPS 180-2) implemented
903	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
904	  Extensions version 1 (AVX1), or Advanced Vector Extensions
905	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
906	  Instructions) when available.
907
908config CRYPTO_SHA512_SSSE3
909	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
910	depends on X86 && 64BIT
911	select CRYPTO_SHA512
912	select CRYPTO_HASH
913	help
914	  SHA-512 secure hash standard (DFIPS 180-2) implemented
915	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
916	  Extensions version 1 (AVX1), or Advanced Vector Extensions
917	  version 2 (AVX2) instructions, when available.
918
919config CRYPTO_SHA1_OCTEON
920	tristate "SHA1 digest algorithm (OCTEON)"
921	depends on CPU_CAVIUM_OCTEON
922	select CRYPTO_SHA1
923	select CRYPTO_HASH
924	help
925	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
926	  using OCTEON crypto instructions, when available.
927
928config CRYPTO_SHA1_SPARC64
929	tristate "SHA1 digest algorithm (SPARC64)"
930	depends on SPARC64
931	select CRYPTO_SHA1
932	select CRYPTO_HASH
933	help
934	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
935	  using sparc64 crypto instructions, when available.
936
937config CRYPTO_SHA1_PPC
938	tristate "SHA1 digest algorithm (powerpc)"
939	depends on PPC
940	help
941	  This is the powerpc hardware accelerated implementation of the
942	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
943
944config CRYPTO_SHA1_PPC_SPE
945	tristate "SHA1 digest algorithm (PPC SPE)"
946	depends on PPC && SPE
947	help
948	  SHA-1 secure hash standard (DFIPS 180-4) implemented
949	  using powerpc SPE SIMD instruction set.
950
951config CRYPTO_SHA256
952	tristate "SHA224 and SHA256 digest algorithm"
953	select CRYPTO_HASH
954	select CRYPTO_LIB_SHA256
955	help
956	  SHA256 secure hash standard (DFIPS 180-2).
957
958	  This version of SHA implements a 256 bit hash with 128 bits of
959	  security against collision attacks.
960
961	  This code also includes SHA-224, a 224 bit hash with 112 bits
962	  of security against collision attacks.
963
964config CRYPTO_SHA256_PPC_SPE
965	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
966	depends on PPC && SPE
967	select CRYPTO_SHA256
968	select CRYPTO_HASH
969	help
970	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
971	  implemented using powerpc SPE SIMD instruction set.
972
973config CRYPTO_SHA256_OCTEON
974	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
975	depends on CPU_CAVIUM_OCTEON
976	select CRYPTO_SHA256
977	select CRYPTO_HASH
978	help
979	  SHA-256 secure hash standard (DFIPS 180-2) implemented
980	  using OCTEON crypto instructions, when available.
981
982config CRYPTO_SHA256_SPARC64
983	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
984	depends on SPARC64
985	select CRYPTO_SHA256
986	select CRYPTO_HASH
987	help
988	  SHA-256 secure hash standard (DFIPS 180-2) implemented
989	  using sparc64 crypto instructions, when available.
990
991config CRYPTO_SHA512
992	tristate "SHA384 and SHA512 digest algorithms"
993	select CRYPTO_HASH
994	help
995	  SHA512 secure hash standard (DFIPS 180-2).
996
997	  This version of SHA implements a 512 bit hash with 256 bits of
998	  security against collision attacks.
999
1000	  This code also includes SHA-384, a 384 bit hash with 192 bits
1001	  of security against collision attacks.
1002
1003config CRYPTO_SHA512_OCTEON
1004	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
1005	depends on CPU_CAVIUM_OCTEON
1006	select CRYPTO_SHA512
1007	select CRYPTO_HASH
1008	help
1009	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1010	  using OCTEON crypto instructions, when available.
1011
1012config CRYPTO_SHA512_SPARC64
1013	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
1014	depends on SPARC64
1015	select CRYPTO_SHA512
1016	select CRYPTO_HASH
1017	help
1018	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1019	  using sparc64 crypto instructions, when available.
1020
1021config CRYPTO_SHA3
1022	tristate "SHA3 digest algorithm"
1023	select CRYPTO_HASH
1024	help
1025	  SHA-3 secure hash standard (DFIPS 202). It's based on
1026	  cryptographic sponge function family called Keccak.
1027
1028	  References:
1029	  http://keccak.noekeon.org/
1030
1031config CRYPTO_SM3
1032	tristate "SM3 digest algorithm"
1033	select CRYPTO_HASH
1034	help
1035	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1036	  It is part of the Chinese Commercial Cryptography suite.
1037
1038	  References:
1039	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1040	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1041
1042config CRYPTO_STREEBOG
1043	tristate "Streebog Hash Function"
1044	select CRYPTO_HASH
1045	help
1046	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1047	  cryptographic standard algorithms (called GOST algorithms).
1048	  This setting enables two hash algorithms with 256 and 512 bits output.
1049
1050	  References:
1051	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1052	  https://tools.ietf.org/html/rfc6986
1053
1054config CRYPTO_TGR192
1055	tristate "Tiger digest algorithms"
1056	select CRYPTO_HASH
1057	help
1058	  Tiger hash algorithm 192, 160 and 128-bit hashes
1059
1060	  Tiger is a hash function optimized for 64-bit processors while
1061	  still having decent performance on 32-bit processors.
1062	  Tiger was developed by Ross Anderson and Eli Biham.
1063
1064	  See also:
1065	  <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1066
1067config CRYPTO_WP512
1068	tristate "Whirlpool digest algorithms"
1069	select CRYPTO_HASH
1070	help
1071	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1072
1073	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1074	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1075
1076	  See also:
1077	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1078
1079config CRYPTO_GHASH_CLMUL_NI_INTEL
1080	tristate "GHASH hash function (CLMUL-NI accelerated)"
1081	depends on X86 && 64BIT
1082	select CRYPTO_CRYPTD
1083	help
1084	  This is the x86_64 CLMUL-NI accelerated implementation of
1085	  GHASH, the hash function used in GCM (Galois/Counter mode).
1086
1087comment "Ciphers"
1088
1089config CRYPTO_AES
1090	tristate "AES cipher algorithms"
1091	select CRYPTO_ALGAPI
1092	select CRYPTO_LIB_AES
1093	help
1094	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1095	  algorithm.
1096
1097	  Rijndael appears to be consistently a very good performer in
1098	  both hardware and software across a wide range of computing
1099	  environments regardless of its use in feedback or non-feedback
1100	  modes. Its key setup time is excellent, and its key agility is
1101	  good. Rijndael's very low memory requirements make it very well
1102	  suited for restricted-space environments, in which it also
1103	  demonstrates excellent performance. Rijndael's operations are
1104	  among the easiest to defend against power and timing attacks.
1105
1106	  The AES specifies three key sizes: 128, 192 and 256 bits
1107
1108	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1109
1110config CRYPTO_AES_TI
1111	tristate "Fixed time AES cipher"
1112	select CRYPTO_ALGAPI
1113	select CRYPTO_LIB_AES
1114	help
1115	  This is a generic implementation of AES that attempts to eliminate
1116	  data dependent latencies as much as possible without affecting
1117	  performance too much. It is intended for use by the generic CCM
1118	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1119	  solely on encryption (although decryption is supported as well, but
1120	  with a more dramatic performance hit)
1121
1122	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1123	  8 for decryption), this implementation only uses just two S-boxes of
1124	  256 bytes each, and attempts to eliminate data dependent latencies by
1125	  prefetching the entire table into the cache at the start of each
1126	  block. Interrupts are also disabled to avoid races where cachelines
1127	  are evicted when the CPU is interrupted to do something else.
1128
1129config CRYPTO_AES_NI_INTEL
1130	tristate "AES cipher algorithms (AES-NI)"
1131	depends on X86
1132	select CRYPTO_AEAD
1133	select CRYPTO_LIB_AES
1134	select CRYPTO_ALGAPI
1135	select CRYPTO_SKCIPHER
1136	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1137	select CRYPTO_SIMD
1138	help
1139	  Use Intel AES-NI instructions for AES algorithm.
1140
1141	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1142	  algorithm.
1143
1144	  Rijndael appears to be consistently a very good performer in
1145	  both hardware and software across a wide range of computing
1146	  environments regardless of its use in feedback or non-feedback
1147	  modes. Its key setup time is excellent, and its key agility is
1148	  good. Rijndael's very low memory requirements make it very well
1149	  suited for restricted-space environments, in which it also
1150	  demonstrates excellent performance. Rijndael's operations are
1151	  among the easiest to defend against power and timing attacks.
1152
1153	  The AES specifies three key sizes: 128, 192 and 256 bits
1154
1155	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1156
1157	  In addition to AES cipher algorithm support, the acceleration
1158	  for some popular block cipher mode is supported too, including
1159	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1160	  acceleration for CTR.
1161
1162config CRYPTO_AES_SPARC64
1163	tristate "AES cipher algorithms (SPARC64)"
1164	depends on SPARC64
1165	select CRYPTO_SKCIPHER
1166	help
1167	  Use SPARC64 crypto opcodes for AES algorithm.
1168
1169	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1170	  algorithm.
1171
1172	  Rijndael appears to be consistently a very good performer in
1173	  both hardware and software across a wide range of computing
1174	  environments regardless of its use in feedback or non-feedback
1175	  modes. Its key setup time is excellent, and its key agility is
1176	  good. Rijndael's very low memory requirements make it very well
1177	  suited for restricted-space environments, in which it also
1178	  demonstrates excellent performance. Rijndael's operations are
1179	  among the easiest to defend against power and timing attacks.
1180
1181	  The AES specifies three key sizes: 128, 192 and 256 bits
1182
1183	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1184
1185	  In addition to AES cipher algorithm support, the acceleration
1186	  for some popular block cipher mode is supported too, including
1187	  ECB and CBC.
1188
1189config CRYPTO_AES_PPC_SPE
1190	tristate "AES cipher algorithms (PPC SPE)"
1191	depends on PPC && SPE
1192	select CRYPTO_SKCIPHER
1193	help
1194	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1195	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1196	  This module should only be used for low power (router) devices
1197	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1198	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1199	  timining attacks. Nevertheless it might be not as secure as other
1200	  architecture specific assembler implementations that work on 1KB
1201	  tables or 256 bytes S-boxes.
1202
1203config CRYPTO_ANUBIS
1204	tristate "Anubis cipher algorithm"
1205	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1206	select CRYPTO_ALGAPI
1207	help
1208	  Anubis cipher algorithm.
1209
1210	  Anubis is a variable key length cipher which can use keys from
1211	  128 bits to 320 bits in length.  It was evaluated as a entrant
1212	  in the NESSIE competition.
1213
1214	  See also:
1215	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1216	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1217
1218config CRYPTO_ARC4
1219	tristate "ARC4 cipher algorithm"
1220	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1221	select CRYPTO_SKCIPHER
1222	select CRYPTO_LIB_ARC4
1223	help
1224	  ARC4 cipher algorithm.
1225
1226	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1227	  bits in length.  This algorithm is required for driver-based
1228	  WEP, but it should not be for other purposes because of the
1229	  weakness of the algorithm.
1230
1231config CRYPTO_BLOWFISH
1232	tristate "Blowfish cipher algorithm"
1233	select CRYPTO_ALGAPI
1234	select CRYPTO_BLOWFISH_COMMON
1235	help
1236	  Blowfish cipher algorithm, by Bruce Schneier.
1237
1238	  This is a variable key length cipher which can use keys from 32
1239	  bits to 448 bits in length.  It's fast, simple and specifically
1240	  designed for use on "large microprocessors".
1241
1242	  See also:
1243	  <https://www.schneier.com/blowfish.html>
1244
1245config CRYPTO_BLOWFISH_COMMON
1246	tristate
1247	help
1248	  Common parts of the Blowfish cipher algorithm shared by the
1249	  generic c and the assembler implementations.
1250
1251	  See also:
1252	  <https://www.schneier.com/blowfish.html>
1253
1254config CRYPTO_BLOWFISH_X86_64
1255	tristate "Blowfish cipher algorithm (x86_64)"
1256	depends on X86 && 64BIT
1257	select CRYPTO_SKCIPHER
1258	select CRYPTO_BLOWFISH_COMMON
1259	help
1260	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1261
1262	  This is a variable key length cipher which can use keys from 32
1263	  bits to 448 bits in length.  It's fast, simple and specifically
1264	  designed for use on "large microprocessors".
1265
1266	  See also:
1267	  <https://www.schneier.com/blowfish.html>
1268
1269config CRYPTO_CAMELLIA
1270	tristate "Camellia cipher algorithms"
1271	depends on CRYPTO
1272	select CRYPTO_ALGAPI
1273	help
1274	  Camellia cipher algorithms module.
1275
1276	  Camellia is a symmetric key block cipher developed jointly
1277	  at NTT and Mitsubishi Electric Corporation.
1278
1279	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1280
1281	  See also:
1282	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1283
1284config CRYPTO_CAMELLIA_X86_64
1285	tristate "Camellia cipher algorithm (x86_64)"
1286	depends on X86 && 64BIT
1287	depends on CRYPTO
1288	select CRYPTO_SKCIPHER
1289	select CRYPTO_GLUE_HELPER_X86
1290	help
1291	  Camellia cipher algorithm module (x86_64).
1292
1293	  Camellia is a symmetric key block cipher developed jointly
1294	  at NTT and Mitsubishi Electric Corporation.
1295
1296	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1297
1298	  See also:
1299	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1300
1301config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1302	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1303	depends on X86 && 64BIT
1304	depends on CRYPTO
1305	select CRYPTO_SKCIPHER
1306	select CRYPTO_CAMELLIA_X86_64
1307	select CRYPTO_GLUE_HELPER_X86
1308	select CRYPTO_SIMD
1309	select CRYPTO_XTS
1310	help
1311	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1312
1313	  Camellia is a symmetric key block cipher developed jointly
1314	  at NTT and Mitsubishi Electric Corporation.
1315
1316	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1317
1318	  See also:
1319	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1320
1321config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1322	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1323	depends on X86 && 64BIT
1324	depends on CRYPTO
1325	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1326	help
1327	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1328
1329	  Camellia is a symmetric key block cipher developed jointly
1330	  at NTT and Mitsubishi Electric Corporation.
1331
1332	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1333
1334	  See also:
1335	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1336
1337config CRYPTO_CAMELLIA_SPARC64
1338	tristate "Camellia cipher algorithm (SPARC64)"
1339	depends on SPARC64
1340	depends on CRYPTO
1341	select CRYPTO_ALGAPI
1342	select CRYPTO_SKCIPHER
1343	help
1344	  Camellia cipher algorithm module (SPARC64).
1345
1346	  Camellia is a symmetric key block cipher developed jointly
1347	  at NTT and Mitsubishi Electric Corporation.
1348
1349	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1350
1351	  See also:
1352	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1353
1354config CRYPTO_CAST_COMMON
1355	tristate
1356	help
1357	  Common parts of the CAST cipher algorithms shared by the
1358	  generic c and the assembler implementations.
1359
1360config CRYPTO_CAST5
1361	tristate "CAST5 (CAST-128) cipher algorithm"
1362	select CRYPTO_ALGAPI
1363	select CRYPTO_CAST_COMMON
1364	help
1365	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1366	  described in RFC2144.
1367
1368config CRYPTO_CAST5_AVX_X86_64
1369	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1370	depends on X86 && 64BIT
1371	select CRYPTO_SKCIPHER
1372	select CRYPTO_CAST5
1373	select CRYPTO_CAST_COMMON
1374	select CRYPTO_SIMD
1375	help
1376	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1377	  described in RFC2144.
1378
1379	  This module provides the Cast5 cipher algorithm that processes
1380	  sixteen blocks parallel using the AVX instruction set.
1381
1382config CRYPTO_CAST6
1383	tristate "CAST6 (CAST-256) cipher algorithm"
1384	select CRYPTO_ALGAPI
1385	select CRYPTO_CAST_COMMON
1386	help
1387	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1388	  described in RFC2612.
1389
1390config CRYPTO_CAST6_AVX_X86_64
1391	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1392	depends on X86 && 64BIT
1393	select CRYPTO_SKCIPHER
1394	select CRYPTO_CAST6
1395	select CRYPTO_CAST_COMMON
1396	select CRYPTO_GLUE_HELPER_X86
1397	select CRYPTO_SIMD
1398	select CRYPTO_XTS
1399	help
1400	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1401	  described in RFC2612.
1402
1403	  This module provides the Cast6 cipher algorithm that processes
1404	  eight blocks parallel using the AVX instruction set.
1405
1406config CRYPTO_DES
1407	tristate "DES and Triple DES EDE cipher algorithms"
1408	select CRYPTO_ALGAPI
1409	select CRYPTO_LIB_DES
1410	help
1411	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1412
1413config CRYPTO_DES_SPARC64
1414	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1415	depends on SPARC64
1416	select CRYPTO_ALGAPI
1417	select CRYPTO_LIB_DES
1418	select CRYPTO_SKCIPHER
1419	help
1420	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1421	  optimized using SPARC64 crypto opcodes.
1422
1423config CRYPTO_DES3_EDE_X86_64
1424	tristate "Triple DES EDE cipher algorithm (x86-64)"
1425	depends on X86 && 64BIT
1426	select CRYPTO_SKCIPHER
1427	select CRYPTO_LIB_DES
1428	help
1429	  Triple DES EDE (FIPS 46-3) algorithm.
1430
1431	  This module provides implementation of the Triple DES EDE cipher
1432	  algorithm that is optimized for x86-64 processors. Two versions of
1433	  algorithm are provided; regular processing one input block and
1434	  one that processes three blocks parallel.
1435
1436config CRYPTO_FCRYPT
1437	tristate "FCrypt cipher algorithm"
1438	select CRYPTO_ALGAPI
1439	select CRYPTO_SKCIPHER
1440	help
1441	  FCrypt algorithm used by RxRPC.
1442
1443config CRYPTO_KHAZAD
1444	tristate "Khazad cipher algorithm"
1445	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1446	select CRYPTO_ALGAPI
1447	help
1448	  Khazad cipher algorithm.
1449
1450	  Khazad was a finalist in the initial NESSIE competition.  It is
1451	  an algorithm optimized for 64-bit processors with good performance
1452	  on 32-bit processors.  Khazad uses an 128 bit key size.
1453
1454	  See also:
1455	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1456
1457config CRYPTO_SALSA20
1458	tristate "Salsa20 stream cipher algorithm"
1459	select CRYPTO_SKCIPHER
1460	help
1461	  Salsa20 stream cipher algorithm.
1462
1463	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1464	  Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/>
1465
1466	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1467	  Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html>
1468
1469config CRYPTO_CHACHA20
1470	tristate "ChaCha stream cipher algorithms"
1471	select CRYPTO_LIB_CHACHA_GENERIC
1472	select CRYPTO_SKCIPHER
1473	help
1474	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1475
1476	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1477	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1478	  This is the portable C implementation of ChaCha20.  See also:
1479	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1480
1481	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1482	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1483	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1484	  while provably retaining ChaCha20's security.  See also:
1485	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1486
1487	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1488	  reduced security margin but increased performance.  It can be needed
1489	  in some performance-sensitive scenarios.
1490
1491config CRYPTO_CHACHA20_X86_64
1492	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1493	depends on X86 && 64BIT
1494	select CRYPTO_SKCIPHER
1495	select CRYPTO_LIB_CHACHA_GENERIC
1496	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1497	help
1498	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1499	  XChaCha20, and XChaCha12 stream ciphers.
1500
1501config CRYPTO_CHACHA_MIPS
1502	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1503	depends on CPU_MIPS32_R2
1504	select CRYPTO_SKCIPHER
1505	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1506
1507config CRYPTO_SEED
1508	tristate "SEED cipher algorithm"
1509	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1510	select CRYPTO_ALGAPI
1511	help
1512	  SEED cipher algorithm (RFC4269).
1513
1514	  SEED is a 128-bit symmetric key block cipher that has been
1515	  developed by KISA (Korea Information Security Agency) as a
1516	  national standard encryption algorithm of the Republic of Korea.
1517	  It is a 16 round block cipher with the key size of 128 bit.
1518
1519	  See also:
1520	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1521
1522config CRYPTO_SERPENT
1523	tristate "Serpent cipher algorithm"
1524	select CRYPTO_ALGAPI
1525	help
1526	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1527
1528	  Keys are allowed to be from 0 to 256 bits in length, in steps
1529	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1530	  variant of Serpent for compatibility with old kerneli.org code.
1531
1532	  See also:
1533	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1534
1535config CRYPTO_SERPENT_SSE2_X86_64
1536	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1537	depends on X86 && 64BIT
1538	select CRYPTO_SKCIPHER
1539	select CRYPTO_GLUE_HELPER_X86
1540	select CRYPTO_SERPENT
1541	select CRYPTO_SIMD
1542	help
1543	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544
1545	  Keys are allowed to be from 0 to 256 bits in length, in steps
1546	  of 8 bits.
1547
1548	  This module provides Serpent cipher algorithm that processes eight
1549	  blocks parallel using SSE2 instruction set.
1550
1551	  See also:
1552	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1553
1554config CRYPTO_SERPENT_SSE2_586
1555	tristate "Serpent cipher algorithm (i586/SSE2)"
1556	depends on X86 && !64BIT
1557	select CRYPTO_SKCIPHER
1558	select CRYPTO_GLUE_HELPER_X86
1559	select CRYPTO_SERPENT
1560	select CRYPTO_SIMD
1561	help
1562	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1563
1564	  Keys are allowed to be from 0 to 256 bits in length, in steps
1565	  of 8 bits.
1566
1567	  This module provides Serpent cipher algorithm that processes four
1568	  blocks parallel using SSE2 instruction set.
1569
1570	  See also:
1571	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1572
1573config CRYPTO_SERPENT_AVX_X86_64
1574	tristate "Serpent cipher algorithm (x86_64/AVX)"
1575	depends on X86 && 64BIT
1576	select CRYPTO_SKCIPHER
1577	select CRYPTO_GLUE_HELPER_X86
1578	select CRYPTO_SERPENT
1579	select CRYPTO_SIMD
1580	select CRYPTO_XTS
1581	help
1582	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1583
1584	  Keys are allowed to be from 0 to 256 bits in length, in steps
1585	  of 8 bits.
1586
1587	  This module provides the Serpent cipher algorithm that processes
1588	  eight blocks parallel using the AVX instruction set.
1589
1590	  See also:
1591	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1592
1593config CRYPTO_SERPENT_AVX2_X86_64
1594	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1595	depends on X86 && 64BIT
1596	select CRYPTO_SERPENT_AVX_X86_64
1597	help
1598	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1599
1600	  Keys are allowed to be from 0 to 256 bits in length, in steps
1601	  of 8 bits.
1602
1603	  This module provides Serpent cipher algorithm that processes 16
1604	  blocks parallel using AVX2 instruction set.
1605
1606	  See also:
1607	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1608
1609config CRYPTO_SM4
1610	tristate "SM4 cipher algorithm"
1611	select CRYPTO_ALGAPI
1612	help
1613	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1614
1615	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1616	  Organization of State Commercial Administration of China (OSCCA)
1617	  as an authorized cryptographic algorithms for the use within China.
1618
1619	  SMS4 was originally created for use in protecting wireless
1620	  networks, and is mandated in the Chinese National Standard for
1621	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1622	  (GB.15629.11-2003).
1623
1624	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1625	  standardized through TC 260 of the Standardization Administration
1626	  of the People's Republic of China (SAC).
1627
1628	  The input, output, and key of SMS4 are each 128 bits.
1629
1630	  See also: <https://eprint.iacr.org/2008/329.pdf>
1631
1632	  If unsure, say N.
1633
1634config CRYPTO_TEA
1635	tristate "TEA, XTEA and XETA cipher algorithms"
1636	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1637	select CRYPTO_ALGAPI
1638	help
1639	  TEA cipher algorithm.
1640
1641	  Tiny Encryption Algorithm is a simple cipher that uses
1642	  many rounds for security.  It is very fast and uses
1643	  little memory.
1644
1645	  Xtendend Tiny Encryption Algorithm is a modification to
1646	  the TEA algorithm to address a potential key weakness
1647	  in the TEA algorithm.
1648
1649	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1650	  of the XTEA algorithm for compatibility purposes.
1651
1652config CRYPTO_TWOFISH
1653	tristate "Twofish cipher algorithm"
1654	select CRYPTO_ALGAPI
1655	select CRYPTO_TWOFISH_COMMON
1656	help
1657	  Twofish cipher algorithm.
1658
1659	  Twofish was submitted as an AES (Advanced Encryption Standard)
1660	  candidate cipher by researchers at CounterPane Systems.  It is a
1661	  16 round block cipher supporting key sizes of 128, 192, and 256
1662	  bits.
1663
1664	  See also:
1665	  <https://www.schneier.com/twofish.html>
1666
1667config CRYPTO_TWOFISH_COMMON
1668	tristate
1669	help
1670	  Common parts of the Twofish cipher algorithm shared by the
1671	  generic c and the assembler implementations.
1672
1673config CRYPTO_TWOFISH_586
1674	tristate "Twofish cipher algorithms (i586)"
1675	depends on (X86 || UML_X86) && !64BIT
1676	select CRYPTO_ALGAPI
1677	select CRYPTO_TWOFISH_COMMON
1678	help
1679	  Twofish cipher algorithm.
1680
1681	  Twofish was submitted as an AES (Advanced Encryption Standard)
1682	  candidate cipher by researchers at CounterPane Systems.  It is a
1683	  16 round block cipher supporting key sizes of 128, 192, and 256
1684	  bits.
1685
1686	  See also:
1687	  <https://www.schneier.com/twofish.html>
1688
1689config CRYPTO_TWOFISH_X86_64
1690	tristate "Twofish cipher algorithm (x86_64)"
1691	depends on (X86 || UML_X86) && 64BIT
1692	select CRYPTO_ALGAPI
1693	select CRYPTO_TWOFISH_COMMON
1694	help
1695	  Twofish cipher algorithm (x86_64).
1696
1697	  Twofish was submitted as an AES (Advanced Encryption Standard)
1698	  candidate cipher by researchers at CounterPane Systems.  It is a
1699	  16 round block cipher supporting key sizes of 128, 192, and 256
1700	  bits.
1701
1702	  See also:
1703	  <https://www.schneier.com/twofish.html>
1704
1705config CRYPTO_TWOFISH_X86_64_3WAY
1706	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1707	depends on X86 && 64BIT
1708	select CRYPTO_SKCIPHER
1709	select CRYPTO_TWOFISH_COMMON
1710	select CRYPTO_TWOFISH_X86_64
1711	select CRYPTO_GLUE_HELPER_X86
1712	help
1713	  Twofish cipher algorithm (x86_64, 3-way parallel).
1714
1715	  Twofish was submitted as an AES (Advanced Encryption Standard)
1716	  candidate cipher by researchers at CounterPane Systems.  It is a
1717	  16 round block cipher supporting key sizes of 128, 192, and 256
1718	  bits.
1719
1720	  This module provides Twofish cipher algorithm that processes three
1721	  blocks parallel, utilizing resources of out-of-order CPUs better.
1722
1723	  See also:
1724	  <https://www.schneier.com/twofish.html>
1725
1726config CRYPTO_TWOFISH_AVX_X86_64
1727	tristate "Twofish cipher algorithm (x86_64/AVX)"
1728	depends on X86 && 64BIT
1729	select CRYPTO_SKCIPHER
1730	select CRYPTO_GLUE_HELPER_X86
1731	select CRYPTO_SIMD
1732	select CRYPTO_TWOFISH_COMMON
1733	select CRYPTO_TWOFISH_X86_64
1734	select CRYPTO_TWOFISH_X86_64_3WAY
1735	help
1736	  Twofish cipher algorithm (x86_64/AVX).
1737
1738	  Twofish was submitted as an AES (Advanced Encryption Standard)
1739	  candidate cipher by researchers at CounterPane Systems.  It is a
1740	  16 round block cipher supporting key sizes of 128, 192, and 256
1741	  bits.
1742
1743	  This module provides the Twofish cipher algorithm that processes
1744	  eight blocks parallel using the AVX Instruction Set.
1745
1746	  See also:
1747	  <https://www.schneier.com/twofish.html>
1748
1749comment "Compression"
1750
1751config CRYPTO_DEFLATE
1752	tristate "Deflate compression algorithm"
1753	select CRYPTO_ALGAPI
1754	select CRYPTO_ACOMP2
1755	select ZLIB_INFLATE
1756	select ZLIB_DEFLATE
1757	help
1758	  This is the Deflate algorithm (RFC1951), specified for use in
1759	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1760
1761	  You will most probably want this if using IPSec.
1762
1763config CRYPTO_LZO
1764	tristate "LZO compression algorithm"
1765	select CRYPTO_ALGAPI
1766	select CRYPTO_ACOMP2
1767	select LZO_COMPRESS
1768	select LZO_DECOMPRESS
1769	help
1770	  This is the LZO algorithm.
1771
1772config CRYPTO_842
1773	tristate "842 compression algorithm"
1774	select CRYPTO_ALGAPI
1775	select CRYPTO_ACOMP2
1776	select 842_COMPRESS
1777	select 842_DECOMPRESS
1778	help
1779	  This is the 842 algorithm.
1780
1781config CRYPTO_LZ4
1782	tristate "LZ4 compression algorithm"
1783	select CRYPTO_ALGAPI
1784	select CRYPTO_ACOMP2
1785	select LZ4_COMPRESS
1786	select LZ4_DECOMPRESS
1787	help
1788	  This is the LZ4 algorithm.
1789
1790config CRYPTO_LZ4HC
1791	tristate "LZ4HC compression algorithm"
1792	select CRYPTO_ALGAPI
1793	select CRYPTO_ACOMP2
1794	select LZ4HC_COMPRESS
1795	select LZ4_DECOMPRESS
1796	help
1797	  This is the LZ4 high compression mode algorithm.
1798
1799config CRYPTO_ZSTD
1800	tristate "Zstd compression algorithm"
1801	select CRYPTO_ALGAPI
1802	select CRYPTO_ACOMP2
1803	select ZSTD_COMPRESS
1804	select ZSTD_DECOMPRESS
1805	help
1806	  This is the zstd algorithm.
1807
1808comment "Random Number Generation"
1809
1810config CRYPTO_ANSI_CPRNG
1811	tristate "Pseudo Random Number Generation for Cryptographic modules"
1812	select CRYPTO_AES
1813	select CRYPTO_RNG
1814	help
1815	  This option enables the generic pseudo random number generator
1816	  for cryptographic modules.  Uses the Algorithm specified in
1817	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1818	  CRYPTO_FIPS is selected
1819
1820menuconfig CRYPTO_DRBG_MENU
1821	tristate "NIST SP800-90A DRBG"
1822	help
1823	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1824	  more of the DRBG types must be selected.
1825
1826if CRYPTO_DRBG_MENU
1827
1828config CRYPTO_DRBG_HMAC
1829	bool
1830	default y
1831	select CRYPTO_HMAC
1832	select CRYPTO_SHA256
1833
1834config CRYPTO_DRBG_HASH
1835	bool "Enable Hash DRBG"
1836	select CRYPTO_SHA256
1837	help
1838	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1839
1840config CRYPTO_DRBG_CTR
1841	bool "Enable CTR DRBG"
1842	select CRYPTO_AES
1843	select CRYPTO_CTR
1844	help
1845	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1846
1847config CRYPTO_DRBG
1848	tristate
1849	default CRYPTO_DRBG_MENU
1850	select CRYPTO_RNG
1851	select CRYPTO_JITTERENTROPY
1852
1853endif	# if CRYPTO_DRBG_MENU
1854
1855config CRYPTO_JITTERENTROPY
1856	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1857	select CRYPTO_RNG
1858	help
1859	  The Jitterentropy RNG is a noise that is intended
1860	  to provide seed to another RNG. The RNG does not
1861	  perform any cryptographic whitening of the generated
1862	  random numbers. This Jitterentropy RNG registers with
1863	  the kernel crypto API and can be used by any caller.
1864
1865config CRYPTO_USER_API
1866	tristate
1867
1868config CRYPTO_USER_API_HASH
1869	tristate "User-space interface for hash algorithms"
1870	depends on NET
1871	select CRYPTO_HASH
1872	select CRYPTO_USER_API
1873	help
1874	  This option enables the user-spaces interface for hash
1875	  algorithms.
1876
1877config CRYPTO_USER_API_SKCIPHER
1878	tristate "User-space interface for symmetric key cipher algorithms"
1879	depends on NET
1880	select CRYPTO_SKCIPHER
1881	select CRYPTO_USER_API
1882	help
1883	  This option enables the user-spaces interface for symmetric
1884	  key cipher algorithms.
1885
1886config CRYPTO_USER_API_RNG
1887	tristate "User-space interface for random number generator algorithms"
1888	depends on NET
1889	select CRYPTO_RNG
1890	select CRYPTO_USER_API
1891	help
1892	  This option enables the user-spaces interface for random
1893	  number generator algorithms.
1894
1895config CRYPTO_USER_API_RNG_CAVP
1896	bool "Enable CAVP testing of DRBG"
1897	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1898	help
1899	  This option enables extra API for CAVP testing via the user-space
1900	  interface: resetting of DRBG entropy, and providing Additional Data.
1901	  This should only be enabled for CAVP testing. You should say
1902	  no unless you know what this is.
1903
1904config CRYPTO_USER_API_AEAD
1905	tristate "User-space interface for AEAD cipher algorithms"
1906	depends on NET
1907	select CRYPTO_AEAD
1908	select CRYPTO_SKCIPHER
1909	select CRYPTO_NULL
1910	select CRYPTO_USER_API
1911	help
1912	  This option enables the user-spaces interface for AEAD
1913	  cipher algorithms.
1914
1915config CRYPTO_USER_API_ENABLE_OBSOLETE
1916	bool "Enable obsolete cryptographic algorithms for userspace"
1917	depends on CRYPTO_USER_API
1918	default y
1919	help
1920	  Allow obsolete cryptographic algorithms to be selected that have
1921	  already been phased out from internal use by the kernel, and are
1922	  only useful for userspace clients that still rely on them.
1923
1924config CRYPTO_STATS
1925	bool "Crypto usage statistics for User-space"
1926	depends on CRYPTO_USER
1927	help
1928	  This option enables the gathering of crypto stats.
1929	  This will collect:
1930	  - encrypt/decrypt size and numbers of symmeric operations
1931	  - compress/decompress size and numbers of compress operations
1932	  - size and numbers of hash operations
1933	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1934	  - generate/seed numbers for rng operations
1935
1936config CRYPTO_HASH_INFO
1937	bool
1938
1939source "lib/crypto/Kconfig"
1940source "drivers/crypto/Kconfig"
1941source "crypto/asymmetric_keys/Kconfig"
1942source "certs/Kconfig"
1943
1944endif	# if CRYPTO
1945