xref: /openbmc/linux/crypto/Kconfig (revision 465191d6)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139config CRYPTO_MANAGER_DISABLE_TESTS
140	bool "Disable run-time self tests"
141	default y
142	help
143	  Disable run-time self tests that normally take place at
144	  algorithm registration.
145
146config CRYPTO_MANAGER_EXTRA_TESTS
147	bool "Enable extra run-time crypto self tests"
148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
149	help
150	  Enable extra run-time self tests of registered crypto algorithms,
151	  including randomized fuzz tests.
152
153	  This is intended for developer use only, as these tests take much
154	  longer to run than the normal self tests.
155
156config CRYPTO_GF128MUL
157	tristate
158
159config CRYPTO_NULL
160	tristate "Null algorithms"
161	select CRYPTO_NULL2
162	help
163	  These are 'Null' algorithms, used by IPsec, which do nothing.
164
165config CRYPTO_NULL2
166	tristate
167	select CRYPTO_ALGAPI2
168	select CRYPTO_SKCIPHER2
169	select CRYPTO_HASH2
170
171config CRYPTO_PCRYPT
172	tristate "Parallel crypto engine"
173	depends on SMP
174	select PADATA
175	select CRYPTO_MANAGER
176	select CRYPTO_AEAD
177	help
178	  This converts an arbitrary crypto algorithm into a parallel
179	  algorithm that executes in kernel threads.
180
181config CRYPTO_CRYPTD
182	tristate "Software async crypto daemon"
183	select CRYPTO_SKCIPHER
184	select CRYPTO_HASH
185	select CRYPTO_MANAGER
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  converts an arbitrary synchronous software crypto algorithm
189	  into an asynchronous algorithm that executes in a kernel thread.
190
191config CRYPTO_AUTHENC
192	tristate "Authenc support"
193	select CRYPTO_AEAD
194	select CRYPTO_SKCIPHER
195	select CRYPTO_MANAGER
196	select CRYPTO_HASH
197	select CRYPTO_NULL
198	help
199	  Authenc: Combined mode wrapper for IPsec.
200	  This is required for IPSec.
201
202config CRYPTO_TEST
203	tristate "Testing module"
204	depends on m || EXPERT
205	select CRYPTO_MANAGER
206	help
207	  Quick & dirty crypto test module.
208
209config CRYPTO_SIMD
210	tristate
211	select CRYPTO_CRYPTD
212
213config CRYPTO_ENGINE
214	tristate
215
216comment "Public-key cryptography"
217
218config CRYPTO_RSA
219	tristate "RSA algorithm"
220	select CRYPTO_AKCIPHER
221	select CRYPTO_MANAGER
222	select MPILIB
223	select ASN1
224	help
225	  Generic implementation of the RSA public key algorithm.
226
227config CRYPTO_DH
228	tristate "Diffie-Hellman algorithm"
229	select CRYPTO_KPP
230	select MPILIB
231	help
232	  Generic implementation of the Diffie-Hellman algorithm.
233
234config CRYPTO_DH_RFC7919_GROUPS
235	bool "Support for RFC 7919 FFDHE group parameters"
236	depends on CRYPTO_DH
237	select CRYPTO_RNG_DEFAULT
238	help
239	  Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
240
241config CRYPTO_ECC
242	tristate
243	select CRYPTO_RNG_DEFAULT
244
245config CRYPTO_ECDH
246	tristate "ECDH algorithm"
247	select CRYPTO_ECC
248	select CRYPTO_KPP
249	help
250	  Generic implementation of the ECDH algorithm
251
252config CRYPTO_ECDSA
253	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
254	select CRYPTO_ECC
255	select CRYPTO_AKCIPHER
256	select ASN1
257	help
258	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
259	  is A NIST cryptographic standard algorithm. Only signature verification
260	  is implemented.
261
262config CRYPTO_ECRDSA
263	tristate "EC-RDSA (GOST 34.10) algorithm"
264	select CRYPTO_ECC
265	select CRYPTO_AKCIPHER
266	select CRYPTO_STREEBOG
267	select OID_REGISTRY
268	select ASN1
269	help
270	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
271	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
272	  standard algorithms (called GOST algorithms). Only signature verification
273	  is implemented.
274
275config CRYPTO_SM2
276	tristate "SM2 algorithm"
277	select CRYPTO_SM3
278	select CRYPTO_AKCIPHER
279	select CRYPTO_MANAGER
280	select MPILIB
281	select ASN1
282	help
283	  Generic implementation of the SM2 public key algorithm. It was
284	  published by State Encryption Management Bureau, China.
285	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
286
287	  References:
288	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
289	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
290	  http://www.gmbz.org.cn/main/bzlb.html
291
292config CRYPTO_CURVE25519
293	tristate "Curve25519 algorithm"
294	select CRYPTO_KPP
295	select CRYPTO_LIB_CURVE25519_GENERIC
296
297config CRYPTO_CURVE25519_X86
298	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
299	depends on X86 && 64BIT
300	select CRYPTO_LIB_CURVE25519_GENERIC
301	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
302
303comment "Authenticated Encryption with Associated Data"
304
305config CRYPTO_CCM
306	tristate "CCM support"
307	select CRYPTO_CTR
308	select CRYPTO_HASH
309	select CRYPTO_AEAD
310	select CRYPTO_MANAGER
311	help
312	  Support for Counter with CBC MAC. Required for IPsec.
313
314config CRYPTO_GCM
315	tristate "GCM/GMAC support"
316	select CRYPTO_CTR
317	select CRYPTO_AEAD
318	select CRYPTO_GHASH
319	select CRYPTO_NULL
320	select CRYPTO_MANAGER
321	help
322	  Support for Galois/Counter Mode (GCM) and Galois Message
323	  Authentication Code (GMAC). Required for IPSec.
324
325config CRYPTO_CHACHA20POLY1305
326	tristate "ChaCha20-Poly1305 AEAD support"
327	select CRYPTO_CHACHA20
328	select CRYPTO_POLY1305
329	select CRYPTO_AEAD
330	select CRYPTO_MANAGER
331	help
332	  ChaCha20-Poly1305 AEAD support, RFC7539.
333
334	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
335	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
336	  IETF protocols.
337
338config CRYPTO_AEGIS128
339	tristate "AEGIS-128 AEAD algorithm"
340	select CRYPTO_AEAD
341	select CRYPTO_AES  # for AES S-box tables
342	help
343	 Support for the AEGIS-128 dedicated AEAD algorithm.
344
345config CRYPTO_AEGIS128_SIMD
346	bool "Support SIMD acceleration for AEGIS-128"
347	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
348	default y
349
350config CRYPTO_AEGIS128_AESNI_SSE2
351	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
352	depends on X86 && 64BIT
353	select CRYPTO_AEAD
354	select CRYPTO_SIMD
355	help
356	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
357
358config CRYPTO_SEQIV
359	tristate "Sequence Number IV Generator"
360	select CRYPTO_AEAD
361	select CRYPTO_SKCIPHER
362	select CRYPTO_NULL
363	select CRYPTO_RNG_DEFAULT
364	select CRYPTO_MANAGER
365	help
366	  This IV generator generates an IV based on a sequence number by
367	  xoring it with a salt.  This algorithm is mainly useful for CTR
368
369config CRYPTO_ECHAINIV
370	tristate "Encrypted Chain IV Generator"
371	select CRYPTO_AEAD
372	select CRYPTO_NULL
373	select CRYPTO_RNG_DEFAULT
374	select CRYPTO_MANAGER
375	help
376	  This IV generator generates an IV based on the encryption of
377	  a sequence number xored with a salt.  This is the default
378	  algorithm for CBC.
379
380comment "Block modes"
381
382config CRYPTO_CBC
383	tristate "CBC support"
384	select CRYPTO_SKCIPHER
385	select CRYPTO_MANAGER
386	help
387	  CBC: Cipher Block Chaining mode
388	  This block cipher algorithm is required for IPSec.
389
390config CRYPTO_CFB
391	tristate "CFB support"
392	select CRYPTO_SKCIPHER
393	select CRYPTO_MANAGER
394	help
395	  CFB: Cipher FeedBack mode
396	  This block cipher algorithm is required for TPM2 Cryptography.
397
398config CRYPTO_CTR
399	tristate "CTR support"
400	select CRYPTO_SKCIPHER
401	select CRYPTO_MANAGER
402	help
403	  CTR: Counter mode
404	  This block cipher algorithm is required for IPSec.
405
406config CRYPTO_CTS
407	tristate "CTS support"
408	select CRYPTO_SKCIPHER
409	select CRYPTO_MANAGER
410	help
411	  CTS: Cipher Text Stealing
412	  This is the Cipher Text Stealing mode as described by
413	  Section 8 of rfc2040 and referenced by rfc3962
414	  (rfc3962 includes errata information in its Appendix A) or
415	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
416	  This mode is required for Kerberos gss mechanism support
417	  for AES encryption.
418
419	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
420
421config CRYPTO_ECB
422	tristate "ECB support"
423	select CRYPTO_SKCIPHER
424	select CRYPTO_MANAGER
425	help
426	  ECB: Electronic CodeBook mode
427	  This is the simplest block cipher algorithm.  It simply encrypts
428	  the input block by block.
429
430config CRYPTO_LRW
431	tristate "LRW support"
432	select CRYPTO_SKCIPHER
433	select CRYPTO_MANAGER
434	select CRYPTO_GF128MUL
435	select CRYPTO_ECB
436	help
437	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
438	  narrow block cipher mode for dm-crypt.  Use it with cipher
439	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
440	  The first 128, 192 or 256 bits in the key are used for AES and the
441	  rest is used to tie each cipher block to its logical position.
442
443config CRYPTO_OFB
444	tristate "OFB support"
445	select CRYPTO_SKCIPHER
446	select CRYPTO_MANAGER
447	help
448	  OFB: the Output Feedback mode makes a block cipher into a synchronous
449	  stream cipher. It generates keystream blocks, which are then XORed
450	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
451	  ciphertext produces a flipped bit in the plaintext at the same
452	  location. This property allows many error correcting codes to function
453	  normally even when applied before encryption.
454
455config CRYPTO_PCBC
456	tristate "PCBC support"
457	select CRYPTO_SKCIPHER
458	select CRYPTO_MANAGER
459	help
460	  PCBC: Propagating Cipher Block Chaining mode
461	  This block cipher algorithm is required for RxRPC.
462
463config CRYPTO_XTS
464	tristate "XTS support"
465	select CRYPTO_SKCIPHER
466	select CRYPTO_MANAGER
467	select CRYPTO_ECB
468	help
469	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
470	  key size 256, 384 or 512 bits. This implementation currently
471	  can't handle a sectorsize which is not a multiple of 16 bytes.
472
473config CRYPTO_KEYWRAP
474	tristate "Key wrapping support"
475	select CRYPTO_SKCIPHER
476	select CRYPTO_MANAGER
477	help
478	  Support for key wrapping (NIST SP800-38F / RFC3394) without
479	  padding.
480
481config CRYPTO_NHPOLY1305
482	tristate
483	select CRYPTO_HASH
484	select CRYPTO_LIB_POLY1305_GENERIC
485
486config CRYPTO_NHPOLY1305_SSE2
487	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
488	depends on X86 && 64BIT
489	select CRYPTO_NHPOLY1305
490	help
491	  SSE2 optimized implementation of the hash function used by the
492	  Adiantum encryption mode.
493
494config CRYPTO_NHPOLY1305_AVX2
495	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
496	depends on X86 && 64BIT
497	select CRYPTO_NHPOLY1305
498	help
499	  AVX2 optimized implementation of the hash function used by the
500	  Adiantum encryption mode.
501
502config CRYPTO_ADIANTUM
503	tristate "Adiantum support"
504	select CRYPTO_CHACHA20
505	select CRYPTO_LIB_POLY1305_GENERIC
506	select CRYPTO_NHPOLY1305
507	select CRYPTO_MANAGER
508	help
509	  Adiantum is a tweakable, length-preserving encryption mode
510	  designed for fast and secure disk encryption, especially on
511	  CPUs without dedicated crypto instructions.  It encrypts
512	  each sector using the XChaCha12 stream cipher, two passes of
513	  an ε-almost-∆-universal hash function, and an invocation of
514	  the AES-256 block cipher on a single 16-byte block.  On CPUs
515	  without AES instructions, Adiantum is much faster than
516	  AES-XTS.
517
518	  Adiantum's security is provably reducible to that of its
519	  underlying stream and block ciphers, subject to a security
520	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
521	  mode, so it actually provides an even stronger notion of
522	  security than XTS, subject to the security bound.
523
524	  If unsure, say N.
525
526config CRYPTO_ESSIV
527	tristate "ESSIV support for block encryption"
528	select CRYPTO_AUTHENC
529	help
530	  Encrypted salt-sector initialization vector (ESSIV) is an IV
531	  generation method that is used in some cases by fscrypt and/or
532	  dm-crypt. It uses the hash of the block encryption key as the
533	  symmetric key for a block encryption pass applied to the input
534	  IV, making low entropy IV sources more suitable for block
535	  encryption.
536
537	  This driver implements a crypto API template that can be
538	  instantiated either as an skcipher or as an AEAD (depending on the
539	  type of the first template argument), and which defers encryption
540	  and decryption requests to the encapsulated cipher after applying
541	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
542	  that the keys are presented in the same format used by the authenc
543	  template, and that the IV appears at the end of the authenticated
544	  associated data (AAD) region (which is how dm-crypt uses it.)
545
546	  Note that the use of ESSIV is not recommended for new deployments,
547	  and so this only needs to be enabled when interoperability with
548	  existing encrypted volumes of filesystems is required, or when
549	  building for a particular system that requires it (e.g., when
550	  the SoC in question has accelerated CBC but not XTS, making CBC
551	  combined with ESSIV the only feasible mode for h/w accelerated
552	  block encryption)
553
554comment "Hash modes"
555
556config CRYPTO_CMAC
557	tristate "CMAC support"
558	select CRYPTO_HASH
559	select CRYPTO_MANAGER
560	help
561	  Cipher-based Message Authentication Code (CMAC) specified by
562	  The National Institute of Standards and Technology (NIST).
563
564	  https://tools.ietf.org/html/rfc4493
565	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
566
567config CRYPTO_HMAC
568	tristate "HMAC support"
569	select CRYPTO_HASH
570	select CRYPTO_MANAGER
571	help
572	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
573	  This is required for IPSec.
574
575config CRYPTO_XCBC
576	tristate "XCBC support"
577	select CRYPTO_HASH
578	select CRYPTO_MANAGER
579	help
580	  XCBC: Keyed-Hashing with encryption algorithm
581		https://www.ietf.org/rfc/rfc3566.txt
582		http://csrc.nist.gov/encryption/modes/proposedmodes/
583		 xcbc-mac/xcbc-mac-spec.pdf
584
585config CRYPTO_VMAC
586	tristate "VMAC support"
587	select CRYPTO_HASH
588	select CRYPTO_MANAGER
589	help
590	  VMAC is a message authentication algorithm designed for
591	  very high speed on 64-bit architectures.
592
593	  See also:
594	  <https://fastcrypto.org/vmac>
595
596comment "Digest"
597
598config CRYPTO_CRC32C
599	tristate "CRC32c CRC algorithm"
600	select CRYPTO_HASH
601	select CRC32
602	help
603	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
604	  by iSCSI for header and data digests and by others.
605	  See Castagnoli93.  Module will be crc32c.
606
607config CRYPTO_CRC32C_INTEL
608	tristate "CRC32c INTEL hardware acceleration"
609	depends on X86
610	select CRYPTO_HASH
611	help
612	  In Intel processor with SSE4.2 supported, the processor will
613	  support CRC32C implementation using hardware accelerated CRC32
614	  instruction. This option will create 'crc32c-intel' module,
615	  which will enable any routine to use the CRC32 instruction to
616	  gain performance compared with software implementation.
617	  Module will be crc32c-intel.
618
619config CRYPTO_CRC32C_VPMSUM
620	tristate "CRC32c CRC algorithm (powerpc64)"
621	depends on PPC64 && ALTIVEC
622	select CRYPTO_HASH
623	select CRC32
624	help
625	  CRC32c algorithm implemented using vector polynomial multiply-sum
626	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
627	  and newer processors for improved performance.
628
629
630config CRYPTO_CRC32C_SPARC64
631	tristate "CRC32c CRC algorithm (SPARC64)"
632	depends on SPARC64
633	select CRYPTO_HASH
634	select CRC32
635	help
636	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
637	  when available.
638
639config CRYPTO_CRC32
640	tristate "CRC32 CRC algorithm"
641	select CRYPTO_HASH
642	select CRC32
643	help
644	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
645	  Shash crypto api wrappers to crc32_le function.
646
647config CRYPTO_CRC32_PCLMUL
648	tristate "CRC32 PCLMULQDQ hardware acceleration"
649	depends on X86
650	select CRYPTO_HASH
651	select CRC32
652	help
653	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
654	  and PCLMULQDQ supported, the processor will support
655	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
656	  instruction. This option will create 'crc32-pclmul' module,
657	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
658	  and gain better performance as compared with the table implementation.
659
660config CRYPTO_CRC32_MIPS
661	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
662	depends on MIPS_CRC_SUPPORT
663	select CRYPTO_HASH
664	help
665	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
666	  instructions, when available.
667
668
669config CRYPTO_XXHASH
670	tristate "xxHash hash algorithm"
671	select CRYPTO_HASH
672	select XXHASH
673	help
674	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
675	  speeds close to RAM limits.
676
677config CRYPTO_BLAKE2B
678	tristate "BLAKE2b digest algorithm"
679	select CRYPTO_HASH
680	help
681	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
682	  optimized for 64bit platforms and can produce digests of any size
683	  between 1 to 64.  The keyed hash is also implemented.
684
685	  This module provides the following algorithms:
686
687	  - blake2b-160
688	  - blake2b-256
689	  - blake2b-384
690	  - blake2b-512
691
692	  See https://blake2.net for further information.
693
694config CRYPTO_BLAKE2S
695	tristate "BLAKE2s digest algorithm"
696	select CRYPTO_LIB_BLAKE2S_GENERIC
697	select CRYPTO_HASH
698	help
699	  Implementation of cryptographic hash function BLAKE2s
700	  optimized for 8-32bit platforms and can produce digests of any size
701	  between 1 to 32.  The keyed hash is also implemented.
702
703	  This module provides the following algorithms:
704
705	  - blake2s-128
706	  - blake2s-160
707	  - blake2s-224
708	  - blake2s-256
709
710	  See https://blake2.net for further information.
711
712config CRYPTO_BLAKE2S_X86
713	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
714	depends on X86 && 64BIT
715	select CRYPTO_LIB_BLAKE2S_GENERIC
716	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
717
718config CRYPTO_CRCT10DIF
719	tristate "CRCT10DIF algorithm"
720	select CRYPTO_HASH
721	help
722	  CRC T10 Data Integrity Field computation is being cast as
723	  a crypto transform.  This allows for faster crc t10 diff
724	  transforms to be used if they are available.
725
726config CRYPTO_CRCT10DIF_PCLMUL
727	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
728	depends on X86 && 64BIT && CRC_T10DIF
729	select CRYPTO_HASH
730	help
731	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
732	  CRC T10 DIF PCLMULQDQ computation can be hardware
733	  accelerated PCLMULQDQ instruction. This option will create
734	  'crct10dif-pclmul' module, which is faster when computing the
735	  crct10dif checksum as compared with the generic table implementation.
736
737config CRYPTO_CRCT10DIF_VPMSUM
738	tristate "CRC32T10DIF powerpc64 hardware acceleration"
739	depends on PPC64 && ALTIVEC && CRC_T10DIF
740	select CRYPTO_HASH
741	help
742	  CRC10T10DIF algorithm implemented using vector polynomial
743	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
744	  POWER8 and newer processors for improved performance.
745
746config CRYPTO_CRC64_ROCKSOFT
747	tristate "Rocksoft Model CRC64 algorithm"
748	depends on CRC64
749	select CRYPTO_HASH
750
751config CRYPTO_VPMSUM_TESTER
752	tristate "Powerpc64 vpmsum hardware acceleration tester"
753	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
754	help
755	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
756	  POWER8 vpmsum instructions.
757	  Unless you are testing these algorithms, you don't need this.
758
759config CRYPTO_GHASH
760	tristate "GHASH hash function"
761	select CRYPTO_GF128MUL
762	select CRYPTO_HASH
763	help
764	  GHASH is the hash function used in GCM (Galois/Counter Mode).
765	  It is not a general-purpose cryptographic hash function.
766
767config CRYPTO_POLY1305
768	tristate "Poly1305 authenticator algorithm"
769	select CRYPTO_HASH
770	select CRYPTO_LIB_POLY1305_GENERIC
771	help
772	  Poly1305 authenticator algorithm, RFC7539.
773
774	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
775	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
776	  in IETF protocols. This is the portable C implementation of Poly1305.
777
778config CRYPTO_POLY1305_X86_64
779	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
780	depends on X86 && 64BIT
781	select CRYPTO_LIB_POLY1305_GENERIC
782	select CRYPTO_ARCH_HAVE_LIB_POLY1305
783	help
784	  Poly1305 authenticator algorithm, RFC7539.
785
786	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
787	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
788	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
789	  instructions.
790
791config CRYPTO_POLY1305_MIPS
792	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
793	depends on MIPS
794	select CRYPTO_ARCH_HAVE_LIB_POLY1305
795
796config CRYPTO_MD4
797	tristate "MD4 digest algorithm"
798	select CRYPTO_HASH
799	help
800	  MD4 message digest algorithm (RFC1320).
801
802config CRYPTO_MD5
803	tristate "MD5 digest algorithm"
804	select CRYPTO_HASH
805	help
806	  MD5 message digest algorithm (RFC1321).
807
808config CRYPTO_MD5_OCTEON
809	tristate "MD5 digest algorithm (OCTEON)"
810	depends on CPU_CAVIUM_OCTEON
811	select CRYPTO_MD5
812	select CRYPTO_HASH
813	help
814	  MD5 message digest algorithm (RFC1321) implemented
815	  using OCTEON crypto instructions, when available.
816
817config CRYPTO_MD5_PPC
818	tristate "MD5 digest algorithm (PPC)"
819	depends on PPC
820	select CRYPTO_HASH
821	help
822	  MD5 message digest algorithm (RFC1321) implemented
823	  in PPC assembler.
824
825config CRYPTO_MD5_SPARC64
826	tristate "MD5 digest algorithm (SPARC64)"
827	depends on SPARC64
828	select CRYPTO_MD5
829	select CRYPTO_HASH
830	help
831	  MD5 message digest algorithm (RFC1321) implemented
832	  using sparc64 crypto instructions, when available.
833
834config CRYPTO_MICHAEL_MIC
835	tristate "Michael MIC keyed digest algorithm"
836	select CRYPTO_HASH
837	help
838	  Michael MIC is used for message integrity protection in TKIP
839	  (IEEE 802.11i). This algorithm is required for TKIP, but it
840	  should not be used for other purposes because of the weakness
841	  of the algorithm.
842
843config CRYPTO_RMD160
844	tristate "RIPEMD-160 digest algorithm"
845	select CRYPTO_HASH
846	help
847	  RIPEMD-160 (ISO/IEC 10118-3:2004).
848
849	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
850	  to be used as a secure replacement for the 128-bit hash functions
851	  MD4, MD5 and it's predecessor RIPEMD
852	  (not to be confused with RIPEMD-128).
853
854	  It's speed is comparable to SHA1 and there are no known attacks
855	  against RIPEMD-160.
856
857	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
858	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
859
860config CRYPTO_SHA1
861	tristate "SHA1 digest algorithm"
862	select CRYPTO_HASH
863	help
864	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
865
866config CRYPTO_SHA1_SSSE3
867	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
868	depends on X86 && 64BIT
869	select CRYPTO_SHA1
870	select CRYPTO_HASH
871	help
872	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
873	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
874	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
875	  when available.
876
877config CRYPTO_SHA256_SSSE3
878	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
879	depends on X86 && 64BIT
880	select CRYPTO_SHA256
881	select CRYPTO_HASH
882	help
883	  SHA-256 secure hash standard (DFIPS 180-2) implemented
884	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
885	  Extensions version 1 (AVX1), or Advanced Vector Extensions
886	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
887	  Instructions) when available.
888
889config CRYPTO_SHA512_SSSE3
890	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
891	depends on X86 && 64BIT
892	select CRYPTO_SHA512
893	select CRYPTO_HASH
894	help
895	  SHA-512 secure hash standard (DFIPS 180-2) implemented
896	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
897	  Extensions version 1 (AVX1), or Advanced Vector Extensions
898	  version 2 (AVX2) instructions, when available.
899
900config CRYPTO_SHA1_OCTEON
901	tristate "SHA1 digest algorithm (OCTEON)"
902	depends on CPU_CAVIUM_OCTEON
903	select CRYPTO_SHA1
904	select CRYPTO_HASH
905	help
906	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
907	  using OCTEON crypto instructions, when available.
908
909config CRYPTO_SHA1_SPARC64
910	tristate "SHA1 digest algorithm (SPARC64)"
911	depends on SPARC64
912	select CRYPTO_SHA1
913	select CRYPTO_HASH
914	help
915	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
916	  using sparc64 crypto instructions, when available.
917
918config CRYPTO_SHA1_PPC
919	tristate "SHA1 digest algorithm (powerpc)"
920	depends on PPC
921	help
922	  This is the powerpc hardware accelerated implementation of the
923	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
924
925config CRYPTO_SHA1_PPC_SPE
926	tristate "SHA1 digest algorithm (PPC SPE)"
927	depends on PPC && SPE
928	help
929	  SHA-1 secure hash standard (DFIPS 180-4) implemented
930	  using powerpc SPE SIMD instruction set.
931
932config CRYPTO_SHA256
933	tristate "SHA224 and SHA256 digest algorithm"
934	select CRYPTO_HASH
935	select CRYPTO_LIB_SHA256
936	help
937	  SHA256 secure hash standard (DFIPS 180-2).
938
939	  This version of SHA implements a 256 bit hash with 128 bits of
940	  security against collision attacks.
941
942	  This code also includes SHA-224, a 224 bit hash with 112 bits
943	  of security against collision attacks.
944
945config CRYPTO_SHA256_PPC_SPE
946	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
947	depends on PPC && SPE
948	select CRYPTO_SHA256
949	select CRYPTO_HASH
950	help
951	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
952	  implemented using powerpc SPE SIMD instruction set.
953
954config CRYPTO_SHA256_OCTEON
955	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
956	depends on CPU_CAVIUM_OCTEON
957	select CRYPTO_SHA256
958	select CRYPTO_HASH
959	help
960	  SHA-256 secure hash standard (DFIPS 180-2) implemented
961	  using OCTEON crypto instructions, when available.
962
963config CRYPTO_SHA256_SPARC64
964	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
965	depends on SPARC64
966	select CRYPTO_SHA256
967	select CRYPTO_HASH
968	help
969	  SHA-256 secure hash standard (DFIPS 180-2) implemented
970	  using sparc64 crypto instructions, when available.
971
972config CRYPTO_SHA512
973	tristate "SHA384 and SHA512 digest algorithms"
974	select CRYPTO_HASH
975	help
976	  SHA512 secure hash standard (DFIPS 180-2).
977
978	  This version of SHA implements a 512 bit hash with 256 bits of
979	  security against collision attacks.
980
981	  This code also includes SHA-384, a 384 bit hash with 192 bits
982	  of security against collision attacks.
983
984config CRYPTO_SHA512_OCTEON
985	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
986	depends on CPU_CAVIUM_OCTEON
987	select CRYPTO_SHA512
988	select CRYPTO_HASH
989	help
990	  SHA-512 secure hash standard (DFIPS 180-2) implemented
991	  using OCTEON crypto instructions, when available.
992
993config CRYPTO_SHA512_SPARC64
994	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
995	depends on SPARC64
996	select CRYPTO_SHA512
997	select CRYPTO_HASH
998	help
999	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1000	  using sparc64 crypto instructions, when available.
1001
1002config CRYPTO_SHA3
1003	tristate "SHA3 digest algorithm"
1004	select CRYPTO_HASH
1005	help
1006	  SHA-3 secure hash standard (DFIPS 202). It's based on
1007	  cryptographic sponge function family called Keccak.
1008
1009	  References:
1010	  http://keccak.noekeon.org/
1011
1012config CRYPTO_SM3
1013	tristate
1014
1015config CRYPTO_SM3_GENERIC
1016	tristate "SM3 digest algorithm"
1017	select CRYPTO_HASH
1018	select CRYPTO_SM3
1019	help
1020	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1021	  It is part of the Chinese Commercial Cryptography suite.
1022
1023	  References:
1024	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1025	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1026
1027config CRYPTO_SM3_AVX_X86_64
1028	tristate "SM3 digest algorithm (x86_64/AVX)"
1029	depends on X86 && 64BIT
1030	select CRYPTO_HASH
1031	select CRYPTO_SM3
1032	help
1033	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1034	  It is part of the Chinese Commercial Cryptography suite. This is
1035	  SM3 optimized implementation using Advanced Vector Extensions (AVX)
1036	  when available.
1037
1038	  If unsure, say N.
1039
1040config CRYPTO_STREEBOG
1041	tristate "Streebog Hash Function"
1042	select CRYPTO_HASH
1043	help
1044	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1045	  cryptographic standard algorithms (called GOST algorithms).
1046	  This setting enables two hash algorithms with 256 and 512 bits output.
1047
1048	  References:
1049	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1050	  https://tools.ietf.org/html/rfc6986
1051
1052config CRYPTO_WP512
1053	tristate "Whirlpool digest algorithms"
1054	select CRYPTO_HASH
1055	help
1056	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1057
1058	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1059	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1060
1061	  See also:
1062	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1063
1064config CRYPTO_GHASH_CLMUL_NI_INTEL
1065	tristate "GHASH hash function (CLMUL-NI accelerated)"
1066	depends on X86 && 64BIT
1067	select CRYPTO_CRYPTD
1068	help
1069	  This is the x86_64 CLMUL-NI accelerated implementation of
1070	  GHASH, the hash function used in GCM (Galois/Counter mode).
1071
1072comment "Ciphers"
1073
1074config CRYPTO_AES
1075	tristate "AES cipher algorithms"
1076	select CRYPTO_ALGAPI
1077	select CRYPTO_LIB_AES
1078	help
1079	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1080	  algorithm.
1081
1082	  Rijndael appears to be consistently a very good performer in
1083	  both hardware and software across a wide range of computing
1084	  environments regardless of its use in feedback or non-feedback
1085	  modes. Its key setup time is excellent, and its key agility is
1086	  good. Rijndael's very low memory requirements make it very well
1087	  suited for restricted-space environments, in which it also
1088	  demonstrates excellent performance. Rijndael's operations are
1089	  among the easiest to defend against power and timing attacks.
1090
1091	  The AES specifies three key sizes: 128, 192 and 256 bits
1092
1093	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1094
1095config CRYPTO_AES_TI
1096	tristate "Fixed time AES cipher"
1097	select CRYPTO_ALGAPI
1098	select CRYPTO_LIB_AES
1099	help
1100	  This is a generic implementation of AES that attempts to eliminate
1101	  data dependent latencies as much as possible without affecting
1102	  performance too much. It is intended for use by the generic CCM
1103	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1104	  solely on encryption (although decryption is supported as well, but
1105	  with a more dramatic performance hit)
1106
1107	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1108	  8 for decryption), this implementation only uses just two S-boxes of
1109	  256 bytes each, and attempts to eliminate data dependent latencies by
1110	  prefetching the entire table into the cache at the start of each
1111	  block. Interrupts are also disabled to avoid races where cachelines
1112	  are evicted when the CPU is interrupted to do something else.
1113
1114config CRYPTO_AES_NI_INTEL
1115	tristate "AES cipher algorithms (AES-NI)"
1116	depends on X86
1117	select CRYPTO_AEAD
1118	select CRYPTO_LIB_AES
1119	select CRYPTO_ALGAPI
1120	select CRYPTO_SKCIPHER
1121	select CRYPTO_SIMD
1122	help
1123	  Use Intel AES-NI instructions for AES algorithm.
1124
1125	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1126	  algorithm.
1127
1128	  Rijndael appears to be consistently a very good performer in
1129	  both hardware and software across a wide range of computing
1130	  environments regardless of its use in feedback or non-feedback
1131	  modes. Its key setup time is excellent, and its key agility is
1132	  good. Rijndael's very low memory requirements make it very well
1133	  suited for restricted-space environments, in which it also
1134	  demonstrates excellent performance. Rijndael's operations are
1135	  among the easiest to defend against power and timing attacks.
1136
1137	  The AES specifies three key sizes: 128, 192 and 256 bits
1138
1139	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1140
1141	  In addition to AES cipher algorithm support, the acceleration
1142	  for some popular block cipher mode is supported too, including
1143	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1144	  acceleration for CTR.
1145
1146config CRYPTO_AES_SPARC64
1147	tristate "AES cipher algorithms (SPARC64)"
1148	depends on SPARC64
1149	select CRYPTO_SKCIPHER
1150	help
1151	  Use SPARC64 crypto opcodes for AES algorithm.
1152
1153	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1154	  algorithm.
1155
1156	  Rijndael appears to be consistently a very good performer in
1157	  both hardware and software across a wide range of computing
1158	  environments regardless of its use in feedback or non-feedback
1159	  modes. Its key setup time is excellent, and its key agility is
1160	  good. Rijndael's very low memory requirements make it very well
1161	  suited for restricted-space environments, in which it also
1162	  demonstrates excellent performance. Rijndael's operations are
1163	  among the easiest to defend against power and timing attacks.
1164
1165	  The AES specifies three key sizes: 128, 192 and 256 bits
1166
1167	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1168
1169	  In addition to AES cipher algorithm support, the acceleration
1170	  for some popular block cipher mode is supported too, including
1171	  ECB and CBC.
1172
1173config CRYPTO_AES_PPC_SPE
1174	tristate "AES cipher algorithms (PPC SPE)"
1175	depends on PPC && SPE
1176	select CRYPTO_SKCIPHER
1177	help
1178	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1179	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1180	  This module should only be used for low power (router) devices
1181	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1182	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1183	  timining attacks. Nevertheless it might be not as secure as other
1184	  architecture specific assembler implementations that work on 1KB
1185	  tables or 256 bytes S-boxes.
1186
1187config CRYPTO_ANUBIS
1188	tristate "Anubis cipher algorithm"
1189	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1190	select CRYPTO_ALGAPI
1191	help
1192	  Anubis cipher algorithm.
1193
1194	  Anubis is a variable key length cipher which can use keys from
1195	  128 bits to 320 bits in length.  It was evaluated as a entrant
1196	  in the NESSIE competition.
1197
1198	  See also:
1199	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1200	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1201
1202config CRYPTO_ARC4
1203	tristate "ARC4 cipher algorithm"
1204	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1205	select CRYPTO_SKCIPHER
1206	select CRYPTO_LIB_ARC4
1207	help
1208	  ARC4 cipher algorithm.
1209
1210	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1211	  bits in length.  This algorithm is required for driver-based
1212	  WEP, but it should not be for other purposes because of the
1213	  weakness of the algorithm.
1214
1215config CRYPTO_BLOWFISH
1216	tristate "Blowfish cipher algorithm"
1217	select CRYPTO_ALGAPI
1218	select CRYPTO_BLOWFISH_COMMON
1219	help
1220	  Blowfish cipher algorithm, by Bruce Schneier.
1221
1222	  This is a variable key length cipher which can use keys from 32
1223	  bits to 448 bits in length.  It's fast, simple and specifically
1224	  designed for use on "large microprocessors".
1225
1226	  See also:
1227	  <https://www.schneier.com/blowfish.html>
1228
1229config CRYPTO_BLOWFISH_COMMON
1230	tristate
1231	help
1232	  Common parts of the Blowfish cipher algorithm shared by the
1233	  generic c and the assembler implementations.
1234
1235	  See also:
1236	  <https://www.schneier.com/blowfish.html>
1237
1238config CRYPTO_BLOWFISH_X86_64
1239	tristate "Blowfish cipher algorithm (x86_64)"
1240	depends on X86 && 64BIT
1241	select CRYPTO_SKCIPHER
1242	select CRYPTO_BLOWFISH_COMMON
1243	imply CRYPTO_CTR
1244	help
1245	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1246
1247	  This is a variable key length cipher which can use keys from 32
1248	  bits to 448 bits in length.  It's fast, simple and specifically
1249	  designed for use on "large microprocessors".
1250
1251	  See also:
1252	  <https://www.schneier.com/blowfish.html>
1253
1254config CRYPTO_CAMELLIA
1255	tristate "Camellia cipher algorithms"
1256	select CRYPTO_ALGAPI
1257	help
1258	  Camellia cipher algorithms module.
1259
1260	  Camellia is a symmetric key block cipher developed jointly
1261	  at NTT and Mitsubishi Electric Corporation.
1262
1263	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1264
1265	  See also:
1266	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1267
1268config CRYPTO_CAMELLIA_X86_64
1269	tristate "Camellia cipher algorithm (x86_64)"
1270	depends on X86 && 64BIT
1271	select CRYPTO_SKCIPHER
1272	imply CRYPTO_CTR
1273	help
1274	  Camellia cipher algorithm module (x86_64).
1275
1276	  Camellia is a symmetric key block cipher developed jointly
1277	  at NTT and Mitsubishi Electric Corporation.
1278
1279	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1280
1281	  See also:
1282	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1283
1284config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1285	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1286	depends on X86 && 64BIT
1287	select CRYPTO_SKCIPHER
1288	select CRYPTO_CAMELLIA_X86_64
1289	select CRYPTO_SIMD
1290	imply CRYPTO_XTS
1291	help
1292	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1293
1294	  Camellia is a symmetric key block cipher developed jointly
1295	  at NTT and Mitsubishi Electric Corporation.
1296
1297	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1298
1299	  See also:
1300	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1301
1302config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1303	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1304	depends on X86 && 64BIT
1305	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1306	help
1307	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1308
1309	  Camellia is a symmetric key block cipher developed jointly
1310	  at NTT and Mitsubishi Electric Corporation.
1311
1312	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1313
1314	  See also:
1315	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1316
1317config CRYPTO_CAMELLIA_SPARC64
1318	tristate "Camellia cipher algorithm (SPARC64)"
1319	depends on SPARC64
1320	select CRYPTO_ALGAPI
1321	select CRYPTO_SKCIPHER
1322	help
1323	  Camellia cipher algorithm module (SPARC64).
1324
1325	  Camellia is a symmetric key block cipher developed jointly
1326	  at NTT and Mitsubishi Electric Corporation.
1327
1328	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1329
1330	  See also:
1331	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1332
1333config CRYPTO_CAST_COMMON
1334	tristate
1335	help
1336	  Common parts of the CAST cipher algorithms shared by the
1337	  generic c and the assembler implementations.
1338
1339config CRYPTO_CAST5
1340	tristate "CAST5 (CAST-128) cipher algorithm"
1341	select CRYPTO_ALGAPI
1342	select CRYPTO_CAST_COMMON
1343	help
1344	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1345	  described in RFC2144.
1346
1347config CRYPTO_CAST5_AVX_X86_64
1348	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1349	depends on X86 && 64BIT
1350	select CRYPTO_SKCIPHER
1351	select CRYPTO_CAST5
1352	select CRYPTO_CAST_COMMON
1353	select CRYPTO_SIMD
1354	imply CRYPTO_CTR
1355	help
1356	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1357	  described in RFC2144.
1358
1359	  This module provides the Cast5 cipher algorithm that processes
1360	  sixteen blocks parallel using the AVX instruction set.
1361
1362config CRYPTO_CAST6
1363	tristate "CAST6 (CAST-256) cipher algorithm"
1364	select CRYPTO_ALGAPI
1365	select CRYPTO_CAST_COMMON
1366	help
1367	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1368	  described in RFC2612.
1369
1370config CRYPTO_CAST6_AVX_X86_64
1371	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1372	depends on X86 && 64BIT
1373	select CRYPTO_SKCIPHER
1374	select CRYPTO_CAST6
1375	select CRYPTO_CAST_COMMON
1376	select CRYPTO_SIMD
1377	imply CRYPTO_XTS
1378	imply CRYPTO_CTR
1379	help
1380	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1381	  described in RFC2612.
1382
1383	  This module provides the Cast6 cipher algorithm that processes
1384	  eight blocks parallel using the AVX instruction set.
1385
1386config CRYPTO_DES
1387	tristate "DES and Triple DES EDE cipher algorithms"
1388	select CRYPTO_ALGAPI
1389	select CRYPTO_LIB_DES
1390	help
1391	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1392
1393config CRYPTO_DES_SPARC64
1394	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1395	depends on SPARC64
1396	select CRYPTO_ALGAPI
1397	select CRYPTO_LIB_DES
1398	select CRYPTO_SKCIPHER
1399	help
1400	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1401	  optimized using SPARC64 crypto opcodes.
1402
1403config CRYPTO_DES3_EDE_X86_64
1404	tristate "Triple DES EDE cipher algorithm (x86-64)"
1405	depends on X86 && 64BIT
1406	select CRYPTO_SKCIPHER
1407	select CRYPTO_LIB_DES
1408	imply CRYPTO_CTR
1409	help
1410	  Triple DES EDE (FIPS 46-3) algorithm.
1411
1412	  This module provides implementation of the Triple DES EDE cipher
1413	  algorithm that is optimized for x86-64 processors. Two versions of
1414	  algorithm are provided; regular processing one input block and
1415	  one that processes three blocks parallel.
1416
1417config CRYPTO_FCRYPT
1418	tristate "FCrypt cipher algorithm"
1419	select CRYPTO_ALGAPI
1420	select CRYPTO_SKCIPHER
1421	help
1422	  FCrypt algorithm used by RxRPC.
1423
1424config CRYPTO_KHAZAD
1425	tristate "Khazad cipher algorithm"
1426	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1427	select CRYPTO_ALGAPI
1428	help
1429	  Khazad cipher algorithm.
1430
1431	  Khazad was a finalist in the initial NESSIE competition.  It is
1432	  an algorithm optimized for 64-bit processors with good performance
1433	  on 32-bit processors.  Khazad uses an 128 bit key size.
1434
1435	  See also:
1436	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1437
1438config CRYPTO_CHACHA20
1439	tristate "ChaCha stream cipher algorithms"
1440	select CRYPTO_LIB_CHACHA_GENERIC
1441	select CRYPTO_SKCIPHER
1442	help
1443	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1444
1445	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1446	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1447	  This is the portable C implementation of ChaCha20.  See also:
1448	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1449
1450	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1451	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1452	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1453	  while provably retaining ChaCha20's security.  See also:
1454	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1455
1456	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1457	  reduced security margin but increased performance.  It can be needed
1458	  in some performance-sensitive scenarios.
1459
1460config CRYPTO_CHACHA20_X86_64
1461	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1462	depends on X86 && 64BIT
1463	select CRYPTO_SKCIPHER
1464	select CRYPTO_LIB_CHACHA_GENERIC
1465	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1466	help
1467	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1468	  XChaCha20, and XChaCha12 stream ciphers.
1469
1470config CRYPTO_CHACHA_MIPS
1471	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1472	depends on CPU_MIPS32_R2
1473	select CRYPTO_SKCIPHER
1474	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1475
1476config CRYPTO_SEED
1477	tristate "SEED cipher algorithm"
1478	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1479	select CRYPTO_ALGAPI
1480	help
1481	  SEED cipher algorithm (RFC4269).
1482
1483	  SEED is a 128-bit symmetric key block cipher that has been
1484	  developed by KISA (Korea Information Security Agency) as a
1485	  national standard encryption algorithm of the Republic of Korea.
1486	  It is a 16 round block cipher with the key size of 128 bit.
1487
1488	  See also:
1489	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1490
1491config CRYPTO_SERPENT
1492	tristate "Serpent cipher algorithm"
1493	select CRYPTO_ALGAPI
1494	help
1495	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1496
1497	  Keys are allowed to be from 0 to 256 bits in length, in steps
1498	  of 8 bits.
1499
1500	  See also:
1501	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1502
1503config CRYPTO_SERPENT_SSE2_X86_64
1504	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1505	depends on X86 && 64BIT
1506	select CRYPTO_SKCIPHER
1507	select CRYPTO_SERPENT
1508	select CRYPTO_SIMD
1509	imply CRYPTO_CTR
1510	help
1511	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1512
1513	  Keys are allowed to be from 0 to 256 bits in length, in steps
1514	  of 8 bits.
1515
1516	  This module provides Serpent cipher algorithm that processes eight
1517	  blocks parallel using SSE2 instruction set.
1518
1519	  See also:
1520	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1521
1522config CRYPTO_SERPENT_SSE2_586
1523	tristate "Serpent cipher algorithm (i586/SSE2)"
1524	depends on X86 && !64BIT
1525	select CRYPTO_SKCIPHER
1526	select CRYPTO_SERPENT
1527	select CRYPTO_SIMD
1528	imply CRYPTO_CTR
1529	help
1530	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1531
1532	  Keys are allowed to be from 0 to 256 bits in length, in steps
1533	  of 8 bits.
1534
1535	  This module provides Serpent cipher algorithm that processes four
1536	  blocks parallel using SSE2 instruction set.
1537
1538	  See also:
1539	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1540
1541config CRYPTO_SERPENT_AVX_X86_64
1542	tristate "Serpent cipher algorithm (x86_64/AVX)"
1543	depends on X86 && 64BIT
1544	select CRYPTO_SKCIPHER
1545	select CRYPTO_SERPENT
1546	select CRYPTO_SIMD
1547	imply CRYPTO_XTS
1548	imply CRYPTO_CTR
1549	help
1550	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1551
1552	  Keys are allowed to be from 0 to 256 bits in length, in steps
1553	  of 8 bits.
1554
1555	  This module provides the Serpent cipher algorithm that processes
1556	  eight blocks parallel using the AVX instruction set.
1557
1558	  See also:
1559	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1560
1561config CRYPTO_SERPENT_AVX2_X86_64
1562	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1563	depends on X86 && 64BIT
1564	select CRYPTO_SERPENT_AVX_X86_64
1565	help
1566	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1567
1568	  Keys are allowed to be from 0 to 256 bits in length, in steps
1569	  of 8 bits.
1570
1571	  This module provides Serpent cipher algorithm that processes 16
1572	  blocks parallel using AVX2 instruction set.
1573
1574	  See also:
1575	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1576
1577config CRYPTO_SM4
1578	tristate
1579
1580config CRYPTO_SM4_GENERIC
1581	tristate "SM4 cipher algorithm"
1582	select CRYPTO_ALGAPI
1583	select CRYPTO_SM4
1584	help
1585	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1586
1587	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1588	  Organization of State Commercial Administration of China (OSCCA)
1589	  as an authorized cryptographic algorithms for the use within China.
1590
1591	  SMS4 was originally created for use in protecting wireless
1592	  networks, and is mandated in the Chinese National Standard for
1593	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1594	  (GB.15629.11-2003).
1595
1596	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1597	  standardized through TC 260 of the Standardization Administration
1598	  of the People's Republic of China (SAC).
1599
1600	  The input, output, and key of SMS4 are each 128 bits.
1601
1602	  See also: <https://eprint.iacr.org/2008/329.pdf>
1603
1604	  If unsure, say N.
1605
1606config CRYPTO_SM4_AESNI_AVX_X86_64
1607	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1608	depends on X86 && 64BIT
1609	select CRYPTO_SKCIPHER
1610	select CRYPTO_SIMD
1611	select CRYPTO_ALGAPI
1612	select CRYPTO_SM4
1613	help
1614	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1615
1616	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1617	  Organization of State Commercial Administration of China (OSCCA)
1618	  as an authorized cryptographic algorithms for the use within China.
1619
1620	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
1621	  instruction set for block cipher. Through two affine transforms,
1622	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1623	  effect of instruction acceleration.
1624
1625	  If unsure, say N.
1626
1627config CRYPTO_SM4_AESNI_AVX2_X86_64
1628	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1629	depends on X86 && 64BIT
1630	select CRYPTO_SKCIPHER
1631	select CRYPTO_SIMD
1632	select CRYPTO_ALGAPI
1633	select CRYPTO_SM4
1634	select CRYPTO_SM4_AESNI_AVX_X86_64
1635	help
1636	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1637
1638	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1639	  Organization of State Commercial Administration of China (OSCCA)
1640	  as an authorized cryptographic algorithms for the use within China.
1641
1642	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1643	  instruction set for block cipher. Through two affine transforms,
1644	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1645	  effect of instruction acceleration.
1646
1647	  If unsure, say N.
1648
1649config CRYPTO_TEA
1650	tristate "TEA, XTEA and XETA cipher algorithms"
1651	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1652	select CRYPTO_ALGAPI
1653	help
1654	  TEA cipher algorithm.
1655
1656	  Tiny Encryption Algorithm is a simple cipher that uses
1657	  many rounds for security.  It is very fast and uses
1658	  little memory.
1659
1660	  Xtendend Tiny Encryption Algorithm is a modification to
1661	  the TEA algorithm to address a potential key weakness
1662	  in the TEA algorithm.
1663
1664	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1665	  of the XTEA algorithm for compatibility purposes.
1666
1667config CRYPTO_TWOFISH
1668	tristate "Twofish cipher algorithm"
1669	select CRYPTO_ALGAPI
1670	select CRYPTO_TWOFISH_COMMON
1671	help
1672	  Twofish cipher algorithm.
1673
1674	  Twofish was submitted as an AES (Advanced Encryption Standard)
1675	  candidate cipher by researchers at CounterPane Systems.  It is a
1676	  16 round block cipher supporting key sizes of 128, 192, and 256
1677	  bits.
1678
1679	  See also:
1680	  <https://www.schneier.com/twofish.html>
1681
1682config CRYPTO_TWOFISH_COMMON
1683	tristate
1684	help
1685	  Common parts of the Twofish cipher algorithm shared by the
1686	  generic c and the assembler implementations.
1687
1688config CRYPTO_TWOFISH_586
1689	tristate "Twofish cipher algorithms (i586)"
1690	depends on (X86 || UML_X86) && !64BIT
1691	select CRYPTO_ALGAPI
1692	select CRYPTO_TWOFISH_COMMON
1693	imply CRYPTO_CTR
1694	help
1695	  Twofish cipher algorithm.
1696
1697	  Twofish was submitted as an AES (Advanced Encryption Standard)
1698	  candidate cipher by researchers at CounterPane Systems.  It is a
1699	  16 round block cipher supporting key sizes of 128, 192, and 256
1700	  bits.
1701
1702	  See also:
1703	  <https://www.schneier.com/twofish.html>
1704
1705config CRYPTO_TWOFISH_X86_64
1706	tristate "Twofish cipher algorithm (x86_64)"
1707	depends on (X86 || UML_X86) && 64BIT
1708	select CRYPTO_ALGAPI
1709	select CRYPTO_TWOFISH_COMMON
1710	imply CRYPTO_CTR
1711	help
1712	  Twofish cipher algorithm (x86_64).
1713
1714	  Twofish was submitted as an AES (Advanced Encryption Standard)
1715	  candidate cipher by researchers at CounterPane Systems.  It is a
1716	  16 round block cipher supporting key sizes of 128, 192, and 256
1717	  bits.
1718
1719	  See also:
1720	  <https://www.schneier.com/twofish.html>
1721
1722config CRYPTO_TWOFISH_X86_64_3WAY
1723	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1724	depends on X86 && 64BIT
1725	select CRYPTO_SKCIPHER
1726	select CRYPTO_TWOFISH_COMMON
1727	select CRYPTO_TWOFISH_X86_64
1728	help
1729	  Twofish cipher algorithm (x86_64, 3-way parallel).
1730
1731	  Twofish was submitted as an AES (Advanced Encryption Standard)
1732	  candidate cipher by researchers at CounterPane Systems.  It is a
1733	  16 round block cipher supporting key sizes of 128, 192, and 256
1734	  bits.
1735
1736	  This module provides Twofish cipher algorithm that processes three
1737	  blocks parallel, utilizing resources of out-of-order CPUs better.
1738
1739	  See also:
1740	  <https://www.schneier.com/twofish.html>
1741
1742config CRYPTO_TWOFISH_AVX_X86_64
1743	tristate "Twofish cipher algorithm (x86_64/AVX)"
1744	depends on X86 && 64BIT
1745	select CRYPTO_SKCIPHER
1746	select CRYPTO_SIMD
1747	select CRYPTO_TWOFISH_COMMON
1748	select CRYPTO_TWOFISH_X86_64
1749	select CRYPTO_TWOFISH_X86_64_3WAY
1750	imply CRYPTO_XTS
1751	help
1752	  Twofish cipher algorithm (x86_64/AVX).
1753
1754	  Twofish was submitted as an AES (Advanced Encryption Standard)
1755	  candidate cipher by researchers at CounterPane Systems.  It is a
1756	  16 round block cipher supporting key sizes of 128, 192, and 256
1757	  bits.
1758
1759	  This module provides the Twofish cipher algorithm that processes
1760	  eight blocks parallel using the AVX Instruction Set.
1761
1762	  See also:
1763	  <https://www.schneier.com/twofish.html>
1764
1765comment "Compression"
1766
1767config CRYPTO_DEFLATE
1768	tristate "Deflate compression algorithm"
1769	select CRYPTO_ALGAPI
1770	select CRYPTO_ACOMP2
1771	select ZLIB_INFLATE
1772	select ZLIB_DEFLATE
1773	help
1774	  This is the Deflate algorithm (RFC1951), specified for use in
1775	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1776
1777	  You will most probably want this if using IPSec.
1778
1779config CRYPTO_LZO
1780	tristate "LZO compression algorithm"
1781	select CRYPTO_ALGAPI
1782	select CRYPTO_ACOMP2
1783	select LZO_COMPRESS
1784	select LZO_DECOMPRESS
1785	help
1786	  This is the LZO algorithm.
1787
1788config CRYPTO_842
1789	tristate "842 compression algorithm"
1790	select CRYPTO_ALGAPI
1791	select CRYPTO_ACOMP2
1792	select 842_COMPRESS
1793	select 842_DECOMPRESS
1794	help
1795	  This is the 842 algorithm.
1796
1797config CRYPTO_LZ4
1798	tristate "LZ4 compression algorithm"
1799	select CRYPTO_ALGAPI
1800	select CRYPTO_ACOMP2
1801	select LZ4_COMPRESS
1802	select LZ4_DECOMPRESS
1803	help
1804	  This is the LZ4 algorithm.
1805
1806config CRYPTO_LZ4HC
1807	tristate "LZ4HC compression algorithm"
1808	select CRYPTO_ALGAPI
1809	select CRYPTO_ACOMP2
1810	select LZ4HC_COMPRESS
1811	select LZ4_DECOMPRESS
1812	help
1813	  This is the LZ4 high compression mode algorithm.
1814
1815config CRYPTO_ZSTD
1816	tristate "Zstd compression algorithm"
1817	select CRYPTO_ALGAPI
1818	select CRYPTO_ACOMP2
1819	select ZSTD_COMPRESS
1820	select ZSTD_DECOMPRESS
1821	help
1822	  This is the zstd algorithm.
1823
1824comment "Random Number Generation"
1825
1826config CRYPTO_ANSI_CPRNG
1827	tristate "Pseudo Random Number Generation for Cryptographic modules"
1828	select CRYPTO_AES
1829	select CRYPTO_RNG
1830	help
1831	  This option enables the generic pseudo random number generator
1832	  for cryptographic modules.  Uses the Algorithm specified in
1833	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1834	  CRYPTO_FIPS is selected
1835
1836menuconfig CRYPTO_DRBG_MENU
1837	tristate "NIST SP800-90A DRBG"
1838	help
1839	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1840	  more of the DRBG types must be selected.
1841
1842if CRYPTO_DRBG_MENU
1843
1844config CRYPTO_DRBG_HMAC
1845	bool
1846	default y
1847	select CRYPTO_HMAC
1848	select CRYPTO_SHA512
1849
1850config CRYPTO_DRBG_HASH
1851	bool "Enable Hash DRBG"
1852	select CRYPTO_SHA256
1853	help
1854	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1855
1856config CRYPTO_DRBG_CTR
1857	bool "Enable CTR DRBG"
1858	select CRYPTO_AES
1859	select CRYPTO_CTR
1860	help
1861	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1862
1863config CRYPTO_DRBG
1864	tristate
1865	default CRYPTO_DRBG_MENU
1866	select CRYPTO_RNG
1867	select CRYPTO_JITTERENTROPY
1868
1869endif	# if CRYPTO_DRBG_MENU
1870
1871config CRYPTO_JITTERENTROPY
1872	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1873	select CRYPTO_RNG
1874	help
1875	  The Jitterentropy RNG is a noise that is intended
1876	  to provide seed to another RNG. The RNG does not
1877	  perform any cryptographic whitening of the generated
1878	  random numbers. This Jitterentropy RNG registers with
1879	  the kernel crypto API and can be used by any caller.
1880
1881config CRYPTO_KDF800108_CTR
1882	tristate
1883	select CRYPTO_HMAC
1884	select CRYPTO_SHA256
1885
1886config CRYPTO_USER_API
1887	tristate
1888
1889config CRYPTO_USER_API_HASH
1890	tristate "User-space interface for hash algorithms"
1891	depends on NET
1892	select CRYPTO_HASH
1893	select CRYPTO_USER_API
1894	help
1895	  This option enables the user-spaces interface for hash
1896	  algorithms.
1897
1898config CRYPTO_USER_API_SKCIPHER
1899	tristate "User-space interface for symmetric key cipher algorithms"
1900	depends on NET
1901	select CRYPTO_SKCIPHER
1902	select CRYPTO_USER_API
1903	help
1904	  This option enables the user-spaces interface for symmetric
1905	  key cipher algorithms.
1906
1907config CRYPTO_USER_API_RNG
1908	tristate "User-space interface for random number generator algorithms"
1909	depends on NET
1910	select CRYPTO_RNG
1911	select CRYPTO_USER_API
1912	help
1913	  This option enables the user-spaces interface for random
1914	  number generator algorithms.
1915
1916config CRYPTO_USER_API_RNG_CAVP
1917	bool "Enable CAVP testing of DRBG"
1918	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1919	help
1920	  This option enables extra API for CAVP testing via the user-space
1921	  interface: resetting of DRBG entropy, and providing Additional Data.
1922	  This should only be enabled for CAVP testing. You should say
1923	  no unless you know what this is.
1924
1925config CRYPTO_USER_API_AEAD
1926	tristate "User-space interface for AEAD cipher algorithms"
1927	depends on NET
1928	select CRYPTO_AEAD
1929	select CRYPTO_SKCIPHER
1930	select CRYPTO_NULL
1931	select CRYPTO_USER_API
1932	help
1933	  This option enables the user-spaces interface for AEAD
1934	  cipher algorithms.
1935
1936config CRYPTO_USER_API_ENABLE_OBSOLETE
1937	bool "Enable obsolete cryptographic algorithms for userspace"
1938	depends on CRYPTO_USER_API
1939	default y
1940	help
1941	  Allow obsolete cryptographic algorithms to be selected that have
1942	  already been phased out from internal use by the kernel, and are
1943	  only useful for userspace clients that still rely on them.
1944
1945config CRYPTO_STATS
1946	bool "Crypto usage statistics for User-space"
1947	depends on CRYPTO_USER
1948	help
1949	  This option enables the gathering of crypto stats.
1950	  This will collect:
1951	  - encrypt/decrypt size and numbers of symmeric operations
1952	  - compress/decompress size and numbers of compress operations
1953	  - size and numbers of hash operations
1954	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1955	  - generate/seed numbers for rng operations
1956
1957config CRYPTO_HASH_INFO
1958	bool
1959
1960source "drivers/crypto/Kconfig"
1961source "crypto/asymmetric_keys/Kconfig"
1962source "certs/Kconfig"
1963
1964endif	# if CRYPTO
1965