xref: /openbmc/linux/crypto/Kconfig (revision 5d6f5267)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139config CRYPTO_MANAGER_DISABLE_TESTS
140	bool "Disable run-time self tests"
141	default y
142	help
143	  Disable run-time self tests that normally take place at
144	  algorithm registration.
145
146config CRYPTO_MANAGER_EXTRA_TESTS
147	bool "Enable extra run-time crypto self tests"
148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
149	help
150	  Enable extra run-time self tests of registered crypto algorithms,
151	  including randomized fuzz tests.
152
153	  This is intended for developer use only, as these tests take much
154	  longer to run than the normal self tests.
155
156config CRYPTO_GF128MUL
157	tristate
158
159config CRYPTO_NULL
160	tristate "Null algorithms"
161	select CRYPTO_NULL2
162	help
163	  These are 'Null' algorithms, used by IPsec, which do nothing.
164
165config CRYPTO_NULL2
166	tristate
167	select CRYPTO_ALGAPI2
168	select CRYPTO_SKCIPHER2
169	select CRYPTO_HASH2
170
171config CRYPTO_PCRYPT
172	tristate "Parallel crypto engine"
173	depends on SMP
174	select PADATA
175	select CRYPTO_MANAGER
176	select CRYPTO_AEAD
177	help
178	  This converts an arbitrary crypto algorithm into a parallel
179	  algorithm that executes in kernel threads.
180
181config CRYPTO_CRYPTD
182	tristate "Software async crypto daemon"
183	select CRYPTO_SKCIPHER
184	select CRYPTO_HASH
185	select CRYPTO_MANAGER
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  converts an arbitrary synchronous software crypto algorithm
189	  into an asynchronous algorithm that executes in a kernel thread.
190
191config CRYPTO_AUTHENC
192	tristate "Authenc support"
193	select CRYPTO_AEAD
194	select CRYPTO_SKCIPHER
195	select CRYPTO_MANAGER
196	select CRYPTO_HASH
197	select CRYPTO_NULL
198	help
199	  Authenc: Combined mode wrapper for IPsec.
200	  This is required for IPSec.
201
202config CRYPTO_TEST
203	tristate "Testing module"
204	depends on m || EXPERT
205	select CRYPTO_MANAGER
206	help
207	  Quick & dirty crypto test module.
208
209config CRYPTO_SIMD
210	tristate
211	select CRYPTO_CRYPTD
212
213config CRYPTO_ENGINE
214	tristate
215
216comment "Public-key cryptography"
217
218config CRYPTO_RSA
219	tristate "RSA algorithm"
220	select CRYPTO_AKCIPHER
221	select CRYPTO_MANAGER
222	select MPILIB
223	select ASN1
224	help
225	  Generic implementation of the RSA public key algorithm.
226
227config CRYPTO_DH
228	tristate "Diffie-Hellman algorithm"
229	select CRYPTO_KPP
230	select MPILIB
231	help
232	  Generic implementation of the Diffie-Hellman algorithm.
233
234config CRYPTO_DH_RFC7919_GROUPS
235	bool "Support for RFC 7919 FFDHE group parameters"
236	depends on CRYPTO_DH
237	select CRYPTO_RNG_DEFAULT
238	help
239	  Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
240
241config CRYPTO_ECC
242	tristate
243	select CRYPTO_RNG_DEFAULT
244
245config CRYPTO_ECDH
246	tristate "ECDH algorithm"
247	select CRYPTO_ECC
248	select CRYPTO_KPP
249	help
250	  Generic implementation of the ECDH algorithm
251
252config CRYPTO_ECDSA
253	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
254	select CRYPTO_ECC
255	select CRYPTO_AKCIPHER
256	select ASN1
257	help
258	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
259	  is A NIST cryptographic standard algorithm. Only signature verification
260	  is implemented.
261
262config CRYPTO_ECRDSA
263	tristate "EC-RDSA (GOST 34.10) algorithm"
264	select CRYPTO_ECC
265	select CRYPTO_AKCIPHER
266	select CRYPTO_STREEBOG
267	select OID_REGISTRY
268	select ASN1
269	help
270	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
271	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
272	  standard algorithms (called GOST algorithms). Only signature verification
273	  is implemented.
274
275config CRYPTO_SM2
276	tristate "SM2 algorithm"
277	select CRYPTO_LIB_SM3
278	select CRYPTO_AKCIPHER
279	select CRYPTO_MANAGER
280	select MPILIB
281	select ASN1
282	help
283	  Generic implementation of the SM2 public key algorithm. It was
284	  published by State Encryption Management Bureau, China.
285	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
286
287	  References:
288	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
289	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
290	  http://www.gmbz.org.cn/main/bzlb.html
291
292config CRYPTO_CURVE25519
293	tristate "Curve25519 algorithm"
294	select CRYPTO_KPP
295	select CRYPTO_LIB_CURVE25519_GENERIC
296
297config CRYPTO_CURVE25519_X86
298	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
299	depends on X86 && 64BIT
300	select CRYPTO_LIB_CURVE25519_GENERIC
301	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
302
303comment "Authenticated Encryption with Associated Data"
304
305config CRYPTO_CCM
306	tristate "CCM support"
307	select CRYPTO_CTR
308	select CRYPTO_HASH
309	select CRYPTO_AEAD
310	select CRYPTO_MANAGER
311	help
312	  Support for Counter with CBC MAC. Required for IPsec.
313
314config CRYPTO_GCM
315	tristate "GCM/GMAC support"
316	select CRYPTO_CTR
317	select CRYPTO_AEAD
318	select CRYPTO_GHASH
319	select CRYPTO_NULL
320	select CRYPTO_MANAGER
321	help
322	  Support for Galois/Counter Mode (GCM) and Galois Message
323	  Authentication Code (GMAC). Required for IPSec.
324
325config CRYPTO_CHACHA20POLY1305
326	tristate "ChaCha20-Poly1305 AEAD support"
327	select CRYPTO_CHACHA20
328	select CRYPTO_POLY1305
329	select CRYPTO_AEAD
330	select CRYPTO_MANAGER
331	help
332	  ChaCha20-Poly1305 AEAD support, RFC7539.
333
334	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
335	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
336	  IETF protocols.
337
338config CRYPTO_AEGIS128
339	tristate "AEGIS-128 AEAD algorithm"
340	select CRYPTO_AEAD
341	select CRYPTO_AES  # for AES S-box tables
342	help
343	 Support for the AEGIS-128 dedicated AEAD algorithm.
344
345config CRYPTO_AEGIS128_SIMD
346	bool "Support SIMD acceleration for AEGIS-128"
347	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
348	default y
349
350config CRYPTO_AEGIS128_AESNI_SSE2
351	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
352	depends on X86 && 64BIT
353	select CRYPTO_AEAD
354	select CRYPTO_SIMD
355	help
356	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
357
358config CRYPTO_SEQIV
359	tristate "Sequence Number IV Generator"
360	select CRYPTO_AEAD
361	select CRYPTO_SKCIPHER
362	select CRYPTO_NULL
363	select CRYPTO_RNG_DEFAULT
364	select CRYPTO_MANAGER
365	help
366	  This IV generator generates an IV based on a sequence number by
367	  xoring it with a salt.  This algorithm is mainly useful for CTR
368
369config CRYPTO_ECHAINIV
370	tristate "Encrypted Chain IV Generator"
371	select CRYPTO_AEAD
372	select CRYPTO_NULL
373	select CRYPTO_RNG_DEFAULT
374	select CRYPTO_MANAGER
375	help
376	  This IV generator generates an IV based on the encryption of
377	  a sequence number xored with a salt.  This is the default
378	  algorithm for CBC.
379
380comment "Block modes"
381
382config CRYPTO_CBC
383	tristate "CBC support"
384	select CRYPTO_SKCIPHER
385	select CRYPTO_MANAGER
386	help
387	  CBC: Cipher Block Chaining mode
388	  This block cipher algorithm is required for IPSec.
389
390config CRYPTO_CFB
391	tristate "CFB support"
392	select CRYPTO_SKCIPHER
393	select CRYPTO_MANAGER
394	help
395	  CFB: Cipher FeedBack mode
396	  This block cipher algorithm is required for TPM2 Cryptography.
397
398config CRYPTO_CTR
399	tristate "CTR support"
400	select CRYPTO_SKCIPHER
401	select CRYPTO_MANAGER
402	help
403	  CTR: Counter mode
404	  This block cipher algorithm is required for IPSec.
405
406config CRYPTO_CTS
407	tristate "CTS support"
408	select CRYPTO_SKCIPHER
409	select CRYPTO_MANAGER
410	help
411	  CTS: Cipher Text Stealing
412	  This is the Cipher Text Stealing mode as described by
413	  Section 8 of rfc2040 and referenced by rfc3962
414	  (rfc3962 includes errata information in its Appendix A) or
415	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
416	  This mode is required for Kerberos gss mechanism support
417	  for AES encryption.
418
419	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
420
421config CRYPTO_ECB
422	tristate "ECB support"
423	select CRYPTO_SKCIPHER
424	select CRYPTO_MANAGER
425	help
426	  ECB: Electronic CodeBook mode
427	  This is the simplest block cipher algorithm.  It simply encrypts
428	  the input block by block.
429
430config CRYPTO_LRW
431	tristate "LRW support"
432	select CRYPTO_SKCIPHER
433	select CRYPTO_MANAGER
434	select CRYPTO_GF128MUL
435	select CRYPTO_ECB
436	help
437	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
438	  narrow block cipher mode for dm-crypt.  Use it with cipher
439	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
440	  The first 128, 192 or 256 bits in the key are used for AES and the
441	  rest is used to tie each cipher block to its logical position.
442
443config CRYPTO_OFB
444	tristate "OFB support"
445	select CRYPTO_SKCIPHER
446	select CRYPTO_MANAGER
447	help
448	  OFB: the Output Feedback mode makes a block cipher into a synchronous
449	  stream cipher. It generates keystream blocks, which are then XORed
450	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
451	  ciphertext produces a flipped bit in the plaintext at the same
452	  location. This property allows many error correcting codes to function
453	  normally even when applied before encryption.
454
455config CRYPTO_PCBC
456	tristate "PCBC support"
457	select CRYPTO_SKCIPHER
458	select CRYPTO_MANAGER
459	help
460	  PCBC: Propagating Cipher Block Chaining mode
461	  This block cipher algorithm is required for RxRPC.
462
463config CRYPTO_XTS
464	tristate "XTS support"
465	select CRYPTO_SKCIPHER
466	select CRYPTO_MANAGER
467	select CRYPTO_ECB
468	help
469	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
470	  key size 256, 384 or 512 bits. This implementation currently
471	  can't handle a sectorsize which is not a multiple of 16 bytes.
472
473config CRYPTO_KEYWRAP
474	tristate "Key wrapping support"
475	select CRYPTO_SKCIPHER
476	select CRYPTO_MANAGER
477	help
478	  Support for key wrapping (NIST SP800-38F / RFC3394) without
479	  padding.
480
481config CRYPTO_NHPOLY1305
482	tristate
483	select CRYPTO_HASH
484	select CRYPTO_LIB_POLY1305_GENERIC
485
486config CRYPTO_NHPOLY1305_SSE2
487	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
488	depends on X86 && 64BIT
489	select CRYPTO_NHPOLY1305
490	help
491	  SSE2 optimized implementation of the hash function used by the
492	  Adiantum encryption mode.
493
494config CRYPTO_NHPOLY1305_AVX2
495	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
496	depends on X86 && 64BIT
497	select CRYPTO_NHPOLY1305
498	help
499	  AVX2 optimized implementation of the hash function used by the
500	  Adiantum encryption mode.
501
502config CRYPTO_ADIANTUM
503	tristate "Adiantum support"
504	select CRYPTO_CHACHA20
505	select CRYPTO_LIB_POLY1305_GENERIC
506	select CRYPTO_NHPOLY1305
507	select CRYPTO_MANAGER
508	help
509	  Adiantum is a tweakable, length-preserving encryption mode
510	  designed for fast and secure disk encryption, especially on
511	  CPUs without dedicated crypto instructions.  It encrypts
512	  each sector using the XChaCha12 stream cipher, two passes of
513	  an ε-almost-∆-universal hash function, and an invocation of
514	  the AES-256 block cipher on a single 16-byte block.  On CPUs
515	  without AES instructions, Adiantum is much faster than
516	  AES-XTS.
517
518	  Adiantum's security is provably reducible to that of its
519	  underlying stream and block ciphers, subject to a security
520	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
521	  mode, so it actually provides an even stronger notion of
522	  security than XTS, subject to the security bound.
523
524	  If unsure, say N.
525
526config CRYPTO_ESSIV
527	tristate "ESSIV support for block encryption"
528	select CRYPTO_AUTHENC
529	help
530	  Encrypted salt-sector initialization vector (ESSIV) is an IV
531	  generation method that is used in some cases by fscrypt and/or
532	  dm-crypt. It uses the hash of the block encryption key as the
533	  symmetric key for a block encryption pass applied to the input
534	  IV, making low entropy IV sources more suitable for block
535	  encryption.
536
537	  This driver implements a crypto API template that can be
538	  instantiated either as an skcipher or as an AEAD (depending on the
539	  type of the first template argument), and which defers encryption
540	  and decryption requests to the encapsulated cipher after applying
541	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
542	  that the keys are presented in the same format used by the authenc
543	  template, and that the IV appears at the end of the authenticated
544	  associated data (AAD) region (which is how dm-crypt uses it.)
545
546	  Note that the use of ESSIV is not recommended for new deployments,
547	  and so this only needs to be enabled when interoperability with
548	  existing encrypted volumes of filesystems is required, or when
549	  building for a particular system that requires it (e.g., when
550	  the SoC in question has accelerated CBC but not XTS, making CBC
551	  combined with ESSIV the only feasible mode for h/w accelerated
552	  block encryption)
553
554comment "Hash modes"
555
556config CRYPTO_CMAC
557	tristate "CMAC support"
558	select CRYPTO_HASH
559	select CRYPTO_MANAGER
560	help
561	  Cipher-based Message Authentication Code (CMAC) specified by
562	  The National Institute of Standards and Technology (NIST).
563
564	  https://tools.ietf.org/html/rfc4493
565	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
566
567config CRYPTO_HMAC
568	tristate "HMAC support"
569	select CRYPTO_HASH
570	select CRYPTO_MANAGER
571	help
572	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
573	  This is required for IPSec.
574
575config CRYPTO_XCBC
576	tristate "XCBC support"
577	select CRYPTO_HASH
578	select CRYPTO_MANAGER
579	help
580	  XCBC: Keyed-Hashing with encryption algorithm
581		https://www.ietf.org/rfc/rfc3566.txt
582		http://csrc.nist.gov/encryption/modes/proposedmodes/
583		 xcbc-mac/xcbc-mac-spec.pdf
584
585config CRYPTO_VMAC
586	tristate "VMAC support"
587	select CRYPTO_HASH
588	select CRYPTO_MANAGER
589	help
590	  VMAC is a message authentication algorithm designed for
591	  very high speed on 64-bit architectures.
592
593	  See also:
594	  <https://fastcrypto.org/vmac>
595
596comment "Digest"
597
598config CRYPTO_CRC32C
599	tristate "CRC32c CRC algorithm"
600	select CRYPTO_HASH
601	select CRC32
602	help
603	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
604	  by iSCSI for header and data digests and by others.
605	  See Castagnoli93.  Module will be crc32c.
606
607config CRYPTO_CRC32C_INTEL
608	tristate "CRC32c INTEL hardware acceleration"
609	depends on X86
610	select CRYPTO_HASH
611	help
612	  In Intel processor with SSE4.2 supported, the processor will
613	  support CRC32C implementation using hardware accelerated CRC32
614	  instruction. This option will create 'crc32c-intel' module,
615	  which will enable any routine to use the CRC32 instruction to
616	  gain performance compared with software implementation.
617	  Module will be crc32c-intel.
618
619config CRYPTO_CRC32C_VPMSUM
620	tristate "CRC32c CRC algorithm (powerpc64)"
621	depends on PPC64 && ALTIVEC
622	select CRYPTO_HASH
623	select CRC32
624	help
625	  CRC32c algorithm implemented using vector polynomial multiply-sum
626	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
627	  and newer processors for improved performance.
628
629
630config CRYPTO_CRC32C_SPARC64
631	tristate "CRC32c CRC algorithm (SPARC64)"
632	depends on SPARC64
633	select CRYPTO_HASH
634	select CRC32
635	help
636	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
637	  when available.
638
639config CRYPTO_CRC32
640	tristate "CRC32 CRC algorithm"
641	select CRYPTO_HASH
642	select CRC32
643	help
644	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
645	  Shash crypto api wrappers to crc32_le function.
646
647config CRYPTO_CRC32_PCLMUL
648	tristate "CRC32 PCLMULQDQ hardware acceleration"
649	depends on X86
650	select CRYPTO_HASH
651	select CRC32
652	help
653	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
654	  and PCLMULQDQ supported, the processor will support
655	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
656	  instruction. This option will create 'crc32-pclmul' module,
657	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
658	  and gain better performance as compared with the table implementation.
659
660config CRYPTO_CRC32_MIPS
661	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
662	depends on MIPS_CRC_SUPPORT
663	select CRYPTO_HASH
664	help
665	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
666	  instructions, when available.
667
668
669config CRYPTO_XXHASH
670	tristate "xxHash hash algorithm"
671	select CRYPTO_HASH
672	select XXHASH
673	help
674	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
675	  speeds close to RAM limits.
676
677config CRYPTO_BLAKE2B
678	tristate "BLAKE2b digest algorithm"
679	select CRYPTO_HASH
680	help
681	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
682	  optimized for 64bit platforms and can produce digests of any size
683	  between 1 to 64.  The keyed hash is also implemented.
684
685	  This module provides the following algorithms:
686
687	  - blake2b-160
688	  - blake2b-256
689	  - blake2b-384
690	  - blake2b-512
691
692	  See https://blake2.net for further information.
693
694config CRYPTO_BLAKE2S
695	tristate "BLAKE2s digest algorithm"
696	select CRYPTO_LIB_BLAKE2S_GENERIC
697	select CRYPTO_HASH
698	help
699	  Implementation of cryptographic hash function BLAKE2s
700	  optimized for 8-32bit platforms and can produce digests of any size
701	  between 1 to 32.  The keyed hash is also implemented.
702
703	  This module provides the following algorithms:
704
705	  - blake2s-128
706	  - blake2s-160
707	  - blake2s-224
708	  - blake2s-256
709
710	  See https://blake2.net for further information.
711
712config CRYPTO_BLAKE2S_X86
713	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
714	depends on X86 && 64BIT
715	select CRYPTO_LIB_BLAKE2S_GENERIC
716	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
717
718config CRYPTO_CRCT10DIF
719	tristate "CRCT10DIF algorithm"
720	select CRYPTO_HASH
721	help
722	  CRC T10 Data Integrity Field computation is being cast as
723	  a crypto transform.  This allows for faster crc t10 diff
724	  transforms to be used if they are available.
725
726config CRYPTO_CRCT10DIF_PCLMUL
727	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
728	depends on X86 && 64BIT && CRC_T10DIF
729	select CRYPTO_HASH
730	help
731	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
732	  CRC T10 DIF PCLMULQDQ computation can be hardware
733	  accelerated PCLMULQDQ instruction. This option will create
734	  'crct10dif-pclmul' module, which is faster when computing the
735	  crct10dif checksum as compared with the generic table implementation.
736
737config CRYPTO_CRCT10DIF_VPMSUM
738	tristate "CRC32T10DIF powerpc64 hardware acceleration"
739	depends on PPC64 && ALTIVEC && CRC_T10DIF
740	select CRYPTO_HASH
741	help
742	  CRC10T10DIF algorithm implemented using vector polynomial
743	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
744	  POWER8 and newer processors for improved performance.
745
746config CRYPTO_CRC64_ROCKSOFT
747	tristate "Rocksoft Model CRC64 algorithm"
748	depends on CRC64
749	select CRYPTO_HASH
750
751config CRYPTO_VPMSUM_TESTER
752	tristate "Powerpc64 vpmsum hardware acceleration tester"
753	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
754	help
755	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
756	  POWER8 vpmsum instructions.
757	  Unless you are testing these algorithms, you don't need this.
758
759config CRYPTO_GHASH
760	tristate "GHASH hash function"
761	select CRYPTO_GF128MUL
762	select CRYPTO_HASH
763	help
764	  GHASH is the hash function used in GCM (Galois/Counter Mode).
765	  It is not a general-purpose cryptographic hash function.
766
767config CRYPTO_POLY1305
768	tristate "Poly1305 authenticator algorithm"
769	select CRYPTO_HASH
770	select CRYPTO_LIB_POLY1305_GENERIC
771	help
772	  Poly1305 authenticator algorithm, RFC7539.
773
774	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
775	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
776	  in IETF protocols. This is the portable C implementation of Poly1305.
777
778config CRYPTO_POLY1305_X86_64
779	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
780	depends on X86 && 64BIT
781	select CRYPTO_LIB_POLY1305_GENERIC
782	select CRYPTO_ARCH_HAVE_LIB_POLY1305
783	help
784	  Poly1305 authenticator algorithm, RFC7539.
785
786	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
787	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
788	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
789	  instructions.
790
791config CRYPTO_POLY1305_MIPS
792	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
793	depends on MIPS
794	select CRYPTO_ARCH_HAVE_LIB_POLY1305
795
796config CRYPTO_MD4
797	tristate "MD4 digest algorithm"
798	select CRYPTO_HASH
799	help
800	  MD4 message digest algorithm (RFC1320).
801
802config CRYPTO_MD5
803	tristate "MD5 digest algorithm"
804	select CRYPTO_HASH
805	help
806	  MD5 message digest algorithm (RFC1321).
807
808config CRYPTO_MD5_OCTEON
809	tristate "MD5 digest algorithm (OCTEON)"
810	depends on CPU_CAVIUM_OCTEON
811	select CRYPTO_MD5
812	select CRYPTO_HASH
813	help
814	  MD5 message digest algorithm (RFC1321) implemented
815	  using OCTEON crypto instructions, when available.
816
817config CRYPTO_MD5_PPC
818	tristate "MD5 digest algorithm (PPC)"
819	depends on PPC
820	select CRYPTO_HASH
821	help
822	  MD5 message digest algorithm (RFC1321) implemented
823	  in PPC assembler.
824
825config CRYPTO_MD5_SPARC64
826	tristate "MD5 digest algorithm (SPARC64)"
827	depends on SPARC64
828	select CRYPTO_MD5
829	select CRYPTO_HASH
830	help
831	  MD5 message digest algorithm (RFC1321) implemented
832	  using sparc64 crypto instructions, when available.
833
834config CRYPTO_MICHAEL_MIC
835	tristate "Michael MIC keyed digest algorithm"
836	select CRYPTO_HASH
837	help
838	  Michael MIC is used for message integrity protection in TKIP
839	  (IEEE 802.11i). This algorithm is required for TKIP, but it
840	  should not be used for other purposes because of the weakness
841	  of the algorithm.
842
843config CRYPTO_RMD160
844	tristate "RIPEMD-160 digest algorithm"
845	select CRYPTO_HASH
846	help
847	  RIPEMD-160 (ISO/IEC 10118-3:2004).
848
849	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
850	  to be used as a secure replacement for the 128-bit hash functions
851	  MD4, MD5 and it's predecessor RIPEMD
852	  (not to be confused with RIPEMD-128).
853
854	  It's speed is comparable to SHA1 and there are no known attacks
855	  against RIPEMD-160.
856
857	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
858	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
859
860config CRYPTO_SHA1
861	tristate "SHA1 digest algorithm"
862	select CRYPTO_HASH
863	help
864	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
865
866config CRYPTO_SHA1_SSSE3
867	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
868	depends on X86 && 64BIT
869	select CRYPTO_SHA1
870	select CRYPTO_HASH
871	help
872	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
873	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
874	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
875	  when available.
876
877config CRYPTO_SHA256_SSSE3
878	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
879	depends on X86 && 64BIT
880	select CRYPTO_SHA256
881	select CRYPTO_HASH
882	help
883	  SHA-256 secure hash standard (DFIPS 180-2) implemented
884	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
885	  Extensions version 1 (AVX1), or Advanced Vector Extensions
886	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
887	  Instructions) when available.
888
889config CRYPTO_SHA512_SSSE3
890	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
891	depends on X86 && 64BIT
892	select CRYPTO_SHA512
893	select CRYPTO_HASH
894	help
895	  SHA-512 secure hash standard (DFIPS 180-2) implemented
896	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
897	  Extensions version 1 (AVX1), or Advanced Vector Extensions
898	  version 2 (AVX2) instructions, when available.
899
900config CRYPTO_SHA1_OCTEON
901	tristate "SHA1 digest algorithm (OCTEON)"
902	depends on CPU_CAVIUM_OCTEON
903	select CRYPTO_SHA1
904	select CRYPTO_HASH
905	help
906	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
907	  using OCTEON crypto instructions, when available.
908
909config CRYPTO_SHA1_SPARC64
910	tristate "SHA1 digest algorithm (SPARC64)"
911	depends on SPARC64
912	select CRYPTO_SHA1
913	select CRYPTO_HASH
914	help
915	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
916	  using sparc64 crypto instructions, when available.
917
918config CRYPTO_SHA1_PPC
919	tristate "SHA1 digest algorithm (powerpc)"
920	depends on PPC
921	help
922	  This is the powerpc hardware accelerated implementation of the
923	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
924
925config CRYPTO_SHA1_PPC_SPE
926	tristate "SHA1 digest algorithm (PPC SPE)"
927	depends on PPC && SPE
928	help
929	  SHA-1 secure hash standard (DFIPS 180-4) implemented
930	  using powerpc SPE SIMD instruction set.
931
932config CRYPTO_SHA256
933	tristate "SHA224 and SHA256 digest algorithm"
934	select CRYPTO_HASH
935	select CRYPTO_LIB_SHA256
936	help
937	  SHA256 secure hash standard (DFIPS 180-2).
938
939	  This version of SHA implements a 256 bit hash with 128 bits of
940	  security against collision attacks.
941
942	  This code also includes SHA-224, a 224 bit hash with 112 bits
943	  of security against collision attacks.
944
945config CRYPTO_SHA256_PPC_SPE
946	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
947	depends on PPC && SPE
948	select CRYPTO_SHA256
949	select CRYPTO_HASH
950	help
951	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
952	  implemented using powerpc SPE SIMD instruction set.
953
954config CRYPTO_SHA256_OCTEON
955	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
956	depends on CPU_CAVIUM_OCTEON
957	select CRYPTO_SHA256
958	select CRYPTO_HASH
959	help
960	  SHA-256 secure hash standard (DFIPS 180-2) implemented
961	  using OCTEON crypto instructions, when available.
962
963config CRYPTO_SHA256_SPARC64
964	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
965	depends on SPARC64
966	select CRYPTO_SHA256
967	select CRYPTO_HASH
968	help
969	  SHA-256 secure hash standard (DFIPS 180-2) implemented
970	  using sparc64 crypto instructions, when available.
971
972config CRYPTO_SHA512
973	tristate "SHA384 and SHA512 digest algorithms"
974	select CRYPTO_HASH
975	help
976	  SHA512 secure hash standard (DFIPS 180-2).
977
978	  This version of SHA implements a 512 bit hash with 256 bits of
979	  security against collision attacks.
980
981	  This code also includes SHA-384, a 384 bit hash with 192 bits
982	  of security against collision attacks.
983
984config CRYPTO_SHA512_OCTEON
985	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
986	depends on CPU_CAVIUM_OCTEON
987	select CRYPTO_SHA512
988	select CRYPTO_HASH
989	help
990	  SHA-512 secure hash standard (DFIPS 180-2) implemented
991	  using OCTEON crypto instructions, when available.
992
993config CRYPTO_SHA512_SPARC64
994	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
995	depends on SPARC64
996	select CRYPTO_SHA512
997	select CRYPTO_HASH
998	help
999	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1000	  using sparc64 crypto instructions, when available.
1001
1002config CRYPTO_SHA3
1003	tristate "SHA3 digest algorithm"
1004	select CRYPTO_HASH
1005	help
1006	  SHA-3 secure hash standard (DFIPS 202). It's based on
1007	  cryptographic sponge function family called Keccak.
1008
1009	  References:
1010	  http://keccak.noekeon.org/
1011
1012config CRYPTO_SM3
1013	tristate "SM3 digest algorithm"
1014	select CRYPTO_HASH
1015	select CRYPTO_LIB_SM3
1016	help
1017	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1018	  It is part of the Chinese Commercial Cryptography suite.
1019
1020	  References:
1021	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1022	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1023
1024config CRYPTO_SM3_AVX_X86_64
1025	tristate "SM3 digest algorithm (x86_64/AVX)"
1026	depends on X86 && 64BIT
1027	select CRYPTO_HASH
1028	select CRYPTO_LIB_SM3
1029	help
1030	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1031	  It is part of the Chinese Commercial Cryptography suite. This is
1032	  SM3 optimized implementation using Advanced Vector Extensions (AVX)
1033	  when available.
1034
1035	  If unsure, say N.
1036
1037config CRYPTO_STREEBOG
1038	tristate "Streebog Hash Function"
1039	select CRYPTO_HASH
1040	help
1041	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1042	  cryptographic standard algorithms (called GOST algorithms).
1043	  This setting enables two hash algorithms with 256 and 512 bits output.
1044
1045	  References:
1046	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1047	  https://tools.ietf.org/html/rfc6986
1048
1049config CRYPTO_WP512
1050	tristate "Whirlpool digest algorithms"
1051	select CRYPTO_HASH
1052	help
1053	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1054
1055	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1056	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1057
1058	  See also:
1059	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1060
1061config CRYPTO_GHASH_CLMUL_NI_INTEL
1062	tristate "GHASH hash function (CLMUL-NI accelerated)"
1063	depends on X86 && 64BIT
1064	select CRYPTO_CRYPTD
1065	help
1066	  This is the x86_64 CLMUL-NI accelerated implementation of
1067	  GHASH, the hash function used in GCM (Galois/Counter mode).
1068
1069comment "Ciphers"
1070
1071config CRYPTO_AES
1072	tristate "AES cipher algorithms"
1073	select CRYPTO_ALGAPI
1074	select CRYPTO_LIB_AES
1075	help
1076	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1077	  algorithm.
1078
1079	  Rijndael appears to be consistently a very good performer in
1080	  both hardware and software across a wide range of computing
1081	  environments regardless of its use in feedback or non-feedback
1082	  modes. Its key setup time is excellent, and its key agility is
1083	  good. Rijndael's very low memory requirements make it very well
1084	  suited for restricted-space environments, in which it also
1085	  demonstrates excellent performance. Rijndael's operations are
1086	  among the easiest to defend against power and timing attacks.
1087
1088	  The AES specifies three key sizes: 128, 192 and 256 bits
1089
1090	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1091
1092config CRYPTO_AES_TI
1093	tristate "Fixed time AES cipher"
1094	select CRYPTO_ALGAPI
1095	select CRYPTO_LIB_AES
1096	help
1097	  This is a generic implementation of AES that attempts to eliminate
1098	  data dependent latencies as much as possible without affecting
1099	  performance too much. It is intended for use by the generic CCM
1100	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1101	  solely on encryption (although decryption is supported as well, but
1102	  with a more dramatic performance hit)
1103
1104	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1105	  8 for decryption), this implementation only uses just two S-boxes of
1106	  256 bytes each, and attempts to eliminate data dependent latencies by
1107	  prefetching the entire table into the cache at the start of each
1108	  block. Interrupts are also disabled to avoid races where cachelines
1109	  are evicted when the CPU is interrupted to do something else.
1110
1111config CRYPTO_AES_NI_INTEL
1112	tristate "AES cipher algorithms (AES-NI)"
1113	depends on X86
1114	select CRYPTO_AEAD
1115	select CRYPTO_LIB_AES
1116	select CRYPTO_ALGAPI
1117	select CRYPTO_SKCIPHER
1118	select CRYPTO_SIMD
1119	help
1120	  Use Intel AES-NI instructions for AES algorithm.
1121
1122	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1123	  algorithm.
1124
1125	  Rijndael appears to be consistently a very good performer in
1126	  both hardware and software across a wide range of computing
1127	  environments regardless of its use in feedback or non-feedback
1128	  modes. Its key setup time is excellent, and its key agility is
1129	  good. Rijndael's very low memory requirements make it very well
1130	  suited for restricted-space environments, in which it also
1131	  demonstrates excellent performance. Rijndael's operations are
1132	  among the easiest to defend against power and timing attacks.
1133
1134	  The AES specifies three key sizes: 128, 192 and 256 bits
1135
1136	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1137
1138	  In addition to AES cipher algorithm support, the acceleration
1139	  for some popular block cipher mode is supported too, including
1140	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1141	  acceleration for CTR.
1142
1143config CRYPTO_AES_SPARC64
1144	tristate "AES cipher algorithms (SPARC64)"
1145	depends on SPARC64
1146	select CRYPTO_SKCIPHER
1147	help
1148	  Use SPARC64 crypto opcodes for AES algorithm.
1149
1150	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1151	  algorithm.
1152
1153	  Rijndael appears to be consistently a very good performer in
1154	  both hardware and software across a wide range of computing
1155	  environments regardless of its use in feedback or non-feedback
1156	  modes. Its key setup time is excellent, and its key agility is
1157	  good. Rijndael's very low memory requirements make it very well
1158	  suited for restricted-space environments, in which it also
1159	  demonstrates excellent performance. Rijndael's operations are
1160	  among the easiest to defend against power and timing attacks.
1161
1162	  The AES specifies three key sizes: 128, 192 and 256 bits
1163
1164	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1165
1166	  In addition to AES cipher algorithm support, the acceleration
1167	  for some popular block cipher mode is supported too, including
1168	  ECB and CBC.
1169
1170config CRYPTO_AES_PPC_SPE
1171	tristate "AES cipher algorithms (PPC SPE)"
1172	depends on PPC && SPE
1173	select CRYPTO_SKCIPHER
1174	help
1175	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1176	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1177	  This module should only be used for low power (router) devices
1178	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1179	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1180	  timining attacks. Nevertheless it might be not as secure as other
1181	  architecture specific assembler implementations that work on 1KB
1182	  tables or 256 bytes S-boxes.
1183
1184config CRYPTO_ANUBIS
1185	tristate "Anubis cipher algorithm"
1186	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1187	select CRYPTO_ALGAPI
1188	help
1189	  Anubis cipher algorithm.
1190
1191	  Anubis is a variable key length cipher which can use keys from
1192	  128 bits to 320 bits in length.  It was evaluated as a entrant
1193	  in the NESSIE competition.
1194
1195	  See also:
1196	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1197	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1198
1199config CRYPTO_ARC4
1200	tristate "ARC4 cipher algorithm"
1201	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1202	select CRYPTO_SKCIPHER
1203	select CRYPTO_LIB_ARC4
1204	help
1205	  ARC4 cipher algorithm.
1206
1207	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1208	  bits in length.  This algorithm is required for driver-based
1209	  WEP, but it should not be for other purposes because of the
1210	  weakness of the algorithm.
1211
1212config CRYPTO_BLOWFISH
1213	tristate "Blowfish cipher algorithm"
1214	select CRYPTO_ALGAPI
1215	select CRYPTO_BLOWFISH_COMMON
1216	help
1217	  Blowfish cipher algorithm, by Bruce Schneier.
1218
1219	  This is a variable key length cipher which can use keys from 32
1220	  bits to 448 bits in length.  It's fast, simple and specifically
1221	  designed for use on "large microprocessors".
1222
1223	  See also:
1224	  <https://www.schneier.com/blowfish.html>
1225
1226config CRYPTO_BLOWFISH_COMMON
1227	tristate
1228	help
1229	  Common parts of the Blowfish cipher algorithm shared by the
1230	  generic c and the assembler implementations.
1231
1232	  See also:
1233	  <https://www.schneier.com/blowfish.html>
1234
1235config CRYPTO_BLOWFISH_X86_64
1236	tristate "Blowfish cipher algorithm (x86_64)"
1237	depends on X86 && 64BIT
1238	select CRYPTO_SKCIPHER
1239	select CRYPTO_BLOWFISH_COMMON
1240	imply CRYPTO_CTR
1241	help
1242	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1243
1244	  This is a variable key length cipher which can use keys from 32
1245	  bits to 448 bits in length.  It's fast, simple and specifically
1246	  designed for use on "large microprocessors".
1247
1248	  See also:
1249	  <https://www.schneier.com/blowfish.html>
1250
1251config CRYPTO_CAMELLIA
1252	tristate "Camellia cipher algorithms"
1253	select CRYPTO_ALGAPI
1254	help
1255	  Camellia cipher algorithms module.
1256
1257	  Camellia is a symmetric key block cipher developed jointly
1258	  at NTT and Mitsubishi Electric Corporation.
1259
1260	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1261
1262	  See also:
1263	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1264
1265config CRYPTO_CAMELLIA_X86_64
1266	tristate "Camellia cipher algorithm (x86_64)"
1267	depends on X86 && 64BIT
1268	select CRYPTO_SKCIPHER
1269	imply CRYPTO_CTR
1270	help
1271	  Camellia cipher algorithm module (x86_64).
1272
1273	  Camellia is a symmetric key block cipher developed jointly
1274	  at NTT and Mitsubishi Electric Corporation.
1275
1276	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1277
1278	  See also:
1279	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1280
1281config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1282	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1283	depends on X86 && 64BIT
1284	select CRYPTO_SKCIPHER
1285	select CRYPTO_CAMELLIA_X86_64
1286	select CRYPTO_SIMD
1287	imply CRYPTO_XTS
1288	help
1289	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1290
1291	  Camellia is a symmetric key block cipher developed jointly
1292	  at NTT and Mitsubishi Electric Corporation.
1293
1294	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1295
1296	  See also:
1297	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1298
1299config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1300	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1301	depends on X86 && 64BIT
1302	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1303	help
1304	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1305
1306	  Camellia is a symmetric key block cipher developed jointly
1307	  at NTT and Mitsubishi Electric Corporation.
1308
1309	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1310
1311	  See also:
1312	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1313
1314config CRYPTO_CAMELLIA_SPARC64
1315	tristate "Camellia cipher algorithm (SPARC64)"
1316	depends on SPARC64
1317	select CRYPTO_ALGAPI
1318	select CRYPTO_SKCIPHER
1319	help
1320	  Camellia cipher algorithm module (SPARC64).
1321
1322	  Camellia is a symmetric key block cipher developed jointly
1323	  at NTT and Mitsubishi Electric Corporation.
1324
1325	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1326
1327	  See also:
1328	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1329
1330config CRYPTO_CAST_COMMON
1331	tristate
1332	help
1333	  Common parts of the CAST cipher algorithms shared by the
1334	  generic c and the assembler implementations.
1335
1336config CRYPTO_CAST5
1337	tristate "CAST5 (CAST-128) cipher algorithm"
1338	select CRYPTO_ALGAPI
1339	select CRYPTO_CAST_COMMON
1340	help
1341	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1342	  described in RFC2144.
1343
1344config CRYPTO_CAST5_AVX_X86_64
1345	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1346	depends on X86 && 64BIT
1347	select CRYPTO_SKCIPHER
1348	select CRYPTO_CAST5
1349	select CRYPTO_CAST_COMMON
1350	select CRYPTO_SIMD
1351	imply CRYPTO_CTR
1352	help
1353	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1354	  described in RFC2144.
1355
1356	  This module provides the Cast5 cipher algorithm that processes
1357	  sixteen blocks parallel using the AVX instruction set.
1358
1359config CRYPTO_CAST6
1360	tristate "CAST6 (CAST-256) cipher algorithm"
1361	select CRYPTO_ALGAPI
1362	select CRYPTO_CAST_COMMON
1363	help
1364	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1365	  described in RFC2612.
1366
1367config CRYPTO_CAST6_AVX_X86_64
1368	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1369	depends on X86 && 64BIT
1370	select CRYPTO_SKCIPHER
1371	select CRYPTO_CAST6
1372	select CRYPTO_CAST_COMMON
1373	select CRYPTO_SIMD
1374	imply CRYPTO_XTS
1375	imply CRYPTO_CTR
1376	help
1377	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1378	  described in RFC2612.
1379
1380	  This module provides the Cast6 cipher algorithm that processes
1381	  eight blocks parallel using the AVX instruction set.
1382
1383config CRYPTO_DES
1384	tristate "DES and Triple DES EDE cipher algorithms"
1385	select CRYPTO_ALGAPI
1386	select CRYPTO_LIB_DES
1387	help
1388	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1389
1390config CRYPTO_DES_SPARC64
1391	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1392	depends on SPARC64
1393	select CRYPTO_ALGAPI
1394	select CRYPTO_LIB_DES
1395	select CRYPTO_SKCIPHER
1396	help
1397	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1398	  optimized using SPARC64 crypto opcodes.
1399
1400config CRYPTO_DES3_EDE_X86_64
1401	tristate "Triple DES EDE cipher algorithm (x86-64)"
1402	depends on X86 && 64BIT
1403	select CRYPTO_SKCIPHER
1404	select CRYPTO_LIB_DES
1405	imply CRYPTO_CTR
1406	help
1407	  Triple DES EDE (FIPS 46-3) algorithm.
1408
1409	  This module provides implementation of the Triple DES EDE cipher
1410	  algorithm that is optimized for x86-64 processors. Two versions of
1411	  algorithm are provided; regular processing one input block and
1412	  one that processes three blocks parallel.
1413
1414config CRYPTO_FCRYPT
1415	tristate "FCrypt cipher algorithm"
1416	select CRYPTO_ALGAPI
1417	select CRYPTO_SKCIPHER
1418	help
1419	  FCrypt algorithm used by RxRPC.
1420
1421config CRYPTO_KHAZAD
1422	tristate "Khazad cipher algorithm"
1423	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1424	select CRYPTO_ALGAPI
1425	help
1426	  Khazad cipher algorithm.
1427
1428	  Khazad was a finalist in the initial NESSIE competition.  It is
1429	  an algorithm optimized for 64-bit processors with good performance
1430	  on 32-bit processors.  Khazad uses an 128 bit key size.
1431
1432	  See also:
1433	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1434
1435config CRYPTO_CHACHA20
1436	tristate "ChaCha stream cipher algorithms"
1437	select CRYPTO_LIB_CHACHA_GENERIC
1438	select CRYPTO_SKCIPHER
1439	help
1440	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1441
1442	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1443	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1444	  This is the portable C implementation of ChaCha20.  See also:
1445	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1446
1447	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1448	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1449	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1450	  while provably retaining ChaCha20's security.  See also:
1451	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1452
1453	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1454	  reduced security margin but increased performance.  It can be needed
1455	  in some performance-sensitive scenarios.
1456
1457config CRYPTO_CHACHA20_X86_64
1458	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1459	depends on X86 && 64BIT
1460	select CRYPTO_SKCIPHER
1461	select CRYPTO_LIB_CHACHA_GENERIC
1462	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1463	help
1464	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1465	  XChaCha20, and XChaCha12 stream ciphers.
1466
1467config CRYPTO_CHACHA_MIPS
1468	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1469	depends on CPU_MIPS32_R2
1470	select CRYPTO_SKCIPHER
1471	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1472
1473config CRYPTO_SEED
1474	tristate "SEED cipher algorithm"
1475	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1476	select CRYPTO_ALGAPI
1477	help
1478	  SEED cipher algorithm (RFC4269).
1479
1480	  SEED is a 128-bit symmetric key block cipher that has been
1481	  developed by KISA (Korea Information Security Agency) as a
1482	  national standard encryption algorithm of the Republic of Korea.
1483	  It is a 16 round block cipher with the key size of 128 bit.
1484
1485	  See also:
1486	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1487
1488config CRYPTO_SERPENT
1489	tristate "Serpent cipher algorithm"
1490	select CRYPTO_ALGAPI
1491	help
1492	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1493
1494	  Keys are allowed to be from 0 to 256 bits in length, in steps
1495	  of 8 bits.
1496
1497	  See also:
1498	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1499
1500config CRYPTO_SERPENT_SSE2_X86_64
1501	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1502	depends on X86 && 64BIT
1503	select CRYPTO_SKCIPHER
1504	select CRYPTO_SERPENT
1505	select CRYPTO_SIMD
1506	imply CRYPTO_CTR
1507	help
1508	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1509
1510	  Keys are allowed to be from 0 to 256 bits in length, in steps
1511	  of 8 bits.
1512
1513	  This module provides Serpent cipher algorithm that processes eight
1514	  blocks parallel using SSE2 instruction set.
1515
1516	  See also:
1517	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1518
1519config CRYPTO_SERPENT_SSE2_586
1520	tristate "Serpent cipher algorithm (i586/SSE2)"
1521	depends on X86 && !64BIT
1522	select CRYPTO_SKCIPHER
1523	select CRYPTO_SERPENT
1524	select CRYPTO_SIMD
1525	imply CRYPTO_CTR
1526	help
1527	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1528
1529	  Keys are allowed to be from 0 to 256 bits in length, in steps
1530	  of 8 bits.
1531
1532	  This module provides Serpent cipher algorithm that processes four
1533	  blocks parallel using SSE2 instruction set.
1534
1535	  See also:
1536	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1537
1538config CRYPTO_SERPENT_AVX_X86_64
1539	tristate "Serpent cipher algorithm (x86_64/AVX)"
1540	depends on X86 && 64BIT
1541	select CRYPTO_SKCIPHER
1542	select CRYPTO_SERPENT
1543	select CRYPTO_SIMD
1544	imply CRYPTO_XTS
1545	imply CRYPTO_CTR
1546	help
1547	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1548
1549	  Keys are allowed to be from 0 to 256 bits in length, in steps
1550	  of 8 bits.
1551
1552	  This module provides the Serpent cipher algorithm that processes
1553	  eight blocks parallel using the AVX instruction set.
1554
1555	  See also:
1556	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1557
1558config CRYPTO_SERPENT_AVX2_X86_64
1559	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1560	depends on X86 && 64BIT
1561	select CRYPTO_SERPENT_AVX_X86_64
1562	help
1563	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1564
1565	  Keys are allowed to be from 0 to 256 bits in length, in steps
1566	  of 8 bits.
1567
1568	  This module provides Serpent cipher algorithm that processes 16
1569	  blocks parallel using AVX2 instruction set.
1570
1571	  See also:
1572	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1573
1574config CRYPTO_SM4
1575	tristate "SM4 cipher algorithm"
1576	select CRYPTO_ALGAPI
1577	select CRYPTO_LIB_SM4
1578	help
1579	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1580
1581	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1582	  Organization of State Commercial Administration of China (OSCCA)
1583	  as an authorized cryptographic algorithms for the use within China.
1584
1585	  SMS4 was originally created for use in protecting wireless
1586	  networks, and is mandated in the Chinese National Standard for
1587	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1588	  (GB.15629.11-2003).
1589
1590	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1591	  standardized through TC 260 of the Standardization Administration
1592	  of the People's Republic of China (SAC).
1593
1594	  The input, output, and key of SMS4 are each 128 bits.
1595
1596	  See also: <https://eprint.iacr.org/2008/329.pdf>
1597
1598	  If unsure, say N.
1599
1600config CRYPTO_SM4_AESNI_AVX_X86_64
1601	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1602	depends on X86 && 64BIT
1603	select CRYPTO_SKCIPHER
1604	select CRYPTO_SIMD
1605	select CRYPTO_ALGAPI
1606	select CRYPTO_LIB_SM4
1607	help
1608	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1609
1610	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1611	  Organization of State Commercial Administration of China (OSCCA)
1612	  as an authorized cryptographic algorithms for the use within China.
1613
1614	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
1615	  instruction set for block cipher. Through two affine transforms,
1616	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1617	  effect of instruction acceleration.
1618
1619	  If unsure, say N.
1620
1621config CRYPTO_SM4_AESNI_AVX2_X86_64
1622	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1623	depends on X86 && 64BIT
1624	select CRYPTO_SKCIPHER
1625	select CRYPTO_SIMD
1626	select CRYPTO_ALGAPI
1627	select CRYPTO_LIB_SM4
1628	select CRYPTO_SM4_AESNI_AVX_X86_64
1629	help
1630	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1631
1632	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1633	  Organization of State Commercial Administration of China (OSCCA)
1634	  as an authorized cryptographic algorithms for the use within China.
1635
1636	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1637	  instruction set for block cipher. Through two affine transforms,
1638	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1639	  effect of instruction acceleration.
1640
1641	  If unsure, say N.
1642
1643config CRYPTO_TEA
1644	tristate "TEA, XTEA and XETA cipher algorithms"
1645	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1646	select CRYPTO_ALGAPI
1647	help
1648	  TEA cipher algorithm.
1649
1650	  Tiny Encryption Algorithm is a simple cipher that uses
1651	  many rounds for security.  It is very fast and uses
1652	  little memory.
1653
1654	  Xtendend Tiny Encryption Algorithm is a modification to
1655	  the TEA algorithm to address a potential key weakness
1656	  in the TEA algorithm.
1657
1658	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1659	  of the XTEA algorithm for compatibility purposes.
1660
1661config CRYPTO_TWOFISH
1662	tristate "Twofish cipher algorithm"
1663	select CRYPTO_ALGAPI
1664	select CRYPTO_TWOFISH_COMMON
1665	help
1666	  Twofish cipher algorithm.
1667
1668	  Twofish was submitted as an AES (Advanced Encryption Standard)
1669	  candidate cipher by researchers at CounterPane Systems.  It is a
1670	  16 round block cipher supporting key sizes of 128, 192, and 256
1671	  bits.
1672
1673	  See also:
1674	  <https://www.schneier.com/twofish.html>
1675
1676config CRYPTO_TWOFISH_COMMON
1677	tristate
1678	help
1679	  Common parts of the Twofish cipher algorithm shared by the
1680	  generic c and the assembler implementations.
1681
1682config CRYPTO_TWOFISH_586
1683	tristate "Twofish cipher algorithms (i586)"
1684	depends on (X86 || UML_X86) && !64BIT
1685	select CRYPTO_ALGAPI
1686	select CRYPTO_TWOFISH_COMMON
1687	imply CRYPTO_CTR
1688	help
1689	  Twofish cipher algorithm.
1690
1691	  Twofish was submitted as an AES (Advanced Encryption Standard)
1692	  candidate cipher by researchers at CounterPane Systems.  It is a
1693	  16 round block cipher supporting key sizes of 128, 192, and 256
1694	  bits.
1695
1696	  See also:
1697	  <https://www.schneier.com/twofish.html>
1698
1699config CRYPTO_TWOFISH_X86_64
1700	tristate "Twofish cipher algorithm (x86_64)"
1701	depends on (X86 || UML_X86) && 64BIT
1702	select CRYPTO_ALGAPI
1703	select CRYPTO_TWOFISH_COMMON
1704	imply CRYPTO_CTR
1705	help
1706	  Twofish cipher algorithm (x86_64).
1707
1708	  Twofish was submitted as an AES (Advanced Encryption Standard)
1709	  candidate cipher by researchers at CounterPane Systems.  It is a
1710	  16 round block cipher supporting key sizes of 128, 192, and 256
1711	  bits.
1712
1713	  See also:
1714	  <https://www.schneier.com/twofish.html>
1715
1716config CRYPTO_TWOFISH_X86_64_3WAY
1717	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1718	depends on X86 && 64BIT
1719	select CRYPTO_SKCIPHER
1720	select CRYPTO_TWOFISH_COMMON
1721	select CRYPTO_TWOFISH_X86_64
1722	help
1723	  Twofish cipher algorithm (x86_64, 3-way parallel).
1724
1725	  Twofish was submitted as an AES (Advanced Encryption Standard)
1726	  candidate cipher by researchers at CounterPane Systems.  It is a
1727	  16 round block cipher supporting key sizes of 128, 192, and 256
1728	  bits.
1729
1730	  This module provides Twofish cipher algorithm that processes three
1731	  blocks parallel, utilizing resources of out-of-order CPUs better.
1732
1733	  See also:
1734	  <https://www.schneier.com/twofish.html>
1735
1736config CRYPTO_TWOFISH_AVX_X86_64
1737	tristate "Twofish cipher algorithm (x86_64/AVX)"
1738	depends on X86 && 64BIT
1739	select CRYPTO_SKCIPHER
1740	select CRYPTO_SIMD
1741	select CRYPTO_TWOFISH_COMMON
1742	select CRYPTO_TWOFISH_X86_64
1743	select CRYPTO_TWOFISH_X86_64_3WAY
1744	imply CRYPTO_XTS
1745	help
1746	  Twofish cipher algorithm (x86_64/AVX).
1747
1748	  Twofish was submitted as an AES (Advanced Encryption Standard)
1749	  candidate cipher by researchers at CounterPane Systems.  It is a
1750	  16 round block cipher supporting key sizes of 128, 192, and 256
1751	  bits.
1752
1753	  This module provides the Twofish cipher algorithm that processes
1754	  eight blocks parallel using the AVX Instruction Set.
1755
1756	  See also:
1757	  <https://www.schneier.com/twofish.html>
1758
1759comment "Compression"
1760
1761config CRYPTO_DEFLATE
1762	tristate "Deflate compression algorithm"
1763	select CRYPTO_ALGAPI
1764	select CRYPTO_ACOMP2
1765	select ZLIB_INFLATE
1766	select ZLIB_DEFLATE
1767	help
1768	  This is the Deflate algorithm (RFC1951), specified for use in
1769	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1770
1771	  You will most probably want this if using IPSec.
1772
1773config CRYPTO_LZO
1774	tristate "LZO compression algorithm"
1775	select CRYPTO_ALGAPI
1776	select CRYPTO_ACOMP2
1777	select LZO_COMPRESS
1778	select LZO_DECOMPRESS
1779	help
1780	  This is the LZO algorithm.
1781
1782config CRYPTO_842
1783	tristate "842 compression algorithm"
1784	select CRYPTO_ALGAPI
1785	select CRYPTO_ACOMP2
1786	select 842_COMPRESS
1787	select 842_DECOMPRESS
1788	help
1789	  This is the 842 algorithm.
1790
1791config CRYPTO_LZ4
1792	tristate "LZ4 compression algorithm"
1793	select CRYPTO_ALGAPI
1794	select CRYPTO_ACOMP2
1795	select LZ4_COMPRESS
1796	select LZ4_DECOMPRESS
1797	help
1798	  This is the LZ4 algorithm.
1799
1800config CRYPTO_LZ4HC
1801	tristate "LZ4HC compression algorithm"
1802	select CRYPTO_ALGAPI
1803	select CRYPTO_ACOMP2
1804	select LZ4HC_COMPRESS
1805	select LZ4_DECOMPRESS
1806	help
1807	  This is the LZ4 high compression mode algorithm.
1808
1809config CRYPTO_ZSTD
1810	tristate "Zstd compression algorithm"
1811	select CRYPTO_ALGAPI
1812	select CRYPTO_ACOMP2
1813	select ZSTD_COMPRESS
1814	select ZSTD_DECOMPRESS
1815	help
1816	  This is the zstd algorithm.
1817
1818comment "Random Number Generation"
1819
1820config CRYPTO_ANSI_CPRNG
1821	tristate "Pseudo Random Number Generation for Cryptographic modules"
1822	select CRYPTO_AES
1823	select CRYPTO_RNG
1824	help
1825	  This option enables the generic pseudo random number generator
1826	  for cryptographic modules.  Uses the Algorithm specified in
1827	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1828	  CRYPTO_FIPS is selected
1829
1830menuconfig CRYPTO_DRBG_MENU
1831	tristate "NIST SP800-90A DRBG"
1832	help
1833	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1834	  more of the DRBG types must be selected.
1835
1836if CRYPTO_DRBG_MENU
1837
1838config CRYPTO_DRBG_HMAC
1839	bool
1840	default y
1841	select CRYPTO_HMAC
1842	select CRYPTO_SHA512
1843
1844config CRYPTO_DRBG_HASH
1845	bool "Enable Hash DRBG"
1846	select CRYPTO_SHA256
1847	help
1848	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1849
1850config CRYPTO_DRBG_CTR
1851	bool "Enable CTR DRBG"
1852	select CRYPTO_AES
1853	select CRYPTO_CTR
1854	help
1855	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1856
1857config CRYPTO_DRBG
1858	tristate
1859	default CRYPTO_DRBG_MENU
1860	select CRYPTO_RNG
1861	select CRYPTO_JITTERENTROPY
1862
1863endif	# if CRYPTO_DRBG_MENU
1864
1865config CRYPTO_JITTERENTROPY
1866	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1867	select CRYPTO_RNG
1868	help
1869	  The Jitterentropy RNG is a noise that is intended
1870	  to provide seed to another RNG. The RNG does not
1871	  perform any cryptographic whitening of the generated
1872	  random numbers. This Jitterentropy RNG registers with
1873	  the kernel crypto API and can be used by any caller.
1874
1875config CRYPTO_KDF800108_CTR
1876	tristate
1877	select CRYPTO_HMAC
1878	select CRYPTO_SHA256
1879
1880config CRYPTO_USER_API
1881	tristate
1882
1883config CRYPTO_USER_API_HASH
1884	tristate "User-space interface for hash algorithms"
1885	depends on NET
1886	select CRYPTO_HASH
1887	select CRYPTO_USER_API
1888	help
1889	  This option enables the user-spaces interface for hash
1890	  algorithms.
1891
1892config CRYPTO_USER_API_SKCIPHER
1893	tristate "User-space interface for symmetric key cipher algorithms"
1894	depends on NET
1895	select CRYPTO_SKCIPHER
1896	select CRYPTO_USER_API
1897	help
1898	  This option enables the user-spaces interface for symmetric
1899	  key cipher algorithms.
1900
1901config CRYPTO_USER_API_RNG
1902	tristate "User-space interface for random number generator algorithms"
1903	depends on NET
1904	select CRYPTO_RNG
1905	select CRYPTO_USER_API
1906	help
1907	  This option enables the user-spaces interface for random
1908	  number generator algorithms.
1909
1910config CRYPTO_USER_API_RNG_CAVP
1911	bool "Enable CAVP testing of DRBG"
1912	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1913	help
1914	  This option enables extra API for CAVP testing via the user-space
1915	  interface: resetting of DRBG entropy, and providing Additional Data.
1916	  This should only be enabled for CAVP testing. You should say
1917	  no unless you know what this is.
1918
1919config CRYPTO_USER_API_AEAD
1920	tristate "User-space interface for AEAD cipher algorithms"
1921	depends on NET
1922	select CRYPTO_AEAD
1923	select CRYPTO_SKCIPHER
1924	select CRYPTO_NULL
1925	select CRYPTO_USER_API
1926	help
1927	  This option enables the user-spaces interface for AEAD
1928	  cipher algorithms.
1929
1930config CRYPTO_USER_API_ENABLE_OBSOLETE
1931	bool "Enable obsolete cryptographic algorithms for userspace"
1932	depends on CRYPTO_USER_API
1933	default y
1934	help
1935	  Allow obsolete cryptographic algorithms to be selected that have
1936	  already been phased out from internal use by the kernel, and are
1937	  only useful for userspace clients that still rely on them.
1938
1939config CRYPTO_STATS
1940	bool "Crypto usage statistics for User-space"
1941	depends on CRYPTO_USER
1942	help
1943	  This option enables the gathering of crypto stats.
1944	  This will collect:
1945	  - encrypt/decrypt size and numbers of symmeric operations
1946	  - compress/decompress size and numbers of compress operations
1947	  - size and numbers of hash operations
1948	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1949	  - generate/seed numbers for rng operations
1950
1951config CRYPTO_HASH_INFO
1952	bool
1953
1954source "drivers/crypto/Kconfig"
1955source "crypto/asymmetric_keys/Kconfig"
1956source "certs/Kconfig"
1957
1958endif	# if CRYPTO
1959