xref: /openbmc/linux/crypto/Kconfig (revision 8a5aaf97)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_RSA
117	tristate "RSA algorithm"
118	select CRYPTO_AKCIPHER
119	select CRYPTO_MANAGER
120	select MPILIB
121	select ASN1
122	help
123	  Generic implementation of the RSA public key algorithm.
124
125config CRYPTO_DH
126	tristate "Diffie-Hellman algorithm"
127	select CRYPTO_KPP
128	select MPILIB
129	help
130	  Generic implementation of the Diffie-Hellman algorithm.
131
132config CRYPTO_ECDH
133	tristate "ECDH algorithm"
134	select CRYPTO_KPP
135	select CRYPTO_RNG_DEFAULT
136	help
137	  Generic implementation of the ECDH algorithm
138
139config CRYPTO_MANAGER
140	tristate "Cryptographic algorithm manager"
141	select CRYPTO_MANAGER2
142	help
143	  Create default cryptographic template instantiations such as
144	  cbc(aes).
145
146config CRYPTO_MANAGER2
147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148	select CRYPTO_AEAD2
149	select CRYPTO_HASH2
150	select CRYPTO_BLKCIPHER2
151	select CRYPTO_AKCIPHER2
152	select CRYPTO_KPP2
153	select CRYPTO_ACOMP2
154
155config CRYPTO_USER
156	tristate "Userspace cryptographic algorithm configuration"
157	depends on NET
158	select CRYPTO_MANAGER
159	help
160	  Userspace configuration for cryptographic instantiations such as
161	  cbc(aes).
162
163config CRYPTO_MANAGER_DISABLE_TESTS
164	bool "Disable run-time self tests"
165	default y
166	depends on CRYPTO_MANAGER2
167	help
168	  Disable run-time self tests that normally take place at
169	  algorithm registration.
170
171config CRYPTO_GF128MUL
172	tristate "GF(2^128) multiplication functions"
173	help
174	  Efficient table driven implementation of multiplications in the
175	  field GF(2^128).  This is needed by some cypher modes. This
176	  option will be selected automatically if you select such a
177	  cipher mode.  Only select this option by hand if you expect to load
178	  an external module that requires these functions.
179
180config CRYPTO_NULL
181	tristate "Null algorithms"
182	select CRYPTO_NULL2
183	help
184	  These are 'Null' algorithms, used by IPsec, which do nothing.
185
186config CRYPTO_NULL2
187	tristate
188	select CRYPTO_ALGAPI2
189	select CRYPTO_BLKCIPHER2
190	select CRYPTO_HASH2
191
192config CRYPTO_PCRYPT
193	tristate "Parallel crypto engine"
194	depends on SMP
195	select PADATA
196	select CRYPTO_MANAGER
197	select CRYPTO_AEAD
198	help
199	  This converts an arbitrary crypto algorithm into a parallel
200	  algorithm that executes in kernel threads.
201
202config CRYPTO_WORKQUEUE
203       tristate
204
205config CRYPTO_CRYPTD
206	tristate "Software async crypto daemon"
207	select CRYPTO_BLKCIPHER
208	select CRYPTO_HASH
209	select CRYPTO_MANAGER
210	select CRYPTO_WORKQUEUE
211	help
212	  This is a generic software asynchronous crypto daemon that
213	  converts an arbitrary synchronous software crypto algorithm
214	  into an asynchronous algorithm that executes in a kernel thread.
215
216config CRYPTO_AUTHENC
217	tristate "Authenc support"
218	select CRYPTO_AEAD
219	select CRYPTO_BLKCIPHER
220	select CRYPTO_MANAGER
221	select CRYPTO_HASH
222	select CRYPTO_NULL
223	help
224	  Authenc: Combined mode wrapper for IPsec.
225	  This is required for IPSec.
226
227config CRYPTO_TEST
228	tristate "Testing module"
229	depends on m
230	select CRYPTO_MANAGER
231	help
232	  Quick & dirty crypto test module.
233
234config CRYPTO_SIMD
235	tristate
236	select CRYPTO_CRYPTD
237
238config CRYPTO_GLUE_HELPER_X86
239	tristate
240	depends on X86
241	select CRYPTO_BLKCIPHER
242
243config CRYPTO_ENGINE
244	tristate
245
246comment "Authenticated Encryption with Associated Data"
247
248config CRYPTO_CCM
249	tristate "CCM support"
250	select CRYPTO_CTR
251	select CRYPTO_HASH
252	select CRYPTO_AEAD
253	help
254	  Support for Counter with CBC MAC. Required for IPsec.
255
256config CRYPTO_GCM
257	tristate "GCM/GMAC support"
258	select CRYPTO_CTR
259	select CRYPTO_AEAD
260	select CRYPTO_GHASH
261	select CRYPTO_NULL
262	help
263	  Support for Galois/Counter Mode (GCM) and Galois Message
264	  Authentication Code (GMAC). Required for IPSec.
265
266config CRYPTO_CHACHA20POLY1305
267	tristate "ChaCha20-Poly1305 AEAD support"
268	select CRYPTO_CHACHA20
269	select CRYPTO_POLY1305
270	select CRYPTO_AEAD
271	help
272	  ChaCha20-Poly1305 AEAD support, RFC7539.
273
274	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
275	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
276	  IETF protocols.
277
278config CRYPTO_AEGIS128
279	tristate "AEGIS-128 AEAD algorithm"
280	select CRYPTO_AEAD
281	select CRYPTO_AES  # for AES S-box tables
282	help
283	 Support for the AEGIS-128 dedicated AEAD algorithm.
284
285config CRYPTO_AEGIS128L
286	tristate "AEGIS-128L AEAD algorithm"
287	select CRYPTO_AEAD
288	select CRYPTO_AES  # for AES S-box tables
289	help
290	 Support for the AEGIS-128L dedicated AEAD algorithm.
291
292config CRYPTO_AEGIS256
293	tristate "AEGIS-256 AEAD algorithm"
294	select CRYPTO_AEAD
295	select CRYPTO_AES  # for AES S-box tables
296	help
297	 Support for the AEGIS-256 dedicated AEAD algorithm.
298
299config CRYPTO_AEGIS128_AESNI_SSE2
300	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
301	depends on X86 && 64BIT
302	select CRYPTO_AEAD
303	select CRYPTO_CRYPTD
304	help
305	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
306
307config CRYPTO_AEGIS128L_AESNI_SSE2
308	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
309	depends on X86 && 64BIT
310	select CRYPTO_AEAD
311	select CRYPTO_CRYPTD
312	help
313	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
314
315config CRYPTO_AEGIS256_AESNI_SSE2
316	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
317	depends on X86 && 64BIT
318	select CRYPTO_AEAD
319	select CRYPTO_CRYPTD
320	help
321	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
322
323config CRYPTO_MORUS640
324	tristate "MORUS-640 AEAD algorithm"
325	select CRYPTO_AEAD
326	help
327	  Support for the MORUS-640 dedicated AEAD algorithm.
328
329config CRYPTO_MORUS640_GLUE
330	tristate
331	depends on X86
332	select CRYPTO_AEAD
333	select CRYPTO_CRYPTD
334	help
335	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
336	  algorithm.
337
338config CRYPTO_MORUS640_SSE2
339	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
340	depends on X86 && 64BIT
341	select CRYPTO_AEAD
342	select CRYPTO_MORUS640_GLUE
343	help
344	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
345
346config CRYPTO_MORUS1280
347	tristate "MORUS-1280 AEAD algorithm"
348	select CRYPTO_AEAD
349	help
350	  Support for the MORUS-1280 dedicated AEAD algorithm.
351
352config CRYPTO_MORUS1280_GLUE
353	tristate
354	depends on X86
355	select CRYPTO_AEAD
356	select CRYPTO_CRYPTD
357	help
358	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
359	  algorithm.
360
361config CRYPTO_MORUS1280_SSE2
362	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
363	depends on X86 && 64BIT
364	select CRYPTO_AEAD
365	select CRYPTO_MORUS1280_GLUE
366	help
367	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
368	  algorithm.
369
370config CRYPTO_MORUS1280_AVX2
371	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
372	depends on X86 && 64BIT
373	select CRYPTO_AEAD
374	select CRYPTO_MORUS1280_GLUE
375	help
376	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
377	  algorithm.
378
379config CRYPTO_SEQIV
380	tristate "Sequence Number IV Generator"
381	select CRYPTO_AEAD
382	select CRYPTO_BLKCIPHER
383	select CRYPTO_NULL
384	select CRYPTO_RNG_DEFAULT
385	help
386	  This IV generator generates an IV based on a sequence number by
387	  xoring it with a salt.  This algorithm is mainly useful for CTR
388
389config CRYPTO_ECHAINIV
390	tristate "Encrypted Chain IV Generator"
391	select CRYPTO_AEAD
392	select CRYPTO_NULL
393	select CRYPTO_RNG_DEFAULT
394	default m
395	help
396	  This IV generator generates an IV based on the encryption of
397	  a sequence number xored with a salt.  This is the default
398	  algorithm for CBC.
399
400comment "Block modes"
401
402config CRYPTO_CBC
403	tristate "CBC support"
404	select CRYPTO_BLKCIPHER
405	select CRYPTO_MANAGER
406	help
407	  CBC: Cipher Block Chaining mode
408	  This block cipher algorithm is required for IPSec.
409
410config CRYPTO_CFB
411	tristate "CFB support"
412	select CRYPTO_BLKCIPHER
413	select CRYPTO_MANAGER
414	help
415	  CFB: Cipher FeedBack mode
416	  This block cipher algorithm is required for TPM2 Cryptography.
417
418config CRYPTO_CTR
419	tristate "CTR support"
420	select CRYPTO_BLKCIPHER
421	select CRYPTO_SEQIV
422	select CRYPTO_MANAGER
423	help
424	  CTR: Counter mode
425	  This block cipher algorithm is required for IPSec.
426
427config CRYPTO_CTS
428	tristate "CTS support"
429	select CRYPTO_BLKCIPHER
430	help
431	  CTS: Cipher Text Stealing
432	  This is the Cipher Text Stealing mode as described by
433	  Section 8 of rfc2040 and referenced by rfc3962
434	  (rfc3962 includes errata information in its Appendix A) or
435	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
436	  This mode is required for Kerberos gss mechanism support
437	  for AES encryption.
438
439	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
440
441config CRYPTO_ECB
442	tristate "ECB support"
443	select CRYPTO_BLKCIPHER
444	select CRYPTO_MANAGER
445	help
446	  ECB: Electronic CodeBook mode
447	  This is the simplest block cipher algorithm.  It simply encrypts
448	  the input block by block.
449
450config CRYPTO_LRW
451	tristate "LRW support"
452	select CRYPTO_BLKCIPHER
453	select CRYPTO_MANAGER
454	select CRYPTO_GF128MUL
455	help
456	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
457	  narrow block cipher mode for dm-crypt.  Use it with cipher
458	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
459	  The first 128, 192 or 256 bits in the key are used for AES and the
460	  rest is used to tie each cipher block to its logical position.
461
462config CRYPTO_OFB
463	tristate "OFB support"
464	select CRYPTO_BLKCIPHER
465	select CRYPTO_MANAGER
466	help
467	  OFB: the Output Feedback mode makes a block cipher into a synchronous
468	  stream cipher. It generates keystream blocks, which are then XORed
469	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
470	  ciphertext produces a flipped bit in the plaintext at the same
471	  location. This property allows many error correcting codes to function
472	  normally even when applied before encryption.
473
474config CRYPTO_PCBC
475	tristate "PCBC support"
476	select CRYPTO_BLKCIPHER
477	select CRYPTO_MANAGER
478	help
479	  PCBC: Propagating Cipher Block Chaining mode
480	  This block cipher algorithm is required for RxRPC.
481
482config CRYPTO_XTS
483	tristate "XTS support"
484	select CRYPTO_BLKCIPHER
485	select CRYPTO_MANAGER
486	select CRYPTO_ECB
487	help
488	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
489	  key size 256, 384 or 512 bits. This implementation currently
490	  can't handle a sectorsize which is not a multiple of 16 bytes.
491
492config CRYPTO_KEYWRAP
493	tristate "Key wrapping support"
494	select CRYPTO_BLKCIPHER
495	help
496	  Support for key wrapping (NIST SP800-38F / RFC3394) without
497	  padding.
498
499config CRYPTO_NHPOLY1305
500	tristate
501	select CRYPTO_HASH
502	select CRYPTO_POLY1305
503
504config CRYPTO_NHPOLY1305_SSE2
505	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
506	depends on X86 && 64BIT
507	select CRYPTO_NHPOLY1305
508	help
509	  SSE2 optimized implementation of the hash function used by the
510	  Adiantum encryption mode.
511
512config CRYPTO_NHPOLY1305_AVX2
513	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
514	depends on X86 && 64BIT
515	select CRYPTO_NHPOLY1305
516	help
517	  AVX2 optimized implementation of the hash function used by the
518	  Adiantum encryption mode.
519
520config CRYPTO_ADIANTUM
521	tristate "Adiantum support"
522	select CRYPTO_CHACHA20
523	select CRYPTO_POLY1305
524	select CRYPTO_NHPOLY1305
525	help
526	  Adiantum is a tweakable, length-preserving encryption mode
527	  designed for fast and secure disk encryption, especially on
528	  CPUs without dedicated crypto instructions.  It encrypts
529	  each sector using the XChaCha12 stream cipher, two passes of
530	  an ε-almost-∆-universal hash function, and an invocation of
531	  the AES-256 block cipher on a single 16-byte block.  On CPUs
532	  without AES instructions, Adiantum is much faster than
533	  AES-XTS.
534
535	  Adiantum's security is provably reducible to that of its
536	  underlying stream and block ciphers, subject to a security
537	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
538	  mode, so it actually provides an even stronger notion of
539	  security than XTS, subject to the security bound.
540
541	  If unsure, say N.
542
543comment "Hash modes"
544
545config CRYPTO_CMAC
546	tristate "CMAC support"
547	select CRYPTO_HASH
548	select CRYPTO_MANAGER
549	help
550	  Cipher-based Message Authentication Code (CMAC) specified by
551	  The National Institute of Standards and Technology (NIST).
552
553	  https://tools.ietf.org/html/rfc4493
554	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
555
556config CRYPTO_HMAC
557	tristate "HMAC support"
558	select CRYPTO_HASH
559	select CRYPTO_MANAGER
560	help
561	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
562	  This is required for IPSec.
563
564config CRYPTO_XCBC
565	tristate "XCBC support"
566	select CRYPTO_HASH
567	select CRYPTO_MANAGER
568	help
569	  XCBC: Keyed-Hashing with encryption algorithm
570		http://www.ietf.org/rfc/rfc3566.txt
571		http://csrc.nist.gov/encryption/modes/proposedmodes/
572		 xcbc-mac/xcbc-mac-spec.pdf
573
574config CRYPTO_VMAC
575	tristate "VMAC support"
576	select CRYPTO_HASH
577	select CRYPTO_MANAGER
578	help
579	  VMAC is a message authentication algorithm designed for
580	  very high speed on 64-bit architectures.
581
582	  See also:
583	  <http://fastcrypto.org/vmac>
584
585comment "Digest"
586
587config CRYPTO_CRC32C
588	tristate "CRC32c CRC algorithm"
589	select CRYPTO_HASH
590	select CRC32
591	help
592	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
593	  by iSCSI for header and data digests and by others.
594	  See Castagnoli93.  Module will be crc32c.
595
596config CRYPTO_CRC32C_INTEL
597	tristate "CRC32c INTEL hardware acceleration"
598	depends on X86
599	select CRYPTO_HASH
600	help
601	  In Intel processor with SSE4.2 supported, the processor will
602	  support CRC32C implementation using hardware accelerated CRC32
603	  instruction. This option will create 'crc32c-intel' module,
604	  which will enable any routine to use the CRC32 instruction to
605	  gain performance compared with software implementation.
606	  Module will be crc32c-intel.
607
608config CRYPTO_CRC32C_VPMSUM
609	tristate "CRC32c CRC algorithm (powerpc64)"
610	depends on PPC64 && ALTIVEC
611	select CRYPTO_HASH
612	select CRC32
613	help
614	  CRC32c algorithm implemented using vector polynomial multiply-sum
615	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
616	  and newer processors for improved performance.
617
618
619config CRYPTO_CRC32C_SPARC64
620	tristate "CRC32c CRC algorithm (SPARC64)"
621	depends on SPARC64
622	select CRYPTO_HASH
623	select CRC32
624	help
625	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
626	  when available.
627
628config CRYPTO_CRC32
629	tristate "CRC32 CRC algorithm"
630	select CRYPTO_HASH
631	select CRC32
632	help
633	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
634	  Shash crypto api wrappers to crc32_le function.
635
636config CRYPTO_CRC32_PCLMUL
637	tristate "CRC32 PCLMULQDQ hardware acceleration"
638	depends on X86
639	select CRYPTO_HASH
640	select CRC32
641	help
642	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
643	  and PCLMULQDQ supported, the processor will support
644	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
645	  instruction. This option will create 'crc32-plcmul' module,
646	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
647	  and gain better performance as compared with the table implementation.
648
649config CRYPTO_CRC32_MIPS
650	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
651	depends on MIPS_CRC_SUPPORT
652	select CRYPTO_HASH
653	help
654	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
655	  instructions, when available.
656
657
658config CRYPTO_CRCT10DIF
659	tristate "CRCT10DIF algorithm"
660	select CRYPTO_HASH
661	help
662	  CRC T10 Data Integrity Field computation is being cast as
663	  a crypto transform.  This allows for faster crc t10 diff
664	  transforms to be used if they are available.
665
666config CRYPTO_CRCT10DIF_PCLMUL
667	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
668	depends on X86 && 64BIT && CRC_T10DIF
669	select CRYPTO_HASH
670	help
671	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
672	  CRC T10 DIF PCLMULQDQ computation can be hardware
673	  accelerated PCLMULQDQ instruction. This option will create
674	  'crct10dif-plcmul' module, which is faster when computing the
675	  crct10dif checksum as compared with the generic table implementation.
676
677config CRYPTO_CRCT10DIF_VPMSUM
678	tristate "CRC32T10DIF powerpc64 hardware acceleration"
679	depends on PPC64 && ALTIVEC && CRC_T10DIF
680	select CRYPTO_HASH
681	help
682	  CRC10T10DIF algorithm implemented using vector polynomial
683	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
684	  POWER8 and newer processors for improved performance.
685
686config CRYPTO_VPMSUM_TESTER
687	tristate "Powerpc64 vpmsum hardware acceleration tester"
688	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
689	help
690	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
691	  POWER8 vpmsum instructions.
692	  Unless you are testing these algorithms, you don't need this.
693
694config CRYPTO_GHASH
695	tristate "GHASH digest algorithm"
696	select CRYPTO_GF128MUL
697	select CRYPTO_HASH
698	help
699	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
700
701config CRYPTO_POLY1305
702	tristate "Poly1305 authenticator algorithm"
703	select CRYPTO_HASH
704	help
705	  Poly1305 authenticator algorithm, RFC7539.
706
707	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
708	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
709	  in IETF protocols. This is the portable C implementation of Poly1305.
710
711config CRYPTO_POLY1305_X86_64
712	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
713	depends on X86 && 64BIT
714	select CRYPTO_POLY1305
715	help
716	  Poly1305 authenticator algorithm, RFC7539.
717
718	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
719	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
720	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
721	  instructions.
722
723config CRYPTO_MD4
724	tristate "MD4 digest algorithm"
725	select CRYPTO_HASH
726	help
727	  MD4 message digest algorithm (RFC1320).
728
729config CRYPTO_MD5
730	tristate "MD5 digest algorithm"
731	select CRYPTO_HASH
732	help
733	  MD5 message digest algorithm (RFC1321).
734
735config CRYPTO_MD5_OCTEON
736	tristate "MD5 digest algorithm (OCTEON)"
737	depends on CPU_CAVIUM_OCTEON
738	select CRYPTO_MD5
739	select CRYPTO_HASH
740	help
741	  MD5 message digest algorithm (RFC1321) implemented
742	  using OCTEON crypto instructions, when available.
743
744config CRYPTO_MD5_PPC
745	tristate "MD5 digest algorithm (PPC)"
746	depends on PPC
747	select CRYPTO_HASH
748	help
749	  MD5 message digest algorithm (RFC1321) implemented
750	  in PPC assembler.
751
752config CRYPTO_MD5_SPARC64
753	tristate "MD5 digest algorithm (SPARC64)"
754	depends on SPARC64
755	select CRYPTO_MD5
756	select CRYPTO_HASH
757	help
758	  MD5 message digest algorithm (RFC1321) implemented
759	  using sparc64 crypto instructions, when available.
760
761config CRYPTO_MICHAEL_MIC
762	tristate "Michael MIC keyed digest algorithm"
763	select CRYPTO_HASH
764	help
765	  Michael MIC is used for message integrity protection in TKIP
766	  (IEEE 802.11i). This algorithm is required for TKIP, but it
767	  should not be used for other purposes because of the weakness
768	  of the algorithm.
769
770config CRYPTO_RMD128
771	tristate "RIPEMD-128 digest algorithm"
772	select CRYPTO_HASH
773	help
774	  RIPEMD-128 (ISO/IEC 10118-3:2004).
775
776	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
777	  be used as a secure replacement for RIPEMD. For other use cases,
778	  RIPEMD-160 should be used.
779
780	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
781	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
782
783config CRYPTO_RMD160
784	tristate "RIPEMD-160 digest algorithm"
785	select CRYPTO_HASH
786	help
787	  RIPEMD-160 (ISO/IEC 10118-3:2004).
788
789	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
790	  to be used as a secure replacement for the 128-bit hash functions
791	  MD4, MD5 and it's predecessor RIPEMD
792	  (not to be confused with RIPEMD-128).
793
794	  It's speed is comparable to SHA1 and there are no known attacks
795	  against RIPEMD-160.
796
797	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
798	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
799
800config CRYPTO_RMD256
801	tristate "RIPEMD-256 digest algorithm"
802	select CRYPTO_HASH
803	help
804	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
805	  256 bit hash. It is intended for applications that require
806	  longer hash-results, without needing a larger security level
807	  (than RIPEMD-128).
808
809	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
810	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
811
812config CRYPTO_RMD320
813	tristate "RIPEMD-320 digest algorithm"
814	select CRYPTO_HASH
815	help
816	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
817	  320 bit hash. It is intended for applications that require
818	  longer hash-results, without needing a larger security level
819	  (than RIPEMD-160).
820
821	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
822	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
823
824config CRYPTO_SHA1
825	tristate "SHA1 digest algorithm"
826	select CRYPTO_HASH
827	help
828	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
829
830config CRYPTO_SHA1_SSSE3
831	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
832	depends on X86 && 64BIT
833	select CRYPTO_SHA1
834	select CRYPTO_HASH
835	help
836	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
837	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
838	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
839	  when available.
840
841config CRYPTO_SHA256_SSSE3
842	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
843	depends on X86 && 64BIT
844	select CRYPTO_SHA256
845	select CRYPTO_HASH
846	help
847	  SHA-256 secure hash standard (DFIPS 180-2) implemented
848	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
849	  Extensions version 1 (AVX1), or Advanced Vector Extensions
850	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
851	  Instructions) when available.
852
853config CRYPTO_SHA512_SSSE3
854	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
855	depends on X86 && 64BIT
856	select CRYPTO_SHA512
857	select CRYPTO_HASH
858	help
859	  SHA-512 secure hash standard (DFIPS 180-2) implemented
860	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
861	  Extensions version 1 (AVX1), or Advanced Vector Extensions
862	  version 2 (AVX2) instructions, when available.
863
864config CRYPTO_SHA1_OCTEON
865	tristate "SHA1 digest algorithm (OCTEON)"
866	depends on CPU_CAVIUM_OCTEON
867	select CRYPTO_SHA1
868	select CRYPTO_HASH
869	help
870	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
871	  using OCTEON crypto instructions, when available.
872
873config CRYPTO_SHA1_SPARC64
874	tristate "SHA1 digest algorithm (SPARC64)"
875	depends on SPARC64
876	select CRYPTO_SHA1
877	select CRYPTO_HASH
878	help
879	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
880	  using sparc64 crypto instructions, when available.
881
882config CRYPTO_SHA1_PPC
883	tristate "SHA1 digest algorithm (powerpc)"
884	depends on PPC
885	help
886	  This is the powerpc hardware accelerated implementation of the
887	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
888
889config CRYPTO_SHA1_PPC_SPE
890	tristate "SHA1 digest algorithm (PPC SPE)"
891	depends on PPC && SPE
892	help
893	  SHA-1 secure hash standard (DFIPS 180-4) implemented
894	  using powerpc SPE SIMD instruction set.
895
896config CRYPTO_SHA256
897	tristate "SHA224 and SHA256 digest algorithm"
898	select CRYPTO_HASH
899	help
900	  SHA256 secure hash standard (DFIPS 180-2).
901
902	  This version of SHA implements a 256 bit hash with 128 bits of
903	  security against collision attacks.
904
905	  This code also includes SHA-224, a 224 bit hash with 112 bits
906	  of security against collision attacks.
907
908config CRYPTO_SHA256_PPC_SPE
909	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
910	depends on PPC && SPE
911	select CRYPTO_SHA256
912	select CRYPTO_HASH
913	help
914	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
915	  implemented using powerpc SPE SIMD instruction set.
916
917config CRYPTO_SHA256_OCTEON
918	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
919	depends on CPU_CAVIUM_OCTEON
920	select CRYPTO_SHA256
921	select CRYPTO_HASH
922	help
923	  SHA-256 secure hash standard (DFIPS 180-2) implemented
924	  using OCTEON crypto instructions, when available.
925
926config CRYPTO_SHA256_SPARC64
927	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
928	depends on SPARC64
929	select CRYPTO_SHA256
930	select CRYPTO_HASH
931	help
932	  SHA-256 secure hash standard (DFIPS 180-2) implemented
933	  using sparc64 crypto instructions, when available.
934
935config CRYPTO_SHA512
936	tristate "SHA384 and SHA512 digest algorithms"
937	select CRYPTO_HASH
938	help
939	  SHA512 secure hash standard (DFIPS 180-2).
940
941	  This version of SHA implements a 512 bit hash with 256 bits of
942	  security against collision attacks.
943
944	  This code also includes SHA-384, a 384 bit hash with 192 bits
945	  of security against collision attacks.
946
947config CRYPTO_SHA512_OCTEON
948	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
949	depends on CPU_CAVIUM_OCTEON
950	select CRYPTO_SHA512
951	select CRYPTO_HASH
952	help
953	  SHA-512 secure hash standard (DFIPS 180-2) implemented
954	  using OCTEON crypto instructions, when available.
955
956config CRYPTO_SHA512_SPARC64
957	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
958	depends on SPARC64
959	select CRYPTO_SHA512
960	select CRYPTO_HASH
961	help
962	  SHA-512 secure hash standard (DFIPS 180-2) implemented
963	  using sparc64 crypto instructions, when available.
964
965config CRYPTO_SHA3
966	tristate "SHA3 digest algorithm"
967	select CRYPTO_HASH
968	help
969	  SHA-3 secure hash standard (DFIPS 202). It's based on
970	  cryptographic sponge function family called Keccak.
971
972	  References:
973	  http://keccak.noekeon.org/
974
975config CRYPTO_SM3
976	tristate "SM3 digest algorithm"
977	select CRYPTO_HASH
978	help
979	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
980	  It is part of the Chinese Commercial Cryptography suite.
981
982	  References:
983	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
984	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
985
986config CRYPTO_STREEBOG
987	tristate "Streebog Hash Function"
988	select CRYPTO_HASH
989	help
990	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
991	  cryptographic standard algorithms (called GOST algorithms).
992	  This setting enables two hash algorithms with 256 and 512 bits output.
993
994	  References:
995	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
996	  https://tools.ietf.org/html/rfc6986
997
998config CRYPTO_TGR192
999	tristate "Tiger digest algorithms"
1000	select CRYPTO_HASH
1001	help
1002	  Tiger hash algorithm 192, 160 and 128-bit hashes
1003
1004	  Tiger is a hash function optimized for 64-bit processors while
1005	  still having decent performance on 32-bit processors.
1006	  Tiger was developed by Ross Anderson and Eli Biham.
1007
1008	  See also:
1009	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1010
1011config CRYPTO_WP512
1012	tristate "Whirlpool digest algorithms"
1013	select CRYPTO_HASH
1014	help
1015	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1016
1017	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1018	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1019
1020	  See also:
1021	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1022
1023config CRYPTO_GHASH_CLMUL_NI_INTEL
1024	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1025	depends on X86 && 64BIT
1026	select CRYPTO_CRYPTD
1027	help
1028	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1029	  The implementation is accelerated by CLMUL-NI of Intel.
1030
1031comment "Ciphers"
1032
1033config CRYPTO_AES
1034	tristate "AES cipher algorithms"
1035	select CRYPTO_ALGAPI
1036	help
1037	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1038	  algorithm.
1039
1040	  Rijndael appears to be consistently a very good performer in
1041	  both hardware and software across a wide range of computing
1042	  environments regardless of its use in feedback or non-feedback
1043	  modes. Its key setup time is excellent, and its key agility is
1044	  good. Rijndael's very low memory requirements make it very well
1045	  suited for restricted-space environments, in which it also
1046	  demonstrates excellent performance. Rijndael's operations are
1047	  among the easiest to defend against power and timing attacks.
1048
1049	  The AES specifies three key sizes: 128, 192 and 256 bits
1050
1051	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1052
1053config CRYPTO_AES_TI
1054	tristate "Fixed time AES cipher"
1055	select CRYPTO_ALGAPI
1056	help
1057	  This is a generic implementation of AES that attempts to eliminate
1058	  data dependent latencies as much as possible without affecting
1059	  performance too much. It is intended for use by the generic CCM
1060	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1061	  solely on encryption (although decryption is supported as well, but
1062	  with a more dramatic performance hit)
1063
1064	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1065	  8 for decryption), this implementation only uses just two S-boxes of
1066	  256 bytes each, and attempts to eliminate data dependent latencies by
1067	  prefetching the entire table into the cache at the start of each
1068	  block. Interrupts are also disabled to avoid races where cachelines
1069	  are evicted when the CPU is interrupted to do something else.
1070
1071config CRYPTO_AES_586
1072	tristate "AES cipher algorithms (i586)"
1073	depends on (X86 || UML_X86) && !64BIT
1074	select CRYPTO_ALGAPI
1075	select CRYPTO_AES
1076	help
1077	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1078	  algorithm.
1079
1080	  Rijndael appears to be consistently a very good performer in
1081	  both hardware and software across a wide range of computing
1082	  environments regardless of its use in feedback or non-feedback
1083	  modes. Its key setup time is excellent, and its key agility is
1084	  good. Rijndael's very low memory requirements make it very well
1085	  suited for restricted-space environments, in which it also
1086	  demonstrates excellent performance. Rijndael's operations are
1087	  among the easiest to defend against power and timing attacks.
1088
1089	  The AES specifies three key sizes: 128, 192 and 256 bits
1090
1091	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1092
1093config CRYPTO_AES_X86_64
1094	tristate "AES cipher algorithms (x86_64)"
1095	depends on (X86 || UML_X86) && 64BIT
1096	select CRYPTO_ALGAPI
1097	select CRYPTO_AES
1098	help
1099	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1100	  algorithm.
1101
1102	  Rijndael appears to be consistently a very good performer in
1103	  both hardware and software across a wide range of computing
1104	  environments regardless of its use in feedback or non-feedback
1105	  modes. Its key setup time is excellent, and its key agility is
1106	  good. Rijndael's very low memory requirements make it very well
1107	  suited for restricted-space environments, in which it also
1108	  demonstrates excellent performance. Rijndael's operations are
1109	  among the easiest to defend against power and timing attacks.
1110
1111	  The AES specifies three key sizes: 128, 192 and 256 bits
1112
1113	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1114
1115config CRYPTO_AES_NI_INTEL
1116	tristate "AES cipher algorithms (AES-NI)"
1117	depends on X86
1118	select CRYPTO_AEAD
1119	select CRYPTO_AES_X86_64 if 64BIT
1120	select CRYPTO_AES_586 if !64BIT
1121	select CRYPTO_ALGAPI
1122	select CRYPTO_BLKCIPHER
1123	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1124	select CRYPTO_SIMD
1125	help
1126	  Use Intel AES-NI instructions for AES algorithm.
1127
1128	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1129	  algorithm.
1130
1131	  Rijndael appears to be consistently a very good performer in
1132	  both hardware and software across a wide range of computing
1133	  environments regardless of its use in feedback or non-feedback
1134	  modes. Its key setup time is excellent, and its key agility is
1135	  good. Rijndael's very low memory requirements make it very well
1136	  suited for restricted-space environments, in which it also
1137	  demonstrates excellent performance. Rijndael's operations are
1138	  among the easiest to defend against power and timing attacks.
1139
1140	  The AES specifies three key sizes: 128, 192 and 256 bits
1141
1142	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1143
1144	  In addition to AES cipher algorithm support, the acceleration
1145	  for some popular block cipher mode is supported too, including
1146	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1147	  acceleration for CTR.
1148
1149config CRYPTO_AES_SPARC64
1150	tristate "AES cipher algorithms (SPARC64)"
1151	depends on SPARC64
1152	select CRYPTO_CRYPTD
1153	select CRYPTO_ALGAPI
1154	help
1155	  Use SPARC64 crypto opcodes for AES algorithm.
1156
1157	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1158	  algorithm.
1159
1160	  Rijndael appears to be consistently a very good performer in
1161	  both hardware and software across a wide range of computing
1162	  environments regardless of its use in feedback or non-feedback
1163	  modes. Its key setup time is excellent, and its key agility is
1164	  good. Rijndael's very low memory requirements make it very well
1165	  suited for restricted-space environments, in which it also
1166	  demonstrates excellent performance. Rijndael's operations are
1167	  among the easiest to defend against power and timing attacks.
1168
1169	  The AES specifies three key sizes: 128, 192 and 256 bits
1170
1171	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1172
1173	  In addition to AES cipher algorithm support, the acceleration
1174	  for some popular block cipher mode is supported too, including
1175	  ECB and CBC.
1176
1177config CRYPTO_AES_PPC_SPE
1178	tristate "AES cipher algorithms (PPC SPE)"
1179	depends on PPC && SPE
1180	help
1181	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1182	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1183	  This module should only be used for low power (router) devices
1184	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1185	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1186	  timining attacks. Nevertheless it might be not as secure as other
1187	  architecture specific assembler implementations that work on 1KB
1188	  tables or 256 bytes S-boxes.
1189
1190config CRYPTO_ANUBIS
1191	tristate "Anubis cipher algorithm"
1192	select CRYPTO_ALGAPI
1193	help
1194	  Anubis cipher algorithm.
1195
1196	  Anubis is a variable key length cipher which can use keys from
1197	  128 bits to 320 bits in length.  It was evaluated as a entrant
1198	  in the NESSIE competition.
1199
1200	  See also:
1201	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1202	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1203
1204config CRYPTO_ARC4
1205	tristate "ARC4 cipher algorithm"
1206	select CRYPTO_BLKCIPHER
1207	help
1208	  ARC4 cipher algorithm.
1209
1210	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1211	  bits in length.  This algorithm is required for driver-based
1212	  WEP, but it should not be for other purposes because of the
1213	  weakness of the algorithm.
1214
1215config CRYPTO_BLOWFISH
1216	tristate "Blowfish cipher algorithm"
1217	select CRYPTO_ALGAPI
1218	select CRYPTO_BLOWFISH_COMMON
1219	help
1220	  Blowfish cipher algorithm, by Bruce Schneier.
1221
1222	  This is a variable key length cipher which can use keys from 32
1223	  bits to 448 bits in length.  It's fast, simple and specifically
1224	  designed for use on "large microprocessors".
1225
1226	  See also:
1227	  <http://www.schneier.com/blowfish.html>
1228
1229config CRYPTO_BLOWFISH_COMMON
1230	tristate
1231	help
1232	  Common parts of the Blowfish cipher algorithm shared by the
1233	  generic c and the assembler implementations.
1234
1235	  See also:
1236	  <http://www.schneier.com/blowfish.html>
1237
1238config CRYPTO_BLOWFISH_X86_64
1239	tristate "Blowfish cipher algorithm (x86_64)"
1240	depends on X86 && 64BIT
1241	select CRYPTO_BLKCIPHER
1242	select CRYPTO_BLOWFISH_COMMON
1243	help
1244	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1245
1246	  This is a variable key length cipher which can use keys from 32
1247	  bits to 448 bits in length.  It's fast, simple and specifically
1248	  designed for use on "large microprocessors".
1249
1250	  See also:
1251	  <http://www.schneier.com/blowfish.html>
1252
1253config CRYPTO_CAMELLIA
1254	tristate "Camellia cipher algorithms"
1255	depends on CRYPTO
1256	select CRYPTO_ALGAPI
1257	help
1258	  Camellia cipher algorithms module.
1259
1260	  Camellia is a symmetric key block cipher developed jointly
1261	  at NTT and Mitsubishi Electric Corporation.
1262
1263	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1264
1265	  See also:
1266	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1267
1268config CRYPTO_CAMELLIA_X86_64
1269	tristate "Camellia cipher algorithm (x86_64)"
1270	depends on X86 && 64BIT
1271	depends on CRYPTO
1272	select CRYPTO_BLKCIPHER
1273	select CRYPTO_GLUE_HELPER_X86
1274	help
1275	  Camellia cipher algorithm module (x86_64).
1276
1277	  Camellia is a symmetric key block cipher developed jointly
1278	  at NTT and Mitsubishi Electric Corporation.
1279
1280	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1281
1282	  See also:
1283	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1284
1285config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1286	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1287	depends on X86 && 64BIT
1288	depends on CRYPTO
1289	select CRYPTO_BLKCIPHER
1290	select CRYPTO_CAMELLIA_X86_64
1291	select CRYPTO_GLUE_HELPER_X86
1292	select CRYPTO_SIMD
1293	select CRYPTO_XTS
1294	help
1295	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1296
1297	  Camellia is a symmetric key block cipher developed jointly
1298	  at NTT and Mitsubishi Electric Corporation.
1299
1300	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1301
1302	  See also:
1303	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1304
1305config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1306	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1307	depends on X86 && 64BIT
1308	depends on CRYPTO
1309	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1310	help
1311	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1312
1313	  Camellia is a symmetric key block cipher developed jointly
1314	  at NTT and Mitsubishi Electric Corporation.
1315
1316	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1317
1318	  See also:
1319	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1320
1321config CRYPTO_CAMELLIA_SPARC64
1322	tristate "Camellia cipher algorithm (SPARC64)"
1323	depends on SPARC64
1324	depends on CRYPTO
1325	select CRYPTO_ALGAPI
1326	help
1327	  Camellia cipher algorithm module (SPARC64).
1328
1329	  Camellia is a symmetric key block cipher developed jointly
1330	  at NTT and Mitsubishi Electric Corporation.
1331
1332	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1333
1334	  See also:
1335	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1336
1337config CRYPTO_CAST_COMMON
1338	tristate
1339	help
1340	  Common parts of the CAST cipher algorithms shared by the
1341	  generic c and the assembler implementations.
1342
1343config CRYPTO_CAST5
1344	tristate "CAST5 (CAST-128) cipher algorithm"
1345	select CRYPTO_ALGAPI
1346	select CRYPTO_CAST_COMMON
1347	help
1348	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1349	  described in RFC2144.
1350
1351config CRYPTO_CAST5_AVX_X86_64
1352	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1353	depends on X86 && 64BIT
1354	select CRYPTO_BLKCIPHER
1355	select CRYPTO_CAST5
1356	select CRYPTO_CAST_COMMON
1357	select CRYPTO_SIMD
1358	help
1359	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1360	  described in RFC2144.
1361
1362	  This module provides the Cast5 cipher algorithm that processes
1363	  sixteen blocks parallel using the AVX instruction set.
1364
1365config CRYPTO_CAST6
1366	tristate "CAST6 (CAST-256) cipher algorithm"
1367	select CRYPTO_ALGAPI
1368	select CRYPTO_CAST_COMMON
1369	help
1370	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1371	  described in RFC2612.
1372
1373config CRYPTO_CAST6_AVX_X86_64
1374	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1375	depends on X86 && 64BIT
1376	select CRYPTO_BLKCIPHER
1377	select CRYPTO_CAST6
1378	select CRYPTO_CAST_COMMON
1379	select CRYPTO_GLUE_HELPER_X86
1380	select CRYPTO_SIMD
1381	select CRYPTO_XTS
1382	help
1383	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1384	  described in RFC2612.
1385
1386	  This module provides the Cast6 cipher algorithm that processes
1387	  eight blocks parallel using the AVX instruction set.
1388
1389config CRYPTO_DES
1390	tristate "DES and Triple DES EDE cipher algorithms"
1391	select CRYPTO_ALGAPI
1392	help
1393	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1394
1395config CRYPTO_DES_SPARC64
1396	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1397	depends on SPARC64
1398	select CRYPTO_ALGAPI
1399	select CRYPTO_DES
1400	help
1401	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1402	  optimized using SPARC64 crypto opcodes.
1403
1404config CRYPTO_DES3_EDE_X86_64
1405	tristate "Triple DES EDE cipher algorithm (x86-64)"
1406	depends on X86 && 64BIT
1407	select CRYPTO_BLKCIPHER
1408	select CRYPTO_DES
1409	help
1410	  Triple DES EDE (FIPS 46-3) algorithm.
1411
1412	  This module provides implementation of the Triple DES EDE cipher
1413	  algorithm that is optimized for x86-64 processors. Two versions of
1414	  algorithm are provided; regular processing one input block and
1415	  one that processes three blocks parallel.
1416
1417config CRYPTO_FCRYPT
1418	tristate "FCrypt cipher algorithm"
1419	select CRYPTO_ALGAPI
1420	select CRYPTO_BLKCIPHER
1421	help
1422	  FCrypt algorithm used by RxRPC.
1423
1424config CRYPTO_KHAZAD
1425	tristate "Khazad cipher algorithm"
1426	select CRYPTO_ALGAPI
1427	help
1428	  Khazad cipher algorithm.
1429
1430	  Khazad was a finalist in the initial NESSIE competition.  It is
1431	  an algorithm optimized for 64-bit processors with good performance
1432	  on 32-bit processors.  Khazad uses an 128 bit key size.
1433
1434	  See also:
1435	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1436
1437config CRYPTO_SALSA20
1438	tristate "Salsa20 stream cipher algorithm"
1439	select CRYPTO_BLKCIPHER
1440	help
1441	  Salsa20 stream cipher algorithm.
1442
1443	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1444	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1445
1446	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1447	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1448
1449config CRYPTO_CHACHA20
1450	tristate "ChaCha stream cipher algorithms"
1451	select CRYPTO_BLKCIPHER
1452	help
1453	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1454
1455	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1456	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1457	  This is the portable C implementation of ChaCha20.  See also:
1458	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1459
1460	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1461	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1462	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1463	  while provably retaining ChaCha20's security.  See also:
1464	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1465
1466	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1467	  reduced security margin but increased performance.  It can be needed
1468	  in some performance-sensitive scenarios.
1469
1470config CRYPTO_CHACHA20_X86_64
1471	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1472	depends on X86 && 64BIT
1473	select CRYPTO_BLKCIPHER
1474	select CRYPTO_CHACHA20
1475	help
1476	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1477	  XChaCha20, and XChaCha12 stream ciphers.
1478
1479config CRYPTO_SEED
1480	tristate "SEED cipher algorithm"
1481	select CRYPTO_ALGAPI
1482	help
1483	  SEED cipher algorithm (RFC4269).
1484
1485	  SEED is a 128-bit symmetric key block cipher that has been
1486	  developed by KISA (Korea Information Security Agency) as a
1487	  national standard encryption algorithm of the Republic of Korea.
1488	  It is a 16 round block cipher with the key size of 128 bit.
1489
1490	  See also:
1491	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1492
1493config CRYPTO_SERPENT
1494	tristate "Serpent cipher algorithm"
1495	select CRYPTO_ALGAPI
1496	help
1497	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1498
1499	  Keys are allowed to be from 0 to 256 bits in length, in steps
1500	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1501	  variant of Serpent for compatibility with old kerneli.org code.
1502
1503	  See also:
1504	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1505
1506config CRYPTO_SERPENT_SSE2_X86_64
1507	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1508	depends on X86 && 64BIT
1509	select CRYPTO_BLKCIPHER
1510	select CRYPTO_GLUE_HELPER_X86
1511	select CRYPTO_SERPENT
1512	select CRYPTO_SIMD
1513	help
1514	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1515
1516	  Keys are allowed to be from 0 to 256 bits in length, in steps
1517	  of 8 bits.
1518
1519	  This module provides Serpent cipher algorithm that processes eight
1520	  blocks parallel using SSE2 instruction set.
1521
1522	  See also:
1523	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1524
1525config CRYPTO_SERPENT_SSE2_586
1526	tristate "Serpent cipher algorithm (i586/SSE2)"
1527	depends on X86 && !64BIT
1528	select CRYPTO_BLKCIPHER
1529	select CRYPTO_GLUE_HELPER_X86
1530	select CRYPTO_SERPENT
1531	select CRYPTO_SIMD
1532	help
1533	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1534
1535	  Keys are allowed to be from 0 to 256 bits in length, in steps
1536	  of 8 bits.
1537
1538	  This module provides Serpent cipher algorithm that processes four
1539	  blocks parallel using SSE2 instruction set.
1540
1541	  See also:
1542	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1543
1544config CRYPTO_SERPENT_AVX_X86_64
1545	tristate "Serpent cipher algorithm (x86_64/AVX)"
1546	depends on X86 && 64BIT
1547	select CRYPTO_BLKCIPHER
1548	select CRYPTO_GLUE_HELPER_X86
1549	select CRYPTO_SERPENT
1550	select CRYPTO_SIMD
1551	select CRYPTO_XTS
1552	help
1553	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1554
1555	  Keys are allowed to be from 0 to 256 bits in length, in steps
1556	  of 8 bits.
1557
1558	  This module provides the Serpent cipher algorithm that processes
1559	  eight blocks parallel using the AVX instruction set.
1560
1561	  See also:
1562	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1563
1564config CRYPTO_SERPENT_AVX2_X86_64
1565	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1566	depends on X86 && 64BIT
1567	select CRYPTO_SERPENT_AVX_X86_64
1568	help
1569	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1570
1571	  Keys are allowed to be from 0 to 256 bits in length, in steps
1572	  of 8 bits.
1573
1574	  This module provides Serpent cipher algorithm that processes 16
1575	  blocks parallel using AVX2 instruction set.
1576
1577	  See also:
1578	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1579
1580config CRYPTO_SM4
1581	tristate "SM4 cipher algorithm"
1582	select CRYPTO_ALGAPI
1583	help
1584	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1585
1586	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1587	  Organization of State Commercial Administration of China (OSCCA)
1588	  as an authorized cryptographic algorithms for the use within China.
1589
1590	  SMS4 was originally created for use in protecting wireless
1591	  networks, and is mandated in the Chinese National Standard for
1592	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1593	  (GB.15629.11-2003).
1594
1595	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1596	  standardized through TC 260 of the Standardization Administration
1597	  of the People's Republic of China (SAC).
1598
1599	  The input, output, and key of SMS4 are each 128 bits.
1600
1601	  See also: <https://eprint.iacr.org/2008/329.pdf>
1602
1603	  If unsure, say N.
1604
1605config CRYPTO_TEA
1606	tristate "TEA, XTEA and XETA cipher algorithms"
1607	select CRYPTO_ALGAPI
1608	help
1609	  TEA cipher algorithm.
1610
1611	  Tiny Encryption Algorithm is a simple cipher that uses
1612	  many rounds for security.  It is very fast and uses
1613	  little memory.
1614
1615	  Xtendend Tiny Encryption Algorithm is a modification to
1616	  the TEA algorithm to address a potential key weakness
1617	  in the TEA algorithm.
1618
1619	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1620	  of the XTEA algorithm for compatibility purposes.
1621
1622config CRYPTO_TWOFISH
1623	tristate "Twofish cipher algorithm"
1624	select CRYPTO_ALGAPI
1625	select CRYPTO_TWOFISH_COMMON
1626	help
1627	  Twofish cipher algorithm.
1628
1629	  Twofish was submitted as an AES (Advanced Encryption Standard)
1630	  candidate cipher by researchers at CounterPane Systems.  It is a
1631	  16 round block cipher supporting key sizes of 128, 192, and 256
1632	  bits.
1633
1634	  See also:
1635	  <http://www.schneier.com/twofish.html>
1636
1637config CRYPTO_TWOFISH_COMMON
1638	tristate
1639	help
1640	  Common parts of the Twofish cipher algorithm shared by the
1641	  generic c and the assembler implementations.
1642
1643config CRYPTO_TWOFISH_586
1644	tristate "Twofish cipher algorithms (i586)"
1645	depends on (X86 || UML_X86) && !64BIT
1646	select CRYPTO_ALGAPI
1647	select CRYPTO_TWOFISH_COMMON
1648	help
1649	  Twofish cipher algorithm.
1650
1651	  Twofish was submitted as an AES (Advanced Encryption Standard)
1652	  candidate cipher by researchers at CounterPane Systems.  It is a
1653	  16 round block cipher supporting key sizes of 128, 192, and 256
1654	  bits.
1655
1656	  See also:
1657	  <http://www.schneier.com/twofish.html>
1658
1659config CRYPTO_TWOFISH_X86_64
1660	tristate "Twofish cipher algorithm (x86_64)"
1661	depends on (X86 || UML_X86) && 64BIT
1662	select CRYPTO_ALGAPI
1663	select CRYPTO_TWOFISH_COMMON
1664	help
1665	  Twofish cipher algorithm (x86_64).
1666
1667	  Twofish was submitted as an AES (Advanced Encryption Standard)
1668	  candidate cipher by researchers at CounterPane Systems.  It is a
1669	  16 round block cipher supporting key sizes of 128, 192, and 256
1670	  bits.
1671
1672	  See also:
1673	  <http://www.schneier.com/twofish.html>
1674
1675config CRYPTO_TWOFISH_X86_64_3WAY
1676	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1677	depends on X86 && 64BIT
1678	select CRYPTO_BLKCIPHER
1679	select CRYPTO_TWOFISH_COMMON
1680	select CRYPTO_TWOFISH_X86_64
1681	select CRYPTO_GLUE_HELPER_X86
1682	help
1683	  Twofish cipher algorithm (x86_64, 3-way parallel).
1684
1685	  Twofish was submitted as an AES (Advanced Encryption Standard)
1686	  candidate cipher by researchers at CounterPane Systems.  It is a
1687	  16 round block cipher supporting key sizes of 128, 192, and 256
1688	  bits.
1689
1690	  This module provides Twofish cipher algorithm that processes three
1691	  blocks parallel, utilizing resources of out-of-order CPUs better.
1692
1693	  See also:
1694	  <http://www.schneier.com/twofish.html>
1695
1696config CRYPTO_TWOFISH_AVX_X86_64
1697	tristate "Twofish cipher algorithm (x86_64/AVX)"
1698	depends on X86 && 64BIT
1699	select CRYPTO_BLKCIPHER
1700	select CRYPTO_GLUE_HELPER_X86
1701	select CRYPTO_SIMD
1702	select CRYPTO_TWOFISH_COMMON
1703	select CRYPTO_TWOFISH_X86_64
1704	select CRYPTO_TWOFISH_X86_64_3WAY
1705	help
1706	  Twofish cipher algorithm (x86_64/AVX).
1707
1708	  Twofish was submitted as an AES (Advanced Encryption Standard)
1709	  candidate cipher by researchers at CounterPane Systems.  It is a
1710	  16 round block cipher supporting key sizes of 128, 192, and 256
1711	  bits.
1712
1713	  This module provides the Twofish cipher algorithm that processes
1714	  eight blocks parallel using the AVX Instruction Set.
1715
1716	  See also:
1717	  <http://www.schneier.com/twofish.html>
1718
1719comment "Compression"
1720
1721config CRYPTO_DEFLATE
1722	tristate "Deflate compression algorithm"
1723	select CRYPTO_ALGAPI
1724	select CRYPTO_ACOMP2
1725	select ZLIB_INFLATE
1726	select ZLIB_DEFLATE
1727	help
1728	  This is the Deflate algorithm (RFC1951), specified for use in
1729	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1730
1731	  You will most probably want this if using IPSec.
1732
1733config CRYPTO_LZO
1734	tristate "LZO compression algorithm"
1735	select CRYPTO_ALGAPI
1736	select CRYPTO_ACOMP2
1737	select LZO_COMPRESS
1738	select LZO_DECOMPRESS
1739	help
1740	  This is the LZO algorithm.
1741
1742config CRYPTO_842
1743	tristate "842 compression algorithm"
1744	select CRYPTO_ALGAPI
1745	select CRYPTO_ACOMP2
1746	select 842_COMPRESS
1747	select 842_DECOMPRESS
1748	help
1749	  This is the 842 algorithm.
1750
1751config CRYPTO_LZ4
1752	tristate "LZ4 compression algorithm"
1753	select CRYPTO_ALGAPI
1754	select CRYPTO_ACOMP2
1755	select LZ4_COMPRESS
1756	select LZ4_DECOMPRESS
1757	help
1758	  This is the LZ4 algorithm.
1759
1760config CRYPTO_LZ4HC
1761	tristate "LZ4HC compression algorithm"
1762	select CRYPTO_ALGAPI
1763	select CRYPTO_ACOMP2
1764	select LZ4HC_COMPRESS
1765	select LZ4_DECOMPRESS
1766	help
1767	  This is the LZ4 high compression mode algorithm.
1768
1769config CRYPTO_ZSTD
1770	tristate "Zstd compression algorithm"
1771	select CRYPTO_ALGAPI
1772	select CRYPTO_ACOMP2
1773	select ZSTD_COMPRESS
1774	select ZSTD_DECOMPRESS
1775	help
1776	  This is the zstd algorithm.
1777
1778comment "Random Number Generation"
1779
1780config CRYPTO_ANSI_CPRNG
1781	tristate "Pseudo Random Number Generation for Cryptographic modules"
1782	select CRYPTO_AES
1783	select CRYPTO_RNG
1784	help
1785	  This option enables the generic pseudo random number generator
1786	  for cryptographic modules.  Uses the Algorithm specified in
1787	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1788	  CRYPTO_FIPS is selected
1789
1790menuconfig CRYPTO_DRBG_MENU
1791	tristate "NIST SP800-90A DRBG"
1792	help
1793	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1794	  more of the DRBG types must be selected.
1795
1796if CRYPTO_DRBG_MENU
1797
1798config CRYPTO_DRBG_HMAC
1799	bool
1800	default y
1801	select CRYPTO_HMAC
1802	select CRYPTO_SHA256
1803
1804config CRYPTO_DRBG_HASH
1805	bool "Enable Hash DRBG"
1806	select CRYPTO_SHA256
1807	help
1808	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1809
1810config CRYPTO_DRBG_CTR
1811	bool "Enable CTR DRBG"
1812	select CRYPTO_AES
1813	depends on CRYPTO_CTR
1814	help
1815	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1816
1817config CRYPTO_DRBG
1818	tristate
1819	default CRYPTO_DRBG_MENU
1820	select CRYPTO_RNG
1821	select CRYPTO_JITTERENTROPY
1822
1823endif	# if CRYPTO_DRBG_MENU
1824
1825config CRYPTO_JITTERENTROPY
1826	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1827	select CRYPTO_RNG
1828	help
1829	  The Jitterentropy RNG is a noise that is intended
1830	  to provide seed to another RNG. The RNG does not
1831	  perform any cryptographic whitening of the generated
1832	  random numbers. This Jitterentropy RNG registers with
1833	  the kernel crypto API and can be used by any caller.
1834
1835config CRYPTO_USER_API
1836	tristate
1837
1838config CRYPTO_USER_API_HASH
1839	tristate "User-space interface for hash algorithms"
1840	depends on NET
1841	select CRYPTO_HASH
1842	select CRYPTO_USER_API
1843	help
1844	  This option enables the user-spaces interface for hash
1845	  algorithms.
1846
1847config CRYPTO_USER_API_SKCIPHER
1848	tristate "User-space interface for symmetric key cipher algorithms"
1849	depends on NET
1850	select CRYPTO_BLKCIPHER
1851	select CRYPTO_USER_API
1852	help
1853	  This option enables the user-spaces interface for symmetric
1854	  key cipher algorithms.
1855
1856config CRYPTO_USER_API_RNG
1857	tristate "User-space interface for random number generator algorithms"
1858	depends on NET
1859	select CRYPTO_RNG
1860	select CRYPTO_USER_API
1861	help
1862	  This option enables the user-spaces interface for random
1863	  number generator algorithms.
1864
1865config CRYPTO_USER_API_AEAD
1866	tristate "User-space interface for AEAD cipher algorithms"
1867	depends on NET
1868	select CRYPTO_AEAD
1869	select CRYPTO_BLKCIPHER
1870	select CRYPTO_NULL
1871	select CRYPTO_USER_API
1872	help
1873	  This option enables the user-spaces interface for AEAD
1874	  cipher algorithms.
1875
1876config CRYPTO_STATS
1877	bool "Crypto usage statistics for User-space"
1878	depends on CRYPTO_USER
1879	help
1880	  This option enables the gathering of crypto stats.
1881	  This will collect:
1882	  - encrypt/decrypt size and numbers of symmeric operations
1883	  - compress/decompress size and numbers of compress operations
1884	  - size and numbers of hash operations
1885	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1886	  - generate/seed numbers for rng operations
1887
1888config CRYPTO_HASH_INFO
1889	bool
1890
1891source "drivers/crypto/Kconfig"
1892source "crypto/asymmetric_keys/Kconfig"
1893source "certs/Kconfig"
1894
1895endif	# if CRYPTO
1896