xref: /openbmc/linux/crypto/Kconfig (revision b60a5b8d)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This options enables the fips boot option which is
31	  required if you want to system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_RSA
117	tristate "RSA algorithm"
118	select CRYPTO_AKCIPHER
119	select CRYPTO_MANAGER
120	select MPILIB
121	select ASN1
122	help
123	  Generic implementation of the RSA public key algorithm.
124
125config CRYPTO_DH
126	tristate "Diffie-Hellman algorithm"
127	select CRYPTO_KPP
128	select MPILIB
129	help
130	  Generic implementation of the Diffie-Hellman algorithm.
131
132config CRYPTO_ECDH
133	tristate "ECDH algorithm"
134	select CRYPTO_KPP
135	select CRYPTO_RNG_DEFAULT
136	help
137	  Generic implementation of the ECDH algorithm
138
139config CRYPTO_MANAGER
140	tristate "Cryptographic algorithm manager"
141	select CRYPTO_MANAGER2
142	help
143	  Create default cryptographic template instantiations such as
144	  cbc(aes).
145
146config CRYPTO_MANAGER2
147	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148	select CRYPTO_AEAD2
149	select CRYPTO_HASH2
150	select CRYPTO_BLKCIPHER2
151	select CRYPTO_AKCIPHER2
152	select CRYPTO_KPP2
153	select CRYPTO_ACOMP2
154
155config CRYPTO_USER
156	tristate "Userspace cryptographic algorithm configuration"
157	depends on NET
158	select CRYPTO_MANAGER
159	help
160	  Userspace configuration for cryptographic instantiations such as
161	  cbc(aes).
162
163config CRYPTO_MANAGER_DISABLE_TESTS
164	bool "Disable run-time self tests"
165	default y
166	depends on CRYPTO_MANAGER2
167	help
168	  Disable run-time self tests that normally take place at
169	  algorithm registration.
170
171config CRYPTO_MANAGER_EXTRA_TESTS
172	bool "Enable extra run-time crypto self tests"
173	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
174	help
175	  Enable extra run-time self tests of registered crypto algorithms,
176	  including randomized fuzz tests.
177
178	  This is intended for developer use only, as these tests take much
179	  longer to run than the normal self tests.
180
181config CRYPTO_GF128MUL
182	tristate "GF(2^128) multiplication functions"
183	help
184	  Efficient table driven implementation of multiplications in the
185	  field GF(2^128).  This is needed by some cypher modes. This
186	  option will be selected automatically if you select such a
187	  cipher mode.  Only select this option by hand if you expect to load
188	  an external module that requires these functions.
189
190config CRYPTO_NULL
191	tristate "Null algorithms"
192	select CRYPTO_NULL2
193	help
194	  These are 'Null' algorithms, used by IPsec, which do nothing.
195
196config CRYPTO_NULL2
197	tristate
198	select CRYPTO_ALGAPI2
199	select CRYPTO_BLKCIPHER2
200	select CRYPTO_HASH2
201
202config CRYPTO_PCRYPT
203	tristate "Parallel crypto engine"
204	depends on SMP
205	select PADATA
206	select CRYPTO_MANAGER
207	select CRYPTO_AEAD
208	help
209	  This converts an arbitrary crypto algorithm into a parallel
210	  algorithm that executes in kernel threads.
211
212config CRYPTO_WORKQUEUE
213       tristate
214
215config CRYPTO_CRYPTD
216	tristate "Software async crypto daemon"
217	select CRYPTO_BLKCIPHER
218	select CRYPTO_HASH
219	select CRYPTO_MANAGER
220	select CRYPTO_WORKQUEUE
221	help
222	  This is a generic software asynchronous crypto daemon that
223	  converts an arbitrary synchronous software crypto algorithm
224	  into an asynchronous algorithm that executes in a kernel thread.
225
226config CRYPTO_AUTHENC
227	tristate "Authenc support"
228	select CRYPTO_AEAD
229	select CRYPTO_BLKCIPHER
230	select CRYPTO_MANAGER
231	select CRYPTO_HASH
232	select CRYPTO_NULL
233	help
234	  Authenc: Combined mode wrapper for IPsec.
235	  This is required for IPSec.
236
237config CRYPTO_TEST
238	tristate "Testing module"
239	depends on m
240	select CRYPTO_MANAGER
241	help
242	  Quick & dirty crypto test module.
243
244config CRYPTO_SIMD
245	tristate
246	select CRYPTO_CRYPTD
247
248config CRYPTO_GLUE_HELPER_X86
249	tristate
250	depends on X86
251	select CRYPTO_BLKCIPHER
252
253config CRYPTO_ENGINE
254	tristate
255
256comment "Authenticated Encryption with Associated Data"
257
258config CRYPTO_CCM
259	tristate "CCM support"
260	select CRYPTO_CTR
261	select CRYPTO_HASH
262	select CRYPTO_AEAD
263	help
264	  Support for Counter with CBC MAC. Required for IPsec.
265
266config CRYPTO_GCM
267	tristate "GCM/GMAC support"
268	select CRYPTO_CTR
269	select CRYPTO_AEAD
270	select CRYPTO_GHASH
271	select CRYPTO_NULL
272	help
273	  Support for Galois/Counter Mode (GCM) and Galois Message
274	  Authentication Code (GMAC). Required for IPSec.
275
276config CRYPTO_CHACHA20POLY1305
277	tristate "ChaCha20-Poly1305 AEAD support"
278	select CRYPTO_CHACHA20
279	select CRYPTO_POLY1305
280	select CRYPTO_AEAD
281	help
282	  ChaCha20-Poly1305 AEAD support, RFC7539.
283
284	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
285	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
286	  IETF protocols.
287
288config CRYPTO_AEGIS128
289	tristate "AEGIS-128 AEAD algorithm"
290	select CRYPTO_AEAD
291	select CRYPTO_AES  # for AES S-box tables
292	help
293	 Support for the AEGIS-128 dedicated AEAD algorithm.
294
295config CRYPTO_AEGIS128L
296	tristate "AEGIS-128L AEAD algorithm"
297	select CRYPTO_AEAD
298	select CRYPTO_AES  # for AES S-box tables
299	help
300	 Support for the AEGIS-128L dedicated AEAD algorithm.
301
302config CRYPTO_AEGIS256
303	tristate "AEGIS-256 AEAD algorithm"
304	select CRYPTO_AEAD
305	select CRYPTO_AES  # for AES S-box tables
306	help
307	 Support for the AEGIS-256 dedicated AEAD algorithm.
308
309config CRYPTO_AEGIS128_AESNI_SSE2
310	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
311	depends on X86 && 64BIT
312	select CRYPTO_AEAD
313	select CRYPTO_CRYPTD
314	help
315	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
316
317config CRYPTO_AEGIS128L_AESNI_SSE2
318	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
319	depends on X86 && 64BIT
320	select CRYPTO_AEAD
321	select CRYPTO_CRYPTD
322	help
323	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
324
325config CRYPTO_AEGIS256_AESNI_SSE2
326	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
327	depends on X86 && 64BIT
328	select CRYPTO_AEAD
329	select CRYPTO_CRYPTD
330	help
331	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
332
333config CRYPTO_MORUS640
334	tristate "MORUS-640 AEAD algorithm"
335	select CRYPTO_AEAD
336	help
337	  Support for the MORUS-640 dedicated AEAD algorithm.
338
339config CRYPTO_MORUS640_GLUE
340	tristate
341	depends on X86
342	select CRYPTO_AEAD
343	select CRYPTO_CRYPTD
344	help
345	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
346	  algorithm.
347
348config CRYPTO_MORUS640_SSE2
349	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
350	depends on X86 && 64BIT
351	select CRYPTO_AEAD
352	select CRYPTO_MORUS640_GLUE
353	help
354	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
355
356config CRYPTO_MORUS1280
357	tristate "MORUS-1280 AEAD algorithm"
358	select CRYPTO_AEAD
359	help
360	  Support for the MORUS-1280 dedicated AEAD algorithm.
361
362config CRYPTO_MORUS1280_GLUE
363	tristate
364	depends on X86
365	select CRYPTO_AEAD
366	select CRYPTO_CRYPTD
367	help
368	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
369	  algorithm.
370
371config CRYPTO_MORUS1280_SSE2
372	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
373	depends on X86 && 64BIT
374	select CRYPTO_AEAD
375	select CRYPTO_MORUS1280_GLUE
376	help
377	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
378	  algorithm.
379
380config CRYPTO_MORUS1280_AVX2
381	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
382	depends on X86 && 64BIT
383	select CRYPTO_AEAD
384	select CRYPTO_MORUS1280_GLUE
385	help
386	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
387	  algorithm.
388
389config CRYPTO_SEQIV
390	tristate "Sequence Number IV Generator"
391	select CRYPTO_AEAD
392	select CRYPTO_BLKCIPHER
393	select CRYPTO_NULL
394	select CRYPTO_RNG_DEFAULT
395	help
396	  This IV generator generates an IV based on a sequence number by
397	  xoring it with a salt.  This algorithm is mainly useful for CTR
398
399config CRYPTO_ECHAINIV
400	tristate "Encrypted Chain IV Generator"
401	select CRYPTO_AEAD
402	select CRYPTO_NULL
403	select CRYPTO_RNG_DEFAULT
404	default m
405	help
406	  This IV generator generates an IV based on the encryption of
407	  a sequence number xored with a salt.  This is the default
408	  algorithm for CBC.
409
410comment "Block modes"
411
412config CRYPTO_CBC
413	tristate "CBC support"
414	select CRYPTO_BLKCIPHER
415	select CRYPTO_MANAGER
416	help
417	  CBC: Cipher Block Chaining mode
418	  This block cipher algorithm is required for IPSec.
419
420config CRYPTO_CFB
421	tristate "CFB support"
422	select CRYPTO_BLKCIPHER
423	select CRYPTO_MANAGER
424	help
425	  CFB: Cipher FeedBack mode
426	  This block cipher algorithm is required for TPM2 Cryptography.
427
428config CRYPTO_CTR
429	tristate "CTR support"
430	select CRYPTO_BLKCIPHER
431	select CRYPTO_SEQIV
432	select CRYPTO_MANAGER
433	help
434	  CTR: Counter mode
435	  This block cipher algorithm is required for IPSec.
436
437config CRYPTO_CTS
438	tristate "CTS support"
439	select CRYPTO_BLKCIPHER
440	help
441	  CTS: Cipher Text Stealing
442	  This is the Cipher Text Stealing mode as described by
443	  Section 8 of rfc2040 and referenced by rfc3962
444	  (rfc3962 includes errata information in its Appendix A) or
445	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
446	  This mode is required for Kerberos gss mechanism support
447	  for AES encryption.
448
449	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
450
451config CRYPTO_ECB
452	tristate "ECB support"
453	select CRYPTO_BLKCIPHER
454	select CRYPTO_MANAGER
455	help
456	  ECB: Electronic CodeBook mode
457	  This is the simplest block cipher algorithm.  It simply encrypts
458	  the input block by block.
459
460config CRYPTO_LRW
461	tristate "LRW support"
462	select CRYPTO_BLKCIPHER
463	select CRYPTO_MANAGER
464	select CRYPTO_GF128MUL
465	help
466	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
467	  narrow block cipher mode for dm-crypt.  Use it with cipher
468	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
469	  The first 128, 192 or 256 bits in the key are used for AES and the
470	  rest is used to tie each cipher block to its logical position.
471
472config CRYPTO_OFB
473	tristate "OFB support"
474	select CRYPTO_BLKCIPHER
475	select CRYPTO_MANAGER
476	help
477	  OFB: the Output Feedback mode makes a block cipher into a synchronous
478	  stream cipher. It generates keystream blocks, which are then XORed
479	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
480	  ciphertext produces a flipped bit in the plaintext at the same
481	  location. This property allows many error correcting codes to function
482	  normally even when applied before encryption.
483
484config CRYPTO_PCBC
485	tristate "PCBC support"
486	select CRYPTO_BLKCIPHER
487	select CRYPTO_MANAGER
488	help
489	  PCBC: Propagating Cipher Block Chaining mode
490	  This block cipher algorithm is required for RxRPC.
491
492config CRYPTO_XTS
493	tristate "XTS support"
494	select CRYPTO_BLKCIPHER
495	select CRYPTO_MANAGER
496	select CRYPTO_ECB
497	help
498	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
499	  key size 256, 384 or 512 bits. This implementation currently
500	  can't handle a sectorsize which is not a multiple of 16 bytes.
501
502config CRYPTO_KEYWRAP
503	tristate "Key wrapping support"
504	select CRYPTO_BLKCIPHER
505	help
506	  Support for key wrapping (NIST SP800-38F / RFC3394) without
507	  padding.
508
509config CRYPTO_NHPOLY1305
510	tristate
511	select CRYPTO_HASH
512	select CRYPTO_POLY1305
513
514config CRYPTO_NHPOLY1305_SSE2
515	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
516	depends on X86 && 64BIT
517	select CRYPTO_NHPOLY1305
518	help
519	  SSE2 optimized implementation of the hash function used by the
520	  Adiantum encryption mode.
521
522config CRYPTO_NHPOLY1305_AVX2
523	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
524	depends on X86 && 64BIT
525	select CRYPTO_NHPOLY1305
526	help
527	  AVX2 optimized implementation of the hash function used by the
528	  Adiantum encryption mode.
529
530config CRYPTO_ADIANTUM
531	tristate "Adiantum support"
532	select CRYPTO_CHACHA20
533	select CRYPTO_POLY1305
534	select CRYPTO_NHPOLY1305
535	help
536	  Adiantum is a tweakable, length-preserving encryption mode
537	  designed for fast and secure disk encryption, especially on
538	  CPUs without dedicated crypto instructions.  It encrypts
539	  each sector using the XChaCha12 stream cipher, two passes of
540	  an ε-almost-∆-universal hash function, and an invocation of
541	  the AES-256 block cipher on a single 16-byte block.  On CPUs
542	  without AES instructions, Adiantum is much faster than
543	  AES-XTS.
544
545	  Adiantum's security is provably reducible to that of its
546	  underlying stream and block ciphers, subject to a security
547	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
548	  mode, so it actually provides an even stronger notion of
549	  security than XTS, subject to the security bound.
550
551	  If unsure, say N.
552
553comment "Hash modes"
554
555config CRYPTO_CMAC
556	tristate "CMAC support"
557	select CRYPTO_HASH
558	select CRYPTO_MANAGER
559	help
560	  Cipher-based Message Authentication Code (CMAC) specified by
561	  The National Institute of Standards and Technology (NIST).
562
563	  https://tools.ietf.org/html/rfc4493
564	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
565
566config CRYPTO_HMAC
567	tristate "HMAC support"
568	select CRYPTO_HASH
569	select CRYPTO_MANAGER
570	help
571	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
572	  This is required for IPSec.
573
574config CRYPTO_XCBC
575	tristate "XCBC support"
576	select CRYPTO_HASH
577	select CRYPTO_MANAGER
578	help
579	  XCBC: Keyed-Hashing with encryption algorithm
580		http://www.ietf.org/rfc/rfc3566.txt
581		http://csrc.nist.gov/encryption/modes/proposedmodes/
582		 xcbc-mac/xcbc-mac-spec.pdf
583
584config CRYPTO_VMAC
585	tristate "VMAC support"
586	select CRYPTO_HASH
587	select CRYPTO_MANAGER
588	help
589	  VMAC is a message authentication algorithm designed for
590	  very high speed on 64-bit architectures.
591
592	  See also:
593	  <http://fastcrypto.org/vmac>
594
595comment "Digest"
596
597config CRYPTO_CRC32C
598	tristate "CRC32c CRC algorithm"
599	select CRYPTO_HASH
600	select CRC32
601	help
602	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
603	  by iSCSI for header and data digests and by others.
604	  See Castagnoli93.  Module will be crc32c.
605
606config CRYPTO_CRC32C_INTEL
607	tristate "CRC32c INTEL hardware acceleration"
608	depends on X86
609	select CRYPTO_HASH
610	help
611	  In Intel processor with SSE4.2 supported, the processor will
612	  support CRC32C implementation using hardware accelerated CRC32
613	  instruction. This option will create 'crc32c-intel' module,
614	  which will enable any routine to use the CRC32 instruction to
615	  gain performance compared with software implementation.
616	  Module will be crc32c-intel.
617
618config CRYPTO_CRC32C_VPMSUM
619	tristate "CRC32c CRC algorithm (powerpc64)"
620	depends on PPC64 && ALTIVEC
621	select CRYPTO_HASH
622	select CRC32
623	help
624	  CRC32c algorithm implemented using vector polynomial multiply-sum
625	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
626	  and newer processors for improved performance.
627
628
629config CRYPTO_CRC32C_SPARC64
630	tristate "CRC32c CRC algorithm (SPARC64)"
631	depends on SPARC64
632	select CRYPTO_HASH
633	select CRC32
634	help
635	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
636	  when available.
637
638config CRYPTO_CRC32
639	tristate "CRC32 CRC algorithm"
640	select CRYPTO_HASH
641	select CRC32
642	help
643	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
644	  Shash crypto api wrappers to crc32_le function.
645
646config CRYPTO_CRC32_PCLMUL
647	tristate "CRC32 PCLMULQDQ hardware acceleration"
648	depends on X86
649	select CRYPTO_HASH
650	select CRC32
651	help
652	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
653	  and PCLMULQDQ supported, the processor will support
654	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
655	  instruction. This option will create 'crc32-pclmul' module,
656	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
657	  and gain better performance as compared with the table implementation.
658
659config CRYPTO_CRC32_MIPS
660	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
661	depends on MIPS_CRC_SUPPORT
662	select CRYPTO_HASH
663	help
664	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
665	  instructions, when available.
666
667
668config CRYPTO_CRCT10DIF
669	tristate "CRCT10DIF algorithm"
670	select CRYPTO_HASH
671	help
672	  CRC T10 Data Integrity Field computation is being cast as
673	  a crypto transform.  This allows for faster crc t10 diff
674	  transforms to be used if they are available.
675
676config CRYPTO_CRCT10DIF_PCLMUL
677	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
678	depends on X86 && 64BIT && CRC_T10DIF
679	select CRYPTO_HASH
680	help
681	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
682	  CRC T10 DIF PCLMULQDQ computation can be hardware
683	  accelerated PCLMULQDQ instruction. This option will create
684	  'crct10dif-pclmul' module, which is faster when computing the
685	  crct10dif checksum as compared with the generic table implementation.
686
687config CRYPTO_CRCT10DIF_VPMSUM
688	tristate "CRC32T10DIF powerpc64 hardware acceleration"
689	depends on PPC64 && ALTIVEC && CRC_T10DIF
690	select CRYPTO_HASH
691	help
692	  CRC10T10DIF algorithm implemented using vector polynomial
693	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
694	  POWER8 and newer processors for improved performance.
695
696config CRYPTO_VPMSUM_TESTER
697	tristate "Powerpc64 vpmsum hardware acceleration tester"
698	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
699	help
700	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
701	  POWER8 vpmsum instructions.
702	  Unless you are testing these algorithms, you don't need this.
703
704config CRYPTO_GHASH
705	tristate "GHASH digest algorithm"
706	select CRYPTO_GF128MUL
707	select CRYPTO_HASH
708	help
709	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
710
711config CRYPTO_POLY1305
712	tristate "Poly1305 authenticator algorithm"
713	select CRYPTO_HASH
714	help
715	  Poly1305 authenticator algorithm, RFC7539.
716
717	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
718	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
719	  in IETF protocols. This is the portable C implementation of Poly1305.
720
721config CRYPTO_POLY1305_X86_64
722	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
723	depends on X86 && 64BIT
724	select CRYPTO_POLY1305
725	help
726	  Poly1305 authenticator algorithm, RFC7539.
727
728	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
729	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
730	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
731	  instructions.
732
733config CRYPTO_MD4
734	tristate "MD4 digest algorithm"
735	select CRYPTO_HASH
736	help
737	  MD4 message digest algorithm (RFC1320).
738
739config CRYPTO_MD5
740	tristate "MD5 digest algorithm"
741	select CRYPTO_HASH
742	help
743	  MD5 message digest algorithm (RFC1321).
744
745config CRYPTO_MD5_OCTEON
746	tristate "MD5 digest algorithm (OCTEON)"
747	depends on CPU_CAVIUM_OCTEON
748	select CRYPTO_MD5
749	select CRYPTO_HASH
750	help
751	  MD5 message digest algorithm (RFC1321) implemented
752	  using OCTEON crypto instructions, when available.
753
754config CRYPTO_MD5_PPC
755	tristate "MD5 digest algorithm (PPC)"
756	depends on PPC
757	select CRYPTO_HASH
758	help
759	  MD5 message digest algorithm (RFC1321) implemented
760	  in PPC assembler.
761
762config CRYPTO_MD5_SPARC64
763	tristate "MD5 digest algorithm (SPARC64)"
764	depends on SPARC64
765	select CRYPTO_MD5
766	select CRYPTO_HASH
767	help
768	  MD5 message digest algorithm (RFC1321) implemented
769	  using sparc64 crypto instructions, when available.
770
771config CRYPTO_MICHAEL_MIC
772	tristate "Michael MIC keyed digest algorithm"
773	select CRYPTO_HASH
774	help
775	  Michael MIC is used for message integrity protection in TKIP
776	  (IEEE 802.11i). This algorithm is required for TKIP, but it
777	  should not be used for other purposes because of the weakness
778	  of the algorithm.
779
780config CRYPTO_RMD128
781	tristate "RIPEMD-128 digest algorithm"
782	select CRYPTO_HASH
783	help
784	  RIPEMD-128 (ISO/IEC 10118-3:2004).
785
786	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
787	  be used as a secure replacement for RIPEMD. For other use cases,
788	  RIPEMD-160 should be used.
789
790	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
791	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
792
793config CRYPTO_RMD160
794	tristate "RIPEMD-160 digest algorithm"
795	select CRYPTO_HASH
796	help
797	  RIPEMD-160 (ISO/IEC 10118-3:2004).
798
799	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
800	  to be used as a secure replacement for the 128-bit hash functions
801	  MD4, MD5 and it's predecessor RIPEMD
802	  (not to be confused with RIPEMD-128).
803
804	  It's speed is comparable to SHA1 and there are no known attacks
805	  against RIPEMD-160.
806
807	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
808	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
809
810config CRYPTO_RMD256
811	tristate "RIPEMD-256 digest algorithm"
812	select CRYPTO_HASH
813	help
814	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
815	  256 bit hash. It is intended for applications that require
816	  longer hash-results, without needing a larger security level
817	  (than RIPEMD-128).
818
819	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
820	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
821
822config CRYPTO_RMD320
823	tristate "RIPEMD-320 digest algorithm"
824	select CRYPTO_HASH
825	help
826	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
827	  320 bit hash. It is intended for applications that require
828	  longer hash-results, without needing a larger security level
829	  (than RIPEMD-160).
830
831	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
832	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
833
834config CRYPTO_SHA1
835	tristate "SHA1 digest algorithm"
836	select CRYPTO_HASH
837	help
838	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
839
840config CRYPTO_SHA1_SSSE3
841	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
842	depends on X86 && 64BIT
843	select CRYPTO_SHA1
844	select CRYPTO_HASH
845	help
846	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
847	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
848	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
849	  when available.
850
851config CRYPTO_SHA256_SSSE3
852	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
853	depends on X86 && 64BIT
854	select CRYPTO_SHA256
855	select CRYPTO_HASH
856	help
857	  SHA-256 secure hash standard (DFIPS 180-2) implemented
858	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
859	  Extensions version 1 (AVX1), or Advanced Vector Extensions
860	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
861	  Instructions) when available.
862
863config CRYPTO_SHA512_SSSE3
864	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
865	depends on X86 && 64BIT
866	select CRYPTO_SHA512
867	select CRYPTO_HASH
868	help
869	  SHA-512 secure hash standard (DFIPS 180-2) implemented
870	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
871	  Extensions version 1 (AVX1), or Advanced Vector Extensions
872	  version 2 (AVX2) instructions, when available.
873
874config CRYPTO_SHA1_OCTEON
875	tristate "SHA1 digest algorithm (OCTEON)"
876	depends on CPU_CAVIUM_OCTEON
877	select CRYPTO_SHA1
878	select CRYPTO_HASH
879	help
880	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
881	  using OCTEON crypto instructions, when available.
882
883config CRYPTO_SHA1_SPARC64
884	tristate "SHA1 digest algorithm (SPARC64)"
885	depends on SPARC64
886	select CRYPTO_SHA1
887	select CRYPTO_HASH
888	help
889	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
890	  using sparc64 crypto instructions, when available.
891
892config CRYPTO_SHA1_PPC
893	tristate "SHA1 digest algorithm (powerpc)"
894	depends on PPC
895	help
896	  This is the powerpc hardware accelerated implementation of the
897	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
898
899config CRYPTO_SHA1_PPC_SPE
900	tristate "SHA1 digest algorithm (PPC SPE)"
901	depends on PPC && SPE
902	help
903	  SHA-1 secure hash standard (DFIPS 180-4) implemented
904	  using powerpc SPE SIMD instruction set.
905
906config CRYPTO_SHA256
907	tristate "SHA224 and SHA256 digest algorithm"
908	select CRYPTO_HASH
909	help
910	  SHA256 secure hash standard (DFIPS 180-2).
911
912	  This version of SHA implements a 256 bit hash with 128 bits of
913	  security against collision attacks.
914
915	  This code also includes SHA-224, a 224 bit hash with 112 bits
916	  of security against collision attacks.
917
918config CRYPTO_SHA256_PPC_SPE
919	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
920	depends on PPC && SPE
921	select CRYPTO_SHA256
922	select CRYPTO_HASH
923	help
924	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
925	  implemented using powerpc SPE SIMD instruction set.
926
927config CRYPTO_SHA256_OCTEON
928	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
929	depends on CPU_CAVIUM_OCTEON
930	select CRYPTO_SHA256
931	select CRYPTO_HASH
932	help
933	  SHA-256 secure hash standard (DFIPS 180-2) implemented
934	  using OCTEON crypto instructions, when available.
935
936config CRYPTO_SHA256_SPARC64
937	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
938	depends on SPARC64
939	select CRYPTO_SHA256
940	select CRYPTO_HASH
941	help
942	  SHA-256 secure hash standard (DFIPS 180-2) implemented
943	  using sparc64 crypto instructions, when available.
944
945config CRYPTO_SHA512
946	tristate "SHA384 and SHA512 digest algorithms"
947	select CRYPTO_HASH
948	help
949	  SHA512 secure hash standard (DFIPS 180-2).
950
951	  This version of SHA implements a 512 bit hash with 256 bits of
952	  security against collision attacks.
953
954	  This code also includes SHA-384, a 384 bit hash with 192 bits
955	  of security against collision attacks.
956
957config CRYPTO_SHA512_OCTEON
958	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
959	depends on CPU_CAVIUM_OCTEON
960	select CRYPTO_SHA512
961	select CRYPTO_HASH
962	help
963	  SHA-512 secure hash standard (DFIPS 180-2) implemented
964	  using OCTEON crypto instructions, when available.
965
966config CRYPTO_SHA512_SPARC64
967	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
968	depends on SPARC64
969	select CRYPTO_SHA512
970	select CRYPTO_HASH
971	help
972	  SHA-512 secure hash standard (DFIPS 180-2) implemented
973	  using sparc64 crypto instructions, when available.
974
975config CRYPTO_SHA3
976	tristate "SHA3 digest algorithm"
977	select CRYPTO_HASH
978	help
979	  SHA-3 secure hash standard (DFIPS 202). It's based on
980	  cryptographic sponge function family called Keccak.
981
982	  References:
983	  http://keccak.noekeon.org/
984
985config CRYPTO_SM3
986	tristate "SM3 digest algorithm"
987	select CRYPTO_HASH
988	help
989	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
990	  It is part of the Chinese Commercial Cryptography suite.
991
992	  References:
993	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
994	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
995
996config CRYPTO_STREEBOG
997	tristate "Streebog Hash Function"
998	select CRYPTO_HASH
999	help
1000	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1001	  cryptographic standard algorithms (called GOST algorithms).
1002	  This setting enables two hash algorithms with 256 and 512 bits output.
1003
1004	  References:
1005	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1006	  https://tools.ietf.org/html/rfc6986
1007
1008config CRYPTO_TGR192
1009	tristate "Tiger digest algorithms"
1010	select CRYPTO_HASH
1011	help
1012	  Tiger hash algorithm 192, 160 and 128-bit hashes
1013
1014	  Tiger is a hash function optimized for 64-bit processors while
1015	  still having decent performance on 32-bit processors.
1016	  Tiger was developed by Ross Anderson and Eli Biham.
1017
1018	  See also:
1019	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1020
1021config CRYPTO_WP512
1022	tristate "Whirlpool digest algorithms"
1023	select CRYPTO_HASH
1024	help
1025	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1026
1027	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1028	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1029
1030	  See also:
1031	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1032
1033config CRYPTO_GHASH_CLMUL_NI_INTEL
1034	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1035	depends on X86 && 64BIT
1036	select CRYPTO_CRYPTD
1037	help
1038	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1039	  The implementation is accelerated by CLMUL-NI of Intel.
1040
1041comment "Ciphers"
1042
1043config CRYPTO_AES
1044	tristate "AES cipher algorithms"
1045	select CRYPTO_ALGAPI
1046	help
1047	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1048	  algorithm.
1049
1050	  Rijndael appears to be consistently a very good performer in
1051	  both hardware and software across a wide range of computing
1052	  environments regardless of its use in feedback or non-feedback
1053	  modes. Its key setup time is excellent, and its key agility is
1054	  good. Rijndael's very low memory requirements make it very well
1055	  suited for restricted-space environments, in which it also
1056	  demonstrates excellent performance. Rijndael's operations are
1057	  among the easiest to defend against power and timing attacks.
1058
1059	  The AES specifies three key sizes: 128, 192 and 256 bits
1060
1061	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1062
1063config CRYPTO_AES_TI
1064	tristate "Fixed time AES cipher"
1065	select CRYPTO_ALGAPI
1066	help
1067	  This is a generic implementation of AES that attempts to eliminate
1068	  data dependent latencies as much as possible without affecting
1069	  performance too much. It is intended for use by the generic CCM
1070	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1071	  solely on encryption (although decryption is supported as well, but
1072	  with a more dramatic performance hit)
1073
1074	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1075	  8 for decryption), this implementation only uses just two S-boxes of
1076	  256 bytes each, and attempts to eliminate data dependent latencies by
1077	  prefetching the entire table into the cache at the start of each
1078	  block. Interrupts are also disabled to avoid races where cachelines
1079	  are evicted when the CPU is interrupted to do something else.
1080
1081config CRYPTO_AES_586
1082	tristate "AES cipher algorithms (i586)"
1083	depends on (X86 || UML_X86) && !64BIT
1084	select CRYPTO_ALGAPI
1085	select CRYPTO_AES
1086	help
1087	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1088	  algorithm.
1089
1090	  Rijndael appears to be consistently a very good performer in
1091	  both hardware and software across a wide range of computing
1092	  environments regardless of its use in feedback or non-feedback
1093	  modes. Its key setup time is excellent, and its key agility is
1094	  good. Rijndael's very low memory requirements make it very well
1095	  suited for restricted-space environments, in which it also
1096	  demonstrates excellent performance. Rijndael's operations are
1097	  among the easiest to defend against power and timing attacks.
1098
1099	  The AES specifies three key sizes: 128, 192 and 256 bits
1100
1101	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1102
1103config CRYPTO_AES_X86_64
1104	tristate "AES cipher algorithms (x86_64)"
1105	depends on (X86 || UML_X86) && 64BIT
1106	select CRYPTO_ALGAPI
1107	select CRYPTO_AES
1108	help
1109	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1110	  algorithm.
1111
1112	  Rijndael appears to be consistently a very good performer in
1113	  both hardware and software across a wide range of computing
1114	  environments regardless of its use in feedback or non-feedback
1115	  modes. Its key setup time is excellent, and its key agility is
1116	  good. Rijndael's very low memory requirements make it very well
1117	  suited for restricted-space environments, in which it also
1118	  demonstrates excellent performance. Rijndael's operations are
1119	  among the easiest to defend against power and timing attacks.
1120
1121	  The AES specifies three key sizes: 128, 192 and 256 bits
1122
1123	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1124
1125config CRYPTO_AES_NI_INTEL
1126	tristate "AES cipher algorithms (AES-NI)"
1127	depends on X86
1128	select CRYPTO_AEAD
1129	select CRYPTO_AES_X86_64 if 64BIT
1130	select CRYPTO_AES_586 if !64BIT
1131	select CRYPTO_ALGAPI
1132	select CRYPTO_BLKCIPHER
1133	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1134	select CRYPTO_SIMD
1135	help
1136	  Use Intel AES-NI instructions for AES algorithm.
1137
1138	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1139	  algorithm.
1140
1141	  Rijndael appears to be consistently a very good performer in
1142	  both hardware and software across a wide range of computing
1143	  environments regardless of its use in feedback or non-feedback
1144	  modes. Its key setup time is excellent, and its key agility is
1145	  good. Rijndael's very low memory requirements make it very well
1146	  suited for restricted-space environments, in which it also
1147	  demonstrates excellent performance. Rijndael's operations are
1148	  among the easiest to defend against power and timing attacks.
1149
1150	  The AES specifies three key sizes: 128, 192 and 256 bits
1151
1152	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1153
1154	  In addition to AES cipher algorithm support, the acceleration
1155	  for some popular block cipher mode is supported too, including
1156	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1157	  acceleration for CTR.
1158
1159config CRYPTO_AES_SPARC64
1160	tristate "AES cipher algorithms (SPARC64)"
1161	depends on SPARC64
1162	select CRYPTO_CRYPTD
1163	select CRYPTO_ALGAPI
1164	help
1165	  Use SPARC64 crypto opcodes for AES algorithm.
1166
1167	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1168	  algorithm.
1169
1170	  Rijndael appears to be consistently a very good performer in
1171	  both hardware and software across a wide range of computing
1172	  environments regardless of its use in feedback or non-feedback
1173	  modes. Its key setup time is excellent, and its key agility is
1174	  good. Rijndael's very low memory requirements make it very well
1175	  suited for restricted-space environments, in which it also
1176	  demonstrates excellent performance. Rijndael's operations are
1177	  among the easiest to defend against power and timing attacks.
1178
1179	  The AES specifies three key sizes: 128, 192 and 256 bits
1180
1181	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1182
1183	  In addition to AES cipher algorithm support, the acceleration
1184	  for some popular block cipher mode is supported too, including
1185	  ECB and CBC.
1186
1187config CRYPTO_AES_PPC_SPE
1188	tristate "AES cipher algorithms (PPC SPE)"
1189	depends on PPC && SPE
1190	help
1191	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1192	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1193	  This module should only be used for low power (router) devices
1194	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1195	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1196	  timining attacks. Nevertheless it might be not as secure as other
1197	  architecture specific assembler implementations that work on 1KB
1198	  tables or 256 bytes S-boxes.
1199
1200config CRYPTO_ANUBIS
1201	tristate "Anubis cipher algorithm"
1202	select CRYPTO_ALGAPI
1203	help
1204	  Anubis cipher algorithm.
1205
1206	  Anubis is a variable key length cipher which can use keys from
1207	  128 bits to 320 bits in length.  It was evaluated as a entrant
1208	  in the NESSIE competition.
1209
1210	  See also:
1211	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1212	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1213
1214config CRYPTO_ARC4
1215	tristate "ARC4 cipher algorithm"
1216	select CRYPTO_BLKCIPHER
1217	help
1218	  ARC4 cipher algorithm.
1219
1220	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1221	  bits in length.  This algorithm is required for driver-based
1222	  WEP, but it should not be for other purposes because of the
1223	  weakness of the algorithm.
1224
1225config CRYPTO_BLOWFISH
1226	tristate "Blowfish cipher algorithm"
1227	select CRYPTO_ALGAPI
1228	select CRYPTO_BLOWFISH_COMMON
1229	help
1230	  Blowfish cipher algorithm, by Bruce Schneier.
1231
1232	  This is a variable key length cipher which can use keys from 32
1233	  bits to 448 bits in length.  It's fast, simple and specifically
1234	  designed for use on "large microprocessors".
1235
1236	  See also:
1237	  <http://www.schneier.com/blowfish.html>
1238
1239config CRYPTO_BLOWFISH_COMMON
1240	tristate
1241	help
1242	  Common parts of the Blowfish cipher algorithm shared by the
1243	  generic c and the assembler implementations.
1244
1245	  See also:
1246	  <http://www.schneier.com/blowfish.html>
1247
1248config CRYPTO_BLOWFISH_X86_64
1249	tristate "Blowfish cipher algorithm (x86_64)"
1250	depends on X86 && 64BIT
1251	select CRYPTO_BLKCIPHER
1252	select CRYPTO_BLOWFISH_COMMON
1253	help
1254	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1255
1256	  This is a variable key length cipher which can use keys from 32
1257	  bits to 448 bits in length.  It's fast, simple and specifically
1258	  designed for use on "large microprocessors".
1259
1260	  See also:
1261	  <http://www.schneier.com/blowfish.html>
1262
1263config CRYPTO_CAMELLIA
1264	tristate "Camellia cipher algorithms"
1265	depends on CRYPTO
1266	select CRYPTO_ALGAPI
1267	help
1268	  Camellia cipher algorithms module.
1269
1270	  Camellia is a symmetric key block cipher developed jointly
1271	  at NTT and Mitsubishi Electric Corporation.
1272
1273	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1274
1275	  See also:
1276	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1277
1278config CRYPTO_CAMELLIA_X86_64
1279	tristate "Camellia cipher algorithm (x86_64)"
1280	depends on X86 && 64BIT
1281	depends on CRYPTO
1282	select CRYPTO_BLKCIPHER
1283	select CRYPTO_GLUE_HELPER_X86
1284	help
1285	  Camellia cipher algorithm module (x86_64).
1286
1287	  Camellia is a symmetric key block cipher developed jointly
1288	  at NTT and Mitsubishi Electric Corporation.
1289
1290	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1291
1292	  See also:
1293	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1294
1295config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1296	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1297	depends on X86 && 64BIT
1298	depends on CRYPTO
1299	select CRYPTO_BLKCIPHER
1300	select CRYPTO_CAMELLIA_X86_64
1301	select CRYPTO_GLUE_HELPER_X86
1302	select CRYPTO_SIMD
1303	select CRYPTO_XTS
1304	help
1305	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1306
1307	  Camellia is a symmetric key block cipher developed jointly
1308	  at NTT and Mitsubishi Electric Corporation.
1309
1310	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1311
1312	  See also:
1313	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1314
1315config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1316	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1317	depends on X86 && 64BIT
1318	depends on CRYPTO
1319	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1320	help
1321	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1322
1323	  Camellia is a symmetric key block cipher developed jointly
1324	  at NTT and Mitsubishi Electric Corporation.
1325
1326	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1327
1328	  See also:
1329	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1330
1331config CRYPTO_CAMELLIA_SPARC64
1332	tristate "Camellia cipher algorithm (SPARC64)"
1333	depends on SPARC64
1334	depends on CRYPTO
1335	select CRYPTO_ALGAPI
1336	help
1337	  Camellia cipher algorithm module (SPARC64).
1338
1339	  Camellia is a symmetric key block cipher developed jointly
1340	  at NTT and Mitsubishi Electric Corporation.
1341
1342	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1343
1344	  See also:
1345	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1346
1347config CRYPTO_CAST_COMMON
1348	tristate
1349	help
1350	  Common parts of the CAST cipher algorithms shared by the
1351	  generic c and the assembler implementations.
1352
1353config CRYPTO_CAST5
1354	tristate "CAST5 (CAST-128) cipher algorithm"
1355	select CRYPTO_ALGAPI
1356	select CRYPTO_CAST_COMMON
1357	help
1358	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1359	  described in RFC2144.
1360
1361config CRYPTO_CAST5_AVX_X86_64
1362	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1363	depends on X86 && 64BIT
1364	select CRYPTO_BLKCIPHER
1365	select CRYPTO_CAST5
1366	select CRYPTO_CAST_COMMON
1367	select CRYPTO_SIMD
1368	help
1369	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1370	  described in RFC2144.
1371
1372	  This module provides the Cast5 cipher algorithm that processes
1373	  sixteen blocks parallel using the AVX instruction set.
1374
1375config CRYPTO_CAST6
1376	tristate "CAST6 (CAST-256) cipher algorithm"
1377	select CRYPTO_ALGAPI
1378	select CRYPTO_CAST_COMMON
1379	help
1380	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1381	  described in RFC2612.
1382
1383config CRYPTO_CAST6_AVX_X86_64
1384	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1385	depends on X86 && 64BIT
1386	select CRYPTO_BLKCIPHER
1387	select CRYPTO_CAST6
1388	select CRYPTO_CAST_COMMON
1389	select CRYPTO_GLUE_HELPER_X86
1390	select CRYPTO_SIMD
1391	select CRYPTO_XTS
1392	help
1393	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1394	  described in RFC2612.
1395
1396	  This module provides the Cast6 cipher algorithm that processes
1397	  eight blocks parallel using the AVX instruction set.
1398
1399config CRYPTO_DES
1400	tristate "DES and Triple DES EDE cipher algorithms"
1401	select CRYPTO_ALGAPI
1402	help
1403	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1404
1405config CRYPTO_DES_SPARC64
1406	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1407	depends on SPARC64
1408	select CRYPTO_ALGAPI
1409	select CRYPTO_DES
1410	help
1411	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1412	  optimized using SPARC64 crypto opcodes.
1413
1414config CRYPTO_DES3_EDE_X86_64
1415	tristate "Triple DES EDE cipher algorithm (x86-64)"
1416	depends on X86 && 64BIT
1417	select CRYPTO_BLKCIPHER
1418	select CRYPTO_DES
1419	help
1420	  Triple DES EDE (FIPS 46-3) algorithm.
1421
1422	  This module provides implementation of the Triple DES EDE cipher
1423	  algorithm that is optimized for x86-64 processors. Two versions of
1424	  algorithm are provided; regular processing one input block and
1425	  one that processes three blocks parallel.
1426
1427config CRYPTO_FCRYPT
1428	tristate "FCrypt cipher algorithm"
1429	select CRYPTO_ALGAPI
1430	select CRYPTO_BLKCIPHER
1431	help
1432	  FCrypt algorithm used by RxRPC.
1433
1434config CRYPTO_KHAZAD
1435	tristate "Khazad cipher algorithm"
1436	select CRYPTO_ALGAPI
1437	help
1438	  Khazad cipher algorithm.
1439
1440	  Khazad was a finalist in the initial NESSIE competition.  It is
1441	  an algorithm optimized for 64-bit processors with good performance
1442	  on 32-bit processors.  Khazad uses an 128 bit key size.
1443
1444	  See also:
1445	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1446
1447config CRYPTO_SALSA20
1448	tristate "Salsa20 stream cipher algorithm"
1449	select CRYPTO_BLKCIPHER
1450	help
1451	  Salsa20 stream cipher algorithm.
1452
1453	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1454	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1455
1456	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1457	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1458
1459config CRYPTO_CHACHA20
1460	tristate "ChaCha stream cipher algorithms"
1461	select CRYPTO_BLKCIPHER
1462	help
1463	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1464
1465	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1466	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1467	  This is the portable C implementation of ChaCha20.  See also:
1468	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1469
1470	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1471	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1472	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1473	  while provably retaining ChaCha20's security.  See also:
1474	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1475
1476	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1477	  reduced security margin but increased performance.  It can be needed
1478	  in some performance-sensitive scenarios.
1479
1480config CRYPTO_CHACHA20_X86_64
1481	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1482	depends on X86 && 64BIT
1483	select CRYPTO_BLKCIPHER
1484	select CRYPTO_CHACHA20
1485	help
1486	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1487	  XChaCha20, and XChaCha12 stream ciphers.
1488
1489config CRYPTO_SEED
1490	tristate "SEED cipher algorithm"
1491	select CRYPTO_ALGAPI
1492	help
1493	  SEED cipher algorithm (RFC4269).
1494
1495	  SEED is a 128-bit symmetric key block cipher that has been
1496	  developed by KISA (Korea Information Security Agency) as a
1497	  national standard encryption algorithm of the Republic of Korea.
1498	  It is a 16 round block cipher with the key size of 128 bit.
1499
1500	  See also:
1501	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1502
1503config CRYPTO_SERPENT
1504	tristate "Serpent cipher algorithm"
1505	select CRYPTO_ALGAPI
1506	help
1507	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1508
1509	  Keys are allowed to be from 0 to 256 bits in length, in steps
1510	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1511	  variant of Serpent for compatibility with old kerneli.org code.
1512
1513	  See also:
1514	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1515
1516config CRYPTO_SERPENT_SSE2_X86_64
1517	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1518	depends on X86 && 64BIT
1519	select CRYPTO_BLKCIPHER
1520	select CRYPTO_GLUE_HELPER_X86
1521	select CRYPTO_SERPENT
1522	select CRYPTO_SIMD
1523	help
1524	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1525
1526	  Keys are allowed to be from 0 to 256 bits in length, in steps
1527	  of 8 bits.
1528
1529	  This module provides Serpent cipher algorithm that processes eight
1530	  blocks parallel using SSE2 instruction set.
1531
1532	  See also:
1533	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1534
1535config CRYPTO_SERPENT_SSE2_586
1536	tristate "Serpent cipher algorithm (i586/SSE2)"
1537	depends on X86 && !64BIT
1538	select CRYPTO_BLKCIPHER
1539	select CRYPTO_GLUE_HELPER_X86
1540	select CRYPTO_SERPENT
1541	select CRYPTO_SIMD
1542	help
1543	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544
1545	  Keys are allowed to be from 0 to 256 bits in length, in steps
1546	  of 8 bits.
1547
1548	  This module provides Serpent cipher algorithm that processes four
1549	  blocks parallel using SSE2 instruction set.
1550
1551	  See also:
1552	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1553
1554config CRYPTO_SERPENT_AVX_X86_64
1555	tristate "Serpent cipher algorithm (x86_64/AVX)"
1556	depends on X86 && 64BIT
1557	select CRYPTO_BLKCIPHER
1558	select CRYPTO_GLUE_HELPER_X86
1559	select CRYPTO_SERPENT
1560	select CRYPTO_SIMD
1561	select CRYPTO_XTS
1562	help
1563	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1564
1565	  Keys are allowed to be from 0 to 256 bits in length, in steps
1566	  of 8 bits.
1567
1568	  This module provides the Serpent cipher algorithm that processes
1569	  eight blocks parallel using the AVX instruction set.
1570
1571	  See also:
1572	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1573
1574config CRYPTO_SERPENT_AVX2_X86_64
1575	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1576	depends on X86 && 64BIT
1577	select CRYPTO_SERPENT_AVX_X86_64
1578	help
1579	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1580
1581	  Keys are allowed to be from 0 to 256 bits in length, in steps
1582	  of 8 bits.
1583
1584	  This module provides Serpent cipher algorithm that processes 16
1585	  blocks parallel using AVX2 instruction set.
1586
1587	  See also:
1588	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1589
1590config CRYPTO_SM4
1591	tristate "SM4 cipher algorithm"
1592	select CRYPTO_ALGAPI
1593	help
1594	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1595
1596	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1597	  Organization of State Commercial Administration of China (OSCCA)
1598	  as an authorized cryptographic algorithms for the use within China.
1599
1600	  SMS4 was originally created for use in protecting wireless
1601	  networks, and is mandated in the Chinese National Standard for
1602	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1603	  (GB.15629.11-2003).
1604
1605	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1606	  standardized through TC 260 of the Standardization Administration
1607	  of the People's Republic of China (SAC).
1608
1609	  The input, output, and key of SMS4 are each 128 bits.
1610
1611	  See also: <https://eprint.iacr.org/2008/329.pdf>
1612
1613	  If unsure, say N.
1614
1615config CRYPTO_TEA
1616	tristate "TEA, XTEA and XETA cipher algorithms"
1617	select CRYPTO_ALGAPI
1618	help
1619	  TEA cipher algorithm.
1620
1621	  Tiny Encryption Algorithm is a simple cipher that uses
1622	  many rounds for security.  It is very fast and uses
1623	  little memory.
1624
1625	  Xtendend Tiny Encryption Algorithm is a modification to
1626	  the TEA algorithm to address a potential key weakness
1627	  in the TEA algorithm.
1628
1629	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1630	  of the XTEA algorithm for compatibility purposes.
1631
1632config CRYPTO_TWOFISH
1633	tristate "Twofish cipher algorithm"
1634	select CRYPTO_ALGAPI
1635	select CRYPTO_TWOFISH_COMMON
1636	help
1637	  Twofish cipher algorithm.
1638
1639	  Twofish was submitted as an AES (Advanced Encryption Standard)
1640	  candidate cipher by researchers at CounterPane Systems.  It is a
1641	  16 round block cipher supporting key sizes of 128, 192, and 256
1642	  bits.
1643
1644	  See also:
1645	  <http://www.schneier.com/twofish.html>
1646
1647config CRYPTO_TWOFISH_COMMON
1648	tristate
1649	help
1650	  Common parts of the Twofish cipher algorithm shared by the
1651	  generic c and the assembler implementations.
1652
1653config CRYPTO_TWOFISH_586
1654	tristate "Twofish cipher algorithms (i586)"
1655	depends on (X86 || UML_X86) && !64BIT
1656	select CRYPTO_ALGAPI
1657	select CRYPTO_TWOFISH_COMMON
1658	help
1659	  Twofish cipher algorithm.
1660
1661	  Twofish was submitted as an AES (Advanced Encryption Standard)
1662	  candidate cipher by researchers at CounterPane Systems.  It is a
1663	  16 round block cipher supporting key sizes of 128, 192, and 256
1664	  bits.
1665
1666	  See also:
1667	  <http://www.schneier.com/twofish.html>
1668
1669config CRYPTO_TWOFISH_X86_64
1670	tristate "Twofish cipher algorithm (x86_64)"
1671	depends on (X86 || UML_X86) && 64BIT
1672	select CRYPTO_ALGAPI
1673	select CRYPTO_TWOFISH_COMMON
1674	help
1675	  Twofish cipher algorithm (x86_64).
1676
1677	  Twofish was submitted as an AES (Advanced Encryption Standard)
1678	  candidate cipher by researchers at CounterPane Systems.  It is a
1679	  16 round block cipher supporting key sizes of 128, 192, and 256
1680	  bits.
1681
1682	  See also:
1683	  <http://www.schneier.com/twofish.html>
1684
1685config CRYPTO_TWOFISH_X86_64_3WAY
1686	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1687	depends on X86 && 64BIT
1688	select CRYPTO_BLKCIPHER
1689	select CRYPTO_TWOFISH_COMMON
1690	select CRYPTO_TWOFISH_X86_64
1691	select CRYPTO_GLUE_HELPER_X86
1692	help
1693	  Twofish cipher algorithm (x86_64, 3-way parallel).
1694
1695	  Twofish was submitted as an AES (Advanced Encryption Standard)
1696	  candidate cipher by researchers at CounterPane Systems.  It is a
1697	  16 round block cipher supporting key sizes of 128, 192, and 256
1698	  bits.
1699
1700	  This module provides Twofish cipher algorithm that processes three
1701	  blocks parallel, utilizing resources of out-of-order CPUs better.
1702
1703	  See also:
1704	  <http://www.schneier.com/twofish.html>
1705
1706config CRYPTO_TWOFISH_AVX_X86_64
1707	tristate "Twofish cipher algorithm (x86_64/AVX)"
1708	depends on X86 && 64BIT
1709	select CRYPTO_BLKCIPHER
1710	select CRYPTO_GLUE_HELPER_X86
1711	select CRYPTO_SIMD
1712	select CRYPTO_TWOFISH_COMMON
1713	select CRYPTO_TWOFISH_X86_64
1714	select CRYPTO_TWOFISH_X86_64_3WAY
1715	help
1716	  Twofish cipher algorithm (x86_64/AVX).
1717
1718	  Twofish was submitted as an AES (Advanced Encryption Standard)
1719	  candidate cipher by researchers at CounterPane Systems.  It is a
1720	  16 round block cipher supporting key sizes of 128, 192, and 256
1721	  bits.
1722
1723	  This module provides the Twofish cipher algorithm that processes
1724	  eight blocks parallel using the AVX Instruction Set.
1725
1726	  See also:
1727	  <http://www.schneier.com/twofish.html>
1728
1729comment "Compression"
1730
1731config CRYPTO_DEFLATE
1732	tristate "Deflate compression algorithm"
1733	select CRYPTO_ALGAPI
1734	select CRYPTO_ACOMP2
1735	select ZLIB_INFLATE
1736	select ZLIB_DEFLATE
1737	help
1738	  This is the Deflate algorithm (RFC1951), specified for use in
1739	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1740
1741	  You will most probably want this if using IPSec.
1742
1743config CRYPTO_LZO
1744	tristate "LZO compression algorithm"
1745	select CRYPTO_ALGAPI
1746	select CRYPTO_ACOMP2
1747	select LZO_COMPRESS
1748	select LZO_DECOMPRESS
1749	help
1750	  This is the LZO algorithm.
1751
1752config CRYPTO_842
1753	tristate "842 compression algorithm"
1754	select CRYPTO_ALGAPI
1755	select CRYPTO_ACOMP2
1756	select 842_COMPRESS
1757	select 842_DECOMPRESS
1758	help
1759	  This is the 842 algorithm.
1760
1761config CRYPTO_LZ4
1762	tristate "LZ4 compression algorithm"
1763	select CRYPTO_ALGAPI
1764	select CRYPTO_ACOMP2
1765	select LZ4_COMPRESS
1766	select LZ4_DECOMPRESS
1767	help
1768	  This is the LZ4 algorithm.
1769
1770config CRYPTO_LZ4HC
1771	tristate "LZ4HC compression algorithm"
1772	select CRYPTO_ALGAPI
1773	select CRYPTO_ACOMP2
1774	select LZ4HC_COMPRESS
1775	select LZ4_DECOMPRESS
1776	help
1777	  This is the LZ4 high compression mode algorithm.
1778
1779config CRYPTO_ZSTD
1780	tristate "Zstd compression algorithm"
1781	select CRYPTO_ALGAPI
1782	select CRYPTO_ACOMP2
1783	select ZSTD_COMPRESS
1784	select ZSTD_DECOMPRESS
1785	help
1786	  This is the zstd algorithm.
1787
1788comment "Random Number Generation"
1789
1790config CRYPTO_ANSI_CPRNG
1791	tristate "Pseudo Random Number Generation for Cryptographic modules"
1792	select CRYPTO_AES
1793	select CRYPTO_RNG
1794	help
1795	  This option enables the generic pseudo random number generator
1796	  for cryptographic modules.  Uses the Algorithm specified in
1797	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1798	  CRYPTO_FIPS is selected
1799
1800menuconfig CRYPTO_DRBG_MENU
1801	tristate "NIST SP800-90A DRBG"
1802	help
1803	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1804	  more of the DRBG types must be selected.
1805
1806if CRYPTO_DRBG_MENU
1807
1808config CRYPTO_DRBG_HMAC
1809	bool
1810	default y
1811	select CRYPTO_HMAC
1812	select CRYPTO_SHA256
1813
1814config CRYPTO_DRBG_HASH
1815	bool "Enable Hash DRBG"
1816	select CRYPTO_SHA256
1817	help
1818	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1819
1820config CRYPTO_DRBG_CTR
1821	bool "Enable CTR DRBG"
1822	select CRYPTO_AES
1823	depends on CRYPTO_CTR
1824	help
1825	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1826
1827config CRYPTO_DRBG
1828	tristate
1829	default CRYPTO_DRBG_MENU
1830	select CRYPTO_RNG
1831	select CRYPTO_JITTERENTROPY
1832
1833endif	# if CRYPTO_DRBG_MENU
1834
1835config CRYPTO_JITTERENTROPY
1836	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1837	select CRYPTO_RNG
1838	help
1839	  The Jitterentropy RNG is a noise that is intended
1840	  to provide seed to another RNG. The RNG does not
1841	  perform any cryptographic whitening of the generated
1842	  random numbers. This Jitterentropy RNG registers with
1843	  the kernel crypto API and can be used by any caller.
1844
1845config CRYPTO_USER_API
1846	tristate
1847
1848config CRYPTO_USER_API_HASH
1849	tristate "User-space interface for hash algorithms"
1850	depends on NET
1851	select CRYPTO_HASH
1852	select CRYPTO_USER_API
1853	help
1854	  This option enables the user-spaces interface for hash
1855	  algorithms.
1856
1857config CRYPTO_USER_API_SKCIPHER
1858	tristate "User-space interface for symmetric key cipher algorithms"
1859	depends on NET
1860	select CRYPTO_BLKCIPHER
1861	select CRYPTO_USER_API
1862	help
1863	  This option enables the user-spaces interface for symmetric
1864	  key cipher algorithms.
1865
1866config CRYPTO_USER_API_RNG
1867	tristate "User-space interface for random number generator algorithms"
1868	depends on NET
1869	select CRYPTO_RNG
1870	select CRYPTO_USER_API
1871	help
1872	  This option enables the user-spaces interface for random
1873	  number generator algorithms.
1874
1875config CRYPTO_USER_API_AEAD
1876	tristate "User-space interface for AEAD cipher algorithms"
1877	depends on NET
1878	select CRYPTO_AEAD
1879	select CRYPTO_BLKCIPHER
1880	select CRYPTO_NULL
1881	select CRYPTO_USER_API
1882	help
1883	  This option enables the user-spaces interface for AEAD
1884	  cipher algorithms.
1885
1886config CRYPTO_STATS
1887	bool "Crypto usage statistics for User-space"
1888	depends on CRYPTO_USER
1889	help
1890	  This option enables the gathering of crypto stats.
1891	  This will collect:
1892	  - encrypt/decrypt size and numbers of symmeric operations
1893	  - compress/decompress size and numbers of compress operations
1894	  - size and numbers of hash operations
1895	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1896	  - generate/seed numbers for rng operations
1897
1898config CRYPTO_HASH_INFO
1899	bool
1900
1901source "drivers/crypto/Kconfig"
1902source "crypto/asymmetric_keys/Kconfig"
1903source "certs/Kconfig"
1904
1905endif	# if CRYPTO
1906