1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS 19 help 20 This option provides the core Cryptographic API. 21 22if CRYPTO 23 24menu "Crypto core or helper" 25 26config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36config CRYPTO_FIPS_NAME 37 string "FIPS Module Name" 38 default "Linux Kernel Cryptographic API" 39 depends on CRYPTO_FIPS 40 help 41 This option sets the FIPS Module name reported by the Crypto API via 42 the /proc/sys/crypto/fips_name file. 43 44config CRYPTO_FIPS_CUSTOM_VERSION 45 bool "Use Custom FIPS Module Version" 46 depends on CRYPTO_FIPS 47 default n 48 49config CRYPTO_FIPS_VERSION 50 string "FIPS Module Version" 51 default "(none)" 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 53 help 54 This option provides the ability to override the FIPS Module Version. 55 By default the KERNELRELEASE value is used. 56 57config CRYPTO_ALGAPI 58 tristate 59 select CRYPTO_ALGAPI2 60 help 61 This option provides the API for cryptographic algorithms. 62 63config CRYPTO_ALGAPI2 64 tristate 65 66config CRYPTO_AEAD 67 tristate 68 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_AEAD2 72 tristate 73 select CRYPTO_ALGAPI2 74 select CRYPTO_NULL2 75 select CRYPTO_RNG2 76 77config CRYPTO_SKCIPHER 78 tristate 79 select CRYPTO_SKCIPHER2 80 select CRYPTO_ALGAPI 81 82config CRYPTO_SKCIPHER2 83 tristate 84 select CRYPTO_ALGAPI2 85 select CRYPTO_RNG2 86 87config CRYPTO_HASH 88 tristate 89 select CRYPTO_HASH2 90 select CRYPTO_ALGAPI 91 92config CRYPTO_HASH2 93 tristate 94 select CRYPTO_ALGAPI2 95 96config CRYPTO_RNG 97 tristate 98 select CRYPTO_RNG2 99 select CRYPTO_ALGAPI 100 101config CRYPTO_RNG2 102 tristate 103 select CRYPTO_ALGAPI2 104 105config CRYPTO_RNG_DEFAULT 106 tristate 107 select CRYPTO_DRBG_MENU 108 109config CRYPTO_AKCIPHER2 110 tristate 111 select CRYPTO_ALGAPI2 112 113config CRYPTO_AKCIPHER 114 tristate 115 select CRYPTO_AKCIPHER2 116 select CRYPTO_ALGAPI 117 118config CRYPTO_KPP2 119 tristate 120 select CRYPTO_ALGAPI2 121 122config CRYPTO_KPP 123 tristate 124 select CRYPTO_ALGAPI 125 select CRYPTO_KPP2 126 127config CRYPTO_ACOMP2 128 tristate 129 select CRYPTO_ALGAPI2 130 select SGL_ALLOC 131 132config CRYPTO_ACOMP 133 tristate 134 select CRYPTO_ALGAPI 135 select CRYPTO_ACOMP2 136 137config CRYPTO_MANAGER 138 tristate "Cryptographic algorithm manager" 139 select CRYPTO_MANAGER2 140 help 141 Create default cryptographic template instantiations such as 142 cbc(aes). 143 144config CRYPTO_MANAGER2 145 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 146 select CRYPTO_AEAD2 147 select CRYPTO_HASH2 148 select CRYPTO_SKCIPHER2 149 select CRYPTO_AKCIPHER2 150 select CRYPTO_KPP2 151 select CRYPTO_ACOMP2 152 153config CRYPTO_USER 154 tristate "Userspace cryptographic algorithm configuration" 155 depends on NET 156 select CRYPTO_MANAGER 157 help 158 Userspace configuration for cryptographic instantiations such as 159 cbc(aes). 160 161config CRYPTO_MANAGER_DISABLE_TESTS 162 bool "Disable run-time self tests" 163 default y 164 help 165 Disable run-time self tests that normally take place at 166 algorithm registration. 167 168config CRYPTO_MANAGER_EXTRA_TESTS 169 bool "Enable extra run-time crypto self tests" 170 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 171 help 172 Enable extra run-time self tests of registered crypto algorithms, 173 including randomized fuzz tests. 174 175 This is intended for developer use only, as these tests take much 176 longer to run than the normal self tests. 177 178config CRYPTO_GF128MUL 179 tristate 180 181config CRYPTO_NULL 182 tristate "Null algorithms" 183 select CRYPTO_NULL2 184 help 185 These are 'Null' algorithms, used by IPsec, which do nothing. 186 187config CRYPTO_NULL2 188 tristate 189 select CRYPTO_ALGAPI2 190 select CRYPTO_SKCIPHER2 191 select CRYPTO_HASH2 192 193config CRYPTO_PCRYPT 194 tristate "Parallel crypto engine" 195 depends on SMP 196 select PADATA 197 select CRYPTO_MANAGER 198 select CRYPTO_AEAD 199 help 200 This converts an arbitrary crypto algorithm into a parallel 201 algorithm that executes in kernel threads. 202 203config CRYPTO_CRYPTD 204 tristate "Software async crypto daemon" 205 select CRYPTO_SKCIPHER 206 select CRYPTO_HASH 207 select CRYPTO_MANAGER 208 help 209 This is a generic software asynchronous crypto daemon that 210 converts an arbitrary synchronous software crypto algorithm 211 into an asynchronous algorithm that executes in a kernel thread. 212 213config CRYPTO_AUTHENC 214 tristate "Authenc support" 215 select CRYPTO_AEAD 216 select CRYPTO_SKCIPHER 217 select CRYPTO_MANAGER 218 select CRYPTO_HASH 219 select CRYPTO_NULL 220 help 221 Authenc: Combined mode wrapper for IPsec. 222 223 This is required for IPSec ESP (XFRM_ESP). 224 225config CRYPTO_TEST 226 tristate "Testing module" 227 depends on m || EXPERT 228 select CRYPTO_MANAGER 229 help 230 Quick & dirty crypto test module. 231 232config CRYPTO_SIMD 233 tristate 234 select CRYPTO_CRYPTD 235 236config CRYPTO_ENGINE 237 tristate 238 239endmenu 240 241menu "Public-key cryptography" 242 243config CRYPTO_RSA 244 tristate "RSA (Rivest-Shamir-Adleman)" 245 select CRYPTO_AKCIPHER 246 select CRYPTO_MANAGER 247 select MPILIB 248 select ASN1 249 help 250 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) 251 252config CRYPTO_DH 253 tristate "DH (Diffie-Hellman)" 254 select CRYPTO_KPP 255 select MPILIB 256 help 257 DH (Diffie-Hellman) key exchange algorithm 258 259config CRYPTO_DH_RFC7919_GROUPS 260 bool "RFC 7919 FFDHE groups" 261 depends on CRYPTO_DH 262 select CRYPTO_RNG_DEFAULT 263 help 264 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 265 defined in RFC7919. 266 267 Support these finite-field groups in DH key exchanges: 268 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 269 270 If unsure, say N. 271 272config CRYPTO_ECC 273 tristate 274 select CRYPTO_RNG_DEFAULT 275 276config CRYPTO_ECDH 277 tristate "ECDH (Elliptic Curve Diffie-Hellman)" 278 select CRYPTO_ECC 279 select CRYPTO_KPP 280 help 281 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm 282 using curves P-192, P-256, and P-384 (FIPS 186) 283 284config CRYPTO_ECDSA 285 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" 286 select CRYPTO_ECC 287 select CRYPTO_AKCIPHER 288 select ASN1 289 help 290 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, 291 ISO/IEC 14888-3) 292 using curves P-192, P-256, and P-384 293 294 Only signature verification is implemented. 295 296config CRYPTO_ECRDSA 297 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" 298 select CRYPTO_ECC 299 select CRYPTO_AKCIPHER 300 select CRYPTO_STREEBOG 301 select OID_REGISTRY 302 select ASN1 303 help 304 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 305 RFC 7091, ISO/IEC 14888-3) 306 307 One of the Russian cryptographic standard algorithms (called GOST 308 algorithms). Only signature verification is implemented. 309 310config CRYPTO_SM2 311 tristate "SM2 (ShangMi 2)" 312 select CRYPTO_SM3 313 select CRYPTO_AKCIPHER 314 select CRYPTO_MANAGER 315 select MPILIB 316 select ASN1 317 help 318 SM2 (ShangMi 2) public key algorithm 319 320 Published by State Encryption Management Bureau, China, 321 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 322 323 References: 324 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/ 325 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 326 http://www.gmbz.org.cn/main/bzlb.html 327 328config CRYPTO_CURVE25519 329 tristate "Curve25519" 330 select CRYPTO_KPP 331 select CRYPTO_LIB_CURVE25519_GENERIC 332 help 333 Curve25519 elliptic curve (RFC7748) 334 335endmenu 336 337menu "Block ciphers" 338 339config CRYPTO_AES 340 tristate "AES (Advanced Encryption Standard)" 341 select CRYPTO_ALGAPI 342 select CRYPTO_LIB_AES 343 help 344 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 345 346 Rijndael appears to be consistently a very good performer in 347 both hardware and software across a wide range of computing 348 environments regardless of its use in feedback or non-feedback 349 modes. Its key setup time is excellent, and its key agility is 350 good. Rijndael's very low memory requirements make it very well 351 suited for restricted-space environments, in which it also 352 demonstrates excellent performance. Rijndael's operations are 353 among the easiest to defend against power and timing attacks. 354 355 The AES specifies three key sizes: 128, 192 and 256 bits 356 357config CRYPTO_AES_TI 358 tristate "AES (Advanced Encryption Standard) (fixed time)" 359 select CRYPTO_ALGAPI 360 select CRYPTO_LIB_AES 361 help 362 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 363 364 This is a generic implementation of AES that attempts to eliminate 365 data dependent latencies as much as possible without affecting 366 performance too much. It is intended for use by the generic CCM 367 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 368 solely on encryption (although decryption is supported as well, but 369 with a more dramatic performance hit) 370 371 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 372 8 for decryption), this implementation only uses just two S-boxes of 373 256 bytes each, and attempts to eliminate data dependent latencies by 374 prefetching the entire table into the cache at the start of each 375 block. Interrupts are also disabled to avoid races where cachelines 376 are evicted when the CPU is interrupted to do something else. 377 378config CRYPTO_ANUBIS 379 tristate "Anubis" 380 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 381 select CRYPTO_ALGAPI 382 help 383 Anubis cipher algorithm 384 385 Anubis is a variable key length cipher which can use keys from 386 128 bits to 320 bits in length. It was evaluated as a entrant 387 in the NESSIE competition. 388 389 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html 390 for further information. 391 392config CRYPTO_ARIA 393 tristate "ARIA" 394 select CRYPTO_ALGAPI 395 help 396 ARIA cipher algorithm (RFC5794) 397 398 ARIA is a standard encryption algorithm of the Republic of Korea. 399 The ARIA specifies three key sizes and rounds. 400 128-bit: 12 rounds. 401 192-bit: 14 rounds. 402 256-bit: 16 rounds. 403 404 See: 405 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do 406 407config CRYPTO_BLOWFISH 408 tristate "Blowfish" 409 select CRYPTO_ALGAPI 410 select CRYPTO_BLOWFISH_COMMON 411 help 412 Blowfish cipher algorithm, by Bruce Schneier 413 414 This is a variable key length cipher which can use keys from 32 415 bits to 448 bits in length. It's fast, simple and specifically 416 designed for use on "large microprocessors". 417 418 See https://www.schneier.com/blowfish.html for further information. 419 420config CRYPTO_BLOWFISH_COMMON 421 tristate 422 help 423 Common parts of the Blowfish cipher algorithm shared by the 424 generic c and the assembler implementations. 425 426config CRYPTO_CAMELLIA 427 tristate "Camellia" 428 select CRYPTO_ALGAPI 429 help 430 Camellia cipher algorithms (ISO/IEC 18033-3) 431 432 Camellia is a symmetric key block cipher developed jointly 433 at NTT and Mitsubishi Electric Corporation. 434 435 The Camellia specifies three key sizes: 128, 192 and 256 bits. 436 437 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. 438 439config CRYPTO_CAST_COMMON 440 tristate 441 help 442 Common parts of the CAST cipher algorithms shared by the 443 generic c and the assembler implementations. 444 445config CRYPTO_CAST5 446 tristate "CAST5 (CAST-128)" 447 select CRYPTO_ALGAPI 448 select CRYPTO_CAST_COMMON 449 help 450 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3) 451 452config CRYPTO_CAST6 453 tristate "CAST6 (CAST-256)" 454 select CRYPTO_ALGAPI 455 select CRYPTO_CAST_COMMON 456 help 457 CAST6 (CAST-256) encryption algorithm (RFC2612) 458 459config CRYPTO_DES 460 tristate "DES and Triple DES EDE" 461 select CRYPTO_ALGAPI 462 select CRYPTO_LIB_DES 463 help 464 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and 465 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3) 466 cipher algorithms 467 468config CRYPTO_FCRYPT 469 tristate "FCrypt" 470 select CRYPTO_ALGAPI 471 select CRYPTO_SKCIPHER 472 help 473 FCrypt algorithm used by RxRPC 474 475 See https://ota.polyonymo.us/fcrypt-paper.txt 476 477config CRYPTO_KHAZAD 478 tristate "Khazad" 479 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 480 select CRYPTO_ALGAPI 481 help 482 Khazad cipher algorithm 483 484 Khazad was a finalist in the initial NESSIE competition. It is 485 an algorithm optimized for 64-bit processors with good performance 486 on 32-bit processors. Khazad uses an 128 bit key size. 487 488 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html 489 for further information. 490 491config CRYPTO_SEED 492 tristate "SEED" 493 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 494 select CRYPTO_ALGAPI 495 help 496 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3) 497 498 SEED is a 128-bit symmetric key block cipher that has been 499 developed by KISA (Korea Information Security Agency) as a 500 national standard encryption algorithm of the Republic of Korea. 501 It is a 16 round block cipher with the key size of 128 bit. 502 503 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do 504 for further information. 505 506config CRYPTO_SERPENT 507 tristate "Serpent" 508 select CRYPTO_ALGAPI 509 help 510 Serpent cipher algorithm, by Anderson, Biham & Knudsen 511 512 Keys are allowed to be from 0 to 256 bits in length, in steps 513 of 8 bits. 514 515 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. 516 517config CRYPTO_SM4 518 tristate 519 520config CRYPTO_SM4_GENERIC 521 tristate "SM4 (ShangMi 4)" 522 select CRYPTO_ALGAPI 523 select CRYPTO_SM4 524 help 525 SM4 cipher algorithms (OSCCA GB/T 32907-2016, 526 ISO/IEC 18033-3:2010/Amd 1:2021) 527 528 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 529 Organization of State Commercial Administration of China (OSCCA) 530 as an authorized cryptographic algorithms for the use within China. 531 532 SMS4 was originally created for use in protecting wireless 533 networks, and is mandated in the Chinese National Standard for 534 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 535 (GB.15629.11-2003). 536 537 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 538 standardized through TC 260 of the Standardization Administration 539 of the People's Republic of China (SAC). 540 541 The input, output, and key of SMS4 are each 128 bits. 542 543 See https://eprint.iacr.org/2008/329.pdf for further information. 544 545 If unsure, say N. 546 547config CRYPTO_TEA 548 tristate "TEA, XTEA and XETA" 549 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 550 select CRYPTO_ALGAPI 551 help 552 TEA (Tiny Encryption Algorithm) cipher algorithms 553 554 Tiny Encryption Algorithm is a simple cipher that uses 555 many rounds for security. It is very fast and uses 556 little memory. 557 558 Xtendend Tiny Encryption Algorithm is a modification to 559 the TEA algorithm to address a potential key weakness 560 in the TEA algorithm. 561 562 Xtendend Encryption Tiny Algorithm is a mis-implementation 563 of the XTEA algorithm for compatibility purposes. 564 565config CRYPTO_TWOFISH 566 tristate "Twofish" 567 select CRYPTO_ALGAPI 568 select CRYPTO_TWOFISH_COMMON 569 help 570 Twofish cipher algorithm 571 572 Twofish was submitted as an AES (Advanced Encryption Standard) 573 candidate cipher by researchers at CounterPane Systems. It is a 574 16 round block cipher supporting key sizes of 128, 192, and 256 575 bits. 576 577 See https://www.schneier.com/twofish.html for further information. 578 579config CRYPTO_TWOFISH_COMMON 580 tristate 581 help 582 Common parts of the Twofish cipher algorithm shared by the 583 generic c and the assembler implementations. 584 585endmenu 586 587menu "Length-preserving ciphers and modes" 588 589config CRYPTO_ADIANTUM 590 tristate "Adiantum" 591 select CRYPTO_CHACHA20 592 select CRYPTO_LIB_POLY1305_GENERIC 593 select CRYPTO_NHPOLY1305 594 select CRYPTO_MANAGER 595 help 596 Adiantum tweakable, length-preserving encryption mode 597 598 Designed for fast and secure disk encryption, especially on 599 CPUs without dedicated crypto instructions. It encrypts 600 each sector using the XChaCha12 stream cipher, two passes of 601 an ε-almost-∆-universal hash function, and an invocation of 602 the AES-256 block cipher on a single 16-byte block. On CPUs 603 without AES instructions, Adiantum is much faster than 604 AES-XTS. 605 606 Adiantum's security is provably reducible to that of its 607 underlying stream and block ciphers, subject to a security 608 bound. Unlike XTS, Adiantum is a true wide-block encryption 609 mode, so it actually provides an even stronger notion of 610 security than XTS, subject to the security bound. 611 612 If unsure, say N. 613 614config CRYPTO_ARC4 615 tristate "ARC4 (Alleged Rivest Cipher 4)" 616 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 617 select CRYPTO_SKCIPHER 618 select CRYPTO_LIB_ARC4 619 help 620 ARC4 cipher algorithm 621 622 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 623 bits in length. This algorithm is required for driver-based 624 WEP, but it should not be for other purposes because of the 625 weakness of the algorithm. 626 627config CRYPTO_CHACHA20 628 tristate "ChaCha" 629 select CRYPTO_LIB_CHACHA_GENERIC 630 select CRYPTO_SKCIPHER 631 help 632 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms 633 634 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 635 Bernstein and further specified in RFC7539 for use in IETF protocols. 636 This is the portable C implementation of ChaCha20. See 637 https://cr.yp.to/chacha/chacha-20080128.pdf for further information. 638 639 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 640 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 641 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 642 while provably retaining ChaCha20's security. See 643 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. 644 645 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 646 reduced security margin but increased performance. It can be needed 647 in some performance-sensitive scenarios. 648 649config CRYPTO_CBC 650 tristate "CBC (Cipher Block Chaining)" 651 select CRYPTO_SKCIPHER 652 select CRYPTO_MANAGER 653 help 654 CBC (Cipher Block Chaining) mode (NIST SP800-38A) 655 656 This block cipher mode is required for IPSec ESP (XFRM_ESP). 657 658config CRYPTO_CFB 659 tristate "CFB (Cipher Feedback)" 660 select CRYPTO_SKCIPHER 661 select CRYPTO_MANAGER 662 help 663 CFB (Cipher Feedback) mode (NIST SP800-38A) 664 665 This block cipher mode is required for TPM2 Cryptography. 666 667config CRYPTO_CTR 668 tristate "CTR (Counter)" 669 select CRYPTO_SKCIPHER 670 select CRYPTO_MANAGER 671 help 672 CTR (Counter) mode (NIST SP800-38A) 673 674config CRYPTO_CTS 675 tristate "CTS (Cipher Text Stealing)" 676 select CRYPTO_SKCIPHER 677 select CRYPTO_MANAGER 678 help 679 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST 680 Addendum to SP800-38A (October 2010)) 681 682 This mode is required for Kerberos gss mechanism support 683 for AES encryption. 684 685config CRYPTO_ECB 686 tristate "ECB (Electronic Codebook)" 687 select CRYPTO_SKCIPHER 688 select CRYPTO_MANAGER 689 help 690 ECB (Electronic Codebook) mode (NIST SP800-38A) 691 692config CRYPTO_HCTR2 693 tristate "HCTR2" 694 select CRYPTO_XCTR 695 select CRYPTO_POLYVAL 696 select CRYPTO_MANAGER 697 help 698 HCTR2 length-preserving encryption mode 699 700 A mode for storage encryption that is efficient on processors with 701 instructions to accelerate AES and carryless multiplication, e.g. 702 x86 processors with AES-NI and CLMUL, and ARM processors with the 703 ARMv8 crypto extensions. 704 705 See https://eprint.iacr.org/2021/1441 706 707config CRYPTO_KEYWRAP 708 tristate "KW (AES Key Wrap)" 709 select CRYPTO_SKCIPHER 710 select CRYPTO_MANAGER 711 help 712 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F 713 and RFC3394) without padding. 714 715config CRYPTO_LRW 716 tristate "LRW (Liskov Rivest Wagner)" 717 select CRYPTO_SKCIPHER 718 select CRYPTO_MANAGER 719 select CRYPTO_GF128MUL 720 select CRYPTO_ECB 721 help 722 LRW (Liskov Rivest Wagner) mode 723 724 A tweakable, non malleable, non movable 725 narrow block cipher mode for dm-crypt. Use it with cipher 726 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 727 The first 128, 192 or 256 bits in the key are used for AES and the 728 rest is used to tie each cipher block to its logical position. 729 730 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf 731 732config CRYPTO_OFB 733 tristate "OFB (Output Feedback)" 734 select CRYPTO_SKCIPHER 735 select CRYPTO_MANAGER 736 help 737 OFB (Output Feedback) mode (NIST SP800-38A) 738 739 This mode makes a block cipher into a synchronous 740 stream cipher. It generates keystream blocks, which are then XORed 741 with the plaintext blocks to get the ciphertext. Flipping a bit in the 742 ciphertext produces a flipped bit in the plaintext at the same 743 location. This property allows many error correcting codes to function 744 normally even when applied before encryption. 745 746config CRYPTO_PCBC 747 tristate "PCBC (Propagating Cipher Block Chaining)" 748 select CRYPTO_SKCIPHER 749 select CRYPTO_MANAGER 750 help 751 PCBC (Propagating Cipher Block Chaining) mode 752 753 This block cipher mode is required for RxRPC. 754 755config CRYPTO_XCTR 756 tristate 757 select CRYPTO_SKCIPHER 758 select CRYPTO_MANAGER 759 help 760 XCTR (XOR Counter) mode for HCTR2 761 762 This blockcipher mode is a variant of CTR mode using XORs and little-endian 763 addition rather than big-endian arithmetic. 764 765 XCTR mode is used to implement HCTR2. 766 767config CRYPTO_XTS 768 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" 769 select CRYPTO_SKCIPHER 770 select CRYPTO_MANAGER 771 select CRYPTO_ECB 772 help 773 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 774 and IEEE 1619) 775 776 Use with aes-xts-plain, key size 256, 384 or 512 bits. This 777 implementation currently can't handle a sectorsize which is not a 778 multiple of 16 bytes. 779 780config CRYPTO_NHPOLY1305 781 tristate 782 select CRYPTO_HASH 783 select CRYPTO_LIB_POLY1305_GENERIC 784 785endmenu 786 787menu "AEAD (authenticated encryption with associated data) ciphers" 788 789config CRYPTO_AEGIS128 790 tristate "AEGIS-128" 791 select CRYPTO_AEAD 792 select CRYPTO_AES # for AES S-box tables 793 help 794 AEGIS-128 AEAD algorithm 795 796config CRYPTO_AEGIS128_SIMD 797 bool "AEGIS-128 (arm NEON, arm64 NEON)" 798 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 799 default y 800 help 801 AEGIS-128 AEAD algorithm 802 803 Architecture: arm or arm64 using: 804 - NEON (Advanced SIMD) extension 805 806config CRYPTO_CHACHA20POLY1305 807 tristate "ChaCha20-Poly1305" 808 select CRYPTO_CHACHA20 809 select CRYPTO_POLY1305 810 select CRYPTO_AEAD 811 select CRYPTO_MANAGER 812 help 813 ChaCha20 stream cipher and Poly1305 authenticator combined 814 mode (RFC8439) 815 816config CRYPTO_CCM 817 tristate "CCM (Counter with Cipher Block Chaining-MAC)" 818 select CRYPTO_CTR 819 select CRYPTO_HASH 820 select CRYPTO_AEAD 821 select CRYPTO_MANAGER 822 help 823 CCM (Counter with Cipher Block Chaining-Message Authentication Code) 824 authenticated encryption mode (NIST SP800-38C) 825 826config CRYPTO_GCM 827 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 828 select CRYPTO_CTR 829 select CRYPTO_AEAD 830 select CRYPTO_GHASH 831 select CRYPTO_NULL 832 select CRYPTO_MANAGER 833 help 834 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC 835 (GCM Message Authentication Code) (NIST SP800-38D) 836 837 This is required for IPSec ESP (XFRM_ESP). 838 839config CRYPTO_SEQIV 840 tristate "Sequence Number IV Generator" 841 select CRYPTO_AEAD 842 select CRYPTO_SKCIPHER 843 select CRYPTO_NULL 844 select CRYPTO_RNG_DEFAULT 845 select CRYPTO_MANAGER 846 help 847 Sequence Number IV generator 848 849 This IV generator generates an IV based on a sequence number by 850 xoring it with a salt. This algorithm is mainly useful for CTR. 851 852 This is required for IPsec ESP (XFRM_ESP). 853 854config CRYPTO_ECHAINIV 855 tristate "Encrypted Chain IV Generator" 856 select CRYPTO_AEAD 857 select CRYPTO_NULL 858 select CRYPTO_RNG_DEFAULT 859 select CRYPTO_MANAGER 860 help 861 Encrypted Chain IV generator 862 863 This IV generator generates an IV based on the encryption of 864 a sequence number xored with a salt. This is the default 865 algorithm for CBC. 866 867config CRYPTO_ESSIV 868 tristate "Encrypted Salt-Sector IV Generator" 869 select CRYPTO_AUTHENC 870 help 871 Encrypted Salt-Sector IV generator 872 873 This IV generator is used in some cases by fscrypt and/or 874 dm-crypt. It uses the hash of the block encryption key as the 875 symmetric key for a block encryption pass applied to the input 876 IV, making low entropy IV sources more suitable for block 877 encryption. 878 879 This driver implements a crypto API template that can be 880 instantiated either as an skcipher or as an AEAD (depending on the 881 type of the first template argument), and which defers encryption 882 and decryption requests to the encapsulated cipher after applying 883 ESSIV to the input IV. Note that in the AEAD case, it is assumed 884 that the keys are presented in the same format used by the authenc 885 template, and that the IV appears at the end of the authenticated 886 associated data (AAD) region (which is how dm-crypt uses it.) 887 888 Note that the use of ESSIV is not recommended for new deployments, 889 and so this only needs to be enabled when interoperability with 890 existing encrypted volumes of filesystems is required, or when 891 building for a particular system that requires it (e.g., when 892 the SoC in question has accelerated CBC but not XTS, making CBC 893 combined with ESSIV the only feasible mode for h/w accelerated 894 block encryption) 895 896endmenu 897 898menu "Hashes, digests, and MACs" 899 900config CRYPTO_BLAKE2B 901 tristate "BLAKE2b" 902 select CRYPTO_HASH 903 help 904 BLAKE2b cryptographic hash function (RFC 7693) 905 906 BLAKE2b is optimized for 64-bit platforms and can produce digests 907 of any size between 1 and 64 bytes. The keyed hash is also implemented. 908 909 This module provides the following algorithms: 910 - blake2b-160 911 - blake2b-256 912 - blake2b-384 913 - blake2b-512 914 915 Used by the btrfs filesystem. 916 917 See https://blake2.net for further information. 918 919 config CRYPTO_BLAKE2S 920 tristate "BLAKE2s" 921 select CRYPTO_LIB_BLAKE2S_GENERIC 922 select CRYPTO_HASH 923 help 924 BLAKE2s cryptographic hash function (RFC 7693) 925 926 BLAKE2s is optimized for 8 to 32-bit platforms and can produce 927 digests of any size between 1 and 32 bytes. The keyed hash is 928 also implemented. 929 930 This module provides the following algorithms: 931 - blake2s-128 932 - blake2s-160 933 - blake2s-224 934 - blake2s-256 935 936 Used by Wireguard. 937 938 See https://blake2.net for further information. 939 940config CRYPTO_CMAC 941 tristate "CMAC (Cipher-based MAC)" 942 select CRYPTO_HASH 943 select CRYPTO_MANAGER 944 help 945 CMAC (Cipher-based Message Authentication Code) authentication 946 mode (NIST SP800-38B and IETF RFC4493) 947 948config CRYPTO_GHASH 949 tristate "GHASH" 950 select CRYPTO_GF128MUL 951 select CRYPTO_HASH 952 help 953 GCM GHASH function (NIST SP800-38D) 954 955config CRYPTO_HMAC 956 tristate "HMAC (Keyed-Hash MAC)" 957 select CRYPTO_HASH 958 select CRYPTO_MANAGER 959 help 960 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and 961 RFC2104) 962 963 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 964 965config CRYPTO_MD4 966 tristate "MD4" 967 select CRYPTO_HASH 968 help 969 MD4 message digest algorithm (RFC1320) 970 971config CRYPTO_MD5 972 tristate "MD5" 973 select CRYPTO_HASH 974 help 975 MD5 message digest algorithm (RFC1321) 976 977config CRYPTO_MICHAEL_MIC 978 tristate "Michael MIC" 979 select CRYPTO_HASH 980 help 981 Michael MIC (Message Integrity Code) (IEEE 802.11i) 982 983 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), 984 known as WPA (Wif-Fi Protected Access). 985 986 This algorithm is required for TKIP, but it should not be used for 987 other purposes because of the weakness of the algorithm. 988 989config CRYPTO_POLYVAL 990 tristate 991 select CRYPTO_GF128MUL 992 select CRYPTO_HASH 993 help 994 POLYVAL hash function for HCTR2 995 996 This is used in HCTR2. It is not a general-purpose 997 cryptographic hash function. 998 999config CRYPTO_POLY1305 1000 tristate "Poly1305" 1001 select CRYPTO_HASH 1002 select CRYPTO_LIB_POLY1305_GENERIC 1003 help 1004 Poly1305 authenticator algorithm (RFC7539) 1005 1006 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 1007 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 1008 in IETF protocols. This is the portable C implementation of Poly1305. 1009 1010config CRYPTO_RMD160 1011 tristate "RIPEMD-160" 1012 select CRYPTO_HASH 1013 help 1014 RIPEMD-160 hash function (ISO/IEC 10118-3) 1015 1016 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 1017 to be used as a secure replacement for the 128-bit hash functions 1018 MD4, MD5 and its predecessor RIPEMD 1019 (not to be confused with RIPEMD-128). 1020 1021 Its speed is comparable to SHA-1 and there are no known attacks 1022 against RIPEMD-160. 1023 1024 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 1025 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 1026 for further information. 1027 1028config CRYPTO_SHA1 1029 tristate "SHA-1" 1030 select CRYPTO_HASH 1031 select CRYPTO_LIB_SHA1 1032 help 1033 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3) 1034 1035config CRYPTO_SHA256 1036 tristate "SHA-224 and SHA-256" 1037 select CRYPTO_HASH 1038 select CRYPTO_LIB_SHA256 1039 help 1040 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 1041 1042 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 1043 Used by the btrfs filesystem, Ceph, NFS, and SMB. 1044 1045config CRYPTO_SHA512 1046 tristate "SHA-384 and SHA-512" 1047 select CRYPTO_HASH 1048 help 1049 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 1050 1051config CRYPTO_SHA3 1052 tristate "SHA-3" 1053 select CRYPTO_HASH 1054 help 1055 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 1056 1057config CRYPTO_SM3 1058 tristate 1059 1060config CRYPTO_SM3_GENERIC 1061 tristate "SM3 (ShangMi 3)" 1062 select CRYPTO_HASH 1063 select CRYPTO_SM3 1064 help 1065 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) 1066 1067 This is part of the Chinese Commercial Cryptography suite. 1068 1069 References: 1070 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1071 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1072 1073config CRYPTO_STREEBOG 1074 tristate "Streebog" 1075 select CRYPTO_HASH 1076 help 1077 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) 1078 1079 This is one of the Russian cryptographic standard algorithms (called 1080 GOST algorithms). This setting enables two hash algorithms with 1081 256 and 512 bits output. 1082 1083 References: 1084 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1085 https://tools.ietf.org/html/rfc6986 1086 1087config CRYPTO_VMAC 1088 tristate "VMAC" 1089 select CRYPTO_HASH 1090 select CRYPTO_MANAGER 1091 help 1092 VMAC is a message authentication algorithm designed for 1093 very high speed on 64-bit architectures. 1094 1095 See https://fastcrypto.org/vmac for further information. 1096 1097config CRYPTO_WP512 1098 tristate "Whirlpool" 1099 select CRYPTO_HASH 1100 help 1101 Whirlpool hash function (ISO/IEC 10118-3) 1102 1103 512, 384 and 256-bit hashes. 1104 1105 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1106 1107 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html 1108 for further information. 1109 1110config CRYPTO_XCBC 1111 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" 1112 select CRYPTO_HASH 1113 select CRYPTO_MANAGER 1114 help 1115 XCBC-MAC (Extended Cipher Block Chaining Message Authentication 1116 Code) (RFC3566) 1117 1118config CRYPTO_XXHASH 1119 tristate "xxHash" 1120 select CRYPTO_HASH 1121 select XXHASH 1122 help 1123 xxHash non-cryptographic hash algorithm 1124 1125 Extremely fast, working at speeds close to RAM limits. 1126 1127 Used by the btrfs filesystem. 1128 1129endmenu 1130 1131menu "CRCs (cyclic redundancy checks)" 1132 1133config CRYPTO_CRC32C 1134 tristate "CRC32c" 1135 select CRYPTO_HASH 1136 select CRC32 1137 help 1138 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 1139 1140 A 32-bit CRC (cyclic redundancy check) with a polynomial defined 1141 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic 1142 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions 1143 on Communications, Vol. 41, No. 6, June 1993, selected for use with 1144 iSCSI. 1145 1146 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. 1147 1148config CRYPTO_CRC32 1149 tristate "CRC32" 1150 select CRYPTO_HASH 1151 select CRC32 1152 help 1153 CRC32 CRC algorithm (IEEE 802.3) 1154 1155 Used by RoCEv2 and f2fs. 1156 1157config CRYPTO_CRCT10DIF 1158 tristate "CRCT10DIF" 1159 select CRYPTO_HASH 1160 help 1161 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) 1162 1163 CRC algorithm used by the SCSI Block Commands standard. 1164 1165config CRYPTO_CRC64_ROCKSOFT 1166 tristate "CRC64 based on Rocksoft Model algorithm" 1167 depends on CRC64 1168 select CRYPTO_HASH 1169 help 1170 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm 1171 1172 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY) 1173 1174 See https://zlib.net/crc_v3.txt 1175 1176endmenu 1177 1178menu "Compression" 1179 1180config CRYPTO_DEFLATE 1181 tristate "Deflate" 1182 select CRYPTO_ALGAPI 1183 select CRYPTO_ACOMP2 1184 select ZLIB_INFLATE 1185 select ZLIB_DEFLATE 1186 help 1187 Deflate compression algorithm (RFC1951) 1188 1189 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394) 1190 1191config CRYPTO_LZO 1192 tristate "LZO" 1193 select CRYPTO_ALGAPI 1194 select CRYPTO_ACOMP2 1195 select LZO_COMPRESS 1196 select LZO_DECOMPRESS 1197 help 1198 LZO compression algorithm 1199 1200 See https://www.oberhumer.com/opensource/lzo/ for further information. 1201 1202config CRYPTO_842 1203 tristate "842" 1204 select CRYPTO_ALGAPI 1205 select CRYPTO_ACOMP2 1206 select 842_COMPRESS 1207 select 842_DECOMPRESS 1208 help 1209 842 compression algorithm by IBM 1210 1211 See https://github.com/plauth/lib842 for further information. 1212 1213config CRYPTO_LZ4 1214 tristate "LZ4" 1215 select CRYPTO_ALGAPI 1216 select CRYPTO_ACOMP2 1217 select LZ4_COMPRESS 1218 select LZ4_DECOMPRESS 1219 help 1220 LZ4 compression algorithm 1221 1222 See https://github.com/lz4/lz4 for further information. 1223 1224config CRYPTO_LZ4HC 1225 tristate "LZ4HC" 1226 select CRYPTO_ALGAPI 1227 select CRYPTO_ACOMP2 1228 select LZ4HC_COMPRESS 1229 select LZ4_DECOMPRESS 1230 help 1231 LZ4 high compression mode algorithm 1232 1233 See https://github.com/lz4/lz4 for further information. 1234 1235config CRYPTO_ZSTD 1236 tristate "Zstd" 1237 select CRYPTO_ALGAPI 1238 select CRYPTO_ACOMP2 1239 select ZSTD_COMPRESS 1240 select ZSTD_DECOMPRESS 1241 help 1242 zstd compression algorithm 1243 1244 See https://github.com/facebook/zstd for further information. 1245 1246endmenu 1247 1248menu "Random number generation" 1249 1250config CRYPTO_ANSI_CPRNG 1251 tristate "ANSI PRNG (Pseudo Random Number Generator)" 1252 select CRYPTO_AES 1253 select CRYPTO_RNG 1254 help 1255 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4) 1256 1257 This uses the AES cipher algorithm. 1258 1259 Note that this option must be enabled if CRYPTO_FIPS is selected 1260 1261menuconfig CRYPTO_DRBG_MENU 1262 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" 1263 help 1264 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) 1265 1266 In the following submenu, one or more of the DRBG types must be selected. 1267 1268if CRYPTO_DRBG_MENU 1269 1270config CRYPTO_DRBG_HMAC 1271 bool 1272 default y 1273 select CRYPTO_HMAC 1274 select CRYPTO_SHA512 1275 1276config CRYPTO_DRBG_HASH 1277 bool "Hash_DRBG" 1278 select CRYPTO_SHA256 1279 help 1280 Hash_DRBG variant as defined in NIST SP800-90A. 1281 1282 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. 1283 1284config CRYPTO_DRBG_CTR 1285 bool "CTR_DRBG" 1286 select CRYPTO_AES 1287 select CRYPTO_CTR 1288 help 1289 CTR_DRBG variant as defined in NIST SP800-90A. 1290 1291 This uses the AES cipher algorithm with the counter block mode. 1292 1293config CRYPTO_DRBG 1294 tristate 1295 default CRYPTO_DRBG_MENU 1296 select CRYPTO_RNG 1297 select CRYPTO_JITTERENTROPY 1298 1299endif # if CRYPTO_DRBG_MENU 1300 1301config CRYPTO_JITTERENTROPY 1302 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" 1303 select CRYPTO_RNG 1304 help 1305 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library 1306 1307 A non-physical non-deterministic ("true") RNG (e.g., an entropy source 1308 compliant with NIST SP800-90B) intended to provide a seed to a 1309 deterministic RNG (e.g. per NIST SP800-90C). 1310 This RNG does not perform any cryptographic whitening of the generated 1311 1312 See https://www.chronox.de/jent.html 1313 1314config CRYPTO_KDF800108_CTR 1315 tristate 1316 select CRYPTO_HMAC 1317 select CRYPTO_SHA256 1318 1319endmenu 1320menu "Userspace interface" 1321 1322config CRYPTO_USER_API 1323 tristate 1324 1325config CRYPTO_USER_API_HASH 1326 tristate "Hash algorithms" 1327 depends on NET 1328 select CRYPTO_HASH 1329 select CRYPTO_USER_API 1330 help 1331 Enable the userspace interface for hash algorithms. 1332 1333 See Documentation/crypto/userspace-if.rst and 1334 https://www.chronox.de/libkcapi/html/index.html 1335 1336config CRYPTO_USER_API_SKCIPHER 1337 tristate "Symmetric key cipher algorithms" 1338 depends on NET 1339 select CRYPTO_SKCIPHER 1340 select CRYPTO_USER_API 1341 help 1342 Enable the userspace interface for symmetric key cipher algorithms. 1343 1344 See Documentation/crypto/userspace-if.rst and 1345 https://www.chronox.de/libkcapi/html/index.html 1346 1347config CRYPTO_USER_API_RNG 1348 tristate "RNG (random number generator) algorithms" 1349 depends on NET 1350 select CRYPTO_RNG 1351 select CRYPTO_USER_API 1352 help 1353 Enable the userspace interface for RNG (random number generator) 1354 algorithms. 1355 1356 See Documentation/crypto/userspace-if.rst and 1357 https://www.chronox.de/libkcapi/html/index.html 1358 1359config CRYPTO_USER_API_RNG_CAVP 1360 bool "Enable CAVP testing of DRBG" 1361 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1362 help 1363 Enable extra APIs in the userspace interface for NIST CAVP 1364 (Cryptographic Algorithm Validation Program) testing: 1365 - resetting DRBG entropy 1366 - providing Additional Data 1367 1368 This should only be enabled for CAVP testing. You should say 1369 no unless you know what this is. 1370 1371config CRYPTO_USER_API_AEAD 1372 tristate "AEAD cipher algorithms" 1373 depends on NET 1374 select CRYPTO_AEAD 1375 select CRYPTO_SKCIPHER 1376 select CRYPTO_NULL 1377 select CRYPTO_USER_API 1378 help 1379 Enable the userspace interface for AEAD cipher algorithms. 1380 1381 See Documentation/crypto/userspace-if.rst and 1382 https://www.chronox.de/libkcapi/html/index.html 1383 1384config CRYPTO_USER_API_ENABLE_OBSOLETE 1385 bool "Obsolete cryptographic algorithms" 1386 depends on CRYPTO_USER_API 1387 default y 1388 help 1389 Allow obsolete cryptographic algorithms to be selected that have 1390 already been phased out from internal use by the kernel, and are 1391 only useful for userspace clients that still rely on them. 1392 1393config CRYPTO_STATS 1394 bool "Crypto usage statistics" 1395 depends on CRYPTO_USER 1396 help 1397 Enable the gathering of crypto stats. 1398 1399 This collects data sizes, numbers of requests, and numbers 1400 of errors processed by: 1401 - AEAD ciphers (encrypt, decrypt) 1402 - asymmetric key ciphers (encrypt, decrypt, verify, sign) 1403 - symmetric key ciphers (encrypt, decrypt) 1404 - compression algorithms (compress, decompress) 1405 - hash algorithms (hash) 1406 - key-agreement protocol primitives (setsecret, generate 1407 public key, compute shared secret) 1408 - RNG (generate, seed) 1409 1410endmenu 1411 1412config CRYPTO_HASH_INFO 1413 bool 1414 1415if ARM 1416source "arch/arm/crypto/Kconfig" 1417endif 1418if ARM64 1419source "arch/arm64/crypto/Kconfig" 1420endif 1421if MIPS 1422source "arch/mips/crypto/Kconfig" 1423endif 1424if PPC 1425source "arch/powerpc/crypto/Kconfig" 1426endif 1427if S390 1428source "arch/s390/crypto/Kconfig" 1429endif 1430if SPARC 1431source "arch/sparc/crypto/Kconfig" 1432endif 1433if X86 1434source "arch/x86/crypto/Kconfig" 1435endif 1436 1437source "drivers/crypto/Kconfig" 1438source "crypto/asymmetric_keys/Kconfig" 1439source "certs/Kconfig" 1440 1441endif # if CRYPTO 1442