xref: /openbmc/linux/crypto/Kconfig (revision ccc319dc)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	select LIB_MEMNEQ
19	help
20	  This option provides the core Cryptographic API.
21
22if CRYPTO
23
24comment "Crypto core or helper"
25
26config CRYPTO_FIPS
27	bool "FIPS 200 compliance"
28	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29	depends on (MODULE_SIG || !MODULES)
30	help
31	  This option enables the fips boot option which is
32	  required if you want the system to operate in a FIPS 200
33	  certification.  You should say no unless you know what
34	  this is.
35
36config CRYPTO_ALGAPI
37	tristate
38	select CRYPTO_ALGAPI2
39	help
40	  This option provides the API for cryptographic algorithms.
41
42config CRYPTO_ALGAPI2
43	tristate
44
45config CRYPTO_AEAD
46	tristate
47	select CRYPTO_AEAD2
48	select CRYPTO_ALGAPI
49
50config CRYPTO_AEAD2
51	tristate
52	select CRYPTO_ALGAPI2
53	select CRYPTO_NULL2
54	select CRYPTO_RNG2
55
56config CRYPTO_SKCIPHER
57	tristate
58	select CRYPTO_SKCIPHER2
59	select CRYPTO_ALGAPI
60
61config CRYPTO_SKCIPHER2
62	tristate
63	select CRYPTO_ALGAPI2
64	select CRYPTO_RNG2
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_MANAGER
117	tristate "Cryptographic algorithm manager"
118	select CRYPTO_MANAGER2
119	help
120	  Create default cryptographic template instantiations such as
121	  cbc(aes).
122
123config CRYPTO_MANAGER2
124	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
125	select CRYPTO_AEAD2
126	select CRYPTO_HASH2
127	select CRYPTO_SKCIPHER2
128	select CRYPTO_AKCIPHER2
129	select CRYPTO_KPP2
130	select CRYPTO_ACOMP2
131
132config CRYPTO_USER
133	tristate "Userspace cryptographic algorithm configuration"
134	depends on NET
135	select CRYPTO_MANAGER
136	help
137	  Userspace configuration for cryptographic instantiations such as
138	  cbc(aes).
139
140config CRYPTO_MANAGER_DISABLE_TESTS
141	bool "Disable run-time self tests"
142	default y
143	help
144	  Disable run-time self tests that normally take place at
145	  algorithm registration.
146
147config CRYPTO_MANAGER_EXTRA_TESTS
148	bool "Enable extra run-time crypto self tests"
149	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
150	help
151	  Enable extra run-time self tests of registered crypto algorithms,
152	  including randomized fuzz tests.
153
154	  This is intended for developer use only, as these tests take much
155	  longer to run than the normal self tests.
156
157config CRYPTO_GF128MUL
158	tristate
159
160config CRYPTO_NULL
161	tristate "Null algorithms"
162	select CRYPTO_NULL2
163	help
164	  These are 'Null' algorithms, used by IPsec, which do nothing.
165
166config CRYPTO_NULL2
167	tristate
168	select CRYPTO_ALGAPI2
169	select CRYPTO_SKCIPHER2
170	select CRYPTO_HASH2
171
172config CRYPTO_PCRYPT
173	tristate "Parallel crypto engine"
174	depends on SMP
175	select PADATA
176	select CRYPTO_MANAGER
177	select CRYPTO_AEAD
178	help
179	  This converts an arbitrary crypto algorithm into a parallel
180	  algorithm that executes in kernel threads.
181
182config CRYPTO_CRYPTD
183	tristate "Software async crypto daemon"
184	select CRYPTO_SKCIPHER
185	select CRYPTO_HASH
186	select CRYPTO_MANAGER
187	help
188	  This is a generic software asynchronous crypto daemon that
189	  converts an arbitrary synchronous software crypto algorithm
190	  into an asynchronous algorithm that executes in a kernel thread.
191
192config CRYPTO_AUTHENC
193	tristate "Authenc support"
194	select CRYPTO_AEAD
195	select CRYPTO_SKCIPHER
196	select CRYPTO_MANAGER
197	select CRYPTO_HASH
198	select CRYPTO_NULL
199	help
200	  Authenc: Combined mode wrapper for IPsec.
201	  This is required for IPSec.
202
203config CRYPTO_TEST
204	tristate "Testing module"
205	depends on m || EXPERT
206	select CRYPTO_MANAGER
207	help
208	  Quick & dirty crypto test module.
209
210config CRYPTO_SIMD
211	tristate
212	select CRYPTO_CRYPTD
213
214config CRYPTO_ENGINE
215	tristate
216
217comment "Public-key cryptography"
218
219config CRYPTO_RSA
220	tristate "RSA algorithm"
221	select CRYPTO_AKCIPHER
222	select CRYPTO_MANAGER
223	select MPILIB
224	select ASN1
225	help
226	  Generic implementation of the RSA public key algorithm.
227
228config CRYPTO_DH
229	tristate "Diffie-Hellman algorithm"
230	select CRYPTO_KPP
231	select MPILIB
232	help
233	  Generic implementation of the Diffie-Hellman algorithm.
234
235config CRYPTO_DH_RFC7919_GROUPS
236	bool "Support for RFC 7919 FFDHE group parameters"
237	depends on CRYPTO_DH
238	select CRYPTO_RNG_DEFAULT
239	help
240	  Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
241
242config CRYPTO_ECC
243	tristate
244	select CRYPTO_RNG_DEFAULT
245
246config CRYPTO_ECDH
247	tristate "ECDH algorithm"
248	select CRYPTO_ECC
249	select CRYPTO_KPP
250	help
251	  Generic implementation of the ECDH algorithm
252
253config CRYPTO_ECDSA
254	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
255	select CRYPTO_ECC
256	select CRYPTO_AKCIPHER
257	select ASN1
258	help
259	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
260	  is A NIST cryptographic standard algorithm. Only signature verification
261	  is implemented.
262
263config CRYPTO_ECRDSA
264	tristate "EC-RDSA (GOST 34.10) algorithm"
265	select CRYPTO_ECC
266	select CRYPTO_AKCIPHER
267	select CRYPTO_STREEBOG
268	select OID_REGISTRY
269	select ASN1
270	help
271	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
272	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
273	  standard algorithms (called GOST algorithms). Only signature verification
274	  is implemented.
275
276config CRYPTO_SM2
277	tristate "SM2 algorithm"
278	select CRYPTO_SM3
279	select CRYPTO_AKCIPHER
280	select CRYPTO_MANAGER
281	select MPILIB
282	select ASN1
283	help
284	  Generic implementation of the SM2 public key algorithm. It was
285	  published by State Encryption Management Bureau, China.
286	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
287
288	  References:
289	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
290	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
291	  http://www.gmbz.org.cn/main/bzlb.html
292
293config CRYPTO_CURVE25519
294	tristate "Curve25519 algorithm"
295	select CRYPTO_KPP
296	select CRYPTO_LIB_CURVE25519_GENERIC
297
298config CRYPTO_CURVE25519_X86
299	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
300	depends on X86 && 64BIT
301	select CRYPTO_LIB_CURVE25519_GENERIC
302	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
303
304comment "Authenticated Encryption with Associated Data"
305
306config CRYPTO_CCM
307	tristate "CCM support"
308	select CRYPTO_CTR
309	select CRYPTO_HASH
310	select CRYPTO_AEAD
311	select CRYPTO_MANAGER
312	help
313	  Support for Counter with CBC MAC. Required for IPsec.
314
315config CRYPTO_GCM
316	tristate "GCM/GMAC support"
317	select CRYPTO_CTR
318	select CRYPTO_AEAD
319	select CRYPTO_GHASH
320	select CRYPTO_NULL
321	select CRYPTO_MANAGER
322	help
323	  Support for Galois/Counter Mode (GCM) and Galois Message
324	  Authentication Code (GMAC). Required for IPSec.
325
326config CRYPTO_CHACHA20POLY1305
327	tristate "ChaCha20-Poly1305 AEAD support"
328	select CRYPTO_CHACHA20
329	select CRYPTO_POLY1305
330	select CRYPTO_AEAD
331	select CRYPTO_MANAGER
332	help
333	  ChaCha20-Poly1305 AEAD support, RFC7539.
334
335	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
336	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
337	  IETF protocols.
338
339config CRYPTO_AEGIS128
340	tristate "AEGIS-128 AEAD algorithm"
341	select CRYPTO_AEAD
342	select CRYPTO_AES  # for AES S-box tables
343	help
344	 Support for the AEGIS-128 dedicated AEAD algorithm.
345
346config CRYPTO_AEGIS128_SIMD
347	bool "Support SIMD acceleration for AEGIS-128"
348	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
349	default y
350
351config CRYPTO_AEGIS128_AESNI_SSE2
352	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
353	depends on X86 && 64BIT
354	select CRYPTO_AEAD
355	select CRYPTO_SIMD
356	help
357	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
358
359config CRYPTO_SEQIV
360	tristate "Sequence Number IV Generator"
361	select CRYPTO_AEAD
362	select CRYPTO_SKCIPHER
363	select CRYPTO_NULL
364	select CRYPTO_RNG_DEFAULT
365	select CRYPTO_MANAGER
366	help
367	  This IV generator generates an IV based on a sequence number by
368	  xoring it with a salt.  This algorithm is mainly useful for CTR
369
370config CRYPTO_ECHAINIV
371	tristate "Encrypted Chain IV Generator"
372	select CRYPTO_AEAD
373	select CRYPTO_NULL
374	select CRYPTO_RNG_DEFAULT
375	select CRYPTO_MANAGER
376	help
377	  This IV generator generates an IV based on the encryption of
378	  a sequence number xored with a salt.  This is the default
379	  algorithm for CBC.
380
381comment "Block modes"
382
383config CRYPTO_CBC
384	tristate "CBC support"
385	select CRYPTO_SKCIPHER
386	select CRYPTO_MANAGER
387	help
388	  CBC: Cipher Block Chaining mode
389	  This block cipher algorithm is required for IPSec.
390
391config CRYPTO_CFB
392	tristate "CFB support"
393	select CRYPTO_SKCIPHER
394	select CRYPTO_MANAGER
395	help
396	  CFB: Cipher FeedBack mode
397	  This block cipher algorithm is required for TPM2 Cryptography.
398
399config CRYPTO_CTR
400	tristate "CTR support"
401	select CRYPTO_SKCIPHER
402	select CRYPTO_MANAGER
403	help
404	  CTR: Counter mode
405	  This block cipher algorithm is required for IPSec.
406
407config CRYPTO_CTS
408	tristate "CTS support"
409	select CRYPTO_SKCIPHER
410	select CRYPTO_MANAGER
411	help
412	  CTS: Cipher Text Stealing
413	  This is the Cipher Text Stealing mode as described by
414	  Section 8 of rfc2040 and referenced by rfc3962
415	  (rfc3962 includes errata information in its Appendix A) or
416	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
417	  This mode is required for Kerberos gss mechanism support
418	  for AES encryption.
419
420	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
421
422config CRYPTO_ECB
423	tristate "ECB support"
424	select CRYPTO_SKCIPHER
425	select CRYPTO_MANAGER
426	help
427	  ECB: Electronic CodeBook mode
428	  This is the simplest block cipher algorithm.  It simply encrypts
429	  the input block by block.
430
431config CRYPTO_LRW
432	tristate "LRW support"
433	select CRYPTO_SKCIPHER
434	select CRYPTO_MANAGER
435	select CRYPTO_GF128MUL
436	select CRYPTO_ECB
437	help
438	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
439	  narrow block cipher mode for dm-crypt.  Use it with cipher
440	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
441	  The first 128, 192 or 256 bits in the key are used for AES and the
442	  rest is used to tie each cipher block to its logical position.
443
444config CRYPTO_OFB
445	tristate "OFB support"
446	select CRYPTO_SKCIPHER
447	select CRYPTO_MANAGER
448	help
449	  OFB: the Output Feedback mode makes a block cipher into a synchronous
450	  stream cipher. It generates keystream blocks, which are then XORed
451	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
452	  ciphertext produces a flipped bit in the plaintext at the same
453	  location. This property allows many error correcting codes to function
454	  normally even when applied before encryption.
455
456config CRYPTO_PCBC
457	tristate "PCBC support"
458	select CRYPTO_SKCIPHER
459	select CRYPTO_MANAGER
460	help
461	  PCBC: Propagating Cipher Block Chaining mode
462	  This block cipher algorithm is required for RxRPC.
463
464config CRYPTO_XTS
465	tristate "XTS support"
466	select CRYPTO_SKCIPHER
467	select CRYPTO_MANAGER
468	select CRYPTO_ECB
469	help
470	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
471	  key size 256, 384 or 512 bits. This implementation currently
472	  can't handle a sectorsize which is not a multiple of 16 bytes.
473
474config CRYPTO_KEYWRAP
475	tristate "Key wrapping support"
476	select CRYPTO_SKCIPHER
477	select CRYPTO_MANAGER
478	help
479	  Support for key wrapping (NIST SP800-38F / RFC3394) without
480	  padding.
481
482config CRYPTO_NHPOLY1305
483	tristate
484	select CRYPTO_HASH
485	select CRYPTO_LIB_POLY1305_GENERIC
486
487config CRYPTO_NHPOLY1305_SSE2
488	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
489	depends on X86 && 64BIT
490	select CRYPTO_NHPOLY1305
491	help
492	  SSE2 optimized implementation of the hash function used by the
493	  Adiantum encryption mode.
494
495config CRYPTO_NHPOLY1305_AVX2
496	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
497	depends on X86 && 64BIT
498	select CRYPTO_NHPOLY1305
499	help
500	  AVX2 optimized implementation of the hash function used by the
501	  Adiantum encryption mode.
502
503config CRYPTO_ADIANTUM
504	tristate "Adiantum support"
505	select CRYPTO_CHACHA20
506	select CRYPTO_LIB_POLY1305_GENERIC
507	select CRYPTO_NHPOLY1305
508	select CRYPTO_MANAGER
509	help
510	  Adiantum is a tweakable, length-preserving encryption mode
511	  designed for fast and secure disk encryption, especially on
512	  CPUs without dedicated crypto instructions.  It encrypts
513	  each sector using the XChaCha12 stream cipher, two passes of
514	  an ε-almost-∆-universal hash function, and an invocation of
515	  the AES-256 block cipher on a single 16-byte block.  On CPUs
516	  without AES instructions, Adiantum is much faster than
517	  AES-XTS.
518
519	  Adiantum's security is provably reducible to that of its
520	  underlying stream and block ciphers, subject to a security
521	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
522	  mode, so it actually provides an even stronger notion of
523	  security than XTS, subject to the security bound.
524
525	  If unsure, say N.
526
527config CRYPTO_ESSIV
528	tristate "ESSIV support for block encryption"
529	select CRYPTO_AUTHENC
530	help
531	  Encrypted salt-sector initialization vector (ESSIV) is an IV
532	  generation method that is used in some cases by fscrypt and/or
533	  dm-crypt. It uses the hash of the block encryption key as the
534	  symmetric key for a block encryption pass applied to the input
535	  IV, making low entropy IV sources more suitable for block
536	  encryption.
537
538	  This driver implements a crypto API template that can be
539	  instantiated either as an skcipher or as an AEAD (depending on the
540	  type of the first template argument), and which defers encryption
541	  and decryption requests to the encapsulated cipher after applying
542	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
543	  that the keys are presented in the same format used by the authenc
544	  template, and that the IV appears at the end of the authenticated
545	  associated data (AAD) region (which is how dm-crypt uses it.)
546
547	  Note that the use of ESSIV is not recommended for new deployments,
548	  and so this only needs to be enabled when interoperability with
549	  existing encrypted volumes of filesystems is required, or when
550	  building for a particular system that requires it (e.g., when
551	  the SoC in question has accelerated CBC but not XTS, making CBC
552	  combined with ESSIV the only feasible mode for h/w accelerated
553	  block encryption)
554
555comment "Hash modes"
556
557config CRYPTO_CMAC
558	tristate "CMAC support"
559	select CRYPTO_HASH
560	select CRYPTO_MANAGER
561	help
562	  Cipher-based Message Authentication Code (CMAC) specified by
563	  The National Institute of Standards and Technology (NIST).
564
565	  https://tools.ietf.org/html/rfc4493
566	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
567
568config CRYPTO_HMAC
569	tristate "HMAC support"
570	select CRYPTO_HASH
571	select CRYPTO_MANAGER
572	help
573	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
574	  This is required for IPSec.
575
576config CRYPTO_XCBC
577	tristate "XCBC support"
578	select CRYPTO_HASH
579	select CRYPTO_MANAGER
580	help
581	  XCBC: Keyed-Hashing with encryption algorithm
582		https://www.ietf.org/rfc/rfc3566.txt
583		http://csrc.nist.gov/encryption/modes/proposedmodes/
584		 xcbc-mac/xcbc-mac-spec.pdf
585
586config CRYPTO_VMAC
587	tristate "VMAC support"
588	select CRYPTO_HASH
589	select CRYPTO_MANAGER
590	help
591	  VMAC is a message authentication algorithm designed for
592	  very high speed on 64-bit architectures.
593
594	  See also:
595	  <https://fastcrypto.org/vmac>
596
597comment "Digest"
598
599config CRYPTO_CRC32C
600	tristate "CRC32c CRC algorithm"
601	select CRYPTO_HASH
602	select CRC32
603	help
604	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
605	  by iSCSI for header and data digests and by others.
606	  See Castagnoli93.  Module will be crc32c.
607
608config CRYPTO_CRC32C_INTEL
609	tristate "CRC32c INTEL hardware acceleration"
610	depends on X86
611	select CRYPTO_HASH
612	help
613	  In Intel processor with SSE4.2 supported, the processor will
614	  support CRC32C implementation using hardware accelerated CRC32
615	  instruction. This option will create 'crc32c-intel' module,
616	  which will enable any routine to use the CRC32 instruction to
617	  gain performance compared with software implementation.
618	  Module will be crc32c-intel.
619
620config CRYPTO_CRC32C_VPMSUM
621	tristate "CRC32c CRC algorithm (powerpc64)"
622	depends on PPC64 && ALTIVEC
623	select CRYPTO_HASH
624	select CRC32
625	help
626	  CRC32c algorithm implemented using vector polynomial multiply-sum
627	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
628	  and newer processors for improved performance.
629
630
631config CRYPTO_CRC32C_SPARC64
632	tristate "CRC32c CRC algorithm (SPARC64)"
633	depends on SPARC64
634	select CRYPTO_HASH
635	select CRC32
636	help
637	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
638	  when available.
639
640config CRYPTO_CRC32
641	tristate "CRC32 CRC algorithm"
642	select CRYPTO_HASH
643	select CRC32
644	help
645	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
646	  Shash crypto api wrappers to crc32_le function.
647
648config CRYPTO_CRC32_PCLMUL
649	tristate "CRC32 PCLMULQDQ hardware acceleration"
650	depends on X86
651	select CRYPTO_HASH
652	select CRC32
653	help
654	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
655	  and PCLMULQDQ supported, the processor will support
656	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
657	  instruction. This option will create 'crc32-pclmul' module,
658	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
659	  and gain better performance as compared with the table implementation.
660
661config CRYPTO_CRC32_MIPS
662	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
663	depends on MIPS_CRC_SUPPORT
664	select CRYPTO_HASH
665	help
666	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
667	  instructions, when available.
668
669
670config CRYPTO_XXHASH
671	tristate "xxHash hash algorithm"
672	select CRYPTO_HASH
673	select XXHASH
674	help
675	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
676	  speeds close to RAM limits.
677
678config CRYPTO_BLAKE2B
679	tristate "BLAKE2b digest algorithm"
680	select CRYPTO_HASH
681	help
682	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
683	  optimized for 64bit platforms and can produce digests of any size
684	  between 1 to 64.  The keyed hash is also implemented.
685
686	  This module provides the following algorithms:
687
688	  - blake2b-160
689	  - blake2b-256
690	  - blake2b-384
691	  - blake2b-512
692
693	  See https://blake2.net for further information.
694
695config CRYPTO_BLAKE2S
696	tristate "BLAKE2s digest algorithm"
697	select CRYPTO_LIB_BLAKE2S_GENERIC
698	select CRYPTO_HASH
699	help
700	  Implementation of cryptographic hash function BLAKE2s
701	  optimized for 8-32bit platforms and can produce digests of any size
702	  between 1 to 32.  The keyed hash is also implemented.
703
704	  This module provides the following algorithms:
705
706	  - blake2s-128
707	  - blake2s-160
708	  - blake2s-224
709	  - blake2s-256
710
711	  See https://blake2.net for further information.
712
713config CRYPTO_BLAKE2S_X86
714	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
715	depends on X86 && 64BIT
716	select CRYPTO_LIB_BLAKE2S_GENERIC
717	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
718
719config CRYPTO_CRCT10DIF
720	tristate "CRCT10DIF algorithm"
721	select CRYPTO_HASH
722	help
723	  CRC T10 Data Integrity Field computation is being cast as
724	  a crypto transform.  This allows for faster crc t10 diff
725	  transforms to be used if they are available.
726
727config CRYPTO_CRCT10DIF_PCLMUL
728	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
729	depends on X86 && 64BIT && CRC_T10DIF
730	select CRYPTO_HASH
731	help
732	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
733	  CRC T10 DIF PCLMULQDQ computation can be hardware
734	  accelerated PCLMULQDQ instruction. This option will create
735	  'crct10dif-pclmul' module, which is faster when computing the
736	  crct10dif checksum as compared with the generic table implementation.
737
738config CRYPTO_CRCT10DIF_VPMSUM
739	tristate "CRC32T10DIF powerpc64 hardware acceleration"
740	depends on PPC64 && ALTIVEC && CRC_T10DIF
741	select CRYPTO_HASH
742	help
743	  CRC10T10DIF algorithm implemented using vector polynomial
744	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
745	  POWER8 and newer processors for improved performance.
746
747config CRYPTO_CRC64_ROCKSOFT
748	tristate "Rocksoft Model CRC64 algorithm"
749	depends on CRC64
750	select CRYPTO_HASH
751
752config CRYPTO_VPMSUM_TESTER
753	tristate "Powerpc64 vpmsum hardware acceleration tester"
754	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
755	help
756	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
757	  POWER8 vpmsum instructions.
758	  Unless you are testing these algorithms, you don't need this.
759
760config CRYPTO_GHASH
761	tristate "GHASH hash function"
762	select CRYPTO_GF128MUL
763	select CRYPTO_HASH
764	help
765	  GHASH is the hash function used in GCM (Galois/Counter Mode).
766	  It is not a general-purpose cryptographic hash function.
767
768config CRYPTO_POLY1305
769	tristate "Poly1305 authenticator algorithm"
770	select CRYPTO_HASH
771	select CRYPTO_LIB_POLY1305_GENERIC
772	help
773	  Poly1305 authenticator algorithm, RFC7539.
774
775	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
776	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
777	  in IETF protocols. This is the portable C implementation of Poly1305.
778
779config CRYPTO_POLY1305_X86_64
780	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
781	depends on X86 && 64BIT
782	select CRYPTO_LIB_POLY1305_GENERIC
783	select CRYPTO_ARCH_HAVE_LIB_POLY1305
784	help
785	  Poly1305 authenticator algorithm, RFC7539.
786
787	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
788	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
789	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
790	  instructions.
791
792config CRYPTO_POLY1305_MIPS
793	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
794	depends on MIPS
795	select CRYPTO_ARCH_HAVE_LIB_POLY1305
796
797config CRYPTO_MD4
798	tristate "MD4 digest algorithm"
799	select CRYPTO_HASH
800	help
801	  MD4 message digest algorithm (RFC1320).
802
803config CRYPTO_MD5
804	tristate "MD5 digest algorithm"
805	select CRYPTO_HASH
806	help
807	  MD5 message digest algorithm (RFC1321).
808
809config CRYPTO_MD5_OCTEON
810	tristate "MD5 digest algorithm (OCTEON)"
811	depends on CPU_CAVIUM_OCTEON
812	select CRYPTO_MD5
813	select CRYPTO_HASH
814	help
815	  MD5 message digest algorithm (RFC1321) implemented
816	  using OCTEON crypto instructions, when available.
817
818config CRYPTO_MD5_PPC
819	tristate "MD5 digest algorithm (PPC)"
820	depends on PPC
821	select CRYPTO_HASH
822	help
823	  MD5 message digest algorithm (RFC1321) implemented
824	  in PPC assembler.
825
826config CRYPTO_MD5_SPARC64
827	tristate "MD5 digest algorithm (SPARC64)"
828	depends on SPARC64
829	select CRYPTO_MD5
830	select CRYPTO_HASH
831	help
832	  MD5 message digest algorithm (RFC1321) implemented
833	  using sparc64 crypto instructions, when available.
834
835config CRYPTO_MICHAEL_MIC
836	tristate "Michael MIC keyed digest algorithm"
837	select CRYPTO_HASH
838	help
839	  Michael MIC is used for message integrity protection in TKIP
840	  (IEEE 802.11i). This algorithm is required for TKIP, but it
841	  should not be used for other purposes because of the weakness
842	  of the algorithm.
843
844config CRYPTO_RMD160
845	tristate "RIPEMD-160 digest algorithm"
846	select CRYPTO_HASH
847	help
848	  RIPEMD-160 (ISO/IEC 10118-3:2004).
849
850	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
851	  to be used as a secure replacement for the 128-bit hash functions
852	  MD4, MD5 and it's predecessor RIPEMD
853	  (not to be confused with RIPEMD-128).
854
855	  It's speed is comparable to SHA1 and there are no known attacks
856	  against RIPEMD-160.
857
858	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
859	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
860
861config CRYPTO_SHA1
862	tristate "SHA1 digest algorithm"
863	select CRYPTO_HASH
864	help
865	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
866
867config CRYPTO_SHA1_SSSE3
868	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
869	depends on X86 && 64BIT
870	select CRYPTO_SHA1
871	select CRYPTO_HASH
872	help
873	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
874	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
875	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
876	  when available.
877
878config CRYPTO_SHA256_SSSE3
879	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
880	depends on X86 && 64BIT
881	select CRYPTO_SHA256
882	select CRYPTO_HASH
883	help
884	  SHA-256 secure hash standard (DFIPS 180-2) implemented
885	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
886	  Extensions version 1 (AVX1), or Advanced Vector Extensions
887	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
888	  Instructions) when available.
889
890config CRYPTO_SHA512_SSSE3
891	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
892	depends on X86 && 64BIT
893	select CRYPTO_SHA512
894	select CRYPTO_HASH
895	help
896	  SHA-512 secure hash standard (DFIPS 180-2) implemented
897	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
898	  Extensions version 1 (AVX1), or Advanced Vector Extensions
899	  version 2 (AVX2) instructions, when available.
900
901config CRYPTO_SHA1_OCTEON
902	tristate "SHA1 digest algorithm (OCTEON)"
903	depends on CPU_CAVIUM_OCTEON
904	select CRYPTO_SHA1
905	select CRYPTO_HASH
906	help
907	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
908	  using OCTEON crypto instructions, when available.
909
910config CRYPTO_SHA1_SPARC64
911	tristate "SHA1 digest algorithm (SPARC64)"
912	depends on SPARC64
913	select CRYPTO_SHA1
914	select CRYPTO_HASH
915	help
916	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
917	  using sparc64 crypto instructions, when available.
918
919config CRYPTO_SHA1_PPC
920	tristate "SHA1 digest algorithm (powerpc)"
921	depends on PPC
922	help
923	  This is the powerpc hardware accelerated implementation of the
924	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
925
926config CRYPTO_SHA1_PPC_SPE
927	tristate "SHA1 digest algorithm (PPC SPE)"
928	depends on PPC && SPE
929	help
930	  SHA-1 secure hash standard (DFIPS 180-4) implemented
931	  using powerpc SPE SIMD instruction set.
932
933config CRYPTO_SHA256
934	tristate "SHA224 and SHA256 digest algorithm"
935	select CRYPTO_HASH
936	select CRYPTO_LIB_SHA256
937	help
938	  SHA256 secure hash standard (DFIPS 180-2).
939
940	  This version of SHA implements a 256 bit hash with 128 bits of
941	  security against collision attacks.
942
943	  This code also includes SHA-224, a 224 bit hash with 112 bits
944	  of security against collision attacks.
945
946config CRYPTO_SHA256_PPC_SPE
947	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
948	depends on PPC && SPE
949	select CRYPTO_SHA256
950	select CRYPTO_HASH
951	help
952	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
953	  implemented using powerpc SPE SIMD instruction set.
954
955config CRYPTO_SHA256_OCTEON
956	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
957	depends on CPU_CAVIUM_OCTEON
958	select CRYPTO_SHA256
959	select CRYPTO_HASH
960	help
961	  SHA-256 secure hash standard (DFIPS 180-2) implemented
962	  using OCTEON crypto instructions, when available.
963
964config CRYPTO_SHA256_SPARC64
965	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
966	depends on SPARC64
967	select CRYPTO_SHA256
968	select CRYPTO_HASH
969	help
970	  SHA-256 secure hash standard (DFIPS 180-2) implemented
971	  using sparc64 crypto instructions, when available.
972
973config CRYPTO_SHA512
974	tristate "SHA384 and SHA512 digest algorithms"
975	select CRYPTO_HASH
976	help
977	  SHA512 secure hash standard (DFIPS 180-2).
978
979	  This version of SHA implements a 512 bit hash with 256 bits of
980	  security against collision attacks.
981
982	  This code also includes SHA-384, a 384 bit hash with 192 bits
983	  of security against collision attacks.
984
985config CRYPTO_SHA512_OCTEON
986	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
987	depends on CPU_CAVIUM_OCTEON
988	select CRYPTO_SHA512
989	select CRYPTO_HASH
990	help
991	  SHA-512 secure hash standard (DFIPS 180-2) implemented
992	  using OCTEON crypto instructions, when available.
993
994config CRYPTO_SHA512_SPARC64
995	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
996	depends on SPARC64
997	select CRYPTO_SHA512
998	select CRYPTO_HASH
999	help
1000	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1001	  using sparc64 crypto instructions, when available.
1002
1003config CRYPTO_SHA3
1004	tristate "SHA3 digest algorithm"
1005	select CRYPTO_HASH
1006	help
1007	  SHA-3 secure hash standard (DFIPS 202). It's based on
1008	  cryptographic sponge function family called Keccak.
1009
1010	  References:
1011	  http://keccak.noekeon.org/
1012
1013config CRYPTO_SM3
1014	tristate
1015
1016config CRYPTO_SM3_GENERIC
1017	tristate "SM3 digest algorithm"
1018	select CRYPTO_HASH
1019	select CRYPTO_SM3
1020	help
1021	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1022	  It is part of the Chinese Commercial Cryptography suite.
1023
1024	  References:
1025	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1026	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1027
1028config CRYPTO_SM3_AVX_X86_64
1029	tristate "SM3 digest algorithm (x86_64/AVX)"
1030	depends on X86 && 64BIT
1031	select CRYPTO_HASH
1032	select CRYPTO_SM3
1033	help
1034	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1035	  It is part of the Chinese Commercial Cryptography suite. This is
1036	  SM3 optimized implementation using Advanced Vector Extensions (AVX)
1037	  when available.
1038
1039	  If unsure, say N.
1040
1041config CRYPTO_STREEBOG
1042	tristate "Streebog Hash Function"
1043	select CRYPTO_HASH
1044	help
1045	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1046	  cryptographic standard algorithms (called GOST algorithms).
1047	  This setting enables two hash algorithms with 256 and 512 bits output.
1048
1049	  References:
1050	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1051	  https://tools.ietf.org/html/rfc6986
1052
1053config CRYPTO_WP512
1054	tristate "Whirlpool digest algorithms"
1055	select CRYPTO_HASH
1056	help
1057	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1058
1059	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1060	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1061
1062	  See also:
1063	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1064
1065config CRYPTO_GHASH_CLMUL_NI_INTEL
1066	tristate "GHASH hash function (CLMUL-NI accelerated)"
1067	depends on X86 && 64BIT
1068	select CRYPTO_CRYPTD
1069	help
1070	  This is the x86_64 CLMUL-NI accelerated implementation of
1071	  GHASH, the hash function used in GCM (Galois/Counter mode).
1072
1073comment "Ciphers"
1074
1075config CRYPTO_AES
1076	tristate "AES cipher algorithms"
1077	select CRYPTO_ALGAPI
1078	select CRYPTO_LIB_AES
1079	help
1080	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1081	  algorithm.
1082
1083	  Rijndael appears to be consistently a very good performer in
1084	  both hardware and software across a wide range of computing
1085	  environments regardless of its use in feedback or non-feedback
1086	  modes. Its key setup time is excellent, and its key agility is
1087	  good. Rijndael's very low memory requirements make it very well
1088	  suited for restricted-space environments, in which it also
1089	  demonstrates excellent performance. Rijndael's operations are
1090	  among the easiest to defend against power and timing attacks.
1091
1092	  The AES specifies three key sizes: 128, 192 and 256 bits
1093
1094	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1095
1096config CRYPTO_AES_TI
1097	tristate "Fixed time AES cipher"
1098	select CRYPTO_ALGAPI
1099	select CRYPTO_LIB_AES
1100	help
1101	  This is a generic implementation of AES that attempts to eliminate
1102	  data dependent latencies as much as possible without affecting
1103	  performance too much. It is intended for use by the generic CCM
1104	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1105	  solely on encryption (although decryption is supported as well, but
1106	  with a more dramatic performance hit)
1107
1108	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1109	  8 for decryption), this implementation only uses just two S-boxes of
1110	  256 bytes each, and attempts to eliminate data dependent latencies by
1111	  prefetching the entire table into the cache at the start of each
1112	  block. Interrupts are also disabled to avoid races where cachelines
1113	  are evicted when the CPU is interrupted to do something else.
1114
1115config CRYPTO_AES_NI_INTEL
1116	tristate "AES cipher algorithms (AES-NI)"
1117	depends on X86
1118	select CRYPTO_AEAD
1119	select CRYPTO_LIB_AES
1120	select CRYPTO_ALGAPI
1121	select CRYPTO_SKCIPHER
1122	select CRYPTO_SIMD
1123	help
1124	  Use Intel AES-NI instructions for AES algorithm.
1125
1126	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1127	  algorithm.
1128
1129	  Rijndael appears to be consistently a very good performer in
1130	  both hardware and software across a wide range of computing
1131	  environments regardless of its use in feedback or non-feedback
1132	  modes. Its key setup time is excellent, and its key agility is
1133	  good. Rijndael's very low memory requirements make it very well
1134	  suited for restricted-space environments, in which it also
1135	  demonstrates excellent performance. Rijndael's operations are
1136	  among the easiest to defend against power and timing attacks.
1137
1138	  The AES specifies three key sizes: 128, 192 and 256 bits
1139
1140	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1141
1142	  In addition to AES cipher algorithm support, the acceleration
1143	  for some popular block cipher mode is supported too, including
1144	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1145	  acceleration for CTR.
1146
1147config CRYPTO_AES_SPARC64
1148	tristate "AES cipher algorithms (SPARC64)"
1149	depends on SPARC64
1150	select CRYPTO_SKCIPHER
1151	help
1152	  Use SPARC64 crypto opcodes for AES algorithm.
1153
1154	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1155	  algorithm.
1156
1157	  Rijndael appears to be consistently a very good performer in
1158	  both hardware and software across a wide range of computing
1159	  environments regardless of its use in feedback or non-feedback
1160	  modes. Its key setup time is excellent, and its key agility is
1161	  good. Rijndael's very low memory requirements make it very well
1162	  suited for restricted-space environments, in which it also
1163	  demonstrates excellent performance. Rijndael's operations are
1164	  among the easiest to defend against power and timing attacks.
1165
1166	  The AES specifies three key sizes: 128, 192 and 256 bits
1167
1168	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1169
1170	  In addition to AES cipher algorithm support, the acceleration
1171	  for some popular block cipher mode is supported too, including
1172	  ECB and CBC.
1173
1174config CRYPTO_AES_PPC_SPE
1175	tristate "AES cipher algorithms (PPC SPE)"
1176	depends on PPC && SPE
1177	select CRYPTO_SKCIPHER
1178	help
1179	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1180	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1181	  This module should only be used for low power (router) devices
1182	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1183	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1184	  timining attacks. Nevertheless it might be not as secure as other
1185	  architecture specific assembler implementations that work on 1KB
1186	  tables or 256 bytes S-boxes.
1187
1188config CRYPTO_ANUBIS
1189	tristate "Anubis cipher algorithm"
1190	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1191	select CRYPTO_ALGAPI
1192	help
1193	  Anubis cipher algorithm.
1194
1195	  Anubis is a variable key length cipher which can use keys from
1196	  128 bits to 320 bits in length.  It was evaluated as a entrant
1197	  in the NESSIE competition.
1198
1199	  See also:
1200	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1201	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1202
1203config CRYPTO_ARC4
1204	tristate "ARC4 cipher algorithm"
1205	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1206	select CRYPTO_SKCIPHER
1207	select CRYPTO_LIB_ARC4
1208	help
1209	  ARC4 cipher algorithm.
1210
1211	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1212	  bits in length.  This algorithm is required for driver-based
1213	  WEP, but it should not be for other purposes because of the
1214	  weakness of the algorithm.
1215
1216config CRYPTO_BLOWFISH
1217	tristate "Blowfish cipher algorithm"
1218	select CRYPTO_ALGAPI
1219	select CRYPTO_BLOWFISH_COMMON
1220	help
1221	  Blowfish cipher algorithm, by Bruce Schneier.
1222
1223	  This is a variable key length cipher which can use keys from 32
1224	  bits to 448 bits in length.  It's fast, simple and specifically
1225	  designed for use on "large microprocessors".
1226
1227	  See also:
1228	  <https://www.schneier.com/blowfish.html>
1229
1230config CRYPTO_BLOWFISH_COMMON
1231	tristate
1232	help
1233	  Common parts of the Blowfish cipher algorithm shared by the
1234	  generic c and the assembler implementations.
1235
1236	  See also:
1237	  <https://www.schneier.com/blowfish.html>
1238
1239config CRYPTO_BLOWFISH_X86_64
1240	tristate "Blowfish cipher algorithm (x86_64)"
1241	depends on X86 && 64BIT
1242	select CRYPTO_SKCIPHER
1243	select CRYPTO_BLOWFISH_COMMON
1244	imply CRYPTO_CTR
1245	help
1246	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1247
1248	  This is a variable key length cipher which can use keys from 32
1249	  bits to 448 bits in length.  It's fast, simple and specifically
1250	  designed for use on "large microprocessors".
1251
1252	  See also:
1253	  <https://www.schneier.com/blowfish.html>
1254
1255config CRYPTO_CAMELLIA
1256	tristate "Camellia cipher algorithms"
1257	select CRYPTO_ALGAPI
1258	help
1259	  Camellia cipher algorithms module.
1260
1261	  Camellia is a symmetric key block cipher developed jointly
1262	  at NTT and Mitsubishi Electric Corporation.
1263
1264	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1265
1266	  See also:
1267	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1268
1269config CRYPTO_CAMELLIA_X86_64
1270	tristate "Camellia cipher algorithm (x86_64)"
1271	depends on X86 && 64BIT
1272	select CRYPTO_SKCIPHER
1273	imply CRYPTO_CTR
1274	help
1275	  Camellia cipher algorithm module (x86_64).
1276
1277	  Camellia is a symmetric key block cipher developed jointly
1278	  at NTT and Mitsubishi Electric Corporation.
1279
1280	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1281
1282	  See also:
1283	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1284
1285config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1286	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1287	depends on X86 && 64BIT
1288	select CRYPTO_SKCIPHER
1289	select CRYPTO_CAMELLIA_X86_64
1290	select CRYPTO_SIMD
1291	imply CRYPTO_XTS
1292	help
1293	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1294
1295	  Camellia is a symmetric key block cipher developed jointly
1296	  at NTT and Mitsubishi Electric Corporation.
1297
1298	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1299
1300	  See also:
1301	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1302
1303config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1304	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1305	depends on X86 && 64BIT
1306	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1307	help
1308	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1309
1310	  Camellia is a symmetric key block cipher developed jointly
1311	  at NTT and Mitsubishi Electric Corporation.
1312
1313	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1314
1315	  See also:
1316	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1317
1318config CRYPTO_CAMELLIA_SPARC64
1319	tristate "Camellia cipher algorithm (SPARC64)"
1320	depends on SPARC64
1321	select CRYPTO_ALGAPI
1322	select CRYPTO_SKCIPHER
1323	help
1324	  Camellia cipher algorithm module (SPARC64).
1325
1326	  Camellia is a symmetric key block cipher developed jointly
1327	  at NTT and Mitsubishi Electric Corporation.
1328
1329	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1330
1331	  See also:
1332	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1333
1334config CRYPTO_CAST_COMMON
1335	tristate
1336	help
1337	  Common parts of the CAST cipher algorithms shared by the
1338	  generic c and the assembler implementations.
1339
1340config CRYPTO_CAST5
1341	tristate "CAST5 (CAST-128) cipher algorithm"
1342	select CRYPTO_ALGAPI
1343	select CRYPTO_CAST_COMMON
1344	help
1345	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1346	  described in RFC2144.
1347
1348config CRYPTO_CAST5_AVX_X86_64
1349	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1350	depends on X86 && 64BIT
1351	select CRYPTO_SKCIPHER
1352	select CRYPTO_CAST5
1353	select CRYPTO_CAST_COMMON
1354	select CRYPTO_SIMD
1355	imply CRYPTO_CTR
1356	help
1357	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1358	  described in RFC2144.
1359
1360	  This module provides the Cast5 cipher algorithm that processes
1361	  sixteen blocks parallel using the AVX instruction set.
1362
1363config CRYPTO_CAST6
1364	tristate "CAST6 (CAST-256) cipher algorithm"
1365	select CRYPTO_ALGAPI
1366	select CRYPTO_CAST_COMMON
1367	help
1368	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1369	  described in RFC2612.
1370
1371config CRYPTO_CAST6_AVX_X86_64
1372	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1373	depends on X86 && 64BIT
1374	select CRYPTO_SKCIPHER
1375	select CRYPTO_CAST6
1376	select CRYPTO_CAST_COMMON
1377	select CRYPTO_SIMD
1378	imply CRYPTO_XTS
1379	imply CRYPTO_CTR
1380	help
1381	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1382	  described in RFC2612.
1383
1384	  This module provides the Cast6 cipher algorithm that processes
1385	  eight blocks parallel using the AVX instruction set.
1386
1387config CRYPTO_DES
1388	tristate "DES and Triple DES EDE cipher algorithms"
1389	select CRYPTO_ALGAPI
1390	select CRYPTO_LIB_DES
1391	help
1392	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1393
1394config CRYPTO_DES_SPARC64
1395	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1396	depends on SPARC64
1397	select CRYPTO_ALGAPI
1398	select CRYPTO_LIB_DES
1399	select CRYPTO_SKCIPHER
1400	help
1401	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1402	  optimized using SPARC64 crypto opcodes.
1403
1404config CRYPTO_DES3_EDE_X86_64
1405	tristate "Triple DES EDE cipher algorithm (x86-64)"
1406	depends on X86 && 64BIT
1407	select CRYPTO_SKCIPHER
1408	select CRYPTO_LIB_DES
1409	imply CRYPTO_CTR
1410	help
1411	  Triple DES EDE (FIPS 46-3) algorithm.
1412
1413	  This module provides implementation of the Triple DES EDE cipher
1414	  algorithm that is optimized for x86-64 processors. Two versions of
1415	  algorithm are provided; regular processing one input block and
1416	  one that processes three blocks parallel.
1417
1418config CRYPTO_FCRYPT
1419	tristate "FCrypt cipher algorithm"
1420	select CRYPTO_ALGAPI
1421	select CRYPTO_SKCIPHER
1422	help
1423	  FCrypt algorithm used by RxRPC.
1424
1425config CRYPTO_KHAZAD
1426	tristate "Khazad cipher algorithm"
1427	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1428	select CRYPTO_ALGAPI
1429	help
1430	  Khazad cipher algorithm.
1431
1432	  Khazad was a finalist in the initial NESSIE competition.  It is
1433	  an algorithm optimized for 64-bit processors with good performance
1434	  on 32-bit processors.  Khazad uses an 128 bit key size.
1435
1436	  See also:
1437	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1438
1439config CRYPTO_CHACHA20
1440	tristate "ChaCha stream cipher algorithms"
1441	select CRYPTO_LIB_CHACHA_GENERIC
1442	select CRYPTO_SKCIPHER
1443	help
1444	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1445
1446	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1447	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1448	  This is the portable C implementation of ChaCha20.  See also:
1449	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1450
1451	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1452	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1453	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1454	  while provably retaining ChaCha20's security.  See also:
1455	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1456
1457	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1458	  reduced security margin but increased performance.  It can be needed
1459	  in some performance-sensitive scenarios.
1460
1461config CRYPTO_CHACHA20_X86_64
1462	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1463	depends on X86 && 64BIT
1464	select CRYPTO_SKCIPHER
1465	select CRYPTO_LIB_CHACHA_GENERIC
1466	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1467	help
1468	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1469	  XChaCha20, and XChaCha12 stream ciphers.
1470
1471config CRYPTO_CHACHA_MIPS
1472	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1473	depends on CPU_MIPS32_R2
1474	select CRYPTO_SKCIPHER
1475	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1476
1477config CRYPTO_SEED
1478	tristate "SEED cipher algorithm"
1479	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1480	select CRYPTO_ALGAPI
1481	help
1482	  SEED cipher algorithm (RFC4269).
1483
1484	  SEED is a 128-bit symmetric key block cipher that has been
1485	  developed by KISA (Korea Information Security Agency) as a
1486	  national standard encryption algorithm of the Republic of Korea.
1487	  It is a 16 round block cipher with the key size of 128 bit.
1488
1489	  See also:
1490	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1491
1492config CRYPTO_SERPENT
1493	tristate "Serpent cipher algorithm"
1494	select CRYPTO_ALGAPI
1495	help
1496	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1497
1498	  Keys are allowed to be from 0 to 256 bits in length, in steps
1499	  of 8 bits.
1500
1501	  See also:
1502	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1503
1504config CRYPTO_SERPENT_SSE2_X86_64
1505	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1506	depends on X86 && 64BIT
1507	select CRYPTO_SKCIPHER
1508	select CRYPTO_SERPENT
1509	select CRYPTO_SIMD
1510	imply CRYPTO_CTR
1511	help
1512	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1513
1514	  Keys are allowed to be from 0 to 256 bits in length, in steps
1515	  of 8 bits.
1516
1517	  This module provides Serpent cipher algorithm that processes eight
1518	  blocks parallel using SSE2 instruction set.
1519
1520	  See also:
1521	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1522
1523config CRYPTO_SERPENT_SSE2_586
1524	tristate "Serpent cipher algorithm (i586/SSE2)"
1525	depends on X86 && !64BIT
1526	select CRYPTO_SKCIPHER
1527	select CRYPTO_SERPENT
1528	select CRYPTO_SIMD
1529	imply CRYPTO_CTR
1530	help
1531	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1532
1533	  Keys are allowed to be from 0 to 256 bits in length, in steps
1534	  of 8 bits.
1535
1536	  This module provides Serpent cipher algorithm that processes four
1537	  blocks parallel using SSE2 instruction set.
1538
1539	  See also:
1540	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1541
1542config CRYPTO_SERPENT_AVX_X86_64
1543	tristate "Serpent cipher algorithm (x86_64/AVX)"
1544	depends on X86 && 64BIT
1545	select CRYPTO_SKCIPHER
1546	select CRYPTO_SERPENT
1547	select CRYPTO_SIMD
1548	imply CRYPTO_XTS
1549	imply CRYPTO_CTR
1550	help
1551	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1552
1553	  Keys are allowed to be from 0 to 256 bits in length, in steps
1554	  of 8 bits.
1555
1556	  This module provides the Serpent cipher algorithm that processes
1557	  eight blocks parallel using the AVX instruction set.
1558
1559	  See also:
1560	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1561
1562config CRYPTO_SERPENT_AVX2_X86_64
1563	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1564	depends on X86 && 64BIT
1565	select CRYPTO_SERPENT_AVX_X86_64
1566	help
1567	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1568
1569	  Keys are allowed to be from 0 to 256 bits in length, in steps
1570	  of 8 bits.
1571
1572	  This module provides Serpent cipher algorithm that processes 16
1573	  blocks parallel using AVX2 instruction set.
1574
1575	  See also:
1576	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1577
1578config CRYPTO_SM4
1579	tristate
1580
1581config CRYPTO_SM4_GENERIC
1582	tristate "SM4 cipher algorithm"
1583	select CRYPTO_ALGAPI
1584	select CRYPTO_SM4
1585	help
1586	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1587
1588	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1589	  Organization of State Commercial Administration of China (OSCCA)
1590	  as an authorized cryptographic algorithms for the use within China.
1591
1592	  SMS4 was originally created for use in protecting wireless
1593	  networks, and is mandated in the Chinese National Standard for
1594	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1595	  (GB.15629.11-2003).
1596
1597	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1598	  standardized through TC 260 of the Standardization Administration
1599	  of the People's Republic of China (SAC).
1600
1601	  The input, output, and key of SMS4 are each 128 bits.
1602
1603	  See also: <https://eprint.iacr.org/2008/329.pdf>
1604
1605	  If unsure, say N.
1606
1607config CRYPTO_SM4_AESNI_AVX_X86_64
1608	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1609	depends on X86 && 64BIT
1610	select CRYPTO_SKCIPHER
1611	select CRYPTO_SIMD
1612	select CRYPTO_ALGAPI
1613	select CRYPTO_SM4
1614	help
1615	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1616
1617	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1618	  Organization of State Commercial Administration of China (OSCCA)
1619	  as an authorized cryptographic algorithms for the use within China.
1620
1621	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
1622	  instruction set for block cipher. Through two affine transforms,
1623	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1624	  effect of instruction acceleration.
1625
1626	  If unsure, say N.
1627
1628config CRYPTO_SM4_AESNI_AVX2_X86_64
1629	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1630	depends on X86 && 64BIT
1631	select CRYPTO_SKCIPHER
1632	select CRYPTO_SIMD
1633	select CRYPTO_ALGAPI
1634	select CRYPTO_SM4
1635	select CRYPTO_SM4_AESNI_AVX_X86_64
1636	help
1637	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1638
1639	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1640	  Organization of State Commercial Administration of China (OSCCA)
1641	  as an authorized cryptographic algorithms for the use within China.
1642
1643	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1644	  instruction set for block cipher. Through two affine transforms,
1645	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1646	  effect of instruction acceleration.
1647
1648	  If unsure, say N.
1649
1650config CRYPTO_TEA
1651	tristate "TEA, XTEA and XETA cipher algorithms"
1652	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1653	select CRYPTO_ALGAPI
1654	help
1655	  TEA cipher algorithm.
1656
1657	  Tiny Encryption Algorithm is a simple cipher that uses
1658	  many rounds for security.  It is very fast and uses
1659	  little memory.
1660
1661	  Xtendend Tiny Encryption Algorithm is a modification to
1662	  the TEA algorithm to address a potential key weakness
1663	  in the TEA algorithm.
1664
1665	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1666	  of the XTEA algorithm for compatibility purposes.
1667
1668config CRYPTO_TWOFISH
1669	tristate "Twofish cipher algorithm"
1670	select CRYPTO_ALGAPI
1671	select CRYPTO_TWOFISH_COMMON
1672	help
1673	  Twofish cipher algorithm.
1674
1675	  Twofish was submitted as an AES (Advanced Encryption Standard)
1676	  candidate cipher by researchers at CounterPane Systems.  It is a
1677	  16 round block cipher supporting key sizes of 128, 192, and 256
1678	  bits.
1679
1680	  See also:
1681	  <https://www.schneier.com/twofish.html>
1682
1683config CRYPTO_TWOFISH_COMMON
1684	tristate
1685	help
1686	  Common parts of the Twofish cipher algorithm shared by the
1687	  generic c and the assembler implementations.
1688
1689config CRYPTO_TWOFISH_586
1690	tristate "Twofish cipher algorithms (i586)"
1691	depends on (X86 || UML_X86) && !64BIT
1692	select CRYPTO_ALGAPI
1693	select CRYPTO_TWOFISH_COMMON
1694	imply CRYPTO_CTR
1695	help
1696	  Twofish cipher algorithm.
1697
1698	  Twofish was submitted as an AES (Advanced Encryption Standard)
1699	  candidate cipher by researchers at CounterPane Systems.  It is a
1700	  16 round block cipher supporting key sizes of 128, 192, and 256
1701	  bits.
1702
1703	  See also:
1704	  <https://www.schneier.com/twofish.html>
1705
1706config CRYPTO_TWOFISH_X86_64
1707	tristate "Twofish cipher algorithm (x86_64)"
1708	depends on (X86 || UML_X86) && 64BIT
1709	select CRYPTO_ALGAPI
1710	select CRYPTO_TWOFISH_COMMON
1711	imply CRYPTO_CTR
1712	help
1713	  Twofish cipher algorithm (x86_64).
1714
1715	  Twofish was submitted as an AES (Advanced Encryption Standard)
1716	  candidate cipher by researchers at CounterPane Systems.  It is a
1717	  16 round block cipher supporting key sizes of 128, 192, and 256
1718	  bits.
1719
1720	  See also:
1721	  <https://www.schneier.com/twofish.html>
1722
1723config CRYPTO_TWOFISH_X86_64_3WAY
1724	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1725	depends on X86 && 64BIT
1726	select CRYPTO_SKCIPHER
1727	select CRYPTO_TWOFISH_COMMON
1728	select CRYPTO_TWOFISH_X86_64
1729	help
1730	  Twofish cipher algorithm (x86_64, 3-way parallel).
1731
1732	  Twofish was submitted as an AES (Advanced Encryption Standard)
1733	  candidate cipher by researchers at CounterPane Systems.  It is a
1734	  16 round block cipher supporting key sizes of 128, 192, and 256
1735	  bits.
1736
1737	  This module provides Twofish cipher algorithm that processes three
1738	  blocks parallel, utilizing resources of out-of-order CPUs better.
1739
1740	  See also:
1741	  <https://www.schneier.com/twofish.html>
1742
1743config CRYPTO_TWOFISH_AVX_X86_64
1744	tristate "Twofish cipher algorithm (x86_64/AVX)"
1745	depends on X86 && 64BIT
1746	select CRYPTO_SKCIPHER
1747	select CRYPTO_SIMD
1748	select CRYPTO_TWOFISH_COMMON
1749	select CRYPTO_TWOFISH_X86_64
1750	select CRYPTO_TWOFISH_X86_64_3WAY
1751	imply CRYPTO_XTS
1752	help
1753	  Twofish cipher algorithm (x86_64/AVX).
1754
1755	  Twofish was submitted as an AES (Advanced Encryption Standard)
1756	  candidate cipher by researchers at CounterPane Systems.  It is a
1757	  16 round block cipher supporting key sizes of 128, 192, and 256
1758	  bits.
1759
1760	  This module provides the Twofish cipher algorithm that processes
1761	  eight blocks parallel using the AVX Instruction Set.
1762
1763	  See also:
1764	  <https://www.schneier.com/twofish.html>
1765
1766comment "Compression"
1767
1768config CRYPTO_DEFLATE
1769	tristate "Deflate compression algorithm"
1770	select CRYPTO_ALGAPI
1771	select CRYPTO_ACOMP2
1772	select ZLIB_INFLATE
1773	select ZLIB_DEFLATE
1774	help
1775	  This is the Deflate algorithm (RFC1951), specified for use in
1776	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1777
1778	  You will most probably want this if using IPSec.
1779
1780config CRYPTO_LZO
1781	tristate "LZO compression algorithm"
1782	select CRYPTO_ALGAPI
1783	select CRYPTO_ACOMP2
1784	select LZO_COMPRESS
1785	select LZO_DECOMPRESS
1786	help
1787	  This is the LZO algorithm.
1788
1789config CRYPTO_842
1790	tristate "842 compression algorithm"
1791	select CRYPTO_ALGAPI
1792	select CRYPTO_ACOMP2
1793	select 842_COMPRESS
1794	select 842_DECOMPRESS
1795	help
1796	  This is the 842 algorithm.
1797
1798config CRYPTO_LZ4
1799	tristate "LZ4 compression algorithm"
1800	select CRYPTO_ALGAPI
1801	select CRYPTO_ACOMP2
1802	select LZ4_COMPRESS
1803	select LZ4_DECOMPRESS
1804	help
1805	  This is the LZ4 algorithm.
1806
1807config CRYPTO_LZ4HC
1808	tristate "LZ4HC compression algorithm"
1809	select CRYPTO_ALGAPI
1810	select CRYPTO_ACOMP2
1811	select LZ4HC_COMPRESS
1812	select LZ4_DECOMPRESS
1813	help
1814	  This is the LZ4 high compression mode algorithm.
1815
1816config CRYPTO_ZSTD
1817	tristate "Zstd compression algorithm"
1818	select CRYPTO_ALGAPI
1819	select CRYPTO_ACOMP2
1820	select ZSTD_COMPRESS
1821	select ZSTD_DECOMPRESS
1822	help
1823	  This is the zstd algorithm.
1824
1825comment "Random Number Generation"
1826
1827config CRYPTO_ANSI_CPRNG
1828	tristate "Pseudo Random Number Generation for Cryptographic modules"
1829	select CRYPTO_AES
1830	select CRYPTO_RNG
1831	help
1832	  This option enables the generic pseudo random number generator
1833	  for cryptographic modules.  Uses the Algorithm specified in
1834	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1835	  CRYPTO_FIPS is selected
1836
1837menuconfig CRYPTO_DRBG_MENU
1838	tristate "NIST SP800-90A DRBG"
1839	help
1840	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1841	  more of the DRBG types must be selected.
1842
1843if CRYPTO_DRBG_MENU
1844
1845config CRYPTO_DRBG_HMAC
1846	bool
1847	default y
1848	select CRYPTO_HMAC
1849	select CRYPTO_SHA512
1850
1851config CRYPTO_DRBG_HASH
1852	bool "Enable Hash DRBG"
1853	select CRYPTO_SHA256
1854	help
1855	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1856
1857config CRYPTO_DRBG_CTR
1858	bool "Enable CTR DRBG"
1859	select CRYPTO_AES
1860	select CRYPTO_CTR
1861	help
1862	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1863
1864config CRYPTO_DRBG
1865	tristate
1866	default CRYPTO_DRBG_MENU
1867	select CRYPTO_RNG
1868	select CRYPTO_JITTERENTROPY
1869
1870endif	# if CRYPTO_DRBG_MENU
1871
1872config CRYPTO_JITTERENTROPY
1873	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1874	select CRYPTO_RNG
1875	help
1876	  The Jitterentropy RNG is a noise that is intended
1877	  to provide seed to another RNG. The RNG does not
1878	  perform any cryptographic whitening of the generated
1879	  random numbers. This Jitterentropy RNG registers with
1880	  the kernel crypto API and can be used by any caller.
1881
1882config CRYPTO_KDF800108_CTR
1883	tristate
1884	select CRYPTO_HMAC
1885	select CRYPTO_SHA256
1886
1887config CRYPTO_USER_API
1888	tristate
1889
1890config CRYPTO_USER_API_HASH
1891	tristate "User-space interface for hash algorithms"
1892	depends on NET
1893	select CRYPTO_HASH
1894	select CRYPTO_USER_API
1895	help
1896	  This option enables the user-spaces interface for hash
1897	  algorithms.
1898
1899config CRYPTO_USER_API_SKCIPHER
1900	tristate "User-space interface for symmetric key cipher algorithms"
1901	depends on NET
1902	select CRYPTO_SKCIPHER
1903	select CRYPTO_USER_API
1904	help
1905	  This option enables the user-spaces interface for symmetric
1906	  key cipher algorithms.
1907
1908config CRYPTO_USER_API_RNG
1909	tristate "User-space interface for random number generator algorithms"
1910	depends on NET
1911	select CRYPTO_RNG
1912	select CRYPTO_USER_API
1913	help
1914	  This option enables the user-spaces interface for random
1915	  number generator algorithms.
1916
1917config CRYPTO_USER_API_RNG_CAVP
1918	bool "Enable CAVP testing of DRBG"
1919	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1920	help
1921	  This option enables extra API for CAVP testing via the user-space
1922	  interface: resetting of DRBG entropy, and providing Additional Data.
1923	  This should only be enabled for CAVP testing. You should say
1924	  no unless you know what this is.
1925
1926config CRYPTO_USER_API_AEAD
1927	tristate "User-space interface for AEAD cipher algorithms"
1928	depends on NET
1929	select CRYPTO_AEAD
1930	select CRYPTO_SKCIPHER
1931	select CRYPTO_NULL
1932	select CRYPTO_USER_API
1933	help
1934	  This option enables the user-spaces interface for AEAD
1935	  cipher algorithms.
1936
1937config CRYPTO_USER_API_ENABLE_OBSOLETE
1938	bool "Enable obsolete cryptographic algorithms for userspace"
1939	depends on CRYPTO_USER_API
1940	default y
1941	help
1942	  Allow obsolete cryptographic algorithms to be selected that have
1943	  already been phased out from internal use by the kernel, and are
1944	  only useful for userspace clients that still rely on them.
1945
1946config CRYPTO_STATS
1947	bool "Crypto usage statistics for User-space"
1948	depends on CRYPTO_USER
1949	help
1950	  This option enables the gathering of crypto stats.
1951	  This will collect:
1952	  - encrypt/decrypt size and numbers of symmeric operations
1953	  - compress/decompress size and numbers of compress operations
1954	  - size and numbers of hash operations
1955	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1956	  - generate/seed numbers for rng operations
1957
1958config CRYPTO_HASH_INFO
1959	bool
1960
1961source "drivers/crypto/Kconfig"
1962source "crypto/asymmetric_keys/Kconfig"
1963source "certs/Kconfig"
1964
1965endif	# if CRYPTO
1966