xref: /openbmc/linux/crypto/Kconfig (revision dc6a81c3)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139if CRYPTO_MANAGER2
140
141config CRYPTO_MANAGER_DISABLE_TESTS
142	bool "Disable run-time self tests"
143	default y
144	help
145	  Disable run-time self tests that normally take place at
146	  algorithm registration.
147
148config CRYPTO_MANAGER_EXTRA_TESTS
149	bool "Enable extra run-time crypto self tests"
150	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
151	help
152	  Enable extra run-time self tests of registered crypto algorithms,
153	  including randomized fuzz tests.
154
155	  This is intended for developer use only, as these tests take much
156	  longer to run than the normal self tests.
157
158endif	# if CRYPTO_MANAGER2
159
160config CRYPTO_GF128MUL
161	tristate
162
163config CRYPTO_NULL
164	tristate "Null algorithms"
165	select CRYPTO_NULL2
166	help
167	  These are 'Null' algorithms, used by IPsec, which do nothing.
168
169config CRYPTO_NULL2
170	tristate
171	select CRYPTO_ALGAPI2
172	select CRYPTO_SKCIPHER2
173	select CRYPTO_HASH2
174
175config CRYPTO_PCRYPT
176	tristate "Parallel crypto engine"
177	depends on SMP
178	select PADATA
179	select CRYPTO_MANAGER
180	select CRYPTO_AEAD
181	help
182	  This converts an arbitrary crypto algorithm into a parallel
183	  algorithm that executes in kernel threads.
184
185config CRYPTO_CRYPTD
186	tristate "Software async crypto daemon"
187	select CRYPTO_SKCIPHER
188	select CRYPTO_HASH
189	select CRYPTO_MANAGER
190	help
191	  This is a generic software asynchronous crypto daemon that
192	  converts an arbitrary synchronous software crypto algorithm
193	  into an asynchronous algorithm that executes in a kernel thread.
194
195config CRYPTO_AUTHENC
196	tristate "Authenc support"
197	select CRYPTO_AEAD
198	select CRYPTO_SKCIPHER
199	select CRYPTO_MANAGER
200	select CRYPTO_HASH
201	select CRYPTO_NULL
202	help
203	  Authenc: Combined mode wrapper for IPsec.
204	  This is required for IPSec.
205
206config CRYPTO_TEST
207	tristate "Testing module"
208	depends on m
209	select CRYPTO_MANAGER
210	help
211	  Quick & dirty crypto test module.
212
213config CRYPTO_SIMD
214	tristate
215	select CRYPTO_CRYPTD
216
217config CRYPTO_GLUE_HELPER_X86
218	tristate
219	depends on X86
220	select CRYPTO_SKCIPHER
221
222config CRYPTO_ENGINE
223	tristate
224
225comment "Public-key cryptography"
226
227config CRYPTO_RSA
228	tristate "RSA algorithm"
229	select CRYPTO_AKCIPHER
230	select CRYPTO_MANAGER
231	select MPILIB
232	select ASN1
233	help
234	  Generic implementation of the RSA public key algorithm.
235
236config CRYPTO_DH
237	tristate "Diffie-Hellman algorithm"
238	select CRYPTO_KPP
239	select MPILIB
240	help
241	  Generic implementation of the Diffie-Hellman algorithm.
242
243config CRYPTO_ECC
244	tristate
245
246config CRYPTO_ECDH
247	tristate "ECDH algorithm"
248	select CRYPTO_ECC
249	select CRYPTO_KPP
250	select CRYPTO_RNG_DEFAULT
251	help
252	  Generic implementation of the ECDH algorithm
253
254config CRYPTO_ECRDSA
255	tristate "EC-RDSA (GOST 34.10) algorithm"
256	select CRYPTO_ECC
257	select CRYPTO_AKCIPHER
258	select CRYPTO_STREEBOG
259	select OID_REGISTRY
260	select ASN1
261	help
262	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
263	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
264	  standard algorithms (called GOST algorithms). Only signature verification
265	  is implemented.
266
267config CRYPTO_CURVE25519
268	tristate "Curve25519 algorithm"
269	select CRYPTO_KPP
270	select CRYPTO_LIB_CURVE25519_GENERIC
271
272config CRYPTO_CURVE25519_X86
273	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
274	depends on X86 && 64BIT
275	select CRYPTO_LIB_CURVE25519_GENERIC
276	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
277
278comment "Authenticated Encryption with Associated Data"
279
280config CRYPTO_CCM
281	tristate "CCM support"
282	select CRYPTO_CTR
283	select CRYPTO_HASH
284	select CRYPTO_AEAD
285	select CRYPTO_MANAGER
286	help
287	  Support for Counter with CBC MAC. Required for IPsec.
288
289config CRYPTO_GCM
290	tristate "GCM/GMAC support"
291	select CRYPTO_CTR
292	select CRYPTO_AEAD
293	select CRYPTO_GHASH
294	select CRYPTO_NULL
295	select CRYPTO_MANAGER
296	help
297	  Support for Galois/Counter Mode (GCM) and Galois Message
298	  Authentication Code (GMAC). Required for IPSec.
299
300config CRYPTO_CHACHA20POLY1305
301	tristate "ChaCha20-Poly1305 AEAD support"
302	select CRYPTO_CHACHA20
303	select CRYPTO_POLY1305
304	select CRYPTO_AEAD
305	select CRYPTO_MANAGER
306	help
307	  ChaCha20-Poly1305 AEAD support, RFC7539.
308
309	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
310	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
311	  IETF protocols.
312
313config CRYPTO_AEGIS128
314	tristate "AEGIS-128 AEAD algorithm"
315	select CRYPTO_AEAD
316	select CRYPTO_AES  # for AES S-box tables
317	help
318	 Support for the AEGIS-128 dedicated AEAD algorithm.
319
320config CRYPTO_AEGIS128_SIMD
321	bool "Support SIMD acceleration for AEGIS-128"
322	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
323	depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800
324	default y
325
326config CRYPTO_AEGIS128_AESNI_SSE2
327	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
328	depends on X86 && 64BIT
329	select CRYPTO_AEAD
330	select CRYPTO_SIMD
331	help
332	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
333
334config CRYPTO_SEQIV
335	tristate "Sequence Number IV Generator"
336	select CRYPTO_AEAD
337	select CRYPTO_SKCIPHER
338	select CRYPTO_NULL
339	select CRYPTO_RNG_DEFAULT
340	select CRYPTO_MANAGER
341	help
342	  This IV generator generates an IV based on a sequence number by
343	  xoring it with a salt.  This algorithm is mainly useful for CTR
344
345config CRYPTO_ECHAINIV
346	tristate "Encrypted Chain IV Generator"
347	select CRYPTO_AEAD
348	select CRYPTO_NULL
349	select CRYPTO_RNG_DEFAULT
350	select CRYPTO_MANAGER
351	help
352	  This IV generator generates an IV based on the encryption of
353	  a sequence number xored with a salt.  This is the default
354	  algorithm for CBC.
355
356comment "Block modes"
357
358config CRYPTO_CBC
359	tristate "CBC support"
360	select CRYPTO_SKCIPHER
361	select CRYPTO_MANAGER
362	help
363	  CBC: Cipher Block Chaining mode
364	  This block cipher algorithm is required for IPSec.
365
366config CRYPTO_CFB
367	tristate "CFB support"
368	select CRYPTO_SKCIPHER
369	select CRYPTO_MANAGER
370	help
371	  CFB: Cipher FeedBack mode
372	  This block cipher algorithm is required for TPM2 Cryptography.
373
374config CRYPTO_CTR
375	tristate "CTR support"
376	select CRYPTO_SKCIPHER
377	select CRYPTO_SEQIV
378	select CRYPTO_MANAGER
379	help
380	  CTR: Counter mode
381	  This block cipher algorithm is required for IPSec.
382
383config CRYPTO_CTS
384	tristate "CTS support"
385	select CRYPTO_SKCIPHER
386	select CRYPTO_MANAGER
387	help
388	  CTS: Cipher Text Stealing
389	  This is the Cipher Text Stealing mode as described by
390	  Section 8 of rfc2040 and referenced by rfc3962
391	  (rfc3962 includes errata information in its Appendix A) or
392	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
393	  This mode is required for Kerberos gss mechanism support
394	  for AES encryption.
395
396	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
397
398config CRYPTO_ECB
399	tristate "ECB support"
400	select CRYPTO_SKCIPHER
401	select CRYPTO_MANAGER
402	help
403	  ECB: Electronic CodeBook mode
404	  This is the simplest block cipher algorithm.  It simply encrypts
405	  the input block by block.
406
407config CRYPTO_LRW
408	tristate "LRW support"
409	select CRYPTO_SKCIPHER
410	select CRYPTO_MANAGER
411	select CRYPTO_GF128MUL
412	help
413	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
414	  narrow block cipher mode for dm-crypt.  Use it with cipher
415	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
416	  The first 128, 192 or 256 bits in the key are used for AES and the
417	  rest is used to tie each cipher block to its logical position.
418
419config CRYPTO_OFB
420	tristate "OFB support"
421	select CRYPTO_SKCIPHER
422	select CRYPTO_MANAGER
423	help
424	  OFB: the Output Feedback mode makes a block cipher into a synchronous
425	  stream cipher. It generates keystream blocks, which are then XORed
426	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
427	  ciphertext produces a flipped bit in the plaintext at the same
428	  location. This property allows many error correcting codes to function
429	  normally even when applied before encryption.
430
431config CRYPTO_PCBC
432	tristate "PCBC support"
433	select CRYPTO_SKCIPHER
434	select CRYPTO_MANAGER
435	help
436	  PCBC: Propagating Cipher Block Chaining mode
437	  This block cipher algorithm is required for RxRPC.
438
439config CRYPTO_XTS
440	tristate "XTS support"
441	select CRYPTO_SKCIPHER
442	select CRYPTO_MANAGER
443	select CRYPTO_ECB
444	help
445	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
446	  key size 256, 384 or 512 bits. This implementation currently
447	  can't handle a sectorsize which is not a multiple of 16 bytes.
448
449config CRYPTO_KEYWRAP
450	tristate "Key wrapping support"
451	select CRYPTO_SKCIPHER
452	select CRYPTO_MANAGER
453	help
454	  Support for key wrapping (NIST SP800-38F / RFC3394) without
455	  padding.
456
457config CRYPTO_NHPOLY1305
458	tristate
459	select CRYPTO_HASH
460	select CRYPTO_LIB_POLY1305_GENERIC
461
462config CRYPTO_NHPOLY1305_SSE2
463	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
464	depends on X86 && 64BIT
465	select CRYPTO_NHPOLY1305
466	help
467	  SSE2 optimized implementation of the hash function used by the
468	  Adiantum encryption mode.
469
470config CRYPTO_NHPOLY1305_AVX2
471	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
472	depends on X86 && 64BIT
473	select CRYPTO_NHPOLY1305
474	help
475	  AVX2 optimized implementation of the hash function used by the
476	  Adiantum encryption mode.
477
478config CRYPTO_ADIANTUM
479	tristate "Adiantum support"
480	select CRYPTO_CHACHA20
481	select CRYPTO_LIB_POLY1305_GENERIC
482	select CRYPTO_NHPOLY1305
483	select CRYPTO_MANAGER
484	help
485	  Adiantum is a tweakable, length-preserving encryption mode
486	  designed for fast and secure disk encryption, especially on
487	  CPUs without dedicated crypto instructions.  It encrypts
488	  each sector using the XChaCha12 stream cipher, two passes of
489	  an ε-almost-∆-universal hash function, and an invocation of
490	  the AES-256 block cipher on a single 16-byte block.  On CPUs
491	  without AES instructions, Adiantum is much faster than
492	  AES-XTS.
493
494	  Adiantum's security is provably reducible to that of its
495	  underlying stream and block ciphers, subject to a security
496	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
497	  mode, so it actually provides an even stronger notion of
498	  security than XTS, subject to the security bound.
499
500	  If unsure, say N.
501
502config CRYPTO_ESSIV
503	tristate "ESSIV support for block encryption"
504	select CRYPTO_AUTHENC
505	help
506	  Encrypted salt-sector initialization vector (ESSIV) is an IV
507	  generation method that is used in some cases by fscrypt and/or
508	  dm-crypt. It uses the hash of the block encryption key as the
509	  symmetric key for a block encryption pass applied to the input
510	  IV, making low entropy IV sources more suitable for block
511	  encryption.
512
513	  This driver implements a crypto API template that can be
514	  instantiated either as an skcipher or as an AEAD (depending on the
515	  type of the first template argument), and which defers encryption
516	  and decryption requests to the encapsulated cipher after applying
517	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
518	  that the keys are presented in the same format used by the authenc
519	  template, and that the IV appears at the end of the authenticated
520	  associated data (AAD) region (which is how dm-crypt uses it.)
521
522	  Note that the use of ESSIV is not recommended for new deployments,
523	  and so this only needs to be enabled when interoperability with
524	  existing encrypted volumes of filesystems is required, or when
525	  building for a particular system that requires it (e.g., when
526	  the SoC in question has accelerated CBC but not XTS, making CBC
527	  combined with ESSIV the only feasible mode for h/w accelerated
528	  block encryption)
529
530comment "Hash modes"
531
532config CRYPTO_CMAC
533	tristate "CMAC support"
534	select CRYPTO_HASH
535	select CRYPTO_MANAGER
536	help
537	  Cipher-based Message Authentication Code (CMAC) specified by
538	  The National Institute of Standards and Technology (NIST).
539
540	  https://tools.ietf.org/html/rfc4493
541	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
542
543config CRYPTO_HMAC
544	tristate "HMAC support"
545	select CRYPTO_HASH
546	select CRYPTO_MANAGER
547	help
548	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
549	  This is required for IPSec.
550
551config CRYPTO_XCBC
552	tristate "XCBC support"
553	select CRYPTO_HASH
554	select CRYPTO_MANAGER
555	help
556	  XCBC: Keyed-Hashing with encryption algorithm
557		http://www.ietf.org/rfc/rfc3566.txt
558		http://csrc.nist.gov/encryption/modes/proposedmodes/
559		 xcbc-mac/xcbc-mac-spec.pdf
560
561config CRYPTO_VMAC
562	tristate "VMAC support"
563	select CRYPTO_HASH
564	select CRYPTO_MANAGER
565	help
566	  VMAC is a message authentication algorithm designed for
567	  very high speed on 64-bit architectures.
568
569	  See also:
570	  <http://fastcrypto.org/vmac>
571
572comment "Digest"
573
574config CRYPTO_CRC32C
575	tristate "CRC32c CRC algorithm"
576	select CRYPTO_HASH
577	select CRC32
578	help
579	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
580	  by iSCSI for header and data digests and by others.
581	  See Castagnoli93.  Module will be crc32c.
582
583config CRYPTO_CRC32C_INTEL
584	tristate "CRC32c INTEL hardware acceleration"
585	depends on X86
586	select CRYPTO_HASH
587	help
588	  In Intel processor with SSE4.2 supported, the processor will
589	  support CRC32C implementation using hardware accelerated CRC32
590	  instruction. This option will create 'crc32c-intel' module,
591	  which will enable any routine to use the CRC32 instruction to
592	  gain performance compared with software implementation.
593	  Module will be crc32c-intel.
594
595config CRYPTO_CRC32C_VPMSUM
596	tristate "CRC32c CRC algorithm (powerpc64)"
597	depends on PPC64 && ALTIVEC
598	select CRYPTO_HASH
599	select CRC32
600	help
601	  CRC32c algorithm implemented using vector polynomial multiply-sum
602	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
603	  and newer processors for improved performance.
604
605
606config CRYPTO_CRC32C_SPARC64
607	tristate "CRC32c CRC algorithm (SPARC64)"
608	depends on SPARC64
609	select CRYPTO_HASH
610	select CRC32
611	help
612	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
613	  when available.
614
615config CRYPTO_CRC32
616	tristate "CRC32 CRC algorithm"
617	select CRYPTO_HASH
618	select CRC32
619	help
620	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
621	  Shash crypto api wrappers to crc32_le function.
622
623config CRYPTO_CRC32_PCLMUL
624	tristate "CRC32 PCLMULQDQ hardware acceleration"
625	depends on X86
626	select CRYPTO_HASH
627	select CRC32
628	help
629	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
630	  and PCLMULQDQ supported, the processor will support
631	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
632	  instruction. This option will create 'crc32-pclmul' module,
633	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
634	  and gain better performance as compared with the table implementation.
635
636config CRYPTO_CRC32_MIPS
637	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
638	depends on MIPS_CRC_SUPPORT
639	select CRYPTO_HASH
640	help
641	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
642	  instructions, when available.
643
644
645config CRYPTO_XXHASH
646	tristate "xxHash hash algorithm"
647	select CRYPTO_HASH
648	select XXHASH
649	help
650	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
651	  speeds close to RAM limits.
652
653config CRYPTO_BLAKE2B
654	tristate "BLAKE2b digest algorithm"
655	select CRYPTO_HASH
656	help
657	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
658	  optimized for 64bit platforms and can produce digests of any size
659	  between 1 to 64.  The keyed hash is also implemented.
660
661	  This module provides the following algorithms:
662
663	  - blake2b-160
664	  - blake2b-256
665	  - blake2b-384
666	  - blake2b-512
667
668	  See https://blake2.net for further information.
669
670config CRYPTO_BLAKE2S
671	tristate "BLAKE2s digest algorithm"
672	select CRYPTO_LIB_BLAKE2S_GENERIC
673	select CRYPTO_HASH
674	help
675	  Implementation of cryptographic hash function BLAKE2s
676	  optimized for 8-32bit platforms and can produce digests of any size
677	  between 1 to 32.  The keyed hash is also implemented.
678
679	  This module provides the following algorithms:
680
681	  - blake2s-128
682	  - blake2s-160
683	  - blake2s-224
684	  - blake2s-256
685
686	  See https://blake2.net for further information.
687
688config CRYPTO_BLAKE2S_X86
689	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
690	depends on X86 && 64BIT
691	select CRYPTO_LIB_BLAKE2S_GENERIC
692	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
693
694config CRYPTO_CRCT10DIF
695	tristate "CRCT10DIF algorithm"
696	select CRYPTO_HASH
697	help
698	  CRC T10 Data Integrity Field computation is being cast as
699	  a crypto transform.  This allows for faster crc t10 diff
700	  transforms to be used if they are available.
701
702config CRYPTO_CRCT10DIF_PCLMUL
703	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
704	depends on X86 && 64BIT && CRC_T10DIF
705	select CRYPTO_HASH
706	help
707	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
708	  CRC T10 DIF PCLMULQDQ computation can be hardware
709	  accelerated PCLMULQDQ instruction. This option will create
710	  'crct10dif-pclmul' module, which is faster when computing the
711	  crct10dif checksum as compared with the generic table implementation.
712
713config CRYPTO_CRCT10DIF_VPMSUM
714	tristate "CRC32T10DIF powerpc64 hardware acceleration"
715	depends on PPC64 && ALTIVEC && CRC_T10DIF
716	select CRYPTO_HASH
717	help
718	  CRC10T10DIF algorithm implemented using vector polynomial
719	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
720	  POWER8 and newer processors for improved performance.
721
722config CRYPTO_VPMSUM_TESTER
723	tristate "Powerpc64 vpmsum hardware acceleration tester"
724	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
725	help
726	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
727	  POWER8 vpmsum instructions.
728	  Unless you are testing these algorithms, you don't need this.
729
730config CRYPTO_GHASH
731	tristate "GHASH hash function"
732	select CRYPTO_GF128MUL
733	select CRYPTO_HASH
734	help
735	  GHASH is the hash function used in GCM (Galois/Counter Mode).
736	  It is not a general-purpose cryptographic hash function.
737
738config CRYPTO_POLY1305
739	tristate "Poly1305 authenticator algorithm"
740	select CRYPTO_HASH
741	select CRYPTO_LIB_POLY1305_GENERIC
742	help
743	  Poly1305 authenticator algorithm, RFC7539.
744
745	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
746	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
747	  in IETF protocols. This is the portable C implementation of Poly1305.
748
749config CRYPTO_POLY1305_X86_64
750	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
751	depends on X86 && 64BIT
752	select CRYPTO_LIB_POLY1305_GENERIC
753	select CRYPTO_ARCH_HAVE_LIB_POLY1305
754	help
755	  Poly1305 authenticator algorithm, RFC7539.
756
757	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
758	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
759	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
760	  instructions.
761
762config CRYPTO_POLY1305_MIPS
763	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
764	depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
765	select CRYPTO_ARCH_HAVE_LIB_POLY1305
766
767config CRYPTO_MD4
768	tristate "MD4 digest algorithm"
769	select CRYPTO_HASH
770	help
771	  MD4 message digest algorithm (RFC1320).
772
773config CRYPTO_MD5
774	tristate "MD5 digest algorithm"
775	select CRYPTO_HASH
776	help
777	  MD5 message digest algorithm (RFC1321).
778
779config CRYPTO_MD5_OCTEON
780	tristate "MD5 digest algorithm (OCTEON)"
781	depends on CPU_CAVIUM_OCTEON
782	select CRYPTO_MD5
783	select CRYPTO_HASH
784	help
785	  MD5 message digest algorithm (RFC1321) implemented
786	  using OCTEON crypto instructions, when available.
787
788config CRYPTO_MD5_PPC
789	tristate "MD5 digest algorithm (PPC)"
790	depends on PPC
791	select CRYPTO_HASH
792	help
793	  MD5 message digest algorithm (RFC1321) implemented
794	  in PPC assembler.
795
796config CRYPTO_MD5_SPARC64
797	tristate "MD5 digest algorithm (SPARC64)"
798	depends on SPARC64
799	select CRYPTO_MD5
800	select CRYPTO_HASH
801	help
802	  MD5 message digest algorithm (RFC1321) implemented
803	  using sparc64 crypto instructions, when available.
804
805config CRYPTO_MICHAEL_MIC
806	tristate "Michael MIC keyed digest algorithm"
807	select CRYPTO_HASH
808	help
809	  Michael MIC is used for message integrity protection in TKIP
810	  (IEEE 802.11i). This algorithm is required for TKIP, but it
811	  should not be used for other purposes because of the weakness
812	  of the algorithm.
813
814config CRYPTO_RMD128
815	tristate "RIPEMD-128 digest algorithm"
816	select CRYPTO_HASH
817	help
818	  RIPEMD-128 (ISO/IEC 10118-3:2004).
819
820	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
821	  be used as a secure replacement for RIPEMD. For other use cases,
822	  RIPEMD-160 should be used.
823
824	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
825	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
826
827config CRYPTO_RMD160
828	tristate "RIPEMD-160 digest algorithm"
829	select CRYPTO_HASH
830	help
831	  RIPEMD-160 (ISO/IEC 10118-3:2004).
832
833	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
834	  to be used as a secure replacement for the 128-bit hash functions
835	  MD4, MD5 and it's predecessor RIPEMD
836	  (not to be confused with RIPEMD-128).
837
838	  It's speed is comparable to SHA1 and there are no known attacks
839	  against RIPEMD-160.
840
841	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
842	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
843
844config CRYPTO_RMD256
845	tristate "RIPEMD-256 digest algorithm"
846	select CRYPTO_HASH
847	help
848	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
849	  256 bit hash. It is intended for applications that require
850	  longer hash-results, without needing a larger security level
851	  (than RIPEMD-128).
852
853	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
854	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
855
856config CRYPTO_RMD320
857	tristate "RIPEMD-320 digest algorithm"
858	select CRYPTO_HASH
859	help
860	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
861	  320 bit hash. It is intended for applications that require
862	  longer hash-results, without needing a larger security level
863	  (than RIPEMD-160).
864
865	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
866	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
867
868config CRYPTO_SHA1
869	tristate "SHA1 digest algorithm"
870	select CRYPTO_HASH
871	help
872	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
873
874config CRYPTO_SHA1_SSSE3
875	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
876	depends on X86 && 64BIT
877	select CRYPTO_SHA1
878	select CRYPTO_HASH
879	help
880	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
881	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
882	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
883	  when available.
884
885config CRYPTO_SHA256_SSSE3
886	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
887	depends on X86 && 64BIT
888	select CRYPTO_SHA256
889	select CRYPTO_HASH
890	help
891	  SHA-256 secure hash standard (DFIPS 180-2) implemented
892	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
893	  Extensions version 1 (AVX1), or Advanced Vector Extensions
894	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
895	  Instructions) when available.
896
897config CRYPTO_SHA512_SSSE3
898	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
899	depends on X86 && 64BIT
900	select CRYPTO_SHA512
901	select CRYPTO_HASH
902	help
903	  SHA-512 secure hash standard (DFIPS 180-2) implemented
904	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
905	  Extensions version 1 (AVX1), or Advanced Vector Extensions
906	  version 2 (AVX2) instructions, when available.
907
908config CRYPTO_SHA1_OCTEON
909	tristate "SHA1 digest algorithm (OCTEON)"
910	depends on CPU_CAVIUM_OCTEON
911	select CRYPTO_SHA1
912	select CRYPTO_HASH
913	help
914	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
915	  using OCTEON crypto instructions, when available.
916
917config CRYPTO_SHA1_SPARC64
918	tristate "SHA1 digest algorithm (SPARC64)"
919	depends on SPARC64
920	select CRYPTO_SHA1
921	select CRYPTO_HASH
922	help
923	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
924	  using sparc64 crypto instructions, when available.
925
926config CRYPTO_SHA1_PPC
927	tristate "SHA1 digest algorithm (powerpc)"
928	depends on PPC
929	help
930	  This is the powerpc hardware accelerated implementation of the
931	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
932
933config CRYPTO_SHA1_PPC_SPE
934	tristate "SHA1 digest algorithm (PPC SPE)"
935	depends on PPC && SPE
936	help
937	  SHA-1 secure hash standard (DFIPS 180-4) implemented
938	  using powerpc SPE SIMD instruction set.
939
940config CRYPTO_SHA256
941	tristate "SHA224 and SHA256 digest algorithm"
942	select CRYPTO_HASH
943	select CRYPTO_LIB_SHA256
944	help
945	  SHA256 secure hash standard (DFIPS 180-2).
946
947	  This version of SHA implements a 256 bit hash with 128 bits of
948	  security against collision attacks.
949
950	  This code also includes SHA-224, a 224 bit hash with 112 bits
951	  of security against collision attacks.
952
953config CRYPTO_SHA256_PPC_SPE
954	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
955	depends on PPC && SPE
956	select CRYPTO_SHA256
957	select CRYPTO_HASH
958	help
959	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
960	  implemented using powerpc SPE SIMD instruction set.
961
962config CRYPTO_SHA256_OCTEON
963	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
964	depends on CPU_CAVIUM_OCTEON
965	select CRYPTO_SHA256
966	select CRYPTO_HASH
967	help
968	  SHA-256 secure hash standard (DFIPS 180-2) implemented
969	  using OCTEON crypto instructions, when available.
970
971config CRYPTO_SHA256_SPARC64
972	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
973	depends on SPARC64
974	select CRYPTO_SHA256
975	select CRYPTO_HASH
976	help
977	  SHA-256 secure hash standard (DFIPS 180-2) implemented
978	  using sparc64 crypto instructions, when available.
979
980config CRYPTO_SHA512
981	tristate "SHA384 and SHA512 digest algorithms"
982	select CRYPTO_HASH
983	help
984	  SHA512 secure hash standard (DFIPS 180-2).
985
986	  This version of SHA implements a 512 bit hash with 256 bits of
987	  security against collision attacks.
988
989	  This code also includes SHA-384, a 384 bit hash with 192 bits
990	  of security against collision attacks.
991
992config CRYPTO_SHA512_OCTEON
993	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
994	depends on CPU_CAVIUM_OCTEON
995	select CRYPTO_SHA512
996	select CRYPTO_HASH
997	help
998	  SHA-512 secure hash standard (DFIPS 180-2) implemented
999	  using OCTEON crypto instructions, when available.
1000
1001config CRYPTO_SHA512_SPARC64
1002	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
1003	depends on SPARC64
1004	select CRYPTO_SHA512
1005	select CRYPTO_HASH
1006	help
1007	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1008	  using sparc64 crypto instructions, when available.
1009
1010config CRYPTO_SHA3
1011	tristate "SHA3 digest algorithm"
1012	select CRYPTO_HASH
1013	help
1014	  SHA-3 secure hash standard (DFIPS 202). It's based on
1015	  cryptographic sponge function family called Keccak.
1016
1017	  References:
1018	  http://keccak.noekeon.org/
1019
1020config CRYPTO_SM3
1021	tristate "SM3 digest algorithm"
1022	select CRYPTO_HASH
1023	help
1024	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1025	  It is part of the Chinese Commercial Cryptography suite.
1026
1027	  References:
1028	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1029	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1030
1031config CRYPTO_STREEBOG
1032	tristate "Streebog Hash Function"
1033	select CRYPTO_HASH
1034	help
1035	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1036	  cryptographic standard algorithms (called GOST algorithms).
1037	  This setting enables two hash algorithms with 256 and 512 bits output.
1038
1039	  References:
1040	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1041	  https://tools.ietf.org/html/rfc6986
1042
1043config CRYPTO_TGR192
1044	tristate "Tiger digest algorithms"
1045	select CRYPTO_HASH
1046	help
1047	  Tiger hash algorithm 192, 160 and 128-bit hashes
1048
1049	  Tiger is a hash function optimized for 64-bit processors while
1050	  still having decent performance on 32-bit processors.
1051	  Tiger was developed by Ross Anderson and Eli Biham.
1052
1053	  See also:
1054	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1055
1056config CRYPTO_WP512
1057	tristate "Whirlpool digest algorithms"
1058	select CRYPTO_HASH
1059	help
1060	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1061
1062	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1063	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1064
1065	  See also:
1066	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1067
1068config CRYPTO_GHASH_CLMUL_NI_INTEL
1069	tristate "GHASH hash function (CLMUL-NI accelerated)"
1070	depends on X86 && 64BIT
1071	select CRYPTO_CRYPTD
1072	help
1073	  This is the x86_64 CLMUL-NI accelerated implementation of
1074	  GHASH, the hash function used in GCM (Galois/Counter mode).
1075
1076comment "Ciphers"
1077
1078config CRYPTO_AES
1079	tristate "AES cipher algorithms"
1080	select CRYPTO_ALGAPI
1081	select CRYPTO_LIB_AES
1082	help
1083	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1084	  algorithm.
1085
1086	  Rijndael appears to be consistently a very good performer in
1087	  both hardware and software across a wide range of computing
1088	  environments regardless of its use in feedback or non-feedback
1089	  modes. Its key setup time is excellent, and its key agility is
1090	  good. Rijndael's very low memory requirements make it very well
1091	  suited for restricted-space environments, in which it also
1092	  demonstrates excellent performance. Rijndael's operations are
1093	  among the easiest to defend against power and timing attacks.
1094
1095	  The AES specifies three key sizes: 128, 192 and 256 bits
1096
1097	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1098
1099config CRYPTO_AES_TI
1100	tristate "Fixed time AES cipher"
1101	select CRYPTO_ALGAPI
1102	select CRYPTO_LIB_AES
1103	help
1104	  This is a generic implementation of AES that attempts to eliminate
1105	  data dependent latencies as much as possible without affecting
1106	  performance too much. It is intended for use by the generic CCM
1107	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1108	  solely on encryption (although decryption is supported as well, but
1109	  with a more dramatic performance hit)
1110
1111	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1112	  8 for decryption), this implementation only uses just two S-boxes of
1113	  256 bytes each, and attempts to eliminate data dependent latencies by
1114	  prefetching the entire table into the cache at the start of each
1115	  block. Interrupts are also disabled to avoid races where cachelines
1116	  are evicted when the CPU is interrupted to do something else.
1117
1118config CRYPTO_AES_NI_INTEL
1119	tristate "AES cipher algorithms (AES-NI)"
1120	depends on X86
1121	select CRYPTO_AEAD
1122	select CRYPTO_LIB_AES
1123	select CRYPTO_ALGAPI
1124	select CRYPTO_SKCIPHER
1125	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1126	select CRYPTO_SIMD
1127	help
1128	  Use Intel AES-NI instructions for AES algorithm.
1129
1130	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1131	  algorithm.
1132
1133	  Rijndael appears to be consistently a very good performer in
1134	  both hardware and software across a wide range of computing
1135	  environments regardless of its use in feedback or non-feedback
1136	  modes. Its key setup time is excellent, and its key agility is
1137	  good. Rijndael's very low memory requirements make it very well
1138	  suited for restricted-space environments, in which it also
1139	  demonstrates excellent performance. Rijndael's operations are
1140	  among the easiest to defend against power and timing attacks.
1141
1142	  The AES specifies three key sizes: 128, 192 and 256 bits
1143
1144	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1145
1146	  In addition to AES cipher algorithm support, the acceleration
1147	  for some popular block cipher mode is supported too, including
1148	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1149	  acceleration for CTR.
1150
1151config CRYPTO_AES_SPARC64
1152	tristate "AES cipher algorithms (SPARC64)"
1153	depends on SPARC64
1154	select CRYPTO_SKCIPHER
1155	help
1156	  Use SPARC64 crypto opcodes for AES algorithm.
1157
1158	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1159	  algorithm.
1160
1161	  Rijndael appears to be consistently a very good performer in
1162	  both hardware and software across a wide range of computing
1163	  environments regardless of its use in feedback or non-feedback
1164	  modes. Its key setup time is excellent, and its key agility is
1165	  good. Rijndael's very low memory requirements make it very well
1166	  suited for restricted-space environments, in which it also
1167	  demonstrates excellent performance. Rijndael's operations are
1168	  among the easiest to defend against power and timing attacks.
1169
1170	  The AES specifies three key sizes: 128, 192 and 256 bits
1171
1172	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1173
1174	  In addition to AES cipher algorithm support, the acceleration
1175	  for some popular block cipher mode is supported too, including
1176	  ECB and CBC.
1177
1178config CRYPTO_AES_PPC_SPE
1179	tristate "AES cipher algorithms (PPC SPE)"
1180	depends on PPC && SPE
1181	select CRYPTO_SKCIPHER
1182	help
1183	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1184	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1185	  This module should only be used for low power (router) devices
1186	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1187	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1188	  timining attacks. Nevertheless it might be not as secure as other
1189	  architecture specific assembler implementations that work on 1KB
1190	  tables or 256 bytes S-boxes.
1191
1192config CRYPTO_ANUBIS
1193	tristate "Anubis cipher algorithm"
1194	select CRYPTO_ALGAPI
1195	help
1196	  Anubis cipher algorithm.
1197
1198	  Anubis is a variable key length cipher which can use keys from
1199	  128 bits to 320 bits in length.  It was evaluated as a entrant
1200	  in the NESSIE competition.
1201
1202	  See also:
1203	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1204	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1205
1206config CRYPTO_ARC4
1207	tristate "ARC4 cipher algorithm"
1208	select CRYPTO_SKCIPHER
1209	select CRYPTO_LIB_ARC4
1210	help
1211	  ARC4 cipher algorithm.
1212
1213	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1214	  bits in length.  This algorithm is required for driver-based
1215	  WEP, but it should not be for other purposes because of the
1216	  weakness of the algorithm.
1217
1218config CRYPTO_BLOWFISH
1219	tristate "Blowfish cipher algorithm"
1220	select CRYPTO_ALGAPI
1221	select CRYPTO_BLOWFISH_COMMON
1222	help
1223	  Blowfish cipher algorithm, by Bruce Schneier.
1224
1225	  This is a variable key length cipher which can use keys from 32
1226	  bits to 448 bits in length.  It's fast, simple and specifically
1227	  designed for use on "large microprocessors".
1228
1229	  See also:
1230	  <http://www.schneier.com/blowfish.html>
1231
1232config CRYPTO_BLOWFISH_COMMON
1233	tristate
1234	help
1235	  Common parts of the Blowfish cipher algorithm shared by the
1236	  generic c and the assembler implementations.
1237
1238	  See also:
1239	  <http://www.schneier.com/blowfish.html>
1240
1241config CRYPTO_BLOWFISH_X86_64
1242	tristate "Blowfish cipher algorithm (x86_64)"
1243	depends on X86 && 64BIT
1244	select CRYPTO_SKCIPHER
1245	select CRYPTO_BLOWFISH_COMMON
1246	help
1247	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1248
1249	  This is a variable key length cipher which can use keys from 32
1250	  bits to 448 bits in length.  It's fast, simple and specifically
1251	  designed for use on "large microprocessors".
1252
1253	  See also:
1254	  <http://www.schneier.com/blowfish.html>
1255
1256config CRYPTO_CAMELLIA
1257	tristate "Camellia cipher algorithms"
1258	depends on CRYPTO
1259	select CRYPTO_ALGAPI
1260	help
1261	  Camellia cipher algorithms module.
1262
1263	  Camellia is a symmetric key block cipher developed jointly
1264	  at NTT and Mitsubishi Electric Corporation.
1265
1266	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1267
1268	  See also:
1269	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1270
1271config CRYPTO_CAMELLIA_X86_64
1272	tristate "Camellia cipher algorithm (x86_64)"
1273	depends on X86 && 64BIT
1274	depends on CRYPTO
1275	select CRYPTO_SKCIPHER
1276	select CRYPTO_GLUE_HELPER_X86
1277	help
1278	  Camellia cipher algorithm module (x86_64).
1279
1280	  Camellia is a symmetric key block cipher developed jointly
1281	  at NTT and Mitsubishi Electric Corporation.
1282
1283	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1284
1285	  See also:
1286	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1287
1288config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1289	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1290	depends on X86 && 64BIT
1291	depends on CRYPTO
1292	select CRYPTO_SKCIPHER
1293	select CRYPTO_CAMELLIA_X86_64
1294	select CRYPTO_GLUE_HELPER_X86
1295	select CRYPTO_SIMD
1296	select CRYPTO_XTS
1297	help
1298	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1299
1300	  Camellia is a symmetric key block cipher developed jointly
1301	  at NTT and Mitsubishi Electric Corporation.
1302
1303	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1304
1305	  See also:
1306	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1307
1308config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1309	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1310	depends on X86 && 64BIT
1311	depends on CRYPTO
1312	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1313	help
1314	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1315
1316	  Camellia is a symmetric key block cipher developed jointly
1317	  at NTT and Mitsubishi Electric Corporation.
1318
1319	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1320
1321	  See also:
1322	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1323
1324config CRYPTO_CAMELLIA_SPARC64
1325	tristate "Camellia cipher algorithm (SPARC64)"
1326	depends on SPARC64
1327	depends on CRYPTO
1328	select CRYPTO_ALGAPI
1329	select CRYPTO_SKCIPHER
1330	help
1331	  Camellia cipher algorithm module (SPARC64).
1332
1333	  Camellia is a symmetric key block cipher developed jointly
1334	  at NTT and Mitsubishi Electric Corporation.
1335
1336	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1337
1338	  See also:
1339	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1340
1341config CRYPTO_CAST_COMMON
1342	tristate
1343	help
1344	  Common parts of the CAST cipher algorithms shared by the
1345	  generic c and the assembler implementations.
1346
1347config CRYPTO_CAST5
1348	tristate "CAST5 (CAST-128) cipher algorithm"
1349	select CRYPTO_ALGAPI
1350	select CRYPTO_CAST_COMMON
1351	help
1352	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1353	  described in RFC2144.
1354
1355config CRYPTO_CAST5_AVX_X86_64
1356	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1357	depends on X86 && 64BIT
1358	select CRYPTO_SKCIPHER
1359	select CRYPTO_CAST5
1360	select CRYPTO_CAST_COMMON
1361	select CRYPTO_SIMD
1362	help
1363	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1364	  described in RFC2144.
1365
1366	  This module provides the Cast5 cipher algorithm that processes
1367	  sixteen blocks parallel using the AVX instruction set.
1368
1369config CRYPTO_CAST6
1370	tristate "CAST6 (CAST-256) cipher algorithm"
1371	select CRYPTO_ALGAPI
1372	select CRYPTO_CAST_COMMON
1373	help
1374	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1375	  described in RFC2612.
1376
1377config CRYPTO_CAST6_AVX_X86_64
1378	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1379	depends on X86 && 64BIT
1380	select CRYPTO_SKCIPHER
1381	select CRYPTO_CAST6
1382	select CRYPTO_CAST_COMMON
1383	select CRYPTO_GLUE_HELPER_X86
1384	select CRYPTO_SIMD
1385	select CRYPTO_XTS
1386	help
1387	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1388	  described in RFC2612.
1389
1390	  This module provides the Cast6 cipher algorithm that processes
1391	  eight blocks parallel using the AVX instruction set.
1392
1393config CRYPTO_DES
1394	tristate "DES and Triple DES EDE cipher algorithms"
1395	select CRYPTO_ALGAPI
1396	select CRYPTO_LIB_DES
1397	help
1398	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1399
1400config CRYPTO_DES_SPARC64
1401	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1402	depends on SPARC64
1403	select CRYPTO_ALGAPI
1404	select CRYPTO_LIB_DES
1405	select CRYPTO_SKCIPHER
1406	help
1407	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1408	  optimized using SPARC64 crypto opcodes.
1409
1410config CRYPTO_DES3_EDE_X86_64
1411	tristate "Triple DES EDE cipher algorithm (x86-64)"
1412	depends on X86 && 64BIT
1413	select CRYPTO_SKCIPHER
1414	select CRYPTO_LIB_DES
1415	help
1416	  Triple DES EDE (FIPS 46-3) algorithm.
1417
1418	  This module provides implementation of the Triple DES EDE cipher
1419	  algorithm that is optimized for x86-64 processors. Two versions of
1420	  algorithm are provided; regular processing one input block and
1421	  one that processes three blocks parallel.
1422
1423config CRYPTO_FCRYPT
1424	tristate "FCrypt cipher algorithm"
1425	select CRYPTO_ALGAPI
1426	select CRYPTO_SKCIPHER
1427	help
1428	  FCrypt algorithm used by RxRPC.
1429
1430config CRYPTO_KHAZAD
1431	tristate "Khazad cipher algorithm"
1432	select CRYPTO_ALGAPI
1433	help
1434	  Khazad cipher algorithm.
1435
1436	  Khazad was a finalist in the initial NESSIE competition.  It is
1437	  an algorithm optimized for 64-bit processors with good performance
1438	  on 32-bit processors.  Khazad uses an 128 bit key size.
1439
1440	  See also:
1441	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1442
1443config CRYPTO_SALSA20
1444	tristate "Salsa20 stream cipher algorithm"
1445	select CRYPTO_SKCIPHER
1446	help
1447	  Salsa20 stream cipher algorithm.
1448
1449	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1450	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1451
1452	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1453	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1454
1455config CRYPTO_CHACHA20
1456	tristate "ChaCha stream cipher algorithms"
1457	select CRYPTO_LIB_CHACHA_GENERIC
1458	select CRYPTO_SKCIPHER
1459	help
1460	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1461
1462	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1463	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1464	  This is the portable C implementation of ChaCha20.  See also:
1465	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1466
1467	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1468	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1469	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1470	  while provably retaining ChaCha20's security.  See also:
1471	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1472
1473	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1474	  reduced security margin but increased performance.  It can be needed
1475	  in some performance-sensitive scenarios.
1476
1477config CRYPTO_CHACHA20_X86_64
1478	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1479	depends on X86 && 64BIT
1480	select CRYPTO_SKCIPHER
1481	select CRYPTO_LIB_CHACHA_GENERIC
1482	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1483	help
1484	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1485	  XChaCha20, and XChaCha12 stream ciphers.
1486
1487config CRYPTO_CHACHA_MIPS
1488	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1489	depends on CPU_MIPS32_R2
1490	select CRYPTO_SKCIPHER
1491	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1492
1493config CRYPTO_SEED
1494	tristate "SEED cipher algorithm"
1495	select CRYPTO_ALGAPI
1496	help
1497	  SEED cipher algorithm (RFC4269).
1498
1499	  SEED is a 128-bit symmetric key block cipher that has been
1500	  developed by KISA (Korea Information Security Agency) as a
1501	  national standard encryption algorithm of the Republic of Korea.
1502	  It is a 16 round block cipher with the key size of 128 bit.
1503
1504	  See also:
1505	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1506
1507config CRYPTO_SERPENT
1508	tristate "Serpent cipher algorithm"
1509	select CRYPTO_ALGAPI
1510	help
1511	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1512
1513	  Keys are allowed to be from 0 to 256 bits in length, in steps
1514	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1515	  variant of Serpent for compatibility with old kerneli.org code.
1516
1517	  See also:
1518	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1519
1520config CRYPTO_SERPENT_SSE2_X86_64
1521	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1522	depends on X86 && 64BIT
1523	select CRYPTO_SKCIPHER
1524	select CRYPTO_GLUE_HELPER_X86
1525	select CRYPTO_SERPENT
1526	select CRYPTO_SIMD
1527	help
1528	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1529
1530	  Keys are allowed to be from 0 to 256 bits in length, in steps
1531	  of 8 bits.
1532
1533	  This module provides Serpent cipher algorithm that processes eight
1534	  blocks parallel using SSE2 instruction set.
1535
1536	  See also:
1537	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1538
1539config CRYPTO_SERPENT_SSE2_586
1540	tristate "Serpent cipher algorithm (i586/SSE2)"
1541	depends on X86 && !64BIT
1542	select CRYPTO_SKCIPHER
1543	select CRYPTO_GLUE_HELPER_X86
1544	select CRYPTO_SERPENT
1545	select CRYPTO_SIMD
1546	help
1547	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1548
1549	  Keys are allowed to be from 0 to 256 bits in length, in steps
1550	  of 8 bits.
1551
1552	  This module provides Serpent cipher algorithm that processes four
1553	  blocks parallel using SSE2 instruction set.
1554
1555	  See also:
1556	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1557
1558config CRYPTO_SERPENT_AVX_X86_64
1559	tristate "Serpent cipher algorithm (x86_64/AVX)"
1560	depends on X86 && 64BIT
1561	select CRYPTO_SKCIPHER
1562	select CRYPTO_GLUE_HELPER_X86
1563	select CRYPTO_SERPENT
1564	select CRYPTO_SIMD
1565	select CRYPTO_XTS
1566	help
1567	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1568
1569	  Keys are allowed to be from 0 to 256 bits in length, in steps
1570	  of 8 bits.
1571
1572	  This module provides the Serpent cipher algorithm that processes
1573	  eight blocks parallel using the AVX instruction set.
1574
1575	  See also:
1576	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1577
1578config CRYPTO_SERPENT_AVX2_X86_64
1579	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1580	depends on X86 && 64BIT
1581	select CRYPTO_SERPENT_AVX_X86_64
1582	help
1583	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1584
1585	  Keys are allowed to be from 0 to 256 bits in length, in steps
1586	  of 8 bits.
1587
1588	  This module provides Serpent cipher algorithm that processes 16
1589	  blocks parallel using AVX2 instruction set.
1590
1591	  See also:
1592	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1593
1594config CRYPTO_SM4
1595	tristate "SM4 cipher algorithm"
1596	select CRYPTO_ALGAPI
1597	help
1598	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1599
1600	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1601	  Organization of State Commercial Administration of China (OSCCA)
1602	  as an authorized cryptographic algorithms for the use within China.
1603
1604	  SMS4 was originally created for use in protecting wireless
1605	  networks, and is mandated in the Chinese National Standard for
1606	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1607	  (GB.15629.11-2003).
1608
1609	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1610	  standardized through TC 260 of the Standardization Administration
1611	  of the People's Republic of China (SAC).
1612
1613	  The input, output, and key of SMS4 are each 128 bits.
1614
1615	  See also: <https://eprint.iacr.org/2008/329.pdf>
1616
1617	  If unsure, say N.
1618
1619config CRYPTO_TEA
1620	tristate "TEA, XTEA and XETA cipher algorithms"
1621	select CRYPTO_ALGAPI
1622	help
1623	  TEA cipher algorithm.
1624
1625	  Tiny Encryption Algorithm is a simple cipher that uses
1626	  many rounds for security.  It is very fast and uses
1627	  little memory.
1628
1629	  Xtendend Tiny Encryption Algorithm is a modification to
1630	  the TEA algorithm to address a potential key weakness
1631	  in the TEA algorithm.
1632
1633	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1634	  of the XTEA algorithm for compatibility purposes.
1635
1636config CRYPTO_TWOFISH
1637	tristate "Twofish cipher algorithm"
1638	select CRYPTO_ALGAPI
1639	select CRYPTO_TWOFISH_COMMON
1640	help
1641	  Twofish cipher algorithm.
1642
1643	  Twofish was submitted as an AES (Advanced Encryption Standard)
1644	  candidate cipher by researchers at CounterPane Systems.  It is a
1645	  16 round block cipher supporting key sizes of 128, 192, and 256
1646	  bits.
1647
1648	  See also:
1649	  <http://www.schneier.com/twofish.html>
1650
1651config CRYPTO_TWOFISH_COMMON
1652	tristate
1653	help
1654	  Common parts of the Twofish cipher algorithm shared by the
1655	  generic c and the assembler implementations.
1656
1657config CRYPTO_TWOFISH_586
1658	tristate "Twofish cipher algorithms (i586)"
1659	depends on (X86 || UML_X86) && !64BIT
1660	select CRYPTO_ALGAPI
1661	select CRYPTO_TWOFISH_COMMON
1662	help
1663	  Twofish cipher algorithm.
1664
1665	  Twofish was submitted as an AES (Advanced Encryption Standard)
1666	  candidate cipher by researchers at CounterPane Systems.  It is a
1667	  16 round block cipher supporting key sizes of 128, 192, and 256
1668	  bits.
1669
1670	  See also:
1671	  <http://www.schneier.com/twofish.html>
1672
1673config CRYPTO_TWOFISH_X86_64
1674	tristate "Twofish cipher algorithm (x86_64)"
1675	depends on (X86 || UML_X86) && 64BIT
1676	select CRYPTO_ALGAPI
1677	select CRYPTO_TWOFISH_COMMON
1678	help
1679	  Twofish cipher algorithm (x86_64).
1680
1681	  Twofish was submitted as an AES (Advanced Encryption Standard)
1682	  candidate cipher by researchers at CounterPane Systems.  It is a
1683	  16 round block cipher supporting key sizes of 128, 192, and 256
1684	  bits.
1685
1686	  See also:
1687	  <http://www.schneier.com/twofish.html>
1688
1689config CRYPTO_TWOFISH_X86_64_3WAY
1690	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1691	depends on X86 && 64BIT
1692	select CRYPTO_SKCIPHER
1693	select CRYPTO_TWOFISH_COMMON
1694	select CRYPTO_TWOFISH_X86_64
1695	select CRYPTO_GLUE_HELPER_X86
1696	help
1697	  Twofish cipher algorithm (x86_64, 3-way parallel).
1698
1699	  Twofish was submitted as an AES (Advanced Encryption Standard)
1700	  candidate cipher by researchers at CounterPane Systems.  It is a
1701	  16 round block cipher supporting key sizes of 128, 192, and 256
1702	  bits.
1703
1704	  This module provides Twofish cipher algorithm that processes three
1705	  blocks parallel, utilizing resources of out-of-order CPUs better.
1706
1707	  See also:
1708	  <http://www.schneier.com/twofish.html>
1709
1710config CRYPTO_TWOFISH_AVX_X86_64
1711	tristate "Twofish cipher algorithm (x86_64/AVX)"
1712	depends on X86 && 64BIT
1713	select CRYPTO_SKCIPHER
1714	select CRYPTO_GLUE_HELPER_X86
1715	select CRYPTO_SIMD
1716	select CRYPTO_TWOFISH_COMMON
1717	select CRYPTO_TWOFISH_X86_64
1718	select CRYPTO_TWOFISH_X86_64_3WAY
1719	help
1720	  Twofish cipher algorithm (x86_64/AVX).
1721
1722	  Twofish was submitted as an AES (Advanced Encryption Standard)
1723	  candidate cipher by researchers at CounterPane Systems.  It is a
1724	  16 round block cipher supporting key sizes of 128, 192, and 256
1725	  bits.
1726
1727	  This module provides the Twofish cipher algorithm that processes
1728	  eight blocks parallel using the AVX Instruction Set.
1729
1730	  See also:
1731	  <http://www.schneier.com/twofish.html>
1732
1733comment "Compression"
1734
1735config CRYPTO_DEFLATE
1736	tristate "Deflate compression algorithm"
1737	select CRYPTO_ALGAPI
1738	select CRYPTO_ACOMP2
1739	select ZLIB_INFLATE
1740	select ZLIB_DEFLATE
1741	help
1742	  This is the Deflate algorithm (RFC1951), specified for use in
1743	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1744
1745	  You will most probably want this if using IPSec.
1746
1747config CRYPTO_LZO
1748	tristate "LZO compression algorithm"
1749	select CRYPTO_ALGAPI
1750	select CRYPTO_ACOMP2
1751	select LZO_COMPRESS
1752	select LZO_DECOMPRESS
1753	help
1754	  This is the LZO algorithm.
1755
1756config CRYPTO_842
1757	tristate "842 compression algorithm"
1758	select CRYPTO_ALGAPI
1759	select CRYPTO_ACOMP2
1760	select 842_COMPRESS
1761	select 842_DECOMPRESS
1762	help
1763	  This is the 842 algorithm.
1764
1765config CRYPTO_LZ4
1766	tristate "LZ4 compression algorithm"
1767	select CRYPTO_ALGAPI
1768	select CRYPTO_ACOMP2
1769	select LZ4_COMPRESS
1770	select LZ4_DECOMPRESS
1771	help
1772	  This is the LZ4 algorithm.
1773
1774config CRYPTO_LZ4HC
1775	tristate "LZ4HC compression algorithm"
1776	select CRYPTO_ALGAPI
1777	select CRYPTO_ACOMP2
1778	select LZ4HC_COMPRESS
1779	select LZ4_DECOMPRESS
1780	help
1781	  This is the LZ4 high compression mode algorithm.
1782
1783config CRYPTO_ZSTD
1784	tristate "Zstd compression algorithm"
1785	select CRYPTO_ALGAPI
1786	select CRYPTO_ACOMP2
1787	select ZSTD_COMPRESS
1788	select ZSTD_DECOMPRESS
1789	help
1790	  This is the zstd algorithm.
1791
1792comment "Random Number Generation"
1793
1794config CRYPTO_ANSI_CPRNG
1795	tristate "Pseudo Random Number Generation for Cryptographic modules"
1796	select CRYPTO_AES
1797	select CRYPTO_RNG
1798	help
1799	  This option enables the generic pseudo random number generator
1800	  for cryptographic modules.  Uses the Algorithm specified in
1801	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1802	  CRYPTO_FIPS is selected
1803
1804menuconfig CRYPTO_DRBG_MENU
1805	tristate "NIST SP800-90A DRBG"
1806	help
1807	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1808	  more of the DRBG types must be selected.
1809
1810if CRYPTO_DRBG_MENU
1811
1812config CRYPTO_DRBG_HMAC
1813	bool
1814	default y
1815	select CRYPTO_HMAC
1816	select CRYPTO_SHA256
1817
1818config CRYPTO_DRBG_HASH
1819	bool "Enable Hash DRBG"
1820	select CRYPTO_SHA256
1821	help
1822	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1823
1824config CRYPTO_DRBG_CTR
1825	bool "Enable CTR DRBG"
1826	select CRYPTO_AES
1827	depends on CRYPTO_CTR
1828	help
1829	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1830
1831config CRYPTO_DRBG
1832	tristate
1833	default CRYPTO_DRBG_MENU
1834	select CRYPTO_RNG
1835	select CRYPTO_JITTERENTROPY
1836
1837endif	# if CRYPTO_DRBG_MENU
1838
1839config CRYPTO_JITTERENTROPY
1840	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1841	select CRYPTO_RNG
1842	help
1843	  The Jitterentropy RNG is a noise that is intended
1844	  to provide seed to another RNG. The RNG does not
1845	  perform any cryptographic whitening of the generated
1846	  random numbers. This Jitterentropy RNG registers with
1847	  the kernel crypto API and can be used by any caller.
1848
1849config CRYPTO_USER_API
1850	tristate
1851
1852config CRYPTO_USER_API_HASH
1853	tristate "User-space interface for hash algorithms"
1854	depends on NET
1855	select CRYPTO_HASH
1856	select CRYPTO_USER_API
1857	help
1858	  This option enables the user-spaces interface for hash
1859	  algorithms.
1860
1861config CRYPTO_USER_API_SKCIPHER
1862	tristate "User-space interface for symmetric key cipher algorithms"
1863	depends on NET
1864	select CRYPTO_SKCIPHER
1865	select CRYPTO_USER_API
1866	help
1867	  This option enables the user-spaces interface for symmetric
1868	  key cipher algorithms.
1869
1870config CRYPTO_USER_API_RNG
1871	tristate "User-space interface for random number generator algorithms"
1872	depends on NET
1873	select CRYPTO_RNG
1874	select CRYPTO_USER_API
1875	help
1876	  This option enables the user-spaces interface for random
1877	  number generator algorithms.
1878
1879config CRYPTO_USER_API_AEAD
1880	tristate "User-space interface for AEAD cipher algorithms"
1881	depends on NET
1882	select CRYPTO_AEAD
1883	select CRYPTO_SKCIPHER
1884	select CRYPTO_NULL
1885	select CRYPTO_USER_API
1886	help
1887	  This option enables the user-spaces interface for AEAD
1888	  cipher algorithms.
1889
1890config CRYPTO_STATS
1891	bool "Crypto usage statistics for User-space"
1892	depends on CRYPTO_USER
1893	help
1894	  This option enables the gathering of crypto stats.
1895	  This will collect:
1896	  - encrypt/decrypt size and numbers of symmeric operations
1897	  - compress/decompress size and numbers of compress operations
1898	  - size and numbers of hash operations
1899	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1900	  - generate/seed numbers for rng operations
1901
1902config CRYPTO_HASH_INFO
1903	bool
1904
1905source "lib/crypto/Kconfig"
1906source "drivers/crypto/Kconfig"
1907source "crypto/asymmetric_keys/Kconfig"
1908source "certs/Kconfig"
1909
1910endif	# if CRYPTO
1911