1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m || EXPERT 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_GLUE_HELPER_X86 214 tristate 215 depends on X86 216 select CRYPTO_SKCIPHER 217 218config CRYPTO_ENGINE 219 tristate 220 221comment "Public-key cryptography" 222 223config CRYPTO_RSA 224 tristate "RSA algorithm" 225 select CRYPTO_AKCIPHER 226 select CRYPTO_MANAGER 227 select MPILIB 228 select ASN1 229 help 230 Generic implementation of the RSA public key algorithm. 231 232config CRYPTO_DH 233 tristate "Diffie-Hellman algorithm" 234 select CRYPTO_KPP 235 select MPILIB 236 help 237 Generic implementation of the Diffie-Hellman algorithm. 238 239config CRYPTO_ECC 240 tristate 241 242config CRYPTO_ECDH 243 tristate "ECDH algorithm" 244 select CRYPTO_ECC 245 select CRYPTO_KPP 246 select CRYPTO_RNG_DEFAULT 247 help 248 Generic implementation of the ECDH algorithm 249 250config CRYPTO_ECRDSA 251 tristate "EC-RDSA (GOST 34.10) algorithm" 252 select CRYPTO_ECC 253 select CRYPTO_AKCIPHER 254 select CRYPTO_STREEBOG 255 select OID_REGISTRY 256 select ASN1 257 help 258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 260 standard algorithms (called GOST algorithms). Only signature verification 261 is implemented. 262 263config CRYPTO_SM2 264 tristate "SM2 algorithm" 265 select CRYPTO_SM3 266 select CRYPTO_AKCIPHER 267 select CRYPTO_MANAGER 268 select MPILIB 269 select ASN1 270 help 271 Generic implementation of the SM2 public key algorithm. It was 272 published by State Encryption Management Bureau, China. 273 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 274 275 References: 276 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 277 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 278 http://www.gmbz.org.cn/main/bzlb.html 279 280config CRYPTO_CURVE25519 281 tristate "Curve25519 algorithm" 282 select CRYPTO_KPP 283 select CRYPTO_LIB_CURVE25519_GENERIC 284 285config CRYPTO_CURVE25519_X86 286 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 287 depends on X86 && 64BIT 288 select CRYPTO_LIB_CURVE25519_GENERIC 289 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 290 291comment "Authenticated Encryption with Associated Data" 292 293config CRYPTO_CCM 294 tristate "CCM support" 295 select CRYPTO_CTR 296 select CRYPTO_HASH 297 select CRYPTO_AEAD 298 select CRYPTO_MANAGER 299 help 300 Support for Counter with CBC MAC. Required for IPsec. 301 302config CRYPTO_GCM 303 tristate "GCM/GMAC support" 304 select CRYPTO_CTR 305 select CRYPTO_AEAD 306 select CRYPTO_GHASH 307 select CRYPTO_NULL 308 select CRYPTO_MANAGER 309 help 310 Support for Galois/Counter Mode (GCM) and Galois Message 311 Authentication Code (GMAC). Required for IPSec. 312 313config CRYPTO_CHACHA20POLY1305 314 tristate "ChaCha20-Poly1305 AEAD support" 315 select CRYPTO_CHACHA20 316 select CRYPTO_POLY1305 317 select CRYPTO_AEAD 318 select CRYPTO_MANAGER 319 help 320 ChaCha20-Poly1305 AEAD support, RFC7539. 321 322 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 323 with the Poly1305 authenticator. It is defined in RFC7539 for use in 324 IETF protocols. 325 326config CRYPTO_AEGIS128 327 tristate "AEGIS-128 AEAD algorithm" 328 select CRYPTO_AEAD 329 select CRYPTO_AES # for AES S-box tables 330 help 331 Support for the AEGIS-128 dedicated AEAD algorithm. 332 333config CRYPTO_AEGIS128_SIMD 334 bool "Support SIMD acceleration for AEGIS-128" 335 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 336 default y 337 338config CRYPTO_AEGIS128_AESNI_SSE2 339 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 340 depends on X86 && 64BIT 341 select CRYPTO_AEAD 342 select CRYPTO_SIMD 343 help 344 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 345 346config CRYPTO_SEQIV 347 tristate "Sequence Number IV Generator" 348 select CRYPTO_AEAD 349 select CRYPTO_SKCIPHER 350 select CRYPTO_NULL 351 select CRYPTO_RNG_DEFAULT 352 select CRYPTO_MANAGER 353 help 354 This IV generator generates an IV based on a sequence number by 355 xoring it with a salt. This algorithm is mainly useful for CTR 356 357config CRYPTO_ECHAINIV 358 tristate "Encrypted Chain IV Generator" 359 select CRYPTO_AEAD 360 select CRYPTO_NULL 361 select CRYPTO_RNG_DEFAULT 362 select CRYPTO_MANAGER 363 help 364 This IV generator generates an IV based on the encryption of 365 a sequence number xored with a salt. This is the default 366 algorithm for CBC. 367 368comment "Block modes" 369 370config CRYPTO_CBC 371 tristate "CBC support" 372 select CRYPTO_SKCIPHER 373 select CRYPTO_MANAGER 374 help 375 CBC: Cipher Block Chaining mode 376 This block cipher algorithm is required for IPSec. 377 378config CRYPTO_CFB 379 tristate "CFB support" 380 select CRYPTO_SKCIPHER 381 select CRYPTO_MANAGER 382 help 383 CFB: Cipher FeedBack mode 384 This block cipher algorithm is required for TPM2 Cryptography. 385 386config CRYPTO_CTR 387 tristate "CTR support" 388 select CRYPTO_SKCIPHER 389 select CRYPTO_MANAGER 390 help 391 CTR: Counter mode 392 This block cipher algorithm is required for IPSec. 393 394config CRYPTO_CTS 395 tristate "CTS support" 396 select CRYPTO_SKCIPHER 397 select CRYPTO_MANAGER 398 help 399 CTS: Cipher Text Stealing 400 This is the Cipher Text Stealing mode as described by 401 Section 8 of rfc2040 and referenced by rfc3962 402 (rfc3962 includes errata information in its Appendix A) or 403 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 404 This mode is required for Kerberos gss mechanism support 405 for AES encryption. 406 407 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 408 409config CRYPTO_ECB 410 tristate "ECB support" 411 select CRYPTO_SKCIPHER 412 select CRYPTO_MANAGER 413 help 414 ECB: Electronic CodeBook mode 415 This is the simplest block cipher algorithm. It simply encrypts 416 the input block by block. 417 418config CRYPTO_LRW 419 tristate "LRW support" 420 select CRYPTO_SKCIPHER 421 select CRYPTO_MANAGER 422 select CRYPTO_GF128MUL 423 help 424 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 425 narrow block cipher mode for dm-crypt. Use it with cipher 426 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 427 The first 128, 192 or 256 bits in the key are used for AES and the 428 rest is used to tie each cipher block to its logical position. 429 430config CRYPTO_OFB 431 tristate "OFB support" 432 select CRYPTO_SKCIPHER 433 select CRYPTO_MANAGER 434 help 435 OFB: the Output Feedback mode makes a block cipher into a synchronous 436 stream cipher. It generates keystream blocks, which are then XORed 437 with the plaintext blocks to get the ciphertext. Flipping a bit in the 438 ciphertext produces a flipped bit in the plaintext at the same 439 location. This property allows many error correcting codes to function 440 normally even when applied before encryption. 441 442config CRYPTO_PCBC 443 tristate "PCBC support" 444 select CRYPTO_SKCIPHER 445 select CRYPTO_MANAGER 446 help 447 PCBC: Propagating Cipher Block Chaining mode 448 This block cipher algorithm is required for RxRPC. 449 450config CRYPTO_XTS 451 tristate "XTS support" 452 select CRYPTO_SKCIPHER 453 select CRYPTO_MANAGER 454 select CRYPTO_ECB 455 help 456 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 457 key size 256, 384 or 512 bits. This implementation currently 458 can't handle a sectorsize which is not a multiple of 16 bytes. 459 460config CRYPTO_KEYWRAP 461 tristate "Key wrapping support" 462 select CRYPTO_SKCIPHER 463 select CRYPTO_MANAGER 464 help 465 Support for key wrapping (NIST SP800-38F / RFC3394) without 466 padding. 467 468config CRYPTO_NHPOLY1305 469 tristate 470 select CRYPTO_HASH 471 select CRYPTO_LIB_POLY1305_GENERIC 472 473config CRYPTO_NHPOLY1305_SSE2 474 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 475 depends on X86 && 64BIT 476 select CRYPTO_NHPOLY1305 477 help 478 SSE2 optimized implementation of the hash function used by the 479 Adiantum encryption mode. 480 481config CRYPTO_NHPOLY1305_AVX2 482 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 483 depends on X86 && 64BIT 484 select CRYPTO_NHPOLY1305 485 help 486 AVX2 optimized implementation of the hash function used by the 487 Adiantum encryption mode. 488 489config CRYPTO_ADIANTUM 490 tristate "Adiantum support" 491 select CRYPTO_CHACHA20 492 select CRYPTO_LIB_POLY1305_GENERIC 493 select CRYPTO_NHPOLY1305 494 select CRYPTO_MANAGER 495 help 496 Adiantum is a tweakable, length-preserving encryption mode 497 designed for fast and secure disk encryption, especially on 498 CPUs without dedicated crypto instructions. It encrypts 499 each sector using the XChaCha12 stream cipher, two passes of 500 an ε-almost-∆-universal hash function, and an invocation of 501 the AES-256 block cipher on a single 16-byte block. On CPUs 502 without AES instructions, Adiantum is much faster than 503 AES-XTS. 504 505 Adiantum's security is provably reducible to that of its 506 underlying stream and block ciphers, subject to a security 507 bound. Unlike XTS, Adiantum is a true wide-block encryption 508 mode, so it actually provides an even stronger notion of 509 security than XTS, subject to the security bound. 510 511 If unsure, say N. 512 513config CRYPTO_ESSIV 514 tristate "ESSIV support for block encryption" 515 select CRYPTO_AUTHENC 516 help 517 Encrypted salt-sector initialization vector (ESSIV) is an IV 518 generation method that is used in some cases by fscrypt and/or 519 dm-crypt. It uses the hash of the block encryption key as the 520 symmetric key for a block encryption pass applied to the input 521 IV, making low entropy IV sources more suitable for block 522 encryption. 523 524 This driver implements a crypto API template that can be 525 instantiated either as an skcipher or as an AEAD (depending on the 526 type of the first template argument), and which defers encryption 527 and decryption requests to the encapsulated cipher after applying 528 ESSIV to the input IV. Note that in the AEAD case, it is assumed 529 that the keys are presented in the same format used by the authenc 530 template, and that the IV appears at the end of the authenticated 531 associated data (AAD) region (which is how dm-crypt uses it.) 532 533 Note that the use of ESSIV is not recommended for new deployments, 534 and so this only needs to be enabled when interoperability with 535 existing encrypted volumes of filesystems is required, or when 536 building for a particular system that requires it (e.g., when 537 the SoC in question has accelerated CBC but not XTS, making CBC 538 combined with ESSIV the only feasible mode for h/w accelerated 539 block encryption) 540 541comment "Hash modes" 542 543config CRYPTO_CMAC 544 tristate "CMAC support" 545 select CRYPTO_HASH 546 select CRYPTO_MANAGER 547 help 548 Cipher-based Message Authentication Code (CMAC) specified by 549 The National Institute of Standards and Technology (NIST). 550 551 https://tools.ietf.org/html/rfc4493 552 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 553 554config CRYPTO_HMAC 555 tristate "HMAC support" 556 select CRYPTO_HASH 557 select CRYPTO_MANAGER 558 help 559 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 560 This is required for IPSec. 561 562config CRYPTO_XCBC 563 tristate "XCBC support" 564 select CRYPTO_HASH 565 select CRYPTO_MANAGER 566 help 567 XCBC: Keyed-Hashing with encryption algorithm 568 https://www.ietf.org/rfc/rfc3566.txt 569 http://csrc.nist.gov/encryption/modes/proposedmodes/ 570 xcbc-mac/xcbc-mac-spec.pdf 571 572config CRYPTO_VMAC 573 tristate "VMAC support" 574 select CRYPTO_HASH 575 select CRYPTO_MANAGER 576 help 577 VMAC is a message authentication algorithm designed for 578 very high speed on 64-bit architectures. 579 580 See also: 581 <https://fastcrypto.org/vmac> 582 583comment "Digest" 584 585config CRYPTO_CRC32C 586 tristate "CRC32c CRC algorithm" 587 select CRYPTO_HASH 588 select CRC32 589 help 590 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 591 by iSCSI for header and data digests and by others. 592 See Castagnoli93. Module will be crc32c. 593 594config CRYPTO_CRC32C_INTEL 595 tristate "CRC32c INTEL hardware acceleration" 596 depends on X86 597 select CRYPTO_HASH 598 help 599 In Intel processor with SSE4.2 supported, the processor will 600 support CRC32C implementation using hardware accelerated CRC32 601 instruction. This option will create 'crc32c-intel' module, 602 which will enable any routine to use the CRC32 instruction to 603 gain performance compared with software implementation. 604 Module will be crc32c-intel. 605 606config CRYPTO_CRC32C_VPMSUM 607 tristate "CRC32c CRC algorithm (powerpc64)" 608 depends on PPC64 && ALTIVEC 609 select CRYPTO_HASH 610 select CRC32 611 help 612 CRC32c algorithm implemented using vector polynomial multiply-sum 613 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 614 and newer processors for improved performance. 615 616 617config CRYPTO_CRC32C_SPARC64 618 tristate "CRC32c CRC algorithm (SPARC64)" 619 depends on SPARC64 620 select CRYPTO_HASH 621 select CRC32 622 help 623 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 624 when available. 625 626config CRYPTO_CRC32 627 tristate "CRC32 CRC algorithm" 628 select CRYPTO_HASH 629 select CRC32 630 help 631 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 632 Shash crypto api wrappers to crc32_le function. 633 634config CRYPTO_CRC32_PCLMUL 635 tristate "CRC32 PCLMULQDQ hardware acceleration" 636 depends on X86 637 select CRYPTO_HASH 638 select CRC32 639 help 640 From Intel Westmere and AMD Bulldozer processor with SSE4.2 641 and PCLMULQDQ supported, the processor will support 642 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 643 instruction. This option will create 'crc32-pclmul' module, 644 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 645 and gain better performance as compared with the table implementation. 646 647config CRYPTO_CRC32_MIPS 648 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 649 depends on MIPS_CRC_SUPPORT 650 select CRYPTO_HASH 651 help 652 CRC32c and CRC32 CRC algorithms implemented using mips crypto 653 instructions, when available. 654 655 656config CRYPTO_XXHASH 657 tristate "xxHash hash algorithm" 658 select CRYPTO_HASH 659 select XXHASH 660 help 661 xxHash non-cryptographic hash algorithm. Extremely fast, working at 662 speeds close to RAM limits. 663 664config CRYPTO_BLAKE2B 665 tristate "BLAKE2b digest algorithm" 666 select CRYPTO_HASH 667 help 668 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 669 optimized for 64bit platforms and can produce digests of any size 670 between 1 to 64. The keyed hash is also implemented. 671 672 This module provides the following algorithms: 673 674 - blake2b-160 675 - blake2b-256 676 - blake2b-384 677 - blake2b-512 678 679 See https://blake2.net for further information. 680 681config CRYPTO_BLAKE2S 682 tristate "BLAKE2s digest algorithm" 683 select CRYPTO_LIB_BLAKE2S_GENERIC 684 select CRYPTO_HASH 685 help 686 Implementation of cryptographic hash function BLAKE2s 687 optimized for 8-32bit platforms and can produce digests of any size 688 between 1 to 32. The keyed hash is also implemented. 689 690 This module provides the following algorithms: 691 692 - blake2s-128 693 - blake2s-160 694 - blake2s-224 695 - blake2s-256 696 697 See https://blake2.net for further information. 698 699config CRYPTO_BLAKE2S_X86 700 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 701 depends on X86 && 64BIT 702 select CRYPTO_LIB_BLAKE2S_GENERIC 703 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 704 705config CRYPTO_CRCT10DIF 706 tristate "CRCT10DIF algorithm" 707 select CRYPTO_HASH 708 help 709 CRC T10 Data Integrity Field computation is being cast as 710 a crypto transform. This allows for faster crc t10 diff 711 transforms to be used if they are available. 712 713config CRYPTO_CRCT10DIF_PCLMUL 714 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 715 depends on X86 && 64BIT && CRC_T10DIF 716 select CRYPTO_HASH 717 help 718 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 719 CRC T10 DIF PCLMULQDQ computation can be hardware 720 accelerated PCLMULQDQ instruction. This option will create 721 'crct10dif-pclmul' module, which is faster when computing the 722 crct10dif checksum as compared with the generic table implementation. 723 724config CRYPTO_CRCT10DIF_VPMSUM 725 tristate "CRC32T10DIF powerpc64 hardware acceleration" 726 depends on PPC64 && ALTIVEC && CRC_T10DIF 727 select CRYPTO_HASH 728 help 729 CRC10T10DIF algorithm implemented using vector polynomial 730 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 731 POWER8 and newer processors for improved performance. 732 733config CRYPTO_VPMSUM_TESTER 734 tristate "Powerpc64 vpmsum hardware acceleration tester" 735 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 736 help 737 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 738 POWER8 vpmsum instructions. 739 Unless you are testing these algorithms, you don't need this. 740 741config CRYPTO_GHASH 742 tristate "GHASH hash function" 743 select CRYPTO_GF128MUL 744 select CRYPTO_HASH 745 help 746 GHASH is the hash function used in GCM (Galois/Counter Mode). 747 It is not a general-purpose cryptographic hash function. 748 749config CRYPTO_POLY1305 750 tristate "Poly1305 authenticator algorithm" 751 select CRYPTO_HASH 752 select CRYPTO_LIB_POLY1305_GENERIC 753 help 754 Poly1305 authenticator algorithm, RFC7539. 755 756 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 757 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 758 in IETF protocols. This is the portable C implementation of Poly1305. 759 760config CRYPTO_POLY1305_X86_64 761 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 762 depends on X86 && 64BIT 763 select CRYPTO_LIB_POLY1305_GENERIC 764 select CRYPTO_ARCH_HAVE_LIB_POLY1305 765 help 766 Poly1305 authenticator algorithm, RFC7539. 767 768 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 769 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 770 in IETF protocols. This is the x86_64 assembler implementation using SIMD 771 instructions. 772 773config CRYPTO_POLY1305_MIPS 774 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 775 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 776 select CRYPTO_ARCH_HAVE_LIB_POLY1305 777 778config CRYPTO_MD4 779 tristate "MD4 digest algorithm" 780 select CRYPTO_HASH 781 help 782 MD4 message digest algorithm (RFC1320). 783 784config CRYPTO_MD5 785 tristate "MD5 digest algorithm" 786 select CRYPTO_HASH 787 help 788 MD5 message digest algorithm (RFC1321). 789 790config CRYPTO_MD5_OCTEON 791 tristate "MD5 digest algorithm (OCTEON)" 792 depends on CPU_CAVIUM_OCTEON 793 select CRYPTO_MD5 794 select CRYPTO_HASH 795 help 796 MD5 message digest algorithm (RFC1321) implemented 797 using OCTEON crypto instructions, when available. 798 799config CRYPTO_MD5_PPC 800 tristate "MD5 digest algorithm (PPC)" 801 depends on PPC 802 select CRYPTO_HASH 803 help 804 MD5 message digest algorithm (RFC1321) implemented 805 in PPC assembler. 806 807config CRYPTO_MD5_SPARC64 808 tristate "MD5 digest algorithm (SPARC64)" 809 depends on SPARC64 810 select CRYPTO_MD5 811 select CRYPTO_HASH 812 help 813 MD5 message digest algorithm (RFC1321) implemented 814 using sparc64 crypto instructions, when available. 815 816config CRYPTO_MICHAEL_MIC 817 tristate "Michael MIC keyed digest algorithm" 818 select CRYPTO_HASH 819 help 820 Michael MIC is used for message integrity protection in TKIP 821 (IEEE 802.11i). This algorithm is required for TKIP, but it 822 should not be used for other purposes because of the weakness 823 of the algorithm. 824 825config CRYPTO_RMD128 826 tristate "RIPEMD-128 digest algorithm" 827 select CRYPTO_HASH 828 help 829 RIPEMD-128 (ISO/IEC 10118-3:2004). 830 831 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 832 be used as a secure replacement for RIPEMD. For other use cases, 833 RIPEMD-160 should be used. 834 835 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 836 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 837 838config CRYPTO_RMD160 839 tristate "RIPEMD-160 digest algorithm" 840 select CRYPTO_HASH 841 help 842 RIPEMD-160 (ISO/IEC 10118-3:2004). 843 844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 845 to be used as a secure replacement for the 128-bit hash functions 846 MD4, MD5 and it's predecessor RIPEMD 847 (not to be confused with RIPEMD-128). 848 849 It's speed is comparable to SHA1 and there are no known attacks 850 against RIPEMD-160. 851 852 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 853 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 854 855config CRYPTO_RMD256 856 tristate "RIPEMD-256 digest algorithm" 857 select CRYPTO_HASH 858 help 859 RIPEMD-256 is an optional extension of RIPEMD-128 with a 860 256 bit hash. It is intended for applications that require 861 longer hash-results, without needing a larger security level 862 (than RIPEMD-128). 863 864 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 865 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 866 867config CRYPTO_RMD320 868 tristate "RIPEMD-320 digest algorithm" 869 select CRYPTO_HASH 870 help 871 RIPEMD-320 is an optional extension of RIPEMD-160 with a 872 320 bit hash. It is intended for applications that require 873 longer hash-results, without needing a larger security level 874 (than RIPEMD-160). 875 876 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 877 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 878 879config CRYPTO_SHA1 880 tristate "SHA1 digest algorithm" 881 select CRYPTO_HASH 882 help 883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 884 885config CRYPTO_SHA1_SSSE3 886 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 887 depends on X86 && 64BIT 888 select CRYPTO_SHA1 889 select CRYPTO_HASH 890 help 891 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 892 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 893 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 894 when available. 895 896config CRYPTO_SHA256_SSSE3 897 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 898 depends on X86 && 64BIT 899 select CRYPTO_SHA256 900 select CRYPTO_HASH 901 help 902 SHA-256 secure hash standard (DFIPS 180-2) implemented 903 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 904 Extensions version 1 (AVX1), or Advanced Vector Extensions 905 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 906 Instructions) when available. 907 908config CRYPTO_SHA512_SSSE3 909 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 910 depends on X86 && 64BIT 911 select CRYPTO_SHA512 912 select CRYPTO_HASH 913 help 914 SHA-512 secure hash standard (DFIPS 180-2) implemented 915 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 916 Extensions version 1 (AVX1), or Advanced Vector Extensions 917 version 2 (AVX2) instructions, when available. 918 919config CRYPTO_SHA1_OCTEON 920 tristate "SHA1 digest algorithm (OCTEON)" 921 depends on CPU_CAVIUM_OCTEON 922 select CRYPTO_SHA1 923 select CRYPTO_HASH 924 help 925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 926 using OCTEON crypto instructions, when available. 927 928config CRYPTO_SHA1_SPARC64 929 tristate "SHA1 digest algorithm (SPARC64)" 930 depends on SPARC64 931 select CRYPTO_SHA1 932 select CRYPTO_HASH 933 help 934 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 935 using sparc64 crypto instructions, when available. 936 937config CRYPTO_SHA1_PPC 938 tristate "SHA1 digest algorithm (powerpc)" 939 depends on PPC 940 help 941 This is the powerpc hardware accelerated implementation of the 942 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 943 944config CRYPTO_SHA1_PPC_SPE 945 tristate "SHA1 digest algorithm (PPC SPE)" 946 depends on PPC && SPE 947 help 948 SHA-1 secure hash standard (DFIPS 180-4) implemented 949 using powerpc SPE SIMD instruction set. 950 951config CRYPTO_SHA256 952 tristate "SHA224 and SHA256 digest algorithm" 953 select CRYPTO_HASH 954 select CRYPTO_LIB_SHA256 955 help 956 SHA256 secure hash standard (DFIPS 180-2). 957 958 This version of SHA implements a 256 bit hash with 128 bits of 959 security against collision attacks. 960 961 This code also includes SHA-224, a 224 bit hash with 112 bits 962 of security against collision attacks. 963 964config CRYPTO_SHA256_PPC_SPE 965 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 966 depends on PPC && SPE 967 select CRYPTO_SHA256 968 select CRYPTO_HASH 969 help 970 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 971 implemented using powerpc SPE SIMD instruction set. 972 973config CRYPTO_SHA256_OCTEON 974 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 975 depends on CPU_CAVIUM_OCTEON 976 select CRYPTO_SHA256 977 select CRYPTO_HASH 978 help 979 SHA-256 secure hash standard (DFIPS 180-2) implemented 980 using OCTEON crypto instructions, when available. 981 982config CRYPTO_SHA256_SPARC64 983 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 984 depends on SPARC64 985 select CRYPTO_SHA256 986 select CRYPTO_HASH 987 help 988 SHA-256 secure hash standard (DFIPS 180-2) implemented 989 using sparc64 crypto instructions, when available. 990 991config CRYPTO_SHA512 992 tristate "SHA384 and SHA512 digest algorithms" 993 select CRYPTO_HASH 994 help 995 SHA512 secure hash standard (DFIPS 180-2). 996 997 This version of SHA implements a 512 bit hash with 256 bits of 998 security against collision attacks. 999 1000 This code also includes SHA-384, a 384 bit hash with 192 bits 1001 of security against collision attacks. 1002 1003config CRYPTO_SHA512_OCTEON 1004 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1005 depends on CPU_CAVIUM_OCTEON 1006 select CRYPTO_SHA512 1007 select CRYPTO_HASH 1008 help 1009 SHA-512 secure hash standard (DFIPS 180-2) implemented 1010 using OCTEON crypto instructions, when available. 1011 1012config CRYPTO_SHA512_SPARC64 1013 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1014 depends on SPARC64 1015 select CRYPTO_SHA512 1016 select CRYPTO_HASH 1017 help 1018 SHA-512 secure hash standard (DFIPS 180-2) implemented 1019 using sparc64 crypto instructions, when available. 1020 1021config CRYPTO_SHA3 1022 tristate "SHA3 digest algorithm" 1023 select CRYPTO_HASH 1024 help 1025 SHA-3 secure hash standard (DFIPS 202). It's based on 1026 cryptographic sponge function family called Keccak. 1027 1028 References: 1029 http://keccak.noekeon.org/ 1030 1031config CRYPTO_SM3 1032 tristate "SM3 digest algorithm" 1033 select CRYPTO_HASH 1034 help 1035 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1036 It is part of the Chinese Commercial Cryptography suite. 1037 1038 References: 1039 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1040 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1041 1042config CRYPTO_STREEBOG 1043 tristate "Streebog Hash Function" 1044 select CRYPTO_HASH 1045 help 1046 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1047 cryptographic standard algorithms (called GOST algorithms). 1048 This setting enables two hash algorithms with 256 and 512 bits output. 1049 1050 References: 1051 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1052 https://tools.ietf.org/html/rfc6986 1053 1054config CRYPTO_TGR192 1055 tristate "Tiger digest algorithms" 1056 select CRYPTO_HASH 1057 help 1058 Tiger hash algorithm 192, 160 and 128-bit hashes 1059 1060 Tiger is a hash function optimized for 64-bit processors while 1061 still having decent performance on 32-bit processors. 1062 Tiger was developed by Ross Anderson and Eli Biham. 1063 1064 See also: 1065 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1066 1067config CRYPTO_WP512 1068 tristate "Whirlpool digest algorithms" 1069 select CRYPTO_HASH 1070 help 1071 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1072 1073 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1074 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1075 1076 See also: 1077 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1078 1079config CRYPTO_GHASH_CLMUL_NI_INTEL 1080 tristate "GHASH hash function (CLMUL-NI accelerated)" 1081 depends on X86 && 64BIT 1082 select CRYPTO_CRYPTD 1083 help 1084 This is the x86_64 CLMUL-NI accelerated implementation of 1085 GHASH, the hash function used in GCM (Galois/Counter mode). 1086 1087comment "Ciphers" 1088 1089config CRYPTO_AES 1090 tristate "AES cipher algorithms" 1091 select CRYPTO_ALGAPI 1092 select CRYPTO_LIB_AES 1093 help 1094 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1095 algorithm. 1096 1097 Rijndael appears to be consistently a very good performer in 1098 both hardware and software across a wide range of computing 1099 environments regardless of its use in feedback or non-feedback 1100 modes. Its key setup time is excellent, and its key agility is 1101 good. Rijndael's very low memory requirements make it very well 1102 suited for restricted-space environments, in which it also 1103 demonstrates excellent performance. Rijndael's operations are 1104 among the easiest to defend against power and timing attacks. 1105 1106 The AES specifies three key sizes: 128, 192 and 256 bits 1107 1108 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1109 1110config CRYPTO_AES_TI 1111 tristate "Fixed time AES cipher" 1112 select CRYPTO_ALGAPI 1113 select CRYPTO_LIB_AES 1114 help 1115 This is a generic implementation of AES that attempts to eliminate 1116 data dependent latencies as much as possible without affecting 1117 performance too much. It is intended for use by the generic CCM 1118 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1119 solely on encryption (although decryption is supported as well, but 1120 with a more dramatic performance hit) 1121 1122 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1123 8 for decryption), this implementation only uses just two S-boxes of 1124 256 bytes each, and attempts to eliminate data dependent latencies by 1125 prefetching the entire table into the cache at the start of each 1126 block. Interrupts are also disabled to avoid races where cachelines 1127 are evicted when the CPU is interrupted to do something else. 1128 1129config CRYPTO_AES_NI_INTEL 1130 tristate "AES cipher algorithms (AES-NI)" 1131 depends on X86 1132 select CRYPTO_AEAD 1133 select CRYPTO_LIB_AES 1134 select CRYPTO_ALGAPI 1135 select CRYPTO_SKCIPHER 1136 select CRYPTO_SIMD 1137 help 1138 Use Intel AES-NI instructions for AES algorithm. 1139 1140 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1141 algorithm. 1142 1143 Rijndael appears to be consistently a very good performer in 1144 both hardware and software across a wide range of computing 1145 environments regardless of its use in feedback or non-feedback 1146 modes. Its key setup time is excellent, and its key agility is 1147 good. Rijndael's very low memory requirements make it very well 1148 suited for restricted-space environments, in which it also 1149 demonstrates excellent performance. Rijndael's operations are 1150 among the easiest to defend against power and timing attacks. 1151 1152 The AES specifies three key sizes: 128, 192 and 256 bits 1153 1154 See <http://csrc.nist.gov/encryption/aes/> for more information. 1155 1156 In addition to AES cipher algorithm support, the acceleration 1157 for some popular block cipher mode is supported too, including 1158 ECB, CBC, LRW, XTS. The 64 bit version has additional 1159 acceleration for CTR. 1160 1161config CRYPTO_AES_SPARC64 1162 tristate "AES cipher algorithms (SPARC64)" 1163 depends on SPARC64 1164 select CRYPTO_SKCIPHER 1165 help 1166 Use SPARC64 crypto opcodes for AES algorithm. 1167 1168 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1169 algorithm. 1170 1171 Rijndael appears to be consistently a very good performer in 1172 both hardware and software across a wide range of computing 1173 environments regardless of its use in feedback or non-feedback 1174 modes. Its key setup time is excellent, and its key agility is 1175 good. Rijndael's very low memory requirements make it very well 1176 suited for restricted-space environments, in which it also 1177 demonstrates excellent performance. Rijndael's operations are 1178 among the easiest to defend against power and timing attacks. 1179 1180 The AES specifies three key sizes: 128, 192 and 256 bits 1181 1182 See <http://csrc.nist.gov/encryption/aes/> for more information. 1183 1184 In addition to AES cipher algorithm support, the acceleration 1185 for some popular block cipher mode is supported too, including 1186 ECB and CBC. 1187 1188config CRYPTO_AES_PPC_SPE 1189 tristate "AES cipher algorithms (PPC SPE)" 1190 depends on PPC && SPE 1191 select CRYPTO_SKCIPHER 1192 help 1193 AES cipher algorithms (FIPS-197). Additionally the acceleration 1194 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1195 This module should only be used for low power (router) devices 1196 without hardware AES acceleration (e.g. caam crypto). It reduces the 1197 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1198 timining attacks. Nevertheless it might be not as secure as other 1199 architecture specific assembler implementations that work on 1KB 1200 tables or 256 bytes S-boxes. 1201 1202config CRYPTO_ANUBIS 1203 tristate "Anubis cipher algorithm" 1204 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1205 select CRYPTO_ALGAPI 1206 help 1207 Anubis cipher algorithm. 1208 1209 Anubis is a variable key length cipher which can use keys from 1210 128 bits to 320 bits in length. It was evaluated as a entrant 1211 in the NESSIE competition. 1212 1213 See also: 1214 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1215 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1216 1217config CRYPTO_ARC4 1218 tristate "ARC4 cipher algorithm" 1219 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1220 select CRYPTO_SKCIPHER 1221 select CRYPTO_LIB_ARC4 1222 help 1223 ARC4 cipher algorithm. 1224 1225 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1226 bits in length. This algorithm is required for driver-based 1227 WEP, but it should not be for other purposes because of the 1228 weakness of the algorithm. 1229 1230config CRYPTO_BLOWFISH 1231 tristate "Blowfish cipher algorithm" 1232 select CRYPTO_ALGAPI 1233 select CRYPTO_BLOWFISH_COMMON 1234 help 1235 Blowfish cipher algorithm, by Bruce Schneier. 1236 1237 This is a variable key length cipher which can use keys from 32 1238 bits to 448 bits in length. It's fast, simple and specifically 1239 designed for use on "large microprocessors". 1240 1241 See also: 1242 <https://www.schneier.com/blowfish.html> 1243 1244config CRYPTO_BLOWFISH_COMMON 1245 tristate 1246 help 1247 Common parts of the Blowfish cipher algorithm shared by the 1248 generic c and the assembler implementations. 1249 1250 See also: 1251 <https://www.schneier.com/blowfish.html> 1252 1253config CRYPTO_BLOWFISH_X86_64 1254 tristate "Blowfish cipher algorithm (x86_64)" 1255 depends on X86 && 64BIT 1256 select CRYPTO_SKCIPHER 1257 select CRYPTO_BLOWFISH_COMMON 1258 help 1259 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1260 1261 This is a variable key length cipher which can use keys from 32 1262 bits to 448 bits in length. It's fast, simple and specifically 1263 designed for use on "large microprocessors". 1264 1265 See also: 1266 <https://www.schneier.com/blowfish.html> 1267 1268config CRYPTO_CAMELLIA 1269 tristate "Camellia cipher algorithms" 1270 depends on CRYPTO 1271 select CRYPTO_ALGAPI 1272 help 1273 Camellia cipher algorithms module. 1274 1275 Camellia is a symmetric key block cipher developed jointly 1276 at NTT and Mitsubishi Electric Corporation. 1277 1278 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1279 1280 See also: 1281 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1282 1283config CRYPTO_CAMELLIA_X86_64 1284 tristate "Camellia cipher algorithm (x86_64)" 1285 depends on X86 && 64BIT 1286 depends on CRYPTO 1287 select CRYPTO_SKCIPHER 1288 select CRYPTO_GLUE_HELPER_X86 1289 help 1290 Camellia cipher algorithm module (x86_64). 1291 1292 Camellia is a symmetric key block cipher developed jointly 1293 at NTT and Mitsubishi Electric Corporation. 1294 1295 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1296 1297 See also: 1298 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1299 1300config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1301 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1302 depends on X86 && 64BIT 1303 depends on CRYPTO 1304 select CRYPTO_SKCIPHER 1305 select CRYPTO_CAMELLIA_X86_64 1306 select CRYPTO_GLUE_HELPER_X86 1307 select CRYPTO_SIMD 1308 select CRYPTO_XTS 1309 help 1310 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1311 1312 Camellia is a symmetric key block cipher developed jointly 1313 at NTT and Mitsubishi Electric Corporation. 1314 1315 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1316 1317 See also: 1318 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1319 1320config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1321 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1322 depends on X86 && 64BIT 1323 depends on CRYPTO 1324 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1325 help 1326 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1327 1328 Camellia is a symmetric key block cipher developed jointly 1329 at NTT and Mitsubishi Electric Corporation. 1330 1331 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1332 1333 See also: 1334 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1335 1336config CRYPTO_CAMELLIA_SPARC64 1337 tristate "Camellia cipher algorithm (SPARC64)" 1338 depends on SPARC64 1339 depends on CRYPTO 1340 select CRYPTO_ALGAPI 1341 select CRYPTO_SKCIPHER 1342 help 1343 Camellia cipher algorithm module (SPARC64). 1344 1345 Camellia is a symmetric key block cipher developed jointly 1346 at NTT and Mitsubishi Electric Corporation. 1347 1348 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1349 1350 See also: 1351 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1352 1353config CRYPTO_CAST_COMMON 1354 tristate 1355 help 1356 Common parts of the CAST cipher algorithms shared by the 1357 generic c and the assembler implementations. 1358 1359config CRYPTO_CAST5 1360 tristate "CAST5 (CAST-128) cipher algorithm" 1361 select CRYPTO_ALGAPI 1362 select CRYPTO_CAST_COMMON 1363 help 1364 The CAST5 encryption algorithm (synonymous with CAST-128) is 1365 described in RFC2144. 1366 1367config CRYPTO_CAST5_AVX_X86_64 1368 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1369 depends on X86 && 64BIT 1370 select CRYPTO_SKCIPHER 1371 select CRYPTO_CAST5 1372 select CRYPTO_CAST_COMMON 1373 select CRYPTO_SIMD 1374 help 1375 The CAST5 encryption algorithm (synonymous with CAST-128) is 1376 described in RFC2144. 1377 1378 This module provides the Cast5 cipher algorithm that processes 1379 sixteen blocks parallel using the AVX instruction set. 1380 1381config CRYPTO_CAST6 1382 tristate "CAST6 (CAST-256) cipher algorithm" 1383 select CRYPTO_ALGAPI 1384 select CRYPTO_CAST_COMMON 1385 help 1386 The CAST6 encryption algorithm (synonymous with CAST-256) is 1387 described in RFC2612. 1388 1389config CRYPTO_CAST6_AVX_X86_64 1390 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1391 depends on X86 && 64BIT 1392 select CRYPTO_SKCIPHER 1393 select CRYPTO_CAST6 1394 select CRYPTO_CAST_COMMON 1395 select CRYPTO_GLUE_HELPER_X86 1396 select CRYPTO_SIMD 1397 select CRYPTO_XTS 1398 help 1399 The CAST6 encryption algorithm (synonymous with CAST-256) is 1400 described in RFC2612. 1401 1402 This module provides the Cast6 cipher algorithm that processes 1403 eight blocks parallel using the AVX instruction set. 1404 1405config CRYPTO_DES 1406 tristate "DES and Triple DES EDE cipher algorithms" 1407 select CRYPTO_ALGAPI 1408 select CRYPTO_LIB_DES 1409 help 1410 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1411 1412config CRYPTO_DES_SPARC64 1413 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1414 depends on SPARC64 1415 select CRYPTO_ALGAPI 1416 select CRYPTO_LIB_DES 1417 select CRYPTO_SKCIPHER 1418 help 1419 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1420 optimized using SPARC64 crypto opcodes. 1421 1422config CRYPTO_DES3_EDE_X86_64 1423 tristate "Triple DES EDE cipher algorithm (x86-64)" 1424 depends on X86 && 64BIT 1425 select CRYPTO_SKCIPHER 1426 select CRYPTO_LIB_DES 1427 help 1428 Triple DES EDE (FIPS 46-3) algorithm. 1429 1430 This module provides implementation of the Triple DES EDE cipher 1431 algorithm that is optimized for x86-64 processors. Two versions of 1432 algorithm are provided; regular processing one input block and 1433 one that processes three blocks parallel. 1434 1435config CRYPTO_FCRYPT 1436 tristate "FCrypt cipher algorithm" 1437 select CRYPTO_ALGAPI 1438 select CRYPTO_SKCIPHER 1439 help 1440 FCrypt algorithm used by RxRPC. 1441 1442config CRYPTO_KHAZAD 1443 tristate "Khazad cipher algorithm" 1444 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1445 select CRYPTO_ALGAPI 1446 help 1447 Khazad cipher algorithm. 1448 1449 Khazad was a finalist in the initial NESSIE competition. It is 1450 an algorithm optimized for 64-bit processors with good performance 1451 on 32-bit processors. Khazad uses an 128 bit key size. 1452 1453 See also: 1454 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1455 1456config CRYPTO_SALSA20 1457 tristate "Salsa20 stream cipher algorithm" 1458 select CRYPTO_SKCIPHER 1459 help 1460 Salsa20 stream cipher algorithm. 1461 1462 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1463 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/> 1464 1465 The Salsa20 stream cipher algorithm is designed by Daniel J. 1466 Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html> 1467 1468config CRYPTO_CHACHA20 1469 tristate "ChaCha stream cipher algorithms" 1470 select CRYPTO_LIB_CHACHA_GENERIC 1471 select CRYPTO_SKCIPHER 1472 help 1473 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1474 1475 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1476 Bernstein and further specified in RFC7539 for use in IETF protocols. 1477 This is the portable C implementation of ChaCha20. See also: 1478 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1479 1480 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1481 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1482 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1483 while provably retaining ChaCha20's security. See also: 1484 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1485 1486 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1487 reduced security margin but increased performance. It can be needed 1488 in some performance-sensitive scenarios. 1489 1490config CRYPTO_CHACHA20_X86_64 1491 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1492 depends on X86 && 64BIT 1493 select CRYPTO_SKCIPHER 1494 select CRYPTO_LIB_CHACHA_GENERIC 1495 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1496 help 1497 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1498 XChaCha20, and XChaCha12 stream ciphers. 1499 1500config CRYPTO_CHACHA_MIPS 1501 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1502 depends on CPU_MIPS32_R2 1503 select CRYPTO_SKCIPHER 1504 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1505 1506config CRYPTO_SEED 1507 tristate "SEED cipher algorithm" 1508 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1509 select CRYPTO_ALGAPI 1510 help 1511 SEED cipher algorithm (RFC4269). 1512 1513 SEED is a 128-bit symmetric key block cipher that has been 1514 developed by KISA (Korea Information Security Agency) as a 1515 national standard encryption algorithm of the Republic of Korea. 1516 It is a 16 round block cipher with the key size of 128 bit. 1517 1518 See also: 1519 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1520 1521config CRYPTO_SERPENT 1522 tristate "Serpent cipher algorithm" 1523 select CRYPTO_ALGAPI 1524 help 1525 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1526 1527 Keys are allowed to be from 0 to 256 bits in length, in steps 1528 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1529 variant of Serpent for compatibility with old kerneli.org code. 1530 1531 See also: 1532 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1533 1534config CRYPTO_SERPENT_SSE2_X86_64 1535 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1536 depends on X86 && 64BIT 1537 select CRYPTO_SKCIPHER 1538 select CRYPTO_GLUE_HELPER_X86 1539 select CRYPTO_SERPENT 1540 select CRYPTO_SIMD 1541 help 1542 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1543 1544 Keys are allowed to be from 0 to 256 bits in length, in steps 1545 of 8 bits. 1546 1547 This module provides Serpent cipher algorithm that processes eight 1548 blocks parallel using SSE2 instruction set. 1549 1550 See also: 1551 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1552 1553config CRYPTO_SERPENT_SSE2_586 1554 tristate "Serpent cipher algorithm (i586/SSE2)" 1555 depends on X86 && !64BIT 1556 select CRYPTO_SKCIPHER 1557 select CRYPTO_GLUE_HELPER_X86 1558 select CRYPTO_SERPENT 1559 select CRYPTO_SIMD 1560 help 1561 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1562 1563 Keys are allowed to be from 0 to 256 bits in length, in steps 1564 of 8 bits. 1565 1566 This module provides Serpent cipher algorithm that processes four 1567 blocks parallel using SSE2 instruction set. 1568 1569 See also: 1570 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1571 1572config CRYPTO_SERPENT_AVX_X86_64 1573 tristate "Serpent cipher algorithm (x86_64/AVX)" 1574 depends on X86 && 64BIT 1575 select CRYPTO_SKCIPHER 1576 select CRYPTO_GLUE_HELPER_X86 1577 select CRYPTO_SERPENT 1578 select CRYPTO_SIMD 1579 select CRYPTO_XTS 1580 help 1581 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1582 1583 Keys are allowed to be from 0 to 256 bits in length, in steps 1584 of 8 bits. 1585 1586 This module provides the Serpent cipher algorithm that processes 1587 eight blocks parallel using the AVX instruction set. 1588 1589 See also: 1590 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1591 1592config CRYPTO_SERPENT_AVX2_X86_64 1593 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1594 depends on X86 && 64BIT 1595 select CRYPTO_SERPENT_AVX_X86_64 1596 help 1597 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1598 1599 Keys are allowed to be from 0 to 256 bits in length, in steps 1600 of 8 bits. 1601 1602 This module provides Serpent cipher algorithm that processes 16 1603 blocks parallel using AVX2 instruction set. 1604 1605 See also: 1606 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1607 1608config CRYPTO_SM4 1609 tristate "SM4 cipher algorithm" 1610 select CRYPTO_ALGAPI 1611 help 1612 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1613 1614 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1615 Organization of State Commercial Administration of China (OSCCA) 1616 as an authorized cryptographic algorithms for the use within China. 1617 1618 SMS4 was originally created for use in protecting wireless 1619 networks, and is mandated in the Chinese National Standard for 1620 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1621 (GB.15629.11-2003). 1622 1623 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1624 standardized through TC 260 of the Standardization Administration 1625 of the People's Republic of China (SAC). 1626 1627 The input, output, and key of SMS4 are each 128 bits. 1628 1629 See also: <https://eprint.iacr.org/2008/329.pdf> 1630 1631 If unsure, say N. 1632 1633config CRYPTO_TEA 1634 tristate "TEA, XTEA and XETA cipher algorithms" 1635 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1636 select CRYPTO_ALGAPI 1637 help 1638 TEA cipher algorithm. 1639 1640 Tiny Encryption Algorithm is a simple cipher that uses 1641 many rounds for security. It is very fast and uses 1642 little memory. 1643 1644 Xtendend Tiny Encryption Algorithm is a modification to 1645 the TEA algorithm to address a potential key weakness 1646 in the TEA algorithm. 1647 1648 Xtendend Encryption Tiny Algorithm is a mis-implementation 1649 of the XTEA algorithm for compatibility purposes. 1650 1651config CRYPTO_TWOFISH 1652 tristate "Twofish cipher algorithm" 1653 select CRYPTO_ALGAPI 1654 select CRYPTO_TWOFISH_COMMON 1655 help 1656 Twofish cipher algorithm. 1657 1658 Twofish was submitted as an AES (Advanced Encryption Standard) 1659 candidate cipher by researchers at CounterPane Systems. It is a 1660 16 round block cipher supporting key sizes of 128, 192, and 256 1661 bits. 1662 1663 See also: 1664 <https://www.schneier.com/twofish.html> 1665 1666config CRYPTO_TWOFISH_COMMON 1667 tristate 1668 help 1669 Common parts of the Twofish cipher algorithm shared by the 1670 generic c and the assembler implementations. 1671 1672config CRYPTO_TWOFISH_586 1673 tristate "Twofish cipher algorithms (i586)" 1674 depends on (X86 || UML_X86) && !64BIT 1675 select CRYPTO_ALGAPI 1676 select CRYPTO_TWOFISH_COMMON 1677 help 1678 Twofish cipher algorithm. 1679 1680 Twofish was submitted as an AES (Advanced Encryption Standard) 1681 candidate cipher by researchers at CounterPane Systems. It is a 1682 16 round block cipher supporting key sizes of 128, 192, and 256 1683 bits. 1684 1685 See also: 1686 <https://www.schneier.com/twofish.html> 1687 1688config CRYPTO_TWOFISH_X86_64 1689 tristate "Twofish cipher algorithm (x86_64)" 1690 depends on (X86 || UML_X86) && 64BIT 1691 select CRYPTO_ALGAPI 1692 select CRYPTO_TWOFISH_COMMON 1693 help 1694 Twofish cipher algorithm (x86_64). 1695 1696 Twofish was submitted as an AES (Advanced Encryption Standard) 1697 candidate cipher by researchers at CounterPane Systems. It is a 1698 16 round block cipher supporting key sizes of 128, 192, and 256 1699 bits. 1700 1701 See also: 1702 <https://www.schneier.com/twofish.html> 1703 1704config CRYPTO_TWOFISH_X86_64_3WAY 1705 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1706 depends on X86 && 64BIT 1707 select CRYPTO_SKCIPHER 1708 select CRYPTO_TWOFISH_COMMON 1709 select CRYPTO_TWOFISH_X86_64 1710 select CRYPTO_GLUE_HELPER_X86 1711 help 1712 Twofish cipher algorithm (x86_64, 3-way parallel). 1713 1714 Twofish was submitted as an AES (Advanced Encryption Standard) 1715 candidate cipher by researchers at CounterPane Systems. It is a 1716 16 round block cipher supporting key sizes of 128, 192, and 256 1717 bits. 1718 1719 This module provides Twofish cipher algorithm that processes three 1720 blocks parallel, utilizing resources of out-of-order CPUs better. 1721 1722 See also: 1723 <https://www.schneier.com/twofish.html> 1724 1725config CRYPTO_TWOFISH_AVX_X86_64 1726 tristate "Twofish cipher algorithm (x86_64/AVX)" 1727 depends on X86 && 64BIT 1728 select CRYPTO_SKCIPHER 1729 select CRYPTO_GLUE_HELPER_X86 1730 select CRYPTO_SIMD 1731 select CRYPTO_TWOFISH_COMMON 1732 select CRYPTO_TWOFISH_X86_64 1733 select CRYPTO_TWOFISH_X86_64_3WAY 1734 help 1735 Twofish cipher algorithm (x86_64/AVX). 1736 1737 Twofish was submitted as an AES (Advanced Encryption Standard) 1738 candidate cipher by researchers at CounterPane Systems. It is a 1739 16 round block cipher supporting key sizes of 128, 192, and 256 1740 bits. 1741 1742 This module provides the Twofish cipher algorithm that processes 1743 eight blocks parallel using the AVX Instruction Set. 1744 1745 See also: 1746 <https://www.schneier.com/twofish.html> 1747 1748comment "Compression" 1749 1750config CRYPTO_DEFLATE 1751 tristate "Deflate compression algorithm" 1752 select CRYPTO_ALGAPI 1753 select CRYPTO_ACOMP2 1754 select ZLIB_INFLATE 1755 select ZLIB_DEFLATE 1756 help 1757 This is the Deflate algorithm (RFC1951), specified for use in 1758 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1759 1760 You will most probably want this if using IPSec. 1761 1762config CRYPTO_LZO 1763 tristate "LZO compression algorithm" 1764 select CRYPTO_ALGAPI 1765 select CRYPTO_ACOMP2 1766 select LZO_COMPRESS 1767 select LZO_DECOMPRESS 1768 help 1769 This is the LZO algorithm. 1770 1771config CRYPTO_842 1772 tristate "842 compression algorithm" 1773 select CRYPTO_ALGAPI 1774 select CRYPTO_ACOMP2 1775 select 842_COMPRESS 1776 select 842_DECOMPRESS 1777 help 1778 This is the 842 algorithm. 1779 1780config CRYPTO_LZ4 1781 tristate "LZ4 compression algorithm" 1782 select CRYPTO_ALGAPI 1783 select CRYPTO_ACOMP2 1784 select LZ4_COMPRESS 1785 select LZ4_DECOMPRESS 1786 help 1787 This is the LZ4 algorithm. 1788 1789config CRYPTO_LZ4HC 1790 tristate "LZ4HC compression algorithm" 1791 select CRYPTO_ALGAPI 1792 select CRYPTO_ACOMP2 1793 select LZ4HC_COMPRESS 1794 select LZ4_DECOMPRESS 1795 help 1796 This is the LZ4 high compression mode algorithm. 1797 1798config CRYPTO_ZSTD 1799 tristate "Zstd compression algorithm" 1800 select CRYPTO_ALGAPI 1801 select CRYPTO_ACOMP2 1802 select ZSTD_COMPRESS 1803 select ZSTD_DECOMPRESS 1804 help 1805 This is the zstd algorithm. 1806 1807comment "Random Number Generation" 1808 1809config CRYPTO_ANSI_CPRNG 1810 tristate "Pseudo Random Number Generation for Cryptographic modules" 1811 select CRYPTO_AES 1812 select CRYPTO_RNG 1813 help 1814 This option enables the generic pseudo random number generator 1815 for cryptographic modules. Uses the Algorithm specified in 1816 ANSI X9.31 A.2.4. Note that this option must be enabled if 1817 CRYPTO_FIPS is selected 1818 1819menuconfig CRYPTO_DRBG_MENU 1820 tristate "NIST SP800-90A DRBG" 1821 help 1822 NIST SP800-90A compliant DRBG. In the following submenu, one or 1823 more of the DRBG types must be selected. 1824 1825if CRYPTO_DRBG_MENU 1826 1827config CRYPTO_DRBG_HMAC 1828 bool 1829 default y 1830 select CRYPTO_HMAC 1831 select CRYPTO_SHA256 1832 1833config CRYPTO_DRBG_HASH 1834 bool "Enable Hash DRBG" 1835 select CRYPTO_SHA256 1836 help 1837 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1838 1839config CRYPTO_DRBG_CTR 1840 bool "Enable CTR DRBG" 1841 select CRYPTO_AES 1842 select CRYPTO_CTR 1843 help 1844 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1845 1846config CRYPTO_DRBG 1847 tristate 1848 default CRYPTO_DRBG_MENU 1849 select CRYPTO_RNG 1850 select CRYPTO_JITTERENTROPY 1851 1852endif # if CRYPTO_DRBG_MENU 1853 1854config CRYPTO_JITTERENTROPY 1855 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1856 select CRYPTO_RNG 1857 help 1858 The Jitterentropy RNG is a noise that is intended 1859 to provide seed to another RNG. The RNG does not 1860 perform any cryptographic whitening of the generated 1861 random numbers. This Jitterentropy RNG registers with 1862 the kernel crypto API and can be used by any caller. 1863 1864config CRYPTO_USER_API 1865 tristate 1866 1867config CRYPTO_USER_API_HASH 1868 tristate "User-space interface for hash algorithms" 1869 depends on NET 1870 select CRYPTO_HASH 1871 select CRYPTO_USER_API 1872 help 1873 This option enables the user-spaces interface for hash 1874 algorithms. 1875 1876config CRYPTO_USER_API_SKCIPHER 1877 tristate "User-space interface for symmetric key cipher algorithms" 1878 depends on NET 1879 select CRYPTO_SKCIPHER 1880 select CRYPTO_USER_API 1881 help 1882 This option enables the user-spaces interface for symmetric 1883 key cipher algorithms. 1884 1885config CRYPTO_USER_API_RNG 1886 tristate "User-space interface for random number generator algorithms" 1887 depends on NET 1888 select CRYPTO_RNG 1889 select CRYPTO_USER_API 1890 help 1891 This option enables the user-spaces interface for random 1892 number generator algorithms. 1893 1894config CRYPTO_USER_API_RNG_CAVP 1895 bool "Enable CAVP testing of DRBG" 1896 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1897 help 1898 This option enables extra API for CAVP testing via the user-space 1899 interface: resetting of DRBG entropy, and providing Additional Data. 1900 This should only be enabled for CAVP testing. You should say 1901 no unless you know what this is. 1902 1903config CRYPTO_USER_API_AEAD 1904 tristate "User-space interface for AEAD cipher algorithms" 1905 depends on NET 1906 select CRYPTO_AEAD 1907 select CRYPTO_SKCIPHER 1908 select CRYPTO_NULL 1909 select CRYPTO_USER_API 1910 help 1911 This option enables the user-spaces interface for AEAD 1912 cipher algorithms. 1913 1914config CRYPTO_USER_API_ENABLE_OBSOLETE 1915 bool "Enable obsolete cryptographic algorithms for userspace" 1916 depends on CRYPTO_USER_API 1917 default y 1918 help 1919 Allow obsolete cryptographic algorithms to be selected that have 1920 already been phased out from internal use by the kernel, and are 1921 only useful for userspace clients that still rely on them. 1922 1923config CRYPTO_STATS 1924 bool "Crypto usage statistics for User-space" 1925 depends on CRYPTO_USER 1926 help 1927 This option enables the gathering of crypto stats. 1928 This will collect: 1929 - encrypt/decrypt size and numbers of symmeric operations 1930 - compress/decompress size and numbers of compress operations 1931 - size and numbers of hash operations 1932 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1933 - generate/seed numbers for rng operations 1934 1935config CRYPTO_HASH_INFO 1936 bool 1937 1938source "lib/crypto/Kconfig" 1939source "drivers/crypto/Kconfig" 1940source "crypto/asymmetric_keys/Kconfig" 1941source "certs/Kconfig" 1942 1943endif # if CRYPTO 1944