xref: /linux/crypto/Kconfig (revision 2dbc0838bcf24ca59cabc3130cf3b1d6809cdcd4)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_BLKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139if CRYPTO_MANAGER2
140
141config CRYPTO_MANAGER_DISABLE_TESTS
142	bool "Disable run-time self tests"
143	default y
144	help
145	  Disable run-time self tests that normally take place at
146	  algorithm registration.
147
148config CRYPTO_MANAGER_EXTRA_TESTS
149	bool "Enable extra run-time crypto self tests"
150	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
151	help
152	  Enable extra run-time self tests of registered crypto algorithms,
153	  including randomized fuzz tests.
154
155	  This is intended for developer use only, as these tests take much
156	  longer to run than the normal self tests.
157
158endif	# if CRYPTO_MANAGER2
159
160config CRYPTO_GF128MUL
161	tristate
162
163config CRYPTO_NULL
164	tristate "Null algorithms"
165	select CRYPTO_NULL2
166	help
167	  These are 'Null' algorithms, used by IPsec, which do nothing.
168
169config CRYPTO_NULL2
170	tristate
171	select CRYPTO_ALGAPI2
172	select CRYPTO_BLKCIPHER2
173	select CRYPTO_HASH2
174
175config CRYPTO_PCRYPT
176	tristate "Parallel crypto engine"
177	depends on SMP
178	select PADATA
179	select CRYPTO_MANAGER
180	select CRYPTO_AEAD
181	help
182	  This converts an arbitrary crypto algorithm into a parallel
183	  algorithm that executes in kernel threads.
184
185config CRYPTO_CRYPTD
186	tristate "Software async crypto daemon"
187	select CRYPTO_BLKCIPHER
188	select CRYPTO_HASH
189	select CRYPTO_MANAGER
190	help
191	  This is a generic software asynchronous crypto daemon that
192	  converts an arbitrary synchronous software crypto algorithm
193	  into an asynchronous algorithm that executes in a kernel thread.
194
195config CRYPTO_AUTHENC
196	tristate "Authenc support"
197	select CRYPTO_AEAD
198	select CRYPTO_BLKCIPHER
199	select CRYPTO_MANAGER
200	select CRYPTO_HASH
201	select CRYPTO_NULL
202	help
203	  Authenc: Combined mode wrapper for IPsec.
204	  This is required for IPSec.
205
206config CRYPTO_TEST
207	tristate "Testing module"
208	depends on m
209	select CRYPTO_MANAGER
210	help
211	  Quick & dirty crypto test module.
212
213config CRYPTO_SIMD
214	tristate
215	select CRYPTO_CRYPTD
216
217config CRYPTO_GLUE_HELPER_X86
218	tristate
219	depends on X86
220	select CRYPTO_BLKCIPHER
221
222config CRYPTO_ENGINE
223	tristate
224
225comment "Public-key cryptography"
226
227config CRYPTO_RSA
228	tristate "RSA algorithm"
229	select CRYPTO_AKCIPHER
230	select CRYPTO_MANAGER
231	select MPILIB
232	select ASN1
233	help
234	  Generic implementation of the RSA public key algorithm.
235
236config CRYPTO_DH
237	tristate "Diffie-Hellman algorithm"
238	select CRYPTO_KPP
239	select MPILIB
240	help
241	  Generic implementation of the Diffie-Hellman algorithm.
242
243config CRYPTO_ECC
244	tristate
245
246config CRYPTO_ECDH
247	tristate "ECDH algorithm"
248	select CRYPTO_ECC
249	select CRYPTO_KPP
250	select CRYPTO_RNG_DEFAULT
251	help
252	  Generic implementation of the ECDH algorithm
253
254config CRYPTO_ECRDSA
255	tristate "EC-RDSA (GOST 34.10) algorithm"
256	select CRYPTO_ECC
257	select CRYPTO_AKCIPHER
258	select CRYPTO_STREEBOG
259	select OID_REGISTRY
260	select ASN1
261	help
262	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
263	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
264	  standard algorithms (called GOST algorithms). Only signature verification
265	  is implemented.
266
267comment "Authenticated Encryption with Associated Data"
268
269config CRYPTO_CCM
270	tristate "CCM support"
271	select CRYPTO_CTR
272	select CRYPTO_HASH
273	select CRYPTO_AEAD
274	select CRYPTO_MANAGER
275	help
276	  Support for Counter with CBC MAC. Required for IPsec.
277
278config CRYPTO_GCM
279	tristate "GCM/GMAC support"
280	select CRYPTO_CTR
281	select CRYPTO_AEAD
282	select CRYPTO_GHASH
283	select CRYPTO_NULL
284	select CRYPTO_MANAGER
285	help
286	  Support for Galois/Counter Mode (GCM) and Galois Message
287	  Authentication Code (GMAC). Required for IPSec.
288
289config CRYPTO_CHACHA20POLY1305
290	tristate "ChaCha20-Poly1305 AEAD support"
291	select CRYPTO_CHACHA20
292	select CRYPTO_POLY1305
293	select CRYPTO_AEAD
294	select CRYPTO_MANAGER
295	help
296	  ChaCha20-Poly1305 AEAD support, RFC7539.
297
298	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
299	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
300	  IETF protocols.
301
302config CRYPTO_AEGIS128
303	tristate "AEGIS-128 AEAD algorithm"
304	select CRYPTO_AEAD
305	select CRYPTO_AES  # for AES S-box tables
306	help
307	 Support for the AEGIS-128 dedicated AEAD algorithm.
308
309config CRYPTO_AEGIS128L
310	tristate "AEGIS-128L AEAD algorithm"
311	select CRYPTO_AEAD
312	select CRYPTO_AES  # for AES S-box tables
313	help
314	 Support for the AEGIS-128L dedicated AEAD algorithm.
315
316config CRYPTO_AEGIS256
317	tristate "AEGIS-256 AEAD algorithm"
318	select CRYPTO_AEAD
319	select CRYPTO_AES  # for AES S-box tables
320	help
321	 Support for the AEGIS-256 dedicated AEAD algorithm.
322
323config CRYPTO_AEGIS128_AESNI_SSE2
324	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
325	depends on X86 && 64BIT
326	select CRYPTO_AEAD
327	select CRYPTO_SIMD
328	help
329	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
330
331config CRYPTO_AEGIS128L_AESNI_SSE2
332	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
333	depends on X86 && 64BIT
334	select CRYPTO_AEAD
335	select CRYPTO_SIMD
336	help
337	 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
338
339config CRYPTO_AEGIS256_AESNI_SSE2
340	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
341	depends on X86 && 64BIT
342	select CRYPTO_AEAD
343	select CRYPTO_SIMD
344	help
345	 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
346
347config CRYPTO_MORUS640
348	tristate "MORUS-640 AEAD algorithm"
349	select CRYPTO_AEAD
350	help
351	  Support for the MORUS-640 dedicated AEAD algorithm.
352
353config CRYPTO_MORUS640_GLUE
354	tristate
355	depends on X86
356	select CRYPTO_AEAD
357	select CRYPTO_SIMD
358	help
359	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
360	  algorithm.
361
362config CRYPTO_MORUS640_SSE2
363	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
364	depends on X86 && 64BIT
365	select CRYPTO_AEAD
366	select CRYPTO_MORUS640_GLUE
367	help
368	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
369
370config CRYPTO_MORUS1280
371	tristate "MORUS-1280 AEAD algorithm"
372	select CRYPTO_AEAD
373	help
374	  Support for the MORUS-1280 dedicated AEAD algorithm.
375
376config CRYPTO_MORUS1280_GLUE
377	tristate
378	depends on X86
379	select CRYPTO_AEAD
380	select CRYPTO_SIMD
381	help
382	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
383	  algorithm.
384
385config CRYPTO_MORUS1280_SSE2
386	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
387	depends on X86 && 64BIT
388	select CRYPTO_AEAD
389	select CRYPTO_MORUS1280_GLUE
390	help
391	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
392	  algorithm.
393
394config CRYPTO_MORUS1280_AVX2
395	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
396	depends on X86 && 64BIT
397	select CRYPTO_AEAD
398	select CRYPTO_MORUS1280_GLUE
399	help
400	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
401	  algorithm.
402
403config CRYPTO_SEQIV
404	tristate "Sequence Number IV Generator"
405	select CRYPTO_AEAD
406	select CRYPTO_BLKCIPHER
407	select CRYPTO_NULL
408	select CRYPTO_RNG_DEFAULT
409	select CRYPTO_MANAGER
410	help
411	  This IV generator generates an IV based on a sequence number by
412	  xoring it with a salt.  This algorithm is mainly useful for CTR
413
414config CRYPTO_ECHAINIV
415	tristate "Encrypted Chain IV Generator"
416	select CRYPTO_AEAD
417	select CRYPTO_NULL
418	select CRYPTO_RNG_DEFAULT
419	select CRYPTO_MANAGER
420	help
421	  This IV generator generates an IV based on the encryption of
422	  a sequence number xored with a salt.  This is the default
423	  algorithm for CBC.
424
425comment "Block modes"
426
427config CRYPTO_CBC
428	tristate "CBC support"
429	select CRYPTO_BLKCIPHER
430	select CRYPTO_MANAGER
431	help
432	  CBC: Cipher Block Chaining mode
433	  This block cipher algorithm is required for IPSec.
434
435config CRYPTO_CFB
436	tristate "CFB support"
437	select CRYPTO_BLKCIPHER
438	select CRYPTO_MANAGER
439	help
440	  CFB: Cipher FeedBack mode
441	  This block cipher algorithm is required for TPM2 Cryptography.
442
443config CRYPTO_CTR
444	tristate "CTR support"
445	select CRYPTO_BLKCIPHER
446	select CRYPTO_SEQIV
447	select CRYPTO_MANAGER
448	help
449	  CTR: Counter mode
450	  This block cipher algorithm is required for IPSec.
451
452config CRYPTO_CTS
453	tristate "CTS support"
454	select CRYPTO_BLKCIPHER
455	select CRYPTO_MANAGER
456	help
457	  CTS: Cipher Text Stealing
458	  This is the Cipher Text Stealing mode as described by
459	  Section 8 of rfc2040 and referenced by rfc3962
460	  (rfc3962 includes errata information in its Appendix A) or
461	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
462	  This mode is required for Kerberos gss mechanism support
463	  for AES encryption.
464
465	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
466
467config CRYPTO_ECB
468	tristate "ECB support"
469	select CRYPTO_BLKCIPHER
470	select CRYPTO_MANAGER
471	help
472	  ECB: Electronic CodeBook mode
473	  This is the simplest block cipher algorithm.  It simply encrypts
474	  the input block by block.
475
476config CRYPTO_LRW
477	tristate "LRW support"
478	select CRYPTO_BLKCIPHER
479	select CRYPTO_MANAGER
480	select CRYPTO_GF128MUL
481	help
482	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
483	  narrow block cipher mode for dm-crypt.  Use it with cipher
484	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
485	  The first 128, 192 or 256 bits in the key are used for AES and the
486	  rest is used to tie each cipher block to its logical position.
487
488config CRYPTO_OFB
489	tristate "OFB support"
490	select CRYPTO_BLKCIPHER
491	select CRYPTO_MANAGER
492	help
493	  OFB: the Output Feedback mode makes a block cipher into a synchronous
494	  stream cipher. It generates keystream blocks, which are then XORed
495	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
496	  ciphertext produces a flipped bit in the plaintext at the same
497	  location. This property allows many error correcting codes to function
498	  normally even when applied before encryption.
499
500config CRYPTO_PCBC
501	tristate "PCBC support"
502	select CRYPTO_BLKCIPHER
503	select CRYPTO_MANAGER
504	help
505	  PCBC: Propagating Cipher Block Chaining mode
506	  This block cipher algorithm is required for RxRPC.
507
508config CRYPTO_XTS
509	tristate "XTS support"
510	select CRYPTO_BLKCIPHER
511	select CRYPTO_MANAGER
512	select CRYPTO_ECB
513	help
514	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
515	  key size 256, 384 or 512 bits. This implementation currently
516	  can't handle a sectorsize which is not a multiple of 16 bytes.
517
518config CRYPTO_KEYWRAP
519	tristate "Key wrapping support"
520	select CRYPTO_BLKCIPHER
521	select CRYPTO_MANAGER
522	help
523	  Support for key wrapping (NIST SP800-38F / RFC3394) without
524	  padding.
525
526config CRYPTO_NHPOLY1305
527	tristate
528	select CRYPTO_HASH
529	select CRYPTO_POLY1305
530
531config CRYPTO_NHPOLY1305_SSE2
532	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
533	depends on X86 && 64BIT
534	select CRYPTO_NHPOLY1305
535	help
536	  SSE2 optimized implementation of the hash function used by the
537	  Adiantum encryption mode.
538
539config CRYPTO_NHPOLY1305_AVX2
540	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
541	depends on X86 && 64BIT
542	select CRYPTO_NHPOLY1305
543	help
544	  AVX2 optimized implementation of the hash function used by the
545	  Adiantum encryption mode.
546
547config CRYPTO_ADIANTUM
548	tristate "Adiantum support"
549	select CRYPTO_CHACHA20
550	select CRYPTO_POLY1305
551	select CRYPTO_NHPOLY1305
552	select CRYPTO_MANAGER
553	help
554	  Adiantum is a tweakable, length-preserving encryption mode
555	  designed for fast and secure disk encryption, especially on
556	  CPUs without dedicated crypto instructions.  It encrypts
557	  each sector using the XChaCha12 stream cipher, two passes of
558	  an ε-almost-∆-universal hash function, and an invocation of
559	  the AES-256 block cipher on a single 16-byte block.  On CPUs
560	  without AES instructions, Adiantum is much faster than
561	  AES-XTS.
562
563	  Adiantum's security is provably reducible to that of its
564	  underlying stream and block ciphers, subject to a security
565	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
566	  mode, so it actually provides an even stronger notion of
567	  security than XTS, subject to the security bound.
568
569	  If unsure, say N.
570
571comment "Hash modes"
572
573config CRYPTO_CMAC
574	tristate "CMAC support"
575	select CRYPTO_HASH
576	select CRYPTO_MANAGER
577	help
578	  Cipher-based Message Authentication Code (CMAC) specified by
579	  The National Institute of Standards and Technology (NIST).
580
581	  https://tools.ietf.org/html/rfc4493
582	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
583
584config CRYPTO_HMAC
585	tristate "HMAC support"
586	select CRYPTO_HASH
587	select CRYPTO_MANAGER
588	help
589	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
590	  This is required for IPSec.
591
592config CRYPTO_XCBC
593	tristate "XCBC support"
594	select CRYPTO_HASH
595	select CRYPTO_MANAGER
596	help
597	  XCBC: Keyed-Hashing with encryption algorithm
598		http://www.ietf.org/rfc/rfc3566.txt
599		http://csrc.nist.gov/encryption/modes/proposedmodes/
600		 xcbc-mac/xcbc-mac-spec.pdf
601
602config CRYPTO_VMAC
603	tristate "VMAC support"
604	select CRYPTO_HASH
605	select CRYPTO_MANAGER
606	help
607	  VMAC is a message authentication algorithm designed for
608	  very high speed on 64-bit architectures.
609
610	  See also:
611	  <http://fastcrypto.org/vmac>
612
613comment "Digest"
614
615config CRYPTO_CRC32C
616	tristate "CRC32c CRC algorithm"
617	select CRYPTO_HASH
618	select CRC32
619	help
620	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
621	  by iSCSI for header and data digests and by others.
622	  See Castagnoli93.  Module will be crc32c.
623
624config CRYPTO_CRC32C_INTEL
625	tristate "CRC32c INTEL hardware acceleration"
626	depends on X86
627	select CRYPTO_HASH
628	help
629	  In Intel processor with SSE4.2 supported, the processor will
630	  support CRC32C implementation using hardware accelerated CRC32
631	  instruction. This option will create 'crc32c-intel' module,
632	  which will enable any routine to use the CRC32 instruction to
633	  gain performance compared with software implementation.
634	  Module will be crc32c-intel.
635
636config CRYPTO_CRC32C_VPMSUM
637	tristate "CRC32c CRC algorithm (powerpc64)"
638	depends on PPC64 && ALTIVEC
639	select CRYPTO_HASH
640	select CRC32
641	help
642	  CRC32c algorithm implemented using vector polynomial multiply-sum
643	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
644	  and newer processors for improved performance.
645
646
647config CRYPTO_CRC32C_SPARC64
648	tristate "CRC32c CRC algorithm (SPARC64)"
649	depends on SPARC64
650	select CRYPTO_HASH
651	select CRC32
652	help
653	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
654	  when available.
655
656config CRYPTO_CRC32
657	tristate "CRC32 CRC algorithm"
658	select CRYPTO_HASH
659	select CRC32
660	help
661	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
662	  Shash crypto api wrappers to crc32_le function.
663
664config CRYPTO_CRC32_PCLMUL
665	tristate "CRC32 PCLMULQDQ hardware acceleration"
666	depends on X86
667	select CRYPTO_HASH
668	select CRC32
669	help
670	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
671	  and PCLMULQDQ supported, the processor will support
672	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
673	  instruction. This option will create 'crc32-pclmul' module,
674	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
675	  and gain better performance as compared with the table implementation.
676
677config CRYPTO_CRC32_MIPS
678	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
679	depends on MIPS_CRC_SUPPORT
680	select CRYPTO_HASH
681	help
682	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
683	  instructions, when available.
684
685
686config CRYPTO_XXHASH
687	tristate "xxHash hash algorithm"
688	select CRYPTO_HASH
689	select XXHASH
690	help
691	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
692	  speeds close to RAM limits.
693
694config CRYPTO_CRCT10DIF
695	tristate "CRCT10DIF algorithm"
696	select CRYPTO_HASH
697	help
698	  CRC T10 Data Integrity Field computation is being cast as
699	  a crypto transform.  This allows for faster crc t10 diff
700	  transforms to be used if they are available.
701
702config CRYPTO_CRCT10DIF_PCLMUL
703	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
704	depends on X86 && 64BIT && CRC_T10DIF
705	select CRYPTO_HASH
706	help
707	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
708	  CRC T10 DIF PCLMULQDQ computation can be hardware
709	  accelerated PCLMULQDQ instruction. This option will create
710	  'crct10dif-pclmul' module, which is faster when computing the
711	  crct10dif checksum as compared with the generic table implementation.
712
713config CRYPTO_CRCT10DIF_VPMSUM
714	tristate "CRC32T10DIF powerpc64 hardware acceleration"
715	depends on PPC64 && ALTIVEC && CRC_T10DIF
716	select CRYPTO_HASH
717	help
718	  CRC10T10DIF algorithm implemented using vector polynomial
719	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
720	  POWER8 and newer processors for improved performance.
721
722config CRYPTO_VPMSUM_TESTER
723	tristate "Powerpc64 vpmsum hardware acceleration tester"
724	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
725	help
726	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
727	  POWER8 vpmsum instructions.
728	  Unless you are testing these algorithms, you don't need this.
729
730config CRYPTO_GHASH
731	tristate "GHASH digest algorithm"
732	select CRYPTO_GF128MUL
733	select CRYPTO_HASH
734	help
735	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
736
737config CRYPTO_POLY1305
738	tristate "Poly1305 authenticator algorithm"
739	select CRYPTO_HASH
740	help
741	  Poly1305 authenticator algorithm, RFC7539.
742
743	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
744	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
745	  in IETF protocols. This is the portable C implementation of Poly1305.
746
747config CRYPTO_POLY1305_X86_64
748	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
749	depends on X86 && 64BIT
750	select CRYPTO_POLY1305
751	help
752	  Poly1305 authenticator algorithm, RFC7539.
753
754	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
755	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
756	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
757	  instructions.
758
759config CRYPTO_MD4
760	tristate "MD4 digest algorithm"
761	select CRYPTO_HASH
762	help
763	  MD4 message digest algorithm (RFC1320).
764
765config CRYPTO_MD5
766	tristate "MD5 digest algorithm"
767	select CRYPTO_HASH
768	help
769	  MD5 message digest algorithm (RFC1321).
770
771config CRYPTO_MD5_OCTEON
772	tristate "MD5 digest algorithm (OCTEON)"
773	depends on CPU_CAVIUM_OCTEON
774	select CRYPTO_MD5
775	select CRYPTO_HASH
776	help
777	  MD5 message digest algorithm (RFC1321) implemented
778	  using OCTEON crypto instructions, when available.
779
780config CRYPTO_MD5_PPC
781	tristate "MD5 digest algorithm (PPC)"
782	depends on PPC
783	select CRYPTO_HASH
784	help
785	  MD5 message digest algorithm (RFC1321) implemented
786	  in PPC assembler.
787
788config CRYPTO_MD5_SPARC64
789	tristate "MD5 digest algorithm (SPARC64)"
790	depends on SPARC64
791	select CRYPTO_MD5
792	select CRYPTO_HASH
793	help
794	  MD5 message digest algorithm (RFC1321) implemented
795	  using sparc64 crypto instructions, when available.
796
797config CRYPTO_MICHAEL_MIC
798	tristate "Michael MIC keyed digest algorithm"
799	select CRYPTO_HASH
800	help
801	  Michael MIC is used for message integrity protection in TKIP
802	  (IEEE 802.11i). This algorithm is required for TKIP, but it
803	  should not be used for other purposes because of the weakness
804	  of the algorithm.
805
806config CRYPTO_RMD128
807	tristate "RIPEMD-128 digest algorithm"
808	select CRYPTO_HASH
809	help
810	  RIPEMD-128 (ISO/IEC 10118-3:2004).
811
812	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
813	  be used as a secure replacement for RIPEMD. For other use cases,
814	  RIPEMD-160 should be used.
815
816	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
817	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
818
819config CRYPTO_RMD160
820	tristate "RIPEMD-160 digest algorithm"
821	select CRYPTO_HASH
822	help
823	  RIPEMD-160 (ISO/IEC 10118-3:2004).
824
825	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
826	  to be used as a secure replacement for the 128-bit hash functions
827	  MD4, MD5 and it's predecessor RIPEMD
828	  (not to be confused with RIPEMD-128).
829
830	  It's speed is comparable to SHA1 and there are no known attacks
831	  against RIPEMD-160.
832
833	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
834	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
835
836config CRYPTO_RMD256
837	tristate "RIPEMD-256 digest algorithm"
838	select CRYPTO_HASH
839	help
840	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
841	  256 bit hash. It is intended for applications that require
842	  longer hash-results, without needing a larger security level
843	  (than RIPEMD-128).
844
845	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
846	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
847
848config CRYPTO_RMD320
849	tristate "RIPEMD-320 digest algorithm"
850	select CRYPTO_HASH
851	help
852	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
853	  320 bit hash. It is intended for applications that require
854	  longer hash-results, without needing a larger security level
855	  (than RIPEMD-160).
856
857	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
858	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
859
860config CRYPTO_SHA1
861	tristate "SHA1 digest algorithm"
862	select CRYPTO_HASH
863	help
864	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
865
866config CRYPTO_SHA1_SSSE3
867	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
868	depends on X86 && 64BIT
869	select CRYPTO_SHA1
870	select CRYPTO_HASH
871	help
872	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
873	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
874	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
875	  when available.
876
877config CRYPTO_SHA256_SSSE3
878	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
879	depends on X86 && 64BIT
880	select CRYPTO_SHA256
881	select CRYPTO_HASH
882	help
883	  SHA-256 secure hash standard (DFIPS 180-2) implemented
884	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
885	  Extensions version 1 (AVX1), or Advanced Vector Extensions
886	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
887	  Instructions) when available.
888
889config CRYPTO_SHA512_SSSE3
890	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
891	depends on X86 && 64BIT
892	select CRYPTO_SHA512
893	select CRYPTO_HASH
894	help
895	  SHA-512 secure hash standard (DFIPS 180-2) implemented
896	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
897	  Extensions version 1 (AVX1), or Advanced Vector Extensions
898	  version 2 (AVX2) instructions, when available.
899
900config CRYPTO_SHA1_OCTEON
901	tristate "SHA1 digest algorithm (OCTEON)"
902	depends on CPU_CAVIUM_OCTEON
903	select CRYPTO_SHA1
904	select CRYPTO_HASH
905	help
906	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
907	  using OCTEON crypto instructions, when available.
908
909config CRYPTO_SHA1_SPARC64
910	tristate "SHA1 digest algorithm (SPARC64)"
911	depends on SPARC64
912	select CRYPTO_SHA1
913	select CRYPTO_HASH
914	help
915	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
916	  using sparc64 crypto instructions, when available.
917
918config CRYPTO_SHA1_PPC
919	tristate "SHA1 digest algorithm (powerpc)"
920	depends on PPC
921	help
922	  This is the powerpc hardware accelerated implementation of the
923	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
924
925config CRYPTO_SHA1_PPC_SPE
926	tristate "SHA1 digest algorithm (PPC SPE)"
927	depends on PPC && SPE
928	help
929	  SHA-1 secure hash standard (DFIPS 180-4) implemented
930	  using powerpc SPE SIMD instruction set.
931
932config CRYPTO_SHA256
933	tristate "SHA224 and SHA256 digest algorithm"
934	select CRYPTO_HASH
935	help
936	  SHA256 secure hash standard (DFIPS 180-2).
937
938	  This version of SHA implements a 256 bit hash with 128 bits of
939	  security against collision attacks.
940
941	  This code also includes SHA-224, a 224 bit hash with 112 bits
942	  of security against collision attacks.
943
944config CRYPTO_SHA256_PPC_SPE
945	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
946	depends on PPC && SPE
947	select CRYPTO_SHA256
948	select CRYPTO_HASH
949	help
950	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
951	  implemented using powerpc SPE SIMD instruction set.
952
953config CRYPTO_SHA256_OCTEON
954	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
955	depends on CPU_CAVIUM_OCTEON
956	select CRYPTO_SHA256
957	select CRYPTO_HASH
958	help
959	  SHA-256 secure hash standard (DFIPS 180-2) implemented
960	  using OCTEON crypto instructions, when available.
961
962config CRYPTO_SHA256_SPARC64
963	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
964	depends on SPARC64
965	select CRYPTO_SHA256
966	select CRYPTO_HASH
967	help
968	  SHA-256 secure hash standard (DFIPS 180-2) implemented
969	  using sparc64 crypto instructions, when available.
970
971config CRYPTO_SHA512
972	tristate "SHA384 and SHA512 digest algorithms"
973	select CRYPTO_HASH
974	help
975	  SHA512 secure hash standard (DFIPS 180-2).
976
977	  This version of SHA implements a 512 bit hash with 256 bits of
978	  security against collision attacks.
979
980	  This code also includes SHA-384, a 384 bit hash with 192 bits
981	  of security against collision attacks.
982
983config CRYPTO_SHA512_OCTEON
984	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
985	depends on CPU_CAVIUM_OCTEON
986	select CRYPTO_SHA512
987	select CRYPTO_HASH
988	help
989	  SHA-512 secure hash standard (DFIPS 180-2) implemented
990	  using OCTEON crypto instructions, when available.
991
992config CRYPTO_SHA512_SPARC64
993	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
994	depends on SPARC64
995	select CRYPTO_SHA512
996	select CRYPTO_HASH
997	help
998	  SHA-512 secure hash standard (DFIPS 180-2) implemented
999	  using sparc64 crypto instructions, when available.
1000
1001config CRYPTO_SHA3
1002	tristate "SHA3 digest algorithm"
1003	select CRYPTO_HASH
1004	help
1005	  SHA-3 secure hash standard (DFIPS 202). It's based on
1006	  cryptographic sponge function family called Keccak.
1007
1008	  References:
1009	  http://keccak.noekeon.org/
1010
1011config CRYPTO_SM3
1012	tristate "SM3 digest algorithm"
1013	select CRYPTO_HASH
1014	help
1015	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1016	  It is part of the Chinese Commercial Cryptography suite.
1017
1018	  References:
1019	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1020	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1021
1022config CRYPTO_STREEBOG
1023	tristate "Streebog Hash Function"
1024	select CRYPTO_HASH
1025	help
1026	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1027	  cryptographic standard algorithms (called GOST algorithms).
1028	  This setting enables two hash algorithms with 256 and 512 bits output.
1029
1030	  References:
1031	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1032	  https://tools.ietf.org/html/rfc6986
1033
1034config CRYPTO_TGR192
1035	tristate "Tiger digest algorithms"
1036	select CRYPTO_HASH
1037	help
1038	  Tiger hash algorithm 192, 160 and 128-bit hashes
1039
1040	  Tiger is a hash function optimized for 64-bit processors while
1041	  still having decent performance on 32-bit processors.
1042	  Tiger was developed by Ross Anderson and Eli Biham.
1043
1044	  See also:
1045	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1046
1047config CRYPTO_WP512
1048	tristate "Whirlpool digest algorithms"
1049	select CRYPTO_HASH
1050	help
1051	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1052
1053	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1054	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1055
1056	  See also:
1057	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1058
1059config CRYPTO_GHASH_CLMUL_NI_INTEL
1060	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1061	depends on X86 && 64BIT
1062	select CRYPTO_CRYPTD
1063	help
1064	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1065	  The implementation is accelerated by CLMUL-NI of Intel.
1066
1067comment "Ciphers"
1068
1069config CRYPTO_AES
1070	tristate "AES cipher algorithms"
1071	select CRYPTO_ALGAPI
1072	help
1073	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1074	  algorithm.
1075
1076	  Rijndael appears to be consistently a very good performer in
1077	  both hardware and software across a wide range of computing
1078	  environments regardless of its use in feedback or non-feedback
1079	  modes. Its key setup time is excellent, and its key agility is
1080	  good. Rijndael's very low memory requirements make it very well
1081	  suited for restricted-space environments, in which it also
1082	  demonstrates excellent performance. Rijndael's operations are
1083	  among the easiest to defend against power and timing attacks.
1084
1085	  The AES specifies three key sizes: 128, 192 and 256 bits
1086
1087	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1088
1089config CRYPTO_AES_TI
1090	tristate "Fixed time AES cipher"
1091	select CRYPTO_ALGAPI
1092	help
1093	  This is a generic implementation of AES that attempts to eliminate
1094	  data dependent latencies as much as possible without affecting
1095	  performance too much. It is intended for use by the generic CCM
1096	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1097	  solely on encryption (although decryption is supported as well, but
1098	  with a more dramatic performance hit)
1099
1100	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1101	  8 for decryption), this implementation only uses just two S-boxes of
1102	  256 bytes each, and attempts to eliminate data dependent latencies by
1103	  prefetching the entire table into the cache at the start of each
1104	  block. Interrupts are also disabled to avoid races where cachelines
1105	  are evicted when the CPU is interrupted to do something else.
1106
1107config CRYPTO_AES_586
1108	tristate "AES cipher algorithms (i586)"
1109	depends on (X86 || UML_X86) && !64BIT
1110	select CRYPTO_ALGAPI
1111	select CRYPTO_AES
1112	help
1113	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1114	  algorithm.
1115
1116	  Rijndael appears to be consistently a very good performer in
1117	  both hardware and software across a wide range of computing
1118	  environments regardless of its use in feedback or non-feedback
1119	  modes. Its key setup time is excellent, and its key agility is
1120	  good. Rijndael's very low memory requirements make it very well
1121	  suited for restricted-space environments, in which it also
1122	  demonstrates excellent performance. Rijndael's operations are
1123	  among the easiest to defend against power and timing attacks.
1124
1125	  The AES specifies three key sizes: 128, 192 and 256 bits
1126
1127	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1128
1129config CRYPTO_AES_X86_64
1130	tristate "AES cipher algorithms (x86_64)"
1131	depends on (X86 || UML_X86) && 64BIT
1132	select CRYPTO_ALGAPI
1133	select CRYPTO_AES
1134	help
1135	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1136	  algorithm.
1137
1138	  Rijndael appears to be consistently a very good performer in
1139	  both hardware and software across a wide range of computing
1140	  environments regardless of its use in feedback or non-feedback
1141	  modes. Its key setup time is excellent, and its key agility is
1142	  good. Rijndael's very low memory requirements make it very well
1143	  suited for restricted-space environments, in which it also
1144	  demonstrates excellent performance. Rijndael's operations are
1145	  among the easiest to defend against power and timing attacks.
1146
1147	  The AES specifies three key sizes: 128, 192 and 256 bits
1148
1149	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1150
1151config CRYPTO_AES_NI_INTEL
1152	tristate "AES cipher algorithms (AES-NI)"
1153	depends on X86
1154	select CRYPTO_AEAD
1155	select CRYPTO_AES_X86_64 if 64BIT
1156	select CRYPTO_AES_586 if !64BIT
1157	select CRYPTO_ALGAPI
1158	select CRYPTO_BLKCIPHER
1159	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1160	select CRYPTO_SIMD
1161	help
1162	  Use Intel AES-NI instructions for AES algorithm.
1163
1164	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1165	  algorithm.
1166
1167	  Rijndael appears to be consistently a very good performer in
1168	  both hardware and software across a wide range of computing
1169	  environments regardless of its use in feedback or non-feedback
1170	  modes. Its key setup time is excellent, and its key agility is
1171	  good. Rijndael's very low memory requirements make it very well
1172	  suited for restricted-space environments, in which it also
1173	  demonstrates excellent performance. Rijndael's operations are
1174	  among the easiest to defend against power and timing attacks.
1175
1176	  The AES specifies three key sizes: 128, 192 and 256 bits
1177
1178	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1179
1180	  In addition to AES cipher algorithm support, the acceleration
1181	  for some popular block cipher mode is supported too, including
1182	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1183	  acceleration for CTR.
1184
1185config CRYPTO_AES_SPARC64
1186	tristate "AES cipher algorithms (SPARC64)"
1187	depends on SPARC64
1188	select CRYPTO_CRYPTD
1189	select CRYPTO_ALGAPI
1190	help
1191	  Use SPARC64 crypto opcodes for AES algorithm.
1192
1193	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1194	  algorithm.
1195
1196	  Rijndael appears to be consistently a very good performer in
1197	  both hardware and software across a wide range of computing
1198	  environments regardless of its use in feedback or non-feedback
1199	  modes. Its key setup time is excellent, and its key agility is
1200	  good. Rijndael's very low memory requirements make it very well
1201	  suited for restricted-space environments, in which it also
1202	  demonstrates excellent performance. Rijndael's operations are
1203	  among the easiest to defend against power and timing attacks.
1204
1205	  The AES specifies three key sizes: 128, 192 and 256 bits
1206
1207	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1208
1209	  In addition to AES cipher algorithm support, the acceleration
1210	  for some popular block cipher mode is supported too, including
1211	  ECB and CBC.
1212
1213config CRYPTO_AES_PPC_SPE
1214	tristate "AES cipher algorithms (PPC SPE)"
1215	depends on PPC && SPE
1216	help
1217	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1218	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1219	  This module should only be used for low power (router) devices
1220	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1221	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1222	  timining attacks. Nevertheless it might be not as secure as other
1223	  architecture specific assembler implementations that work on 1KB
1224	  tables or 256 bytes S-boxes.
1225
1226config CRYPTO_ANUBIS
1227	tristate "Anubis cipher algorithm"
1228	select CRYPTO_ALGAPI
1229	help
1230	  Anubis cipher algorithm.
1231
1232	  Anubis is a variable key length cipher which can use keys from
1233	  128 bits to 320 bits in length.  It was evaluated as a entrant
1234	  in the NESSIE competition.
1235
1236	  See also:
1237	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1238	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1239
1240config CRYPTO_LIB_ARC4
1241	tristate
1242
1243config CRYPTO_ARC4
1244	tristate "ARC4 cipher algorithm"
1245	select CRYPTO_BLKCIPHER
1246	select CRYPTO_LIB_ARC4
1247	help
1248	  ARC4 cipher algorithm.
1249
1250	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1251	  bits in length.  This algorithm is required for driver-based
1252	  WEP, but it should not be for other purposes because of the
1253	  weakness of the algorithm.
1254
1255config CRYPTO_BLOWFISH
1256	tristate "Blowfish cipher algorithm"
1257	select CRYPTO_ALGAPI
1258	select CRYPTO_BLOWFISH_COMMON
1259	help
1260	  Blowfish cipher algorithm, by Bruce Schneier.
1261
1262	  This is a variable key length cipher which can use keys from 32
1263	  bits to 448 bits in length.  It's fast, simple and specifically
1264	  designed for use on "large microprocessors".
1265
1266	  See also:
1267	  <http://www.schneier.com/blowfish.html>
1268
1269config CRYPTO_BLOWFISH_COMMON
1270	tristate
1271	help
1272	  Common parts of the Blowfish cipher algorithm shared by the
1273	  generic c and the assembler implementations.
1274
1275	  See also:
1276	  <http://www.schneier.com/blowfish.html>
1277
1278config CRYPTO_BLOWFISH_X86_64
1279	tristate "Blowfish cipher algorithm (x86_64)"
1280	depends on X86 && 64BIT
1281	select CRYPTO_BLKCIPHER
1282	select CRYPTO_BLOWFISH_COMMON
1283	help
1284	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1285
1286	  This is a variable key length cipher which can use keys from 32
1287	  bits to 448 bits in length.  It's fast, simple and specifically
1288	  designed for use on "large microprocessors".
1289
1290	  See also:
1291	  <http://www.schneier.com/blowfish.html>
1292
1293config CRYPTO_CAMELLIA
1294	tristate "Camellia cipher algorithms"
1295	depends on CRYPTO
1296	select CRYPTO_ALGAPI
1297	help
1298	  Camellia cipher algorithms module.
1299
1300	  Camellia is a symmetric key block cipher developed jointly
1301	  at NTT and Mitsubishi Electric Corporation.
1302
1303	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1304
1305	  See also:
1306	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1307
1308config CRYPTO_CAMELLIA_X86_64
1309	tristate "Camellia cipher algorithm (x86_64)"
1310	depends on X86 && 64BIT
1311	depends on CRYPTO
1312	select CRYPTO_BLKCIPHER
1313	select CRYPTO_GLUE_HELPER_X86
1314	help
1315	  Camellia cipher algorithm module (x86_64).
1316
1317	  Camellia is a symmetric key block cipher developed jointly
1318	  at NTT and Mitsubishi Electric Corporation.
1319
1320	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1321
1322	  See also:
1323	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1324
1325config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1326	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1327	depends on X86 && 64BIT
1328	depends on CRYPTO
1329	select CRYPTO_BLKCIPHER
1330	select CRYPTO_CAMELLIA_X86_64
1331	select CRYPTO_GLUE_HELPER_X86
1332	select CRYPTO_SIMD
1333	select CRYPTO_XTS
1334	help
1335	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1336
1337	  Camellia is a symmetric key block cipher developed jointly
1338	  at NTT and Mitsubishi Electric Corporation.
1339
1340	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1341
1342	  See also:
1343	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1344
1345config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1346	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1347	depends on X86 && 64BIT
1348	depends on CRYPTO
1349	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1350	help
1351	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1352
1353	  Camellia is a symmetric key block cipher developed jointly
1354	  at NTT and Mitsubishi Electric Corporation.
1355
1356	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1357
1358	  See also:
1359	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1360
1361config CRYPTO_CAMELLIA_SPARC64
1362	tristate "Camellia cipher algorithm (SPARC64)"
1363	depends on SPARC64
1364	depends on CRYPTO
1365	select CRYPTO_ALGAPI
1366	help
1367	  Camellia cipher algorithm module (SPARC64).
1368
1369	  Camellia is a symmetric key block cipher developed jointly
1370	  at NTT and Mitsubishi Electric Corporation.
1371
1372	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1373
1374	  See also:
1375	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1376
1377config CRYPTO_CAST_COMMON
1378	tristate
1379	help
1380	  Common parts of the CAST cipher algorithms shared by the
1381	  generic c and the assembler implementations.
1382
1383config CRYPTO_CAST5
1384	tristate "CAST5 (CAST-128) cipher algorithm"
1385	select CRYPTO_ALGAPI
1386	select CRYPTO_CAST_COMMON
1387	help
1388	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1389	  described in RFC2144.
1390
1391config CRYPTO_CAST5_AVX_X86_64
1392	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1393	depends on X86 && 64BIT
1394	select CRYPTO_BLKCIPHER
1395	select CRYPTO_CAST5
1396	select CRYPTO_CAST_COMMON
1397	select CRYPTO_SIMD
1398	help
1399	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1400	  described in RFC2144.
1401
1402	  This module provides the Cast5 cipher algorithm that processes
1403	  sixteen blocks parallel using the AVX instruction set.
1404
1405config CRYPTO_CAST6
1406	tristate "CAST6 (CAST-256) cipher algorithm"
1407	select CRYPTO_ALGAPI
1408	select CRYPTO_CAST_COMMON
1409	help
1410	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1411	  described in RFC2612.
1412
1413config CRYPTO_CAST6_AVX_X86_64
1414	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1415	depends on X86 && 64BIT
1416	select CRYPTO_BLKCIPHER
1417	select CRYPTO_CAST6
1418	select CRYPTO_CAST_COMMON
1419	select CRYPTO_GLUE_HELPER_X86
1420	select CRYPTO_SIMD
1421	select CRYPTO_XTS
1422	help
1423	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1424	  described in RFC2612.
1425
1426	  This module provides the Cast6 cipher algorithm that processes
1427	  eight blocks parallel using the AVX instruction set.
1428
1429config CRYPTO_DES
1430	tristate "DES and Triple DES EDE cipher algorithms"
1431	select CRYPTO_ALGAPI
1432	help
1433	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1434
1435config CRYPTO_DES_SPARC64
1436	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1437	depends on SPARC64
1438	select CRYPTO_ALGAPI
1439	select CRYPTO_DES
1440	help
1441	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1442	  optimized using SPARC64 crypto opcodes.
1443
1444config CRYPTO_DES3_EDE_X86_64
1445	tristate "Triple DES EDE cipher algorithm (x86-64)"
1446	depends on X86 && 64BIT
1447	select CRYPTO_BLKCIPHER
1448	select CRYPTO_DES
1449	help
1450	  Triple DES EDE (FIPS 46-3) algorithm.
1451
1452	  This module provides implementation of the Triple DES EDE cipher
1453	  algorithm that is optimized for x86-64 processors. Two versions of
1454	  algorithm are provided; regular processing one input block and
1455	  one that processes three blocks parallel.
1456
1457config CRYPTO_FCRYPT
1458	tristate "FCrypt cipher algorithm"
1459	select CRYPTO_ALGAPI
1460	select CRYPTO_BLKCIPHER
1461	help
1462	  FCrypt algorithm used by RxRPC.
1463
1464config CRYPTO_KHAZAD
1465	tristate "Khazad cipher algorithm"
1466	select CRYPTO_ALGAPI
1467	help
1468	  Khazad cipher algorithm.
1469
1470	  Khazad was a finalist in the initial NESSIE competition.  It is
1471	  an algorithm optimized for 64-bit processors with good performance
1472	  on 32-bit processors.  Khazad uses an 128 bit key size.
1473
1474	  See also:
1475	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1476
1477config CRYPTO_SALSA20
1478	tristate "Salsa20 stream cipher algorithm"
1479	select CRYPTO_BLKCIPHER
1480	help
1481	  Salsa20 stream cipher algorithm.
1482
1483	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1484	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1485
1486	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1487	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1488
1489config CRYPTO_CHACHA20
1490	tristate "ChaCha stream cipher algorithms"
1491	select CRYPTO_BLKCIPHER
1492	help
1493	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1494
1495	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1496	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1497	  This is the portable C implementation of ChaCha20.  See also:
1498	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1499
1500	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1501	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1502	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1503	  while provably retaining ChaCha20's security.  See also:
1504	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1505
1506	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1507	  reduced security margin but increased performance.  It can be needed
1508	  in some performance-sensitive scenarios.
1509
1510config CRYPTO_CHACHA20_X86_64
1511	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1512	depends on X86 && 64BIT
1513	select CRYPTO_BLKCIPHER
1514	select CRYPTO_CHACHA20
1515	help
1516	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1517	  XChaCha20, and XChaCha12 stream ciphers.
1518
1519config CRYPTO_SEED
1520	tristate "SEED cipher algorithm"
1521	select CRYPTO_ALGAPI
1522	help
1523	  SEED cipher algorithm (RFC4269).
1524
1525	  SEED is a 128-bit symmetric key block cipher that has been
1526	  developed by KISA (Korea Information Security Agency) as a
1527	  national standard encryption algorithm of the Republic of Korea.
1528	  It is a 16 round block cipher with the key size of 128 bit.
1529
1530	  See also:
1531	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1532
1533config CRYPTO_SERPENT
1534	tristate "Serpent cipher algorithm"
1535	select CRYPTO_ALGAPI
1536	help
1537	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1538
1539	  Keys are allowed to be from 0 to 256 bits in length, in steps
1540	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1541	  variant of Serpent for compatibility with old kerneli.org code.
1542
1543	  See also:
1544	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1545
1546config CRYPTO_SERPENT_SSE2_X86_64
1547	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1548	depends on X86 && 64BIT
1549	select CRYPTO_BLKCIPHER
1550	select CRYPTO_GLUE_HELPER_X86
1551	select CRYPTO_SERPENT
1552	select CRYPTO_SIMD
1553	help
1554	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1555
1556	  Keys are allowed to be from 0 to 256 bits in length, in steps
1557	  of 8 bits.
1558
1559	  This module provides Serpent cipher algorithm that processes eight
1560	  blocks parallel using SSE2 instruction set.
1561
1562	  See also:
1563	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1564
1565config CRYPTO_SERPENT_SSE2_586
1566	tristate "Serpent cipher algorithm (i586/SSE2)"
1567	depends on X86 && !64BIT
1568	select CRYPTO_BLKCIPHER
1569	select CRYPTO_GLUE_HELPER_X86
1570	select CRYPTO_SERPENT
1571	select CRYPTO_SIMD
1572	help
1573	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1574
1575	  Keys are allowed to be from 0 to 256 bits in length, in steps
1576	  of 8 bits.
1577
1578	  This module provides Serpent cipher algorithm that processes four
1579	  blocks parallel using SSE2 instruction set.
1580
1581	  See also:
1582	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1583
1584config CRYPTO_SERPENT_AVX_X86_64
1585	tristate "Serpent cipher algorithm (x86_64/AVX)"
1586	depends on X86 && 64BIT
1587	select CRYPTO_BLKCIPHER
1588	select CRYPTO_GLUE_HELPER_X86
1589	select CRYPTO_SERPENT
1590	select CRYPTO_SIMD
1591	select CRYPTO_XTS
1592	help
1593	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1594
1595	  Keys are allowed to be from 0 to 256 bits in length, in steps
1596	  of 8 bits.
1597
1598	  This module provides the Serpent cipher algorithm that processes
1599	  eight blocks parallel using the AVX instruction set.
1600
1601	  See also:
1602	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1603
1604config CRYPTO_SERPENT_AVX2_X86_64
1605	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1606	depends on X86 && 64BIT
1607	select CRYPTO_SERPENT_AVX_X86_64
1608	help
1609	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1610
1611	  Keys are allowed to be from 0 to 256 bits in length, in steps
1612	  of 8 bits.
1613
1614	  This module provides Serpent cipher algorithm that processes 16
1615	  blocks parallel using AVX2 instruction set.
1616
1617	  See also:
1618	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1619
1620config CRYPTO_SM4
1621	tristate "SM4 cipher algorithm"
1622	select CRYPTO_ALGAPI
1623	help
1624	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1625
1626	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1627	  Organization of State Commercial Administration of China (OSCCA)
1628	  as an authorized cryptographic algorithms for the use within China.
1629
1630	  SMS4 was originally created for use in protecting wireless
1631	  networks, and is mandated in the Chinese National Standard for
1632	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1633	  (GB.15629.11-2003).
1634
1635	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1636	  standardized through TC 260 of the Standardization Administration
1637	  of the People's Republic of China (SAC).
1638
1639	  The input, output, and key of SMS4 are each 128 bits.
1640
1641	  See also: <https://eprint.iacr.org/2008/329.pdf>
1642
1643	  If unsure, say N.
1644
1645config CRYPTO_TEA
1646	tristate "TEA, XTEA and XETA cipher algorithms"
1647	select CRYPTO_ALGAPI
1648	help
1649	  TEA cipher algorithm.
1650
1651	  Tiny Encryption Algorithm is a simple cipher that uses
1652	  many rounds for security.  It is very fast and uses
1653	  little memory.
1654
1655	  Xtendend Tiny Encryption Algorithm is a modification to
1656	  the TEA algorithm to address a potential key weakness
1657	  in the TEA algorithm.
1658
1659	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1660	  of the XTEA algorithm for compatibility purposes.
1661
1662config CRYPTO_TWOFISH
1663	tristate "Twofish cipher algorithm"
1664	select CRYPTO_ALGAPI
1665	select CRYPTO_TWOFISH_COMMON
1666	help
1667	  Twofish cipher algorithm.
1668
1669	  Twofish was submitted as an AES (Advanced Encryption Standard)
1670	  candidate cipher by researchers at CounterPane Systems.  It is a
1671	  16 round block cipher supporting key sizes of 128, 192, and 256
1672	  bits.
1673
1674	  See also:
1675	  <http://www.schneier.com/twofish.html>
1676
1677config CRYPTO_TWOFISH_COMMON
1678	tristate
1679	help
1680	  Common parts of the Twofish cipher algorithm shared by the
1681	  generic c and the assembler implementations.
1682
1683config CRYPTO_TWOFISH_586
1684	tristate "Twofish cipher algorithms (i586)"
1685	depends on (X86 || UML_X86) && !64BIT
1686	select CRYPTO_ALGAPI
1687	select CRYPTO_TWOFISH_COMMON
1688	help
1689	  Twofish cipher algorithm.
1690
1691	  Twofish was submitted as an AES (Advanced Encryption Standard)
1692	  candidate cipher by researchers at CounterPane Systems.  It is a
1693	  16 round block cipher supporting key sizes of 128, 192, and 256
1694	  bits.
1695
1696	  See also:
1697	  <http://www.schneier.com/twofish.html>
1698
1699config CRYPTO_TWOFISH_X86_64
1700	tristate "Twofish cipher algorithm (x86_64)"
1701	depends on (X86 || UML_X86) && 64BIT
1702	select CRYPTO_ALGAPI
1703	select CRYPTO_TWOFISH_COMMON
1704	help
1705	  Twofish cipher algorithm (x86_64).
1706
1707	  Twofish was submitted as an AES (Advanced Encryption Standard)
1708	  candidate cipher by researchers at CounterPane Systems.  It is a
1709	  16 round block cipher supporting key sizes of 128, 192, and 256
1710	  bits.
1711
1712	  See also:
1713	  <http://www.schneier.com/twofish.html>
1714
1715config CRYPTO_TWOFISH_X86_64_3WAY
1716	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1717	depends on X86 && 64BIT
1718	select CRYPTO_BLKCIPHER
1719	select CRYPTO_TWOFISH_COMMON
1720	select CRYPTO_TWOFISH_X86_64
1721	select CRYPTO_GLUE_HELPER_X86
1722	help
1723	  Twofish cipher algorithm (x86_64, 3-way parallel).
1724
1725	  Twofish was submitted as an AES (Advanced Encryption Standard)
1726	  candidate cipher by researchers at CounterPane Systems.  It is a
1727	  16 round block cipher supporting key sizes of 128, 192, and 256
1728	  bits.
1729
1730	  This module provides Twofish cipher algorithm that processes three
1731	  blocks parallel, utilizing resources of out-of-order CPUs better.
1732
1733	  See also:
1734	  <http://www.schneier.com/twofish.html>
1735
1736config CRYPTO_TWOFISH_AVX_X86_64
1737	tristate "Twofish cipher algorithm (x86_64/AVX)"
1738	depends on X86 && 64BIT
1739	select CRYPTO_BLKCIPHER
1740	select CRYPTO_GLUE_HELPER_X86
1741	select CRYPTO_SIMD
1742	select CRYPTO_TWOFISH_COMMON
1743	select CRYPTO_TWOFISH_X86_64
1744	select CRYPTO_TWOFISH_X86_64_3WAY
1745	help
1746	  Twofish cipher algorithm (x86_64/AVX).
1747
1748	  Twofish was submitted as an AES (Advanced Encryption Standard)
1749	  candidate cipher by researchers at CounterPane Systems.  It is a
1750	  16 round block cipher supporting key sizes of 128, 192, and 256
1751	  bits.
1752
1753	  This module provides the Twofish cipher algorithm that processes
1754	  eight blocks parallel using the AVX Instruction Set.
1755
1756	  See also:
1757	  <http://www.schneier.com/twofish.html>
1758
1759comment "Compression"
1760
1761config CRYPTO_DEFLATE
1762	tristate "Deflate compression algorithm"
1763	select CRYPTO_ALGAPI
1764	select CRYPTO_ACOMP2
1765	select ZLIB_INFLATE
1766	select ZLIB_DEFLATE
1767	help
1768	  This is the Deflate algorithm (RFC1951), specified for use in
1769	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1770
1771	  You will most probably want this if using IPSec.
1772
1773config CRYPTO_LZO
1774	tristate "LZO compression algorithm"
1775	select CRYPTO_ALGAPI
1776	select CRYPTO_ACOMP2
1777	select LZO_COMPRESS
1778	select LZO_DECOMPRESS
1779	help
1780	  This is the LZO algorithm.
1781
1782config CRYPTO_842
1783	tristate "842 compression algorithm"
1784	select CRYPTO_ALGAPI
1785	select CRYPTO_ACOMP2
1786	select 842_COMPRESS
1787	select 842_DECOMPRESS
1788	help
1789	  This is the 842 algorithm.
1790
1791config CRYPTO_LZ4
1792	tristate "LZ4 compression algorithm"
1793	select CRYPTO_ALGAPI
1794	select CRYPTO_ACOMP2
1795	select LZ4_COMPRESS
1796	select LZ4_DECOMPRESS
1797	help
1798	  This is the LZ4 algorithm.
1799
1800config CRYPTO_LZ4HC
1801	tristate "LZ4HC compression algorithm"
1802	select CRYPTO_ALGAPI
1803	select CRYPTO_ACOMP2
1804	select LZ4HC_COMPRESS
1805	select LZ4_DECOMPRESS
1806	help
1807	  This is the LZ4 high compression mode algorithm.
1808
1809config CRYPTO_ZSTD
1810	tristate "Zstd compression algorithm"
1811	select CRYPTO_ALGAPI
1812	select CRYPTO_ACOMP2
1813	select ZSTD_COMPRESS
1814	select ZSTD_DECOMPRESS
1815	help
1816	  This is the zstd algorithm.
1817
1818comment "Random Number Generation"
1819
1820config CRYPTO_ANSI_CPRNG
1821	tristate "Pseudo Random Number Generation for Cryptographic modules"
1822	select CRYPTO_AES
1823	select CRYPTO_RNG
1824	help
1825	  This option enables the generic pseudo random number generator
1826	  for cryptographic modules.  Uses the Algorithm specified in
1827	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1828	  CRYPTO_FIPS is selected
1829
1830menuconfig CRYPTO_DRBG_MENU
1831	tristate "NIST SP800-90A DRBG"
1832	help
1833	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1834	  more of the DRBG types must be selected.
1835
1836if CRYPTO_DRBG_MENU
1837
1838config CRYPTO_DRBG_HMAC
1839	bool
1840	default y
1841	select CRYPTO_HMAC
1842	select CRYPTO_SHA256
1843
1844config CRYPTO_DRBG_HASH
1845	bool "Enable Hash DRBG"
1846	select CRYPTO_SHA256
1847	help
1848	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1849
1850config CRYPTO_DRBG_CTR
1851	bool "Enable CTR DRBG"
1852	select CRYPTO_AES
1853	depends on CRYPTO_CTR
1854	help
1855	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1856
1857config CRYPTO_DRBG
1858	tristate
1859	default CRYPTO_DRBG_MENU
1860	select CRYPTO_RNG
1861	select CRYPTO_JITTERENTROPY
1862
1863endif	# if CRYPTO_DRBG_MENU
1864
1865config CRYPTO_JITTERENTROPY
1866	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1867	select CRYPTO_RNG
1868	help
1869	  The Jitterentropy RNG is a noise that is intended
1870	  to provide seed to another RNG. The RNG does not
1871	  perform any cryptographic whitening of the generated
1872	  random numbers. This Jitterentropy RNG registers with
1873	  the kernel crypto API and can be used by any caller.
1874
1875config CRYPTO_USER_API
1876	tristate
1877
1878config CRYPTO_USER_API_HASH
1879	tristate "User-space interface for hash algorithms"
1880	depends on NET
1881	select CRYPTO_HASH
1882	select CRYPTO_USER_API
1883	help
1884	  This option enables the user-spaces interface for hash
1885	  algorithms.
1886
1887config CRYPTO_USER_API_SKCIPHER
1888	tristate "User-space interface for symmetric key cipher algorithms"
1889	depends on NET
1890	select CRYPTO_BLKCIPHER
1891	select CRYPTO_USER_API
1892	help
1893	  This option enables the user-spaces interface for symmetric
1894	  key cipher algorithms.
1895
1896config CRYPTO_USER_API_RNG
1897	tristate "User-space interface for random number generator algorithms"
1898	depends on NET
1899	select CRYPTO_RNG
1900	select CRYPTO_USER_API
1901	help
1902	  This option enables the user-spaces interface for random
1903	  number generator algorithms.
1904
1905config CRYPTO_USER_API_AEAD
1906	tristate "User-space interface for AEAD cipher algorithms"
1907	depends on NET
1908	select CRYPTO_AEAD
1909	select CRYPTO_BLKCIPHER
1910	select CRYPTO_NULL
1911	select CRYPTO_USER_API
1912	help
1913	  This option enables the user-spaces interface for AEAD
1914	  cipher algorithms.
1915
1916config CRYPTO_STATS
1917	bool "Crypto usage statistics for User-space"
1918	depends on CRYPTO_USER
1919	help
1920	  This option enables the gathering of crypto stats.
1921	  This will collect:
1922	  - encrypt/decrypt size and numbers of symmeric operations
1923	  - compress/decompress size and numbers of compress operations
1924	  - size and numbers of hash operations
1925	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1926	  - generate/seed numbers for rng operations
1927
1928config CRYPTO_HASH_INFO
1929	bool
1930
1931source "drivers/crypto/Kconfig"
1932source "crypto/asymmetric_keys/Kconfig"
1933source "certs/Kconfig"
1934
1935endif	# if CRYPTO
1936