xref: /linux/crypto/Kconfig (revision ebf68996de0ab250c5d520eb2291ab65643e9a1e)
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_BLKCIPHER
56	tristate
57	select CRYPTO_BLKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_BLKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64	select CRYPTO_WORKQUEUE
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_MANAGER
117	tristate "Cryptographic algorithm manager"
118	select CRYPTO_MANAGER2
119	help
120	  Create default cryptographic template instantiations such as
121	  cbc(aes).
122
123config CRYPTO_MANAGER2
124	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
125	select CRYPTO_AEAD2
126	select CRYPTO_HASH2
127	select CRYPTO_BLKCIPHER2
128	select CRYPTO_AKCIPHER2
129	select CRYPTO_KPP2
130	select CRYPTO_ACOMP2
131
132config CRYPTO_USER
133	tristate "Userspace cryptographic algorithm configuration"
134	depends on NET
135	select CRYPTO_MANAGER
136	help
137	  Userspace configuration for cryptographic instantiations such as
138	  cbc(aes).
139
140config CRYPTO_MANAGER_DISABLE_TESTS
141	bool "Disable run-time self tests"
142	default y
143	depends on CRYPTO_MANAGER2
144	help
145	  Disable run-time self tests that normally take place at
146	  algorithm registration.
147
148config CRYPTO_MANAGER_EXTRA_TESTS
149	bool "Enable extra run-time crypto self tests"
150	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
151	help
152	  Enable extra run-time self tests of registered crypto algorithms,
153	  including randomized fuzz tests.
154
155	  This is intended for developer use only, as these tests take much
156	  longer to run than the normal self tests.
157
158config CRYPTO_GF128MUL
159	tristate "GF(2^128) multiplication functions"
160	help
161	  Efficient table driven implementation of multiplications in the
162	  field GF(2^128).  This is needed by some cypher modes. This
163	  option will be selected automatically if you select such a
164	  cipher mode.  Only select this option by hand if you expect to load
165	  an external module that requires these functions.
166
167config CRYPTO_NULL
168	tristate "Null algorithms"
169	select CRYPTO_NULL2
170	help
171	  These are 'Null' algorithms, used by IPsec, which do nothing.
172
173config CRYPTO_NULL2
174	tristate
175	select CRYPTO_ALGAPI2
176	select CRYPTO_BLKCIPHER2
177	select CRYPTO_HASH2
178
179config CRYPTO_PCRYPT
180	tristate "Parallel crypto engine"
181	depends on SMP
182	select PADATA
183	select CRYPTO_MANAGER
184	select CRYPTO_AEAD
185	help
186	  This converts an arbitrary crypto algorithm into a parallel
187	  algorithm that executes in kernel threads.
188
189config CRYPTO_WORKQUEUE
190       tristate
191
192config CRYPTO_CRYPTD
193	tristate "Software async crypto daemon"
194	select CRYPTO_BLKCIPHER
195	select CRYPTO_HASH
196	select CRYPTO_MANAGER
197	select CRYPTO_WORKQUEUE
198	help
199	  This is a generic software asynchronous crypto daemon that
200	  converts an arbitrary synchronous software crypto algorithm
201	  into an asynchronous algorithm that executes in a kernel thread.
202
203config CRYPTO_AUTHENC
204	tristate "Authenc support"
205	select CRYPTO_AEAD
206	select CRYPTO_BLKCIPHER
207	select CRYPTO_MANAGER
208	select CRYPTO_HASH
209	select CRYPTO_NULL
210	help
211	  Authenc: Combined mode wrapper for IPsec.
212	  This is required for IPSec.
213
214config CRYPTO_TEST
215	tristate "Testing module"
216	depends on m
217	select CRYPTO_MANAGER
218	help
219	  Quick & dirty crypto test module.
220
221config CRYPTO_SIMD
222	tristate
223	select CRYPTO_CRYPTD
224
225config CRYPTO_GLUE_HELPER_X86
226	tristate
227	depends on X86
228	select CRYPTO_BLKCIPHER
229
230config CRYPTO_ENGINE
231	tristate
232
233comment "Public-key cryptography"
234
235config CRYPTO_RSA
236	tristate "RSA algorithm"
237	select CRYPTO_AKCIPHER
238	select CRYPTO_MANAGER
239	select MPILIB
240	select ASN1
241	help
242	  Generic implementation of the RSA public key algorithm.
243
244config CRYPTO_DH
245	tristate "Diffie-Hellman algorithm"
246	select CRYPTO_KPP
247	select MPILIB
248	help
249	  Generic implementation of the Diffie-Hellman algorithm.
250
251config CRYPTO_ECC
252	tristate
253
254config CRYPTO_ECDH
255	tristate "ECDH algorithm"
256	select CRYPTO_ECC
257	select CRYPTO_KPP
258	select CRYPTO_RNG_DEFAULT
259	help
260	  Generic implementation of the ECDH algorithm
261
262config CRYPTO_ECRDSA
263	tristate "EC-RDSA (GOST 34.10) algorithm"
264	select CRYPTO_ECC
265	select CRYPTO_AKCIPHER
266	select CRYPTO_STREEBOG
267	select OID_REGISTRY
268	select ASN1
269	help
270	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
271	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
272	  standard algorithms (called GOST algorithms). Only signature verification
273	  is implemented.
274
275comment "Authenticated Encryption with Associated Data"
276
277config CRYPTO_CCM
278	tristate "CCM support"
279	select CRYPTO_CTR
280	select CRYPTO_HASH
281	select CRYPTO_AEAD
282	help
283	  Support for Counter with CBC MAC. Required for IPsec.
284
285config CRYPTO_GCM
286	tristate "GCM/GMAC support"
287	select CRYPTO_CTR
288	select CRYPTO_AEAD
289	select CRYPTO_GHASH
290	select CRYPTO_NULL
291	help
292	  Support for Galois/Counter Mode (GCM) and Galois Message
293	  Authentication Code (GMAC). Required for IPSec.
294
295config CRYPTO_CHACHA20POLY1305
296	tristate "ChaCha20-Poly1305 AEAD support"
297	select CRYPTO_CHACHA20
298	select CRYPTO_POLY1305
299	select CRYPTO_AEAD
300	help
301	  ChaCha20-Poly1305 AEAD support, RFC7539.
302
303	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
304	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
305	  IETF protocols.
306
307config CRYPTO_AEGIS128
308	tristate "AEGIS-128 AEAD algorithm"
309	select CRYPTO_AEAD
310	select CRYPTO_AES  # for AES S-box tables
311	help
312	 Support for the AEGIS-128 dedicated AEAD algorithm.
313
314config CRYPTO_AEGIS128L
315	tristate "AEGIS-128L AEAD algorithm"
316	select CRYPTO_AEAD
317	select CRYPTO_AES  # for AES S-box tables
318	help
319	 Support for the AEGIS-128L dedicated AEAD algorithm.
320
321config CRYPTO_AEGIS256
322	tristate "AEGIS-256 AEAD algorithm"
323	select CRYPTO_AEAD
324	select CRYPTO_AES  # for AES S-box tables
325	help
326	 Support for the AEGIS-256 dedicated AEAD algorithm.
327
328config CRYPTO_AEGIS128_AESNI_SSE2
329	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
330	depends on X86 && 64BIT
331	select CRYPTO_AEAD
332	select CRYPTO_SIMD
333	help
334	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
335
336config CRYPTO_AEGIS128L_AESNI_SSE2
337	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
338	depends on X86 && 64BIT
339	select CRYPTO_AEAD
340	select CRYPTO_SIMD
341	help
342	 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
343
344config CRYPTO_AEGIS256_AESNI_SSE2
345	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
346	depends on X86 && 64BIT
347	select CRYPTO_AEAD
348	select CRYPTO_SIMD
349	help
350	 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
351
352config CRYPTO_MORUS640
353	tristate "MORUS-640 AEAD algorithm"
354	select CRYPTO_AEAD
355	help
356	  Support for the MORUS-640 dedicated AEAD algorithm.
357
358config CRYPTO_MORUS640_GLUE
359	tristate
360	depends on X86
361	select CRYPTO_AEAD
362	select CRYPTO_SIMD
363	help
364	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
365	  algorithm.
366
367config CRYPTO_MORUS640_SSE2
368	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
369	depends on X86 && 64BIT
370	select CRYPTO_AEAD
371	select CRYPTO_MORUS640_GLUE
372	help
373	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
374
375config CRYPTO_MORUS1280
376	tristate "MORUS-1280 AEAD algorithm"
377	select CRYPTO_AEAD
378	help
379	  Support for the MORUS-1280 dedicated AEAD algorithm.
380
381config CRYPTO_MORUS1280_GLUE
382	tristate
383	depends on X86
384	select CRYPTO_AEAD
385	select CRYPTO_SIMD
386	help
387	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
388	  algorithm.
389
390config CRYPTO_MORUS1280_SSE2
391	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
392	depends on X86 && 64BIT
393	select CRYPTO_AEAD
394	select CRYPTO_MORUS1280_GLUE
395	help
396	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
397	  algorithm.
398
399config CRYPTO_MORUS1280_AVX2
400	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
401	depends on X86 && 64BIT
402	select CRYPTO_AEAD
403	select CRYPTO_MORUS1280_GLUE
404	help
405	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
406	  algorithm.
407
408config CRYPTO_SEQIV
409	tristate "Sequence Number IV Generator"
410	select CRYPTO_AEAD
411	select CRYPTO_BLKCIPHER
412	select CRYPTO_NULL
413	select CRYPTO_RNG_DEFAULT
414	help
415	  This IV generator generates an IV based on a sequence number by
416	  xoring it with a salt.  This algorithm is mainly useful for CTR
417
418config CRYPTO_ECHAINIV
419	tristate "Encrypted Chain IV Generator"
420	select CRYPTO_AEAD
421	select CRYPTO_NULL
422	select CRYPTO_RNG_DEFAULT
423	default m
424	help
425	  This IV generator generates an IV based on the encryption of
426	  a sequence number xored with a salt.  This is the default
427	  algorithm for CBC.
428
429comment "Block modes"
430
431config CRYPTO_CBC
432	tristate "CBC support"
433	select CRYPTO_BLKCIPHER
434	select CRYPTO_MANAGER
435	help
436	  CBC: Cipher Block Chaining mode
437	  This block cipher algorithm is required for IPSec.
438
439config CRYPTO_CFB
440	tristate "CFB support"
441	select CRYPTO_BLKCIPHER
442	select CRYPTO_MANAGER
443	help
444	  CFB: Cipher FeedBack mode
445	  This block cipher algorithm is required for TPM2 Cryptography.
446
447config CRYPTO_CTR
448	tristate "CTR support"
449	select CRYPTO_BLKCIPHER
450	select CRYPTO_SEQIV
451	select CRYPTO_MANAGER
452	help
453	  CTR: Counter mode
454	  This block cipher algorithm is required for IPSec.
455
456config CRYPTO_CTS
457	tristate "CTS support"
458	select CRYPTO_BLKCIPHER
459	help
460	  CTS: Cipher Text Stealing
461	  This is the Cipher Text Stealing mode as described by
462	  Section 8 of rfc2040 and referenced by rfc3962
463	  (rfc3962 includes errata information in its Appendix A) or
464	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
465	  This mode is required for Kerberos gss mechanism support
466	  for AES encryption.
467
468	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
469
470config CRYPTO_ECB
471	tristate "ECB support"
472	select CRYPTO_BLKCIPHER
473	select CRYPTO_MANAGER
474	help
475	  ECB: Electronic CodeBook mode
476	  This is the simplest block cipher algorithm.  It simply encrypts
477	  the input block by block.
478
479config CRYPTO_LRW
480	tristate "LRW support"
481	select CRYPTO_BLKCIPHER
482	select CRYPTO_MANAGER
483	select CRYPTO_GF128MUL
484	help
485	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
486	  narrow block cipher mode for dm-crypt.  Use it with cipher
487	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
488	  The first 128, 192 or 256 bits in the key are used for AES and the
489	  rest is used to tie each cipher block to its logical position.
490
491config CRYPTO_OFB
492	tristate "OFB support"
493	select CRYPTO_BLKCIPHER
494	select CRYPTO_MANAGER
495	help
496	  OFB: the Output Feedback mode makes a block cipher into a synchronous
497	  stream cipher. It generates keystream blocks, which are then XORed
498	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
499	  ciphertext produces a flipped bit in the plaintext at the same
500	  location. This property allows many error correcting codes to function
501	  normally even when applied before encryption.
502
503config CRYPTO_PCBC
504	tristate "PCBC support"
505	select CRYPTO_BLKCIPHER
506	select CRYPTO_MANAGER
507	help
508	  PCBC: Propagating Cipher Block Chaining mode
509	  This block cipher algorithm is required for RxRPC.
510
511config CRYPTO_XTS
512	tristate "XTS support"
513	select CRYPTO_BLKCIPHER
514	select CRYPTO_MANAGER
515	select CRYPTO_ECB
516	help
517	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
518	  key size 256, 384 or 512 bits. This implementation currently
519	  can't handle a sectorsize which is not a multiple of 16 bytes.
520
521config CRYPTO_KEYWRAP
522	tristate "Key wrapping support"
523	select CRYPTO_BLKCIPHER
524	help
525	  Support for key wrapping (NIST SP800-38F / RFC3394) without
526	  padding.
527
528config CRYPTO_NHPOLY1305
529	tristate
530	select CRYPTO_HASH
531	select CRYPTO_POLY1305
532
533config CRYPTO_NHPOLY1305_SSE2
534	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
535	depends on X86 && 64BIT
536	select CRYPTO_NHPOLY1305
537	help
538	  SSE2 optimized implementation of the hash function used by the
539	  Adiantum encryption mode.
540
541config CRYPTO_NHPOLY1305_AVX2
542	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
543	depends on X86 && 64BIT
544	select CRYPTO_NHPOLY1305
545	help
546	  AVX2 optimized implementation of the hash function used by the
547	  Adiantum encryption mode.
548
549config CRYPTO_ADIANTUM
550	tristate "Adiantum support"
551	select CRYPTO_CHACHA20
552	select CRYPTO_POLY1305
553	select CRYPTO_NHPOLY1305
554	help
555	  Adiantum is a tweakable, length-preserving encryption mode
556	  designed for fast and secure disk encryption, especially on
557	  CPUs without dedicated crypto instructions.  It encrypts
558	  each sector using the XChaCha12 stream cipher, two passes of
559	  an ε-almost-∆-universal hash function, and an invocation of
560	  the AES-256 block cipher on a single 16-byte block.  On CPUs
561	  without AES instructions, Adiantum is much faster than
562	  AES-XTS.
563
564	  Adiantum's security is provably reducible to that of its
565	  underlying stream and block ciphers, subject to a security
566	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
567	  mode, so it actually provides an even stronger notion of
568	  security than XTS, subject to the security bound.
569
570	  If unsure, say N.
571
572comment "Hash modes"
573
574config CRYPTO_CMAC
575	tristate "CMAC support"
576	select CRYPTO_HASH
577	select CRYPTO_MANAGER
578	help
579	  Cipher-based Message Authentication Code (CMAC) specified by
580	  The National Institute of Standards and Technology (NIST).
581
582	  https://tools.ietf.org/html/rfc4493
583	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
584
585config CRYPTO_HMAC
586	tristate "HMAC support"
587	select CRYPTO_HASH
588	select CRYPTO_MANAGER
589	help
590	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
591	  This is required for IPSec.
592
593config CRYPTO_XCBC
594	tristate "XCBC support"
595	select CRYPTO_HASH
596	select CRYPTO_MANAGER
597	help
598	  XCBC: Keyed-Hashing with encryption algorithm
599		http://www.ietf.org/rfc/rfc3566.txt
600		http://csrc.nist.gov/encryption/modes/proposedmodes/
601		 xcbc-mac/xcbc-mac-spec.pdf
602
603config CRYPTO_VMAC
604	tristate "VMAC support"
605	select CRYPTO_HASH
606	select CRYPTO_MANAGER
607	help
608	  VMAC is a message authentication algorithm designed for
609	  very high speed on 64-bit architectures.
610
611	  See also:
612	  <http://fastcrypto.org/vmac>
613
614comment "Digest"
615
616config CRYPTO_CRC32C
617	tristate "CRC32c CRC algorithm"
618	select CRYPTO_HASH
619	select CRC32
620	help
621	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
622	  by iSCSI for header and data digests and by others.
623	  See Castagnoli93.  Module will be crc32c.
624
625config CRYPTO_CRC32C_INTEL
626	tristate "CRC32c INTEL hardware acceleration"
627	depends on X86
628	select CRYPTO_HASH
629	help
630	  In Intel processor with SSE4.2 supported, the processor will
631	  support CRC32C implementation using hardware accelerated CRC32
632	  instruction. This option will create 'crc32c-intel' module,
633	  which will enable any routine to use the CRC32 instruction to
634	  gain performance compared with software implementation.
635	  Module will be crc32c-intel.
636
637config CRYPTO_CRC32C_VPMSUM
638	tristate "CRC32c CRC algorithm (powerpc64)"
639	depends on PPC64 && ALTIVEC
640	select CRYPTO_HASH
641	select CRC32
642	help
643	  CRC32c algorithm implemented using vector polynomial multiply-sum
644	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
645	  and newer processors for improved performance.
646
647
648config CRYPTO_CRC32C_SPARC64
649	tristate "CRC32c CRC algorithm (SPARC64)"
650	depends on SPARC64
651	select CRYPTO_HASH
652	select CRC32
653	help
654	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
655	  when available.
656
657config CRYPTO_CRC32
658	tristate "CRC32 CRC algorithm"
659	select CRYPTO_HASH
660	select CRC32
661	help
662	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
663	  Shash crypto api wrappers to crc32_le function.
664
665config CRYPTO_CRC32_PCLMUL
666	tristate "CRC32 PCLMULQDQ hardware acceleration"
667	depends on X86
668	select CRYPTO_HASH
669	select CRC32
670	help
671	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
672	  and PCLMULQDQ supported, the processor will support
673	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
674	  instruction. This option will create 'crc32-pclmul' module,
675	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
676	  and gain better performance as compared with the table implementation.
677
678config CRYPTO_CRC32_MIPS
679	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
680	depends on MIPS_CRC_SUPPORT
681	select CRYPTO_HASH
682	help
683	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
684	  instructions, when available.
685
686
687config CRYPTO_CRCT10DIF
688	tristate "CRCT10DIF algorithm"
689	select CRYPTO_HASH
690	help
691	  CRC T10 Data Integrity Field computation is being cast as
692	  a crypto transform.  This allows for faster crc t10 diff
693	  transforms to be used if they are available.
694
695config CRYPTO_CRCT10DIF_PCLMUL
696	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
697	depends on X86 && 64BIT && CRC_T10DIF
698	select CRYPTO_HASH
699	help
700	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
701	  CRC T10 DIF PCLMULQDQ computation can be hardware
702	  accelerated PCLMULQDQ instruction. This option will create
703	  'crct10dif-pclmul' module, which is faster when computing the
704	  crct10dif checksum as compared with the generic table implementation.
705
706config CRYPTO_CRCT10DIF_VPMSUM
707	tristate "CRC32T10DIF powerpc64 hardware acceleration"
708	depends on PPC64 && ALTIVEC && CRC_T10DIF
709	select CRYPTO_HASH
710	help
711	  CRC10T10DIF algorithm implemented using vector polynomial
712	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
713	  POWER8 and newer processors for improved performance.
714
715config CRYPTO_VPMSUM_TESTER
716	tristate "Powerpc64 vpmsum hardware acceleration tester"
717	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
718	help
719	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
720	  POWER8 vpmsum instructions.
721	  Unless you are testing these algorithms, you don't need this.
722
723config CRYPTO_GHASH
724	tristate "GHASH digest algorithm"
725	select CRYPTO_GF128MUL
726	select CRYPTO_HASH
727	help
728	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
729
730config CRYPTO_POLY1305
731	tristate "Poly1305 authenticator algorithm"
732	select CRYPTO_HASH
733	help
734	  Poly1305 authenticator algorithm, RFC7539.
735
736	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
737	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
738	  in IETF protocols. This is the portable C implementation of Poly1305.
739
740config CRYPTO_POLY1305_X86_64
741	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
742	depends on X86 && 64BIT
743	select CRYPTO_POLY1305
744	help
745	  Poly1305 authenticator algorithm, RFC7539.
746
747	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
748	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
749	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
750	  instructions.
751
752config CRYPTO_MD4
753	tristate "MD4 digest algorithm"
754	select CRYPTO_HASH
755	help
756	  MD4 message digest algorithm (RFC1320).
757
758config CRYPTO_MD5
759	tristate "MD5 digest algorithm"
760	select CRYPTO_HASH
761	help
762	  MD5 message digest algorithm (RFC1321).
763
764config CRYPTO_MD5_OCTEON
765	tristate "MD5 digest algorithm (OCTEON)"
766	depends on CPU_CAVIUM_OCTEON
767	select CRYPTO_MD5
768	select CRYPTO_HASH
769	help
770	  MD5 message digest algorithm (RFC1321) implemented
771	  using OCTEON crypto instructions, when available.
772
773config CRYPTO_MD5_PPC
774	tristate "MD5 digest algorithm (PPC)"
775	depends on PPC
776	select CRYPTO_HASH
777	help
778	  MD5 message digest algorithm (RFC1321) implemented
779	  in PPC assembler.
780
781config CRYPTO_MD5_SPARC64
782	tristate "MD5 digest algorithm (SPARC64)"
783	depends on SPARC64
784	select CRYPTO_MD5
785	select CRYPTO_HASH
786	help
787	  MD5 message digest algorithm (RFC1321) implemented
788	  using sparc64 crypto instructions, when available.
789
790config CRYPTO_MICHAEL_MIC
791	tristate "Michael MIC keyed digest algorithm"
792	select CRYPTO_HASH
793	help
794	  Michael MIC is used for message integrity protection in TKIP
795	  (IEEE 802.11i). This algorithm is required for TKIP, but it
796	  should not be used for other purposes because of the weakness
797	  of the algorithm.
798
799config CRYPTO_RMD128
800	tristate "RIPEMD-128 digest algorithm"
801	select CRYPTO_HASH
802	help
803	  RIPEMD-128 (ISO/IEC 10118-3:2004).
804
805	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
806	  be used as a secure replacement for RIPEMD. For other use cases,
807	  RIPEMD-160 should be used.
808
809	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
810	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
811
812config CRYPTO_RMD160
813	tristate "RIPEMD-160 digest algorithm"
814	select CRYPTO_HASH
815	help
816	  RIPEMD-160 (ISO/IEC 10118-3:2004).
817
818	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
819	  to be used as a secure replacement for the 128-bit hash functions
820	  MD4, MD5 and it's predecessor RIPEMD
821	  (not to be confused with RIPEMD-128).
822
823	  It's speed is comparable to SHA1 and there are no known attacks
824	  against RIPEMD-160.
825
826	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
827	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
828
829config CRYPTO_RMD256
830	tristate "RIPEMD-256 digest algorithm"
831	select CRYPTO_HASH
832	help
833	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
834	  256 bit hash. It is intended for applications that require
835	  longer hash-results, without needing a larger security level
836	  (than RIPEMD-128).
837
838	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
839	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
840
841config CRYPTO_RMD320
842	tristate "RIPEMD-320 digest algorithm"
843	select CRYPTO_HASH
844	help
845	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
846	  320 bit hash. It is intended for applications that require
847	  longer hash-results, without needing a larger security level
848	  (than RIPEMD-160).
849
850	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
851	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
852
853config CRYPTO_SHA1
854	tristate "SHA1 digest algorithm"
855	select CRYPTO_HASH
856	help
857	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
858
859config CRYPTO_SHA1_SSSE3
860	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
861	depends on X86 && 64BIT
862	select CRYPTO_SHA1
863	select CRYPTO_HASH
864	help
865	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
866	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
867	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
868	  when available.
869
870config CRYPTO_SHA256_SSSE3
871	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
872	depends on X86 && 64BIT
873	select CRYPTO_SHA256
874	select CRYPTO_HASH
875	help
876	  SHA-256 secure hash standard (DFIPS 180-2) implemented
877	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
878	  Extensions version 1 (AVX1), or Advanced Vector Extensions
879	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
880	  Instructions) when available.
881
882config CRYPTO_SHA512_SSSE3
883	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
884	depends on X86 && 64BIT
885	select CRYPTO_SHA512
886	select CRYPTO_HASH
887	help
888	  SHA-512 secure hash standard (DFIPS 180-2) implemented
889	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
890	  Extensions version 1 (AVX1), or Advanced Vector Extensions
891	  version 2 (AVX2) instructions, when available.
892
893config CRYPTO_SHA1_OCTEON
894	tristate "SHA1 digest algorithm (OCTEON)"
895	depends on CPU_CAVIUM_OCTEON
896	select CRYPTO_SHA1
897	select CRYPTO_HASH
898	help
899	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
900	  using OCTEON crypto instructions, when available.
901
902config CRYPTO_SHA1_SPARC64
903	tristate "SHA1 digest algorithm (SPARC64)"
904	depends on SPARC64
905	select CRYPTO_SHA1
906	select CRYPTO_HASH
907	help
908	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
909	  using sparc64 crypto instructions, when available.
910
911config CRYPTO_SHA1_PPC
912	tristate "SHA1 digest algorithm (powerpc)"
913	depends on PPC
914	help
915	  This is the powerpc hardware accelerated implementation of the
916	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
917
918config CRYPTO_SHA1_PPC_SPE
919	tristate "SHA1 digest algorithm (PPC SPE)"
920	depends on PPC && SPE
921	help
922	  SHA-1 secure hash standard (DFIPS 180-4) implemented
923	  using powerpc SPE SIMD instruction set.
924
925config CRYPTO_SHA256
926	tristate "SHA224 and SHA256 digest algorithm"
927	select CRYPTO_HASH
928	help
929	  SHA256 secure hash standard (DFIPS 180-2).
930
931	  This version of SHA implements a 256 bit hash with 128 bits of
932	  security against collision attacks.
933
934	  This code also includes SHA-224, a 224 bit hash with 112 bits
935	  of security against collision attacks.
936
937config CRYPTO_SHA256_PPC_SPE
938	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
939	depends on PPC && SPE
940	select CRYPTO_SHA256
941	select CRYPTO_HASH
942	help
943	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
944	  implemented using powerpc SPE SIMD instruction set.
945
946config CRYPTO_SHA256_OCTEON
947	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
948	depends on CPU_CAVIUM_OCTEON
949	select CRYPTO_SHA256
950	select CRYPTO_HASH
951	help
952	  SHA-256 secure hash standard (DFIPS 180-2) implemented
953	  using OCTEON crypto instructions, when available.
954
955config CRYPTO_SHA256_SPARC64
956	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
957	depends on SPARC64
958	select CRYPTO_SHA256
959	select CRYPTO_HASH
960	help
961	  SHA-256 secure hash standard (DFIPS 180-2) implemented
962	  using sparc64 crypto instructions, when available.
963
964config CRYPTO_SHA512
965	tristate "SHA384 and SHA512 digest algorithms"
966	select CRYPTO_HASH
967	help
968	  SHA512 secure hash standard (DFIPS 180-2).
969
970	  This version of SHA implements a 512 bit hash with 256 bits of
971	  security against collision attacks.
972
973	  This code also includes SHA-384, a 384 bit hash with 192 bits
974	  of security against collision attacks.
975
976config CRYPTO_SHA512_OCTEON
977	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
978	depends on CPU_CAVIUM_OCTEON
979	select CRYPTO_SHA512
980	select CRYPTO_HASH
981	help
982	  SHA-512 secure hash standard (DFIPS 180-2) implemented
983	  using OCTEON crypto instructions, when available.
984
985config CRYPTO_SHA512_SPARC64
986	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
987	depends on SPARC64
988	select CRYPTO_SHA512
989	select CRYPTO_HASH
990	help
991	  SHA-512 secure hash standard (DFIPS 180-2) implemented
992	  using sparc64 crypto instructions, when available.
993
994config CRYPTO_SHA3
995	tristate "SHA3 digest algorithm"
996	select CRYPTO_HASH
997	help
998	  SHA-3 secure hash standard (DFIPS 202). It's based on
999	  cryptographic sponge function family called Keccak.
1000
1001	  References:
1002	  http://keccak.noekeon.org/
1003
1004config CRYPTO_SM3
1005	tristate "SM3 digest algorithm"
1006	select CRYPTO_HASH
1007	help
1008	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1009	  It is part of the Chinese Commercial Cryptography suite.
1010
1011	  References:
1012	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1013	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1014
1015config CRYPTO_STREEBOG
1016	tristate "Streebog Hash Function"
1017	select CRYPTO_HASH
1018	help
1019	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1020	  cryptographic standard algorithms (called GOST algorithms).
1021	  This setting enables two hash algorithms with 256 and 512 bits output.
1022
1023	  References:
1024	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1025	  https://tools.ietf.org/html/rfc6986
1026
1027config CRYPTO_TGR192
1028	tristate "Tiger digest algorithms"
1029	select CRYPTO_HASH
1030	help
1031	  Tiger hash algorithm 192, 160 and 128-bit hashes
1032
1033	  Tiger is a hash function optimized for 64-bit processors while
1034	  still having decent performance on 32-bit processors.
1035	  Tiger was developed by Ross Anderson and Eli Biham.
1036
1037	  See also:
1038	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1039
1040config CRYPTO_WP512
1041	tristate "Whirlpool digest algorithms"
1042	select CRYPTO_HASH
1043	help
1044	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1045
1046	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1047	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1048
1049	  See also:
1050	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1051
1052config CRYPTO_GHASH_CLMUL_NI_INTEL
1053	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1054	depends on X86 && 64BIT
1055	select CRYPTO_CRYPTD
1056	help
1057	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1058	  The implementation is accelerated by CLMUL-NI of Intel.
1059
1060comment "Ciphers"
1061
1062config CRYPTO_AES
1063	tristate "AES cipher algorithms"
1064	select CRYPTO_ALGAPI
1065	help
1066	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1067	  algorithm.
1068
1069	  Rijndael appears to be consistently a very good performer in
1070	  both hardware and software across a wide range of computing
1071	  environments regardless of its use in feedback or non-feedback
1072	  modes. Its key setup time is excellent, and its key agility is
1073	  good. Rijndael's very low memory requirements make it very well
1074	  suited for restricted-space environments, in which it also
1075	  demonstrates excellent performance. Rijndael's operations are
1076	  among the easiest to defend against power and timing attacks.
1077
1078	  The AES specifies three key sizes: 128, 192 and 256 bits
1079
1080	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1081
1082config CRYPTO_AES_TI
1083	tristate "Fixed time AES cipher"
1084	select CRYPTO_ALGAPI
1085	help
1086	  This is a generic implementation of AES that attempts to eliminate
1087	  data dependent latencies as much as possible without affecting
1088	  performance too much. It is intended for use by the generic CCM
1089	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1090	  solely on encryption (although decryption is supported as well, but
1091	  with a more dramatic performance hit)
1092
1093	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1094	  8 for decryption), this implementation only uses just two S-boxes of
1095	  256 bytes each, and attempts to eliminate data dependent latencies by
1096	  prefetching the entire table into the cache at the start of each
1097	  block. Interrupts are also disabled to avoid races where cachelines
1098	  are evicted when the CPU is interrupted to do something else.
1099
1100config CRYPTO_AES_586
1101	tristate "AES cipher algorithms (i586)"
1102	depends on (X86 || UML_X86) && !64BIT
1103	select CRYPTO_ALGAPI
1104	select CRYPTO_AES
1105	help
1106	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1107	  algorithm.
1108
1109	  Rijndael appears to be consistently a very good performer in
1110	  both hardware and software across a wide range of computing
1111	  environments regardless of its use in feedback or non-feedback
1112	  modes. Its key setup time is excellent, and its key agility is
1113	  good. Rijndael's very low memory requirements make it very well
1114	  suited for restricted-space environments, in which it also
1115	  demonstrates excellent performance. Rijndael's operations are
1116	  among the easiest to defend against power and timing attacks.
1117
1118	  The AES specifies three key sizes: 128, 192 and 256 bits
1119
1120	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1121
1122config CRYPTO_AES_X86_64
1123	tristate "AES cipher algorithms (x86_64)"
1124	depends on (X86 || UML_X86) && 64BIT
1125	select CRYPTO_ALGAPI
1126	select CRYPTO_AES
1127	help
1128	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1129	  algorithm.
1130
1131	  Rijndael appears to be consistently a very good performer in
1132	  both hardware and software across a wide range of computing
1133	  environments regardless of its use in feedback or non-feedback
1134	  modes. Its key setup time is excellent, and its key agility is
1135	  good. Rijndael's very low memory requirements make it very well
1136	  suited for restricted-space environments, in which it also
1137	  demonstrates excellent performance. Rijndael's operations are
1138	  among the easiest to defend against power and timing attacks.
1139
1140	  The AES specifies three key sizes: 128, 192 and 256 bits
1141
1142	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1143
1144config CRYPTO_AES_NI_INTEL
1145	tristate "AES cipher algorithms (AES-NI)"
1146	depends on X86
1147	select CRYPTO_AEAD
1148	select CRYPTO_AES_X86_64 if 64BIT
1149	select CRYPTO_AES_586 if !64BIT
1150	select CRYPTO_ALGAPI
1151	select CRYPTO_BLKCIPHER
1152	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1153	select CRYPTO_SIMD
1154	help
1155	  Use Intel AES-NI instructions for AES algorithm.
1156
1157	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1158	  algorithm.
1159
1160	  Rijndael appears to be consistently a very good performer in
1161	  both hardware and software across a wide range of computing
1162	  environments regardless of its use in feedback or non-feedback
1163	  modes. Its key setup time is excellent, and its key agility is
1164	  good. Rijndael's very low memory requirements make it very well
1165	  suited for restricted-space environments, in which it also
1166	  demonstrates excellent performance. Rijndael's operations are
1167	  among the easiest to defend against power and timing attacks.
1168
1169	  The AES specifies three key sizes: 128, 192 and 256 bits
1170
1171	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1172
1173	  In addition to AES cipher algorithm support, the acceleration
1174	  for some popular block cipher mode is supported too, including
1175	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1176	  acceleration for CTR.
1177
1178config CRYPTO_AES_SPARC64
1179	tristate "AES cipher algorithms (SPARC64)"
1180	depends on SPARC64
1181	select CRYPTO_CRYPTD
1182	select CRYPTO_ALGAPI
1183	help
1184	  Use SPARC64 crypto opcodes for AES algorithm.
1185
1186	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1187	  algorithm.
1188
1189	  Rijndael appears to be consistently a very good performer in
1190	  both hardware and software across a wide range of computing
1191	  environments regardless of its use in feedback or non-feedback
1192	  modes. Its key setup time is excellent, and its key agility is
1193	  good. Rijndael's very low memory requirements make it very well
1194	  suited for restricted-space environments, in which it also
1195	  demonstrates excellent performance. Rijndael's operations are
1196	  among the easiest to defend against power and timing attacks.
1197
1198	  The AES specifies three key sizes: 128, 192 and 256 bits
1199
1200	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1201
1202	  In addition to AES cipher algorithm support, the acceleration
1203	  for some popular block cipher mode is supported too, including
1204	  ECB and CBC.
1205
1206config CRYPTO_AES_PPC_SPE
1207	tristate "AES cipher algorithms (PPC SPE)"
1208	depends on PPC && SPE
1209	help
1210	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1211	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1212	  This module should only be used for low power (router) devices
1213	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1214	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1215	  timining attacks. Nevertheless it might be not as secure as other
1216	  architecture specific assembler implementations that work on 1KB
1217	  tables or 256 bytes S-boxes.
1218
1219config CRYPTO_ANUBIS
1220	tristate "Anubis cipher algorithm"
1221	select CRYPTO_ALGAPI
1222	help
1223	  Anubis cipher algorithm.
1224
1225	  Anubis is a variable key length cipher which can use keys from
1226	  128 bits to 320 bits in length.  It was evaluated as a entrant
1227	  in the NESSIE competition.
1228
1229	  See also:
1230	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1231	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1232
1233config CRYPTO_ARC4
1234	tristate "ARC4 cipher algorithm"
1235	select CRYPTO_BLKCIPHER
1236	help
1237	  ARC4 cipher algorithm.
1238
1239	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1240	  bits in length.  This algorithm is required for driver-based
1241	  WEP, but it should not be for other purposes because of the
1242	  weakness of the algorithm.
1243
1244config CRYPTO_BLOWFISH
1245	tristate "Blowfish cipher algorithm"
1246	select CRYPTO_ALGAPI
1247	select CRYPTO_BLOWFISH_COMMON
1248	help
1249	  Blowfish cipher algorithm, by Bruce Schneier.
1250
1251	  This is a variable key length cipher which can use keys from 32
1252	  bits to 448 bits in length.  It's fast, simple and specifically
1253	  designed for use on "large microprocessors".
1254
1255	  See also:
1256	  <http://www.schneier.com/blowfish.html>
1257
1258config CRYPTO_BLOWFISH_COMMON
1259	tristate
1260	help
1261	  Common parts of the Blowfish cipher algorithm shared by the
1262	  generic c and the assembler implementations.
1263
1264	  See also:
1265	  <http://www.schneier.com/blowfish.html>
1266
1267config CRYPTO_BLOWFISH_X86_64
1268	tristate "Blowfish cipher algorithm (x86_64)"
1269	depends on X86 && 64BIT
1270	select CRYPTO_BLKCIPHER
1271	select CRYPTO_BLOWFISH_COMMON
1272	help
1273	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1274
1275	  This is a variable key length cipher which can use keys from 32
1276	  bits to 448 bits in length.  It's fast, simple and specifically
1277	  designed for use on "large microprocessors".
1278
1279	  See also:
1280	  <http://www.schneier.com/blowfish.html>
1281
1282config CRYPTO_CAMELLIA
1283	tristate "Camellia cipher algorithms"
1284	depends on CRYPTO
1285	select CRYPTO_ALGAPI
1286	help
1287	  Camellia cipher algorithms module.
1288
1289	  Camellia is a symmetric key block cipher developed jointly
1290	  at NTT and Mitsubishi Electric Corporation.
1291
1292	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1293
1294	  See also:
1295	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1296
1297config CRYPTO_CAMELLIA_X86_64
1298	tristate "Camellia cipher algorithm (x86_64)"
1299	depends on X86 && 64BIT
1300	depends on CRYPTO
1301	select CRYPTO_BLKCIPHER
1302	select CRYPTO_GLUE_HELPER_X86
1303	help
1304	  Camellia cipher algorithm module (x86_64).
1305
1306	  Camellia is a symmetric key block cipher developed jointly
1307	  at NTT and Mitsubishi Electric Corporation.
1308
1309	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1310
1311	  See also:
1312	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1313
1314config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1315	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1316	depends on X86 && 64BIT
1317	depends on CRYPTO
1318	select CRYPTO_BLKCIPHER
1319	select CRYPTO_CAMELLIA_X86_64
1320	select CRYPTO_GLUE_HELPER_X86
1321	select CRYPTO_SIMD
1322	select CRYPTO_XTS
1323	help
1324	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1325
1326	  Camellia is a symmetric key block cipher developed jointly
1327	  at NTT and Mitsubishi Electric Corporation.
1328
1329	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1330
1331	  See also:
1332	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1333
1334config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1335	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1336	depends on X86 && 64BIT
1337	depends on CRYPTO
1338	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1339	help
1340	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1341
1342	  Camellia is a symmetric key block cipher developed jointly
1343	  at NTT and Mitsubishi Electric Corporation.
1344
1345	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1346
1347	  See also:
1348	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1349
1350config CRYPTO_CAMELLIA_SPARC64
1351	tristate "Camellia cipher algorithm (SPARC64)"
1352	depends on SPARC64
1353	depends on CRYPTO
1354	select CRYPTO_ALGAPI
1355	help
1356	  Camellia cipher algorithm module (SPARC64).
1357
1358	  Camellia is a symmetric key block cipher developed jointly
1359	  at NTT and Mitsubishi Electric Corporation.
1360
1361	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1362
1363	  See also:
1364	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1365
1366config CRYPTO_CAST_COMMON
1367	tristate
1368	help
1369	  Common parts of the CAST cipher algorithms shared by the
1370	  generic c and the assembler implementations.
1371
1372config CRYPTO_CAST5
1373	tristate "CAST5 (CAST-128) cipher algorithm"
1374	select CRYPTO_ALGAPI
1375	select CRYPTO_CAST_COMMON
1376	help
1377	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1378	  described in RFC2144.
1379
1380config CRYPTO_CAST5_AVX_X86_64
1381	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1382	depends on X86 && 64BIT
1383	select CRYPTO_BLKCIPHER
1384	select CRYPTO_CAST5
1385	select CRYPTO_CAST_COMMON
1386	select CRYPTO_SIMD
1387	help
1388	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1389	  described in RFC2144.
1390
1391	  This module provides the Cast5 cipher algorithm that processes
1392	  sixteen blocks parallel using the AVX instruction set.
1393
1394config CRYPTO_CAST6
1395	tristate "CAST6 (CAST-256) cipher algorithm"
1396	select CRYPTO_ALGAPI
1397	select CRYPTO_CAST_COMMON
1398	help
1399	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1400	  described in RFC2612.
1401
1402config CRYPTO_CAST6_AVX_X86_64
1403	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1404	depends on X86 && 64BIT
1405	select CRYPTO_BLKCIPHER
1406	select CRYPTO_CAST6
1407	select CRYPTO_CAST_COMMON
1408	select CRYPTO_GLUE_HELPER_X86
1409	select CRYPTO_SIMD
1410	select CRYPTO_XTS
1411	help
1412	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1413	  described in RFC2612.
1414
1415	  This module provides the Cast6 cipher algorithm that processes
1416	  eight blocks parallel using the AVX instruction set.
1417
1418config CRYPTO_DES
1419	tristate "DES and Triple DES EDE cipher algorithms"
1420	select CRYPTO_ALGAPI
1421	help
1422	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1423
1424config CRYPTO_DES_SPARC64
1425	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1426	depends on SPARC64
1427	select CRYPTO_ALGAPI
1428	select CRYPTO_DES
1429	help
1430	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1431	  optimized using SPARC64 crypto opcodes.
1432
1433config CRYPTO_DES3_EDE_X86_64
1434	tristate "Triple DES EDE cipher algorithm (x86-64)"
1435	depends on X86 && 64BIT
1436	select CRYPTO_BLKCIPHER
1437	select CRYPTO_DES
1438	help
1439	  Triple DES EDE (FIPS 46-3) algorithm.
1440
1441	  This module provides implementation of the Triple DES EDE cipher
1442	  algorithm that is optimized for x86-64 processors. Two versions of
1443	  algorithm are provided; regular processing one input block and
1444	  one that processes three blocks parallel.
1445
1446config CRYPTO_FCRYPT
1447	tristate "FCrypt cipher algorithm"
1448	select CRYPTO_ALGAPI
1449	select CRYPTO_BLKCIPHER
1450	help
1451	  FCrypt algorithm used by RxRPC.
1452
1453config CRYPTO_KHAZAD
1454	tristate "Khazad cipher algorithm"
1455	select CRYPTO_ALGAPI
1456	help
1457	  Khazad cipher algorithm.
1458
1459	  Khazad was a finalist in the initial NESSIE competition.  It is
1460	  an algorithm optimized for 64-bit processors with good performance
1461	  on 32-bit processors.  Khazad uses an 128 bit key size.
1462
1463	  See also:
1464	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1465
1466config CRYPTO_SALSA20
1467	tristate "Salsa20 stream cipher algorithm"
1468	select CRYPTO_BLKCIPHER
1469	help
1470	  Salsa20 stream cipher algorithm.
1471
1472	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1473	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1474
1475	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1476	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1477
1478config CRYPTO_CHACHA20
1479	tristate "ChaCha stream cipher algorithms"
1480	select CRYPTO_BLKCIPHER
1481	help
1482	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1483
1484	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1485	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1486	  This is the portable C implementation of ChaCha20.  See also:
1487	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1488
1489	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1490	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1491	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1492	  while provably retaining ChaCha20's security.  See also:
1493	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1494
1495	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1496	  reduced security margin but increased performance.  It can be needed
1497	  in some performance-sensitive scenarios.
1498
1499config CRYPTO_CHACHA20_X86_64
1500	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1501	depends on X86 && 64BIT
1502	select CRYPTO_BLKCIPHER
1503	select CRYPTO_CHACHA20
1504	help
1505	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1506	  XChaCha20, and XChaCha12 stream ciphers.
1507
1508config CRYPTO_SEED
1509	tristate "SEED cipher algorithm"
1510	select CRYPTO_ALGAPI
1511	help
1512	  SEED cipher algorithm (RFC4269).
1513
1514	  SEED is a 128-bit symmetric key block cipher that has been
1515	  developed by KISA (Korea Information Security Agency) as a
1516	  national standard encryption algorithm of the Republic of Korea.
1517	  It is a 16 round block cipher with the key size of 128 bit.
1518
1519	  See also:
1520	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1521
1522config CRYPTO_SERPENT
1523	tristate "Serpent cipher algorithm"
1524	select CRYPTO_ALGAPI
1525	help
1526	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1527
1528	  Keys are allowed to be from 0 to 256 bits in length, in steps
1529	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1530	  variant of Serpent for compatibility with old kerneli.org code.
1531
1532	  See also:
1533	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1534
1535config CRYPTO_SERPENT_SSE2_X86_64
1536	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1537	depends on X86 && 64BIT
1538	select CRYPTO_BLKCIPHER
1539	select CRYPTO_GLUE_HELPER_X86
1540	select CRYPTO_SERPENT
1541	select CRYPTO_SIMD
1542	help
1543	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544
1545	  Keys are allowed to be from 0 to 256 bits in length, in steps
1546	  of 8 bits.
1547
1548	  This module provides Serpent cipher algorithm that processes eight
1549	  blocks parallel using SSE2 instruction set.
1550
1551	  See also:
1552	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1553
1554config CRYPTO_SERPENT_SSE2_586
1555	tristate "Serpent cipher algorithm (i586/SSE2)"
1556	depends on X86 && !64BIT
1557	select CRYPTO_BLKCIPHER
1558	select CRYPTO_GLUE_HELPER_X86
1559	select CRYPTO_SERPENT
1560	select CRYPTO_SIMD
1561	help
1562	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1563
1564	  Keys are allowed to be from 0 to 256 bits in length, in steps
1565	  of 8 bits.
1566
1567	  This module provides Serpent cipher algorithm that processes four
1568	  blocks parallel using SSE2 instruction set.
1569
1570	  See also:
1571	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1572
1573config CRYPTO_SERPENT_AVX_X86_64
1574	tristate "Serpent cipher algorithm (x86_64/AVX)"
1575	depends on X86 && 64BIT
1576	select CRYPTO_BLKCIPHER
1577	select CRYPTO_GLUE_HELPER_X86
1578	select CRYPTO_SERPENT
1579	select CRYPTO_SIMD
1580	select CRYPTO_XTS
1581	help
1582	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1583
1584	  Keys are allowed to be from 0 to 256 bits in length, in steps
1585	  of 8 bits.
1586
1587	  This module provides the Serpent cipher algorithm that processes
1588	  eight blocks parallel using the AVX instruction set.
1589
1590	  See also:
1591	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1592
1593config CRYPTO_SERPENT_AVX2_X86_64
1594	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1595	depends on X86 && 64BIT
1596	select CRYPTO_SERPENT_AVX_X86_64
1597	help
1598	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1599
1600	  Keys are allowed to be from 0 to 256 bits in length, in steps
1601	  of 8 bits.
1602
1603	  This module provides Serpent cipher algorithm that processes 16
1604	  blocks parallel using AVX2 instruction set.
1605
1606	  See also:
1607	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1608
1609config CRYPTO_SM4
1610	tristate "SM4 cipher algorithm"
1611	select CRYPTO_ALGAPI
1612	help
1613	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1614
1615	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1616	  Organization of State Commercial Administration of China (OSCCA)
1617	  as an authorized cryptographic algorithms for the use within China.
1618
1619	  SMS4 was originally created for use in protecting wireless
1620	  networks, and is mandated in the Chinese National Standard for
1621	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1622	  (GB.15629.11-2003).
1623
1624	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1625	  standardized through TC 260 of the Standardization Administration
1626	  of the People's Republic of China (SAC).
1627
1628	  The input, output, and key of SMS4 are each 128 bits.
1629
1630	  See also: <https://eprint.iacr.org/2008/329.pdf>
1631
1632	  If unsure, say N.
1633
1634config CRYPTO_TEA
1635	tristate "TEA, XTEA and XETA cipher algorithms"
1636	select CRYPTO_ALGAPI
1637	help
1638	  TEA cipher algorithm.
1639
1640	  Tiny Encryption Algorithm is a simple cipher that uses
1641	  many rounds for security.  It is very fast and uses
1642	  little memory.
1643
1644	  Xtendend Tiny Encryption Algorithm is a modification to
1645	  the TEA algorithm to address a potential key weakness
1646	  in the TEA algorithm.
1647
1648	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1649	  of the XTEA algorithm for compatibility purposes.
1650
1651config CRYPTO_TWOFISH
1652	tristate "Twofish cipher algorithm"
1653	select CRYPTO_ALGAPI
1654	select CRYPTO_TWOFISH_COMMON
1655	help
1656	  Twofish cipher algorithm.
1657
1658	  Twofish was submitted as an AES (Advanced Encryption Standard)
1659	  candidate cipher by researchers at CounterPane Systems.  It is a
1660	  16 round block cipher supporting key sizes of 128, 192, and 256
1661	  bits.
1662
1663	  See also:
1664	  <http://www.schneier.com/twofish.html>
1665
1666config CRYPTO_TWOFISH_COMMON
1667	tristate
1668	help
1669	  Common parts of the Twofish cipher algorithm shared by the
1670	  generic c and the assembler implementations.
1671
1672config CRYPTO_TWOFISH_586
1673	tristate "Twofish cipher algorithms (i586)"
1674	depends on (X86 || UML_X86) && !64BIT
1675	select CRYPTO_ALGAPI
1676	select CRYPTO_TWOFISH_COMMON
1677	help
1678	  Twofish cipher algorithm.
1679
1680	  Twofish was submitted as an AES (Advanced Encryption Standard)
1681	  candidate cipher by researchers at CounterPane Systems.  It is a
1682	  16 round block cipher supporting key sizes of 128, 192, and 256
1683	  bits.
1684
1685	  See also:
1686	  <http://www.schneier.com/twofish.html>
1687
1688config CRYPTO_TWOFISH_X86_64
1689	tristate "Twofish cipher algorithm (x86_64)"
1690	depends on (X86 || UML_X86) && 64BIT
1691	select CRYPTO_ALGAPI
1692	select CRYPTO_TWOFISH_COMMON
1693	help
1694	  Twofish cipher algorithm (x86_64).
1695
1696	  Twofish was submitted as an AES (Advanced Encryption Standard)
1697	  candidate cipher by researchers at CounterPane Systems.  It is a
1698	  16 round block cipher supporting key sizes of 128, 192, and 256
1699	  bits.
1700
1701	  See also:
1702	  <http://www.schneier.com/twofish.html>
1703
1704config CRYPTO_TWOFISH_X86_64_3WAY
1705	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1706	depends on X86 && 64BIT
1707	select CRYPTO_BLKCIPHER
1708	select CRYPTO_TWOFISH_COMMON
1709	select CRYPTO_TWOFISH_X86_64
1710	select CRYPTO_GLUE_HELPER_X86
1711	help
1712	  Twofish cipher algorithm (x86_64, 3-way parallel).
1713
1714	  Twofish was submitted as an AES (Advanced Encryption Standard)
1715	  candidate cipher by researchers at CounterPane Systems.  It is a
1716	  16 round block cipher supporting key sizes of 128, 192, and 256
1717	  bits.
1718
1719	  This module provides Twofish cipher algorithm that processes three
1720	  blocks parallel, utilizing resources of out-of-order CPUs better.
1721
1722	  See also:
1723	  <http://www.schneier.com/twofish.html>
1724
1725config CRYPTO_TWOFISH_AVX_X86_64
1726	tristate "Twofish cipher algorithm (x86_64/AVX)"
1727	depends on X86 && 64BIT
1728	select CRYPTO_BLKCIPHER
1729	select CRYPTO_GLUE_HELPER_X86
1730	select CRYPTO_SIMD
1731	select CRYPTO_TWOFISH_COMMON
1732	select CRYPTO_TWOFISH_X86_64
1733	select CRYPTO_TWOFISH_X86_64_3WAY
1734	help
1735	  Twofish cipher algorithm (x86_64/AVX).
1736
1737	  Twofish was submitted as an AES (Advanced Encryption Standard)
1738	  candidate cipher by researchers at CounterPane Systems.  It is a
1739	  16 round block cipher supporting key sizes of 128, 192, and 256
1740	  bits.
1741
1742	  This module provides the Twofish cipher algorithm that processes
1743	  eight blocks parallel using the AVX Instruction Set.
1744
1745	  See also:
1746	  <http://www.schneier.com/twofish.html>
1747
1748comment "Compression"
1749
1750config CRYPTO_DEFLATE
1751	tristate "Deflate compression algorithm"
1752	select CRYPTO_ALGAPI
1753	select CRYPTO_ACOMP2
1754	select ZLIB_INFLATE
1755	select ZLIB_DEFLATE
1756	help
1757	  This is the Deflate algorithm (RFC1951), specified for use in
1758	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1759
1760	  You will most probably want this if using IPSec.
1761
1762config CRYPTO_LZO
1763	tristate "LZO compression algorithm"
1764	select CRYPTO_ALGAPI
1765	select CRYPTO_ACOMP2
1766	select LZO_COMPRESS
1767	select LZO_DECOMPRESS
1768	help
1769	  This is the LZO algorithm.
1770
1771config CRYPTO_842
1772	tristate "842 compression algorithm"
1773	select CRYPTO_ALGAPI
1774	select CRYPTO_ACOMP2
1775	select 842_COMPRESS
1776	select 842_DECOMPRESS
1777	help
1778	  This is the 842 algorithm.
1779
1780config CRYPTO_LZ4
1781	tristate "LZ4 compression algorithm"
1782	select CRYPTO_ALGAPI
1783	select CRYPTO_ACOMP2
1784	select LZ4_COMPRESS
1785	select LZ4_DECOMPRESS
1786	help
1787	  This is the LZ4 algorithm.
1788
1789config CRYPTO_LZ4HC
1790	tristate "LZ4HC compression algorithm"
1791	select CRYPTO_ALGAPI
1792	select CRYPTO_ACOMP2
1793	select LZ4HC_COMPRESS
1794	select LZ4_DECOMPRESS
1795	help
1796	  This is the LZ4 high compression mode algorithm.
1797
1798config CRYPTO_ZSTD
1799	tristate "Zstd compression algorithm"
1800	select CRYPTO_ALGAPI
1801	select CRYPTO_ACOMP2
1802	select ZSTD_COMPRESS
1803	select ZSTD_DECOMPRESS
1804	help
1805	  This is the zstd algorithm.
1806
1807comment "Random Number Generation"
1808
1809config CRYPTO_ANSI_CPRNG
1810	tristate "Pseudo Random Number Generation for Cryptographic modules"
1811	select CRYPTO_AES
1812	select CRYPTO_RNG
1813	help
1814	  This option enables the generic pseudo random number generator
1815	  for cryptographic modules.  Uses the Algorithm specified in
1816	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1817	  CRYPTO_FIPS is selected
1818
1819menuconfig CRYPTO_DRBG_MENU
1820	tristate "NIST SP800-90A DRBG"
1821	help
1822	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1823	  more of the DRBG types must be selected.
1824
1825if CRYPTO_DRBG_MENU
1826
1827config CRYPTO_DRBG_HMAC
1828	bool
1829	default y
1830	select CRYPTO_HMAC
1831	select CRYPTO_SHA256
1832
1833config CRYPTO_DRBG_HASH
1834	bool "Enable Hash DRBG"
1835	select CRYPTO_SHA256
1836	help
1837	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1838
1839config CRYPTO_DRBG_CTR
1840	bool "Enable CTR DRBG"
1841	select CRYPTO_AES
1842	depends on CRYPTO_CTR
1843	help
1844	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1845
1846config CRYPTO_DRBG
1847	tristate
1848	default CRYPTO_DRBG_MENU
1849	select CRYPTO_RNG
1850	select CRYPTO_JITTERENTROPY
1851
1852endif	# if CRYPTO_DRBG_MENU
1853
1854config CRYPTO_JITTERENTROPY
1855	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1856	select CRYPTO_RNG
1857	help
1858	  The Jitterentropy RNG is a noise that is intended
1859	  to provide seed to another RNG. The RNG does not
1860	  perform any cryptographic whitening of the generated
1861	  random numbers. This Jitterentropy RNG registers with
1862	  the kernel crypto API and can be used by any caller.
1863
1864config CRYPTO_USER_API
1865	tristate
1866
1867config CRYPTO_USER_API_HASH
1868	tristate "User-space interface for hash algorithms"
1869	depends on NET
1870	select CRYPTO_HASH
1871	select CRYPTO_USER_API
1872	help
1873	  This option enables the user-spaces interface for hash
1874	  algorithms.
1875
1876config CRYPTO_USER_API_SKCIPHER
1877	tristate "User-space interface for symmetric key cipher algorithms"
1878	depends on NET
1879	select CRYPTO_BLKCIPHER
1880	select CRYPTO_USER_API
1881	help
1882	  This option enables the user-spaces interface for symmetric
1883	  key cipher algorithms.
1884
1885config CRYPTO_USER_API_RNG
1886	tristate "User-space interface for random number generator algorithms"
1887	depends on NET
1888	select CRYPTO_RNG
1889	select CRYPTO_USER_API
1890	help
1891	  This option enables the user-spaces interface for random
1892	  number generator algorithms.
1893
1894config CRYPTO_USER_API_AEAD
1895	tristate "User-space interface for AEAD cipher algorithms"
1896	depends on NET
1897	select CRYPTO_AEAD
1898	select CRYPTO_BLKCIPHER
1899	select CRYPTO_NULL
1900	select CRYPTO_USER_API
1901	help
1902	  This option enables the user-spaces interface for AEAD
1903	  cipher algorithms.
1904
1905config CRYPTO_STATS
1906	bool "Crypto usage statistics for User-space"
1907	depends on CRYPTO_USER
1908	help
1909	  This option enables the gathering of crypto stats.
1910	  This will collect:
1911	  - encrypt/decrypt size and numbers of symmeric operations
1912	  - compress/decompress size and numbers of compress operations
1913	  - size and numbers of hash operations
1914	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1915	  - generate/seed numbers for rng operations
1916
1917config CRYPTO_HASH_INFO
1918	bool
1919
1920source "drivers/crypto/Kconfig"
1921source "crypto/asymmetric_keys/Kconfig"
1922source "certs/Kconfig"
1923
1924endif	# if CRYPTO
1925