1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select LIB_MEMNEQ 19 help 20 This option provides the core Cryptographic API. 21 22if CRYPTO 23 24comment "Crypto core or helper" 25 26config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36config CRYPTO_ALGAPI 37 tristate 38 select CRYPTO_ALGAPI2 39 help 40 This option provides the API for cryptographic algorithms. 41 42config CRYPTO_ALGAPI2 43 tristate 44 45config CRYPTO_AEAD 46 tristate 47 select CRYPTO_AEAD2 48 select CRYPTO_ALGAPI 49 50config CRYPTO_AEAD2 51 tristate 52 select CRYPTO_ALGAPI2 53 select CRYPTO_NULL2 54 select CRYPTO_RNG2 55 56config CRYPTO_SKCIPHER 57 tristate 58 select CRYPTO_SKCIPHER2 59 select CRYPTO_ALGAPI 60 61config CRYPTO_SKCIPHER2 62 tristate 63 select CRYPTO_ALGAPI2 64 select CRYPTO_RNG2 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_MANAGER 117 tristate "Cryptographic algorithm manager" 118 select CRYPTO_MANAGER2 119 help 120 Create default cryptographic template instantiations such as 121 cbc(aes). 122 123config CRYPTO_MANAGER2 124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 125 select CRYPTO_AEAD2 126 select CRYPTO_HASH2 127 select CRYPTO_SKCIPHER2 128 select CRYPTO_AKCIPHER2 129 select CRYPTO_KPP2 130 select CRYPTO_ACOMP2 131 132config CRYPTO_USER 133 tristate "Userspace cryptographic algorithm configuration" 134 depends on NET 135 select CRYPTO_MANAGER 136 help 137 Userspace configuration for cryptographic instantiations such as 138 cbc(aes). 139 140config CRYPTO_MANAGER_DISABLE_TESTS 141 bool "Disable run-time self tests" 142 default y 143 help 144 Disable run-time self tests that normally take place at 145 algorithm registration. 146 147config CRYPTO_MANAGER_EXTRA_TESTS 148 bool "Enable extra run-time crypto self tests" 149 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 150 help 151 Enable extra run-time self tests of registered crypto algorithms, 152 including randomized fuzz tests. 153 154 This is intended for developer use only, as these tests take much 155 longer to run than the normal self tests. 156 157config CRYPTO_GF128MUL 158 tristate 159 160config CRYPTO_NULL 161 tristate "Null algorithms" 162 select CRYPTO_NULL2 163 help 164 These are 'Null' algorithms, used by IPsec, which do nothing. 165 166config CRYPTO_NULL2 167 tristate 168 select CRYPTO_ALGAPI2 169 select CRYPTO_SKCIPHER2 170 select CRYPTO_HASH2 171 172config CRYPTO_PCRYPT 173 tristate "Parallel crypto engine" 174 depends on SMP 175 select PADATA 176 select CRYPTO_MANAGER 177 select CRYPTO_AEAD 178 help 179 This converts an arbitrary crypto algorithm into a parallel 180 algorithm that executes in kernel threads. 181 182config CRYPTO_CRYPTD 183 tristate "Software async crypto daemon" 184 select CRYPTO_SKCIPHER 185 select CRYPTO_HASH 186 select CRYPTO_MANAGER 187 help 188 This is a generic software asynchronous crypto daemon that 189 converts an arbitrary synchronous software crypto algorithm 190 into an asynchronous algorithm that executes in a kernel thread. 191 192config CRYPTO_AUTHENC 193 tristate "Authenc support" 194 select CRYPTO_AEAD 195 select CRYPTO_SKCIPHER 196 select CRYPTO_MANAGER 197 select CRYPTO_HASH 198 select CRYPTO_NULL 199 help 200 Authenc: Combined mode wrapper for IPsec. 201 This is required for IPSec. 202 203config CRYPTO_TEST 204 tristate "Testing module" 205 depends on m 206 select CRYPTO_MANAGER 207 help 208 Quick & dirty crypto test module. 209 210config CRYPTO_SIMD 211 tristate 212 select CRYPTO_CRYPTD 213 214config CRYPTO_GLUE_HELPER_X86 215 tristate 216 depends on X86 217 select CRYPTO_SKCIPHER 218 219config CRYPTO_ENGINE 220 tristate 221 222comment "Public-key cryptography" 223 224config CRYPTO_RSA 225 tristate "RSA algorithm" 226 select CRYPTO_AKCIPHER 227 select CRYPTO_MANAGER 228 select MPILIB 229 select ASN1 230 help 231 Generic implementation of the RSA public key algorithm. 232 233config CRYPTO_DH 234 tristate "Diffie-Hellman algorithm" 235 select CRYPTO_KPP 236 select MPILIB 237 help 238 Generic implementation of the Diffie-Hellman algorithm. 239 240config CRYPTO_ECC 241 tristate 242 select CRYPTO_RNG_DEFAULT 243 244config CRYPTO_ECDH 245 tristate "ECDH algorithm" 246 select CRYPTO_ECC 247 select CRYPTO_KPP 248 help 249 Generic implementation of the ECDH algorithm 250 251config CRYPTO_ECDSA 252 tristate "ECDSA (NIST P192, P256 etc.) algorithm" 253 select CRYPTO_ECC 254 select CRYPTO_AKCIPHER 255 select ASN1 256 help 257 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 258 is A NIST cryptographic standard algorithm. Only signature verification 259 is implemented. 260 261config CRYPTO_ECRDSA 262 tristate "EC-RDSA (GOST 34.10) algorithm" 263 select CRYPTO_ECC 264 select CRYPTO_AKCIPHER 265 select CRYPTO_STREEBOG 266 select OID_REGISTRY 267 select ASN1 268 help 269 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 270 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 271 standard algorithms (called GOST algorithms). Only signature verification 272 is implemented. 273 274config CRYPTO_SM2 275 tristate "SM2 algorithm" 276 select CRYPTO_SM3 277 select CRYPTO_AKCIPHER 278 select CRYPTO_MANAGER 279 select MPILIB 280 select ASN1 281 help 282 Generic implementation of the SM2 public key algorithm. It was 283 published by State Encryption Management Bureau, China. 284 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 285 286 References: 287 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 288 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 289 http://www.gmbz.org.cn/main/bzlb.html 290 291config CRYPTO_CURVE25519 292 tristate "Curve25519 algorithm" 293 select CRYPTO_KPP 294 select CRYPTO_LIB_CURVE25519_GENERIC 295 296config CRYPTO_CURVE25519_X86 297 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 298 depends on X86 && 64BIT 299 select CRYPTO_LIB_CURVE25519_GENERIC 300 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 301 302comment "Authenticated Encryption with Associated Data" 303 304config CRYPTO_CCM 305 tristate "CCM support" 306 select CRYPTO_CTR 307 select CRYPTO_HASH 308 select CRYPTO_AEAD 309 select CRYPTO_MANAGER 310 help 311 Support for Counter with CBC MAC. Required for IPsec. 312 313config CRYPTO_GCM 314 tristate "GCM/GMAC support" 315 select CRYPTO_CTR 316 select CRYPTO_AEAD 317 select CRYPTO_GHASH 318 select CRYPTO_NULL 319 select CRYPTO_MANAGER 320 help 321 Support for Galois/Counter Mode (GCM) and Galois Message 322 Authentication Code (GMAC). Required for IPSec. 323 324config CRYPTO_CHACHA20POLY1305 325 tristate "ChaCha20-Poly1305 AEAD support" 326 select CRYPTO_CHACHA20 327 select CRYPTO_POLY1305 328 select CRYPTO_AEAD 329 select CRYPTO_MANAGER 330 help 331 ChaCha20-Poly1305 AEAD support, RFC7539. 332 333 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 334 with the Poly1305 authenticator. It is defined in RFC7539 for use in 335 IETF protocols. 336 337config CRYPTO_AEGIS128 338 tristate "AEGIS-128 AEAD algorithm" 339 select CRYPTO_AEAD 340 select CRYPTO_AES # for AES S-box tables 341 help 342 Support for the AEGIS-128 dedicated AEAD algorithm. 343 344config CRYPTO_AEGIS128_SIMD 345 bool "Support SIMD acceleration for AEGIS-128" 346 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 347 default y 348 349config CRYPTO_AEGIS128_AESNI_SSE2 350 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 351 depends on X86 && 64BIT 352 select CRYPTO_AEAD 353 select CRYPTO_SIMD 354 help 355 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 356 357config CRYPTO_SEQIV 358 tristate "Sequence Number IV Generator" 359 select CRYPTO_AEAD 360 select CRYPTO_SKCIPHER 361 select CRYPTO_NULL 362 select CRYPTO_RNG_DEFAULT 363 select CRYPTO_MANAGER 364 help 365 This IV generator generates an IV based on a sequence number by 366 xoring it with a salt. This algorithm is mainly useful for CTR 367 368config CRYPTO_ECHAINIV 369 tristate "Encrypted Chain IV Generator" 370 select CRYPTO_AEAD 371 select CRYPTO_NULL 372 select CRYPTO_RNG_DEFAULT 373 select CRYPTO_MANAGER 374 help 375 This IV generator generates an IV based on the encryption of 376 a sequence number xored with a salt. This is the default 377 algorithm for CBC. 378 379comment "Block modes" 380 381config CRYPTO_CBC 382 tristate "CBC support" 383 select CRYPTO_SKCIPHER 384 select CRYPTO_MANAGER 385 help 386 CBC: Cipher Block Chaining mode 387 This block cipher algorithm is required for IPSec. 388 389config CRYPTO_CFB 390 tristate "CFB support" 391 select CRYPTO_SKCIPHER 392 select CRYPTO_MANAGER 393 help 394 CFB: Cipher FeedBack mode 395 This block cipher algorithm is required for TPM2 Cryptography. 396 397config CRYPTO_CTR 398 tristate "CTR support" 399 select CRYPTO_SKCIPHER 400 select CRYPTO_MANAGER 401 help 402 CTR: Counter mode 403 This block cipher algorithm is required for IPSec. 404 405config CRYPTO_CTS 406 tristate "CTS support" 407 select CRYPTO_SKCIPHER 408 select CRYPTO_MANAGER 409 help 410 CTS: Cipher Text Stealing 411 This is the Cipher Text Stealing mode as described by 412 Section 8 of rfc2040 and referenced by rfc3962 413 (rfc3962 includes errata information in its Appendix A) or 414 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 415 This mode is required for Kerberos gss mechanism support 416 for AES encryption. 417 418 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 419 420config CRYPTO_ECB 421 tristate "ECB support" 422 select CRYPTO_SKCIPHER 423 select CRYPTO_MANAGER 424 help 425 ECB: Electronic CodeBook mode 426 This is the simplest block cipher algorithm. It simply encrypts 427 the input block by block. 428 429config CRYPTO_LRW 430 tristate "LRW support" 431 select CRYPTO_SKCIPHER 432 select CRYPTO_MANAGER 433 select CRYPTO_GF128MUL 434 help 435 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 436 narrow block cipher mode for dm-crypt. Use it with cipher 437 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 438 The first 128, 192 or 256 bits in the key are used for AES and the 439 rest is used to tie each cipher block to its logical position. 440 441config CRYPTO_OFB 442 tristate "OFB support" 443 select CRYPTO_SKCIPHER 444 select CRYPTO_MANAGER 445 help 446 OFB: the Output Feedback mode makes a block cipher into a synchronous 447 stream cipher. It generates keystream blocks, which are then XORed 448 with the plaintext blocks to get the ciphertext. Flipping a bit in the 449 ciphertext produces a flipped bit in the plaintext at the same 450 location. This property allows many error correcting codes to function 451 normally even when applied before encryption. 452 453config CRYPTO_PCBC 454 tristate "PCBC support" 455 select CRYPTO_SKCIPHER 456 select CRYPTO_MANAGER 457 help 458 PCBC: Propagating Cipher Block Chaining mode 459 This block cipher algorithm is required for RxRPC. 460 461config CRYPTO_XTS 462 tristate "XTS support" 463 select CRYPTO_SKCIPHER 464 select CRYPTO_MANAGER 465 select CRYPTO_ECB 466 help 467 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 468 key size 256, 384 or 512 bits. This implementation currently 469 can't handle a sectorsize which is not a multiple of 16 bytes. 470 471config CRYPTO_KEYWRAP 472 tristate "Key wrapping support" 473 select CRYPTO_SKCIPHER 474 select CRYPTO_MANAGER 475 help 476 Support for key wrapping (NIST SP800-38F / RFC3394) without 477 padding. 478 479config CRYPTO_NHPOLY1305 480 tristate 481 select CRYPTO_HASH 482 select CRYPTO_LIB_POLY1305_GENERIC 483 484config CRYPTO_NHPOLY1305_SSE2 485 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 486 depends on X86 && 64BIT 487 select CRYPTO_NHPOLY1305 488 help 489 SSE2 optimized implementation of the hash function used by the 490 Adiantum encryption mode. 491 492config CRYPTO_NHPOLY1305_AVX2 493 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 494 depends on X86 && 64BIT 495 select CRYPTO_NHPOLY1305 496 help 497 AVX2 optimized implementation of the hash function used by the 498 Adiantum encryption mode. 499 500config CRYPTO_ADIANTUM 501 tristate "Adiantum support" 502 select CRYPTO_CHACHA20 503 select CRYPTO_LIB_POLY1305_GENERIC 504 select CRYPTO_NHPOLY1305 505 select CRYPTO_MANAGER 506 help 507 Adiantum is a tweakable, length-preserving encryption mode 508 designed for fast and secure disk encryption, especially on 509 CPUs without dedicated crypto instructions. It encrypts 510 each sector using the XChaCha12 stream cipher, two passes of 511 an ε-almost-∆-universal hash function, and an invocation of 512 the AES-256 block cipher on a single 16-byte block. On CPUs 513 without AES instructions, Adiantum is much faster than 514 AES-XTS. 515 516 Adiantum's security is provably reducible to that of its 517 underlying stream and block ciphers, subject to a security 518 bound. Unlike XTS, Adiantum is a true wide-block encryption 519 mode, so it actually provides an even stronger notion of 520 security than XTS, subject to the security bound. 521 522 If unsure, say N. 523 524config CRYPTO_ESSIV 525 tristate "ESSIV support for block encryption" 526 select CRYPTO_AUTHENC 527 help 528 Encrypted salt-sector initialization vector (ESSIV) is an IV 529 generation method that is used in some cases by fscrypt and/or 530 dm-crypt. It uses the hash of the block encryption key as the 531 symmetric key for a block encryption pass applied to the input 532 IV, making low entropy IV sources more suitable for block 533 encryption. 534 535 This driver implements a crypto API template that can be 536 instantiated either as an skcipher or as an AEAD (depending on the 537 type of the first template argument), and which defers encryption 538 and decryption requests to the encapsulated cipher after applying 539 ESSIV to the input IV. Note that in the AEAD case, it is assumed 540 that the keys are presented in the same format used by the authenc 541 template, and that the IV appears at the end of the authenticated 542 associated data (AAD) region (which is how dm-crypt uses it.) 543 544 Note that the use of ESSIV is not recommended for new deployments, 545 and so this only needs to be enabled when interoperability with 546 existing encrypted volumes of filesystems is required, or when 547 building for a particular system that requires it (e.g., when 548 the SoC in question has accelerated CBC but not XTS, making CBC 549 combined with ESSIV the only feasible mode for h/w accelerated 550 block encryption) 551 552comment "Hash modes" 553 554config CRYPTO_CMAC 555 tristate "CMAC support" 556 select CRYPTO_HASH 557 select CRYPTO_MANAGER 558 help 559 Cipher-based Message Authentication Code (CMAC) specified by 560 The National Institute of Standards and Technology (NIST). 561 562 https://tools.ietf.org/html/rfc4493 563 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 564 565config CRYPTO_HMAC 566 tristate "HMAC support" 567 select CRYPTO_HASH 568 select CRYPTO_MANAGER 569 help 570 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 571 This is required for IPSec. 572 573config CRYPTO_XCBC 574 tristate "XCBC support" 575 select CRYPTO_HASH 576 select CRYPTO_MANAGER 577 help 578 XCBC: Keyed-Hashing with encryption algorithm 579 https://www.ietf.org/rfc/rfc3566.txt 580 http://csrc.nist.gov/encryption/modes/proposedmodes/ 581 xcbc-mac/xcbc-mac-spec.pdf 582 583config CRYPTO_VMAC 584 tristate "VMAC support" 585 select CRYPTO_HASH 586 select CRYPTO_MANAGER 587 help 588 VMAC is a message authentication algorithm designed for 589 very high speed on 64-bit architectures. 590 591 See also: 592 <https://fastcrypto.org/vmac> 593 594comment "Digest" 595 596config CRYPTO_CRC32C 597 tristate "CRC32c CRC algorithm" 598 select CRYPTO_HASH 599 select CRC32 600 help 601 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 602 by iSCSI for header and data digests and by others. 603 See Castagnoli93. Module will be crc32c. 604 605config CRYPTO_CRC32C_INTEL 606 tristate "CRC32c INTEL hardware acceleration" 607 depends on X86 608 select CRYPTO_HASH 609 help 610 In Intel processor with SSE4.2 supported, the processor will 611 support CRC32C implementation using hardware accelerated CRC32 612 instruction. This option will create 'crc32c-intel' module, 613 which will enable any routine to use the CRC32 instruction to 614 gain performance compared with software implementation. 615 Module will be crc32c-intel. 616 617config CRYPTO_CRC32C_VPMSUM 618 tristate "CRC32c CRC algorithm (powerpc64)" 619 depends on PPC64 && ALTIVEC 620 select CRYPTO_HASH 621 select CRC32 622 help 623 CRC32c algorithm implemented using vector polynomial multiply-sum 624 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 625 and newer processors for improved performance. 626 627 628config CRYPTO_CRC32C_SPARC64 629 tristate "CRC32c CRC algorithm (SPARC64)" 630 depends on SPARC64 631 select CRYPTO_HASH 632 select CRC32 633 help 634 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 635 when available. 636 637config CRYPTO_CRC32 638 tristate "CRC32 CRC algorithm" 639 select CRYPTO_HASH 640 select CRC32 641 help 642 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 643 Shash crypto api wrappers to crc32_le function. 644 645config CRYPTO_CRC32_PCLMUL 646 tristate "CRC32 PCLMULQDQ hardware acceleration" 647 depends on X86 648 select CRYPTO_HASH 649 select CRC32 650 help 651 From Intel Westmere and AMD Bulldozer processor with SSE4.2 652 and PCLMULQDQ supported, the processor will support 653 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 654 instruction. This option will create 'crc32-pclmul' module, 655 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 656 and gain better performance as compared with the table implementation. 657 658config CRYPTO_CRC32_MIPS 659 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 660 depends on MIPS_CRC_SUPPORT 661 select CRYPTO_HASH 662 help 663 CRC32c and CRC32 CRC algorithms implemented using mips crypto 664 instructions, when available. 665 666 667config CRYPTO_XXHASH 668 tristate "xxHash hash algorithm" 669 select CRYPTO_HASH 670 select XXHASH 671 help 672 xxHash non-cryptographic hash algorithm. Extremely fast, working at 673 speeds close to RAM limits. 674 675config CRYPTO_BLAKE2B 676 tristate "BLAKE2b digest algorithm" 677 select CRYPTO_HASH 678 help 679 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 680 optimized for 64bit platforms and can produce digests of any size 681 between 1 to 64. The keyed hash is also implemented. 682 683 This module provides the following algorithms: 684 685 - blake2b-160 686 - blake2b-256 687 - blake2b-384 688 - blake2b-512 689 690 See https://blake2.net for further information. 691 692config CRYPTO_BLAKE2S 693 tristate "BLAKE2s digest algorithm" 694 select CRYPTO_LIB_BLAKE2S_GENERIC 695 select CRYPTO_HASH 696 help 697 Implementation of cryptographic hash function BLAKE2s 698 optimized for 8-32bit platforms and can produce digests of any size 699 between 1 to 32. The keyed hash is also implemented. 700 701 This module provides the following algorithms: 702 703 - blake2s-128 704 - blake2s-160 705 - blake2s-224 706 - blake2s-256 707 708 See https://blake2.net for further information. 709 710config CRYPTO_BLAKE2S_X86 711 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 712 depends on X86 && 64BIT 713 select CRYPTO_LIB_BLAKE2S_GENERIC 714 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 715 716config CRYPTO_CRCT10DIF 717 tristate "CRCT10DIF algorithm" 718 select CRYPTO_HASH 719 help 720 CRC T10 Data Integrity Field computation is being cast as 721 a crypto transform. This allows for faster crc t10 diff 722 transforms to be used if they are available. 723 724config CRYPTO_CRCT10DIF_PCLMUL 725 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 726 depends on X86 && 64BIT && CRC_T10DIF 727 select CRYPTO_HASH 728 help 729 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 730 CRC T10 DIF PCLMULQDQ computation can be hardware 731 accelerated PCLMULQDQ instruction. This option will create 732 'crct10dif-pclmul' module, which is faster when computing the 733 crct10dif checksum as compared with the generic table implementation. 734 735config CRYPTO_CRCT10DIF_VPMSUM 736 tristate "CRC32T10DIF powerpc64 hardware acceleration" 737 depends on PPC64 && ALTIVEC && CRC_T10DIF 738 select CRYPTO_HASH 739 help 740 CRC10T10DIF algorithm implemented using vector polynomial 741 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 742 POWER8 and newer processors for improved performance. 743 744config CRYPTO_VPMSUM_TESTER 745 tristate "Powerpc64 vpmsum hardware acceleration tester" 746 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 747 help 748 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 749 POWER8 vpmsum instructions. 750 Unless you are testing these algorithms, you don't need this. 751 752config CRYPTO_GHASH 753 tristate "GHASH hash function" 754 select CRYPTO_GF128MUL 755 select CRYPTO_HASH 756 help 757 GHASH is the hash function used in GCM (Galois/Counter Mode). 758 It is not a general-purpose cryptographic hash function. 759 760config CRYPTO_POLY1305 761 tristate "Poly1305 authenticator algorithm" 762 select CRYPTO_HASH 763 select CRYPTO_LIB_POLY1305_GENERIC 764 help 765 Poly1305 authenticator algorithm, RFC7539. 766 767 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 768 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 769 in IETF protocols. This is the portable C implementation of Poly1305. 770 771config CRYPTO_POLY1305_X86_64 772 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 773 depends on X86 && 64BIT 774 select CRYPTO_LIB_POLY1305_GENERIC 775 select CRYPTO_ARCH_HAVE_LIB_POLY1305 776 help 777 Poly1305 authenticator algorithm, RFC7539. 778 779 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 780 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 781 in IETF protocols. This is the x86_64 assembler implementation using SIMD 782 instructions. 783 784config CRYPTO_POLY1305_MIPS 785 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 786 depends on MIPS 787 select CRYPTO_ARCH_HAVE_LIB_POLY1305 788 789config CRYPTO_MD4 790 tristate "MD4 digest algorithm" 791 select CRYPTO_HASH 792 help 793 MD4 message digest algorithm (RFC1320). 794 795config CRYPTO_MD5 796 tristate "MD5 digest algorithm" 797 select CRYPTO_HASH 798 help 799 MD5 message digest algorithm (RFC1321). 800 801config CRYPTO_MD5_OCTEON 802 tristate "MD5 digest algorithm (OCTEON)" 803 depends on CPU_CAVIUM_OCTEON 804 select CRYPTO_MD5 805 select CRYPTO_HASH 806 help 807 MD5 message digest algorithm (RFC1321) implemented 808 using OCTEON crypto instructions, when available. 809 810config CRYPTO_MD5_PPC 811 tristate "MD5 digest algorithm (PPC)" 812 depends on PPC 813 select CRYPTO_HASH 814 help 815 MD5 message digest algorithm (RFC1321) implemented 816 in PPC assembler. 817 818config CRYPTO_MD5_SPARC64 819 tristate "MD5 digest algorithm (SPARC64)" 820 depends on SPARC64 821 select CRYPTO_MD5 822 select CRYPTO_HASH 823 help 824 MD5 message digest algorithm (RFC1321) implemented 825 using sparc64 crypto instructions, when available. 826 827config CRYPTO_MICHAEL_MIC 828 tristate "Michael MIC keyed digest algorithm" 829 select CRYPTO_HASH 830 help 831 Michael MIC is used for message integrity protection in TKIP 832 (IEEE 802.11i). This algorithm is required for TKIP, but it 833 should not be used for other purposes because of the weakness 834 of the algorithm. 835 836config CRYPTO_RMD128 837 tristate "RIPEMD-128 digest algorithm" 838 select CRYPTO_HASH 839 help 840 RIPEMD-128 (ISO/IEC 10118-3:2004). 841 842 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 843 be used as a secure replacement for RIPEMD. For other use cases, 844 RIPEMD-160 should be used. 845 846 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 847 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 848 849config CRYPTO_RMD160 850 tristate "RIPEMD-160 digest algorithm" 851 select CRYPTO_HASH 852 help 853 RIPEMD-160 (ISO/IEC 10118-3:2004). 854 855 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 856 to be used as a secure replacement for the 128-bit hash functions 857 MD4, MD5 and it's predecessor RIPEMD 858 (not to be confused with RIPEMD-128). 859 860 It's speed is comparable to SHA1 and there are no known attacks 861 against RIPEMD-160. 862 863 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 864 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 865 866config CRYPTO_RMD256 867 tristate "RIPEMD-256 digest algorithm" 868 select CRYPTO_HASH 869 help 870 RIPEMD-256 is an optional extension of RIPEMD-128 with a 871 256 bit hash. It is intended for applications that require 872 longer hash-results, without needing a larger security level 873 (than RIPEMD-128). 874 875 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 876 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 877 878config CRYPTO_RMD320 879 tristate "RIPEMD-320 digest algorithm" 880 select CRYPTO_HASH 881 help 882 RIPEMD-320 is an optional extension of RIPEMD-160 with a 883 320 bit hash. It is intended for applications that require 884 longer hash-results, without needing a larger security level 885 (than RIPEMD-160). 886 887 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 888 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 889 890config CRYPTO_SHA1 891 tristate "SHA1 digest algorithm" 892 select CRYPTO_HASH 893 help 894 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 895 896config CRYPTO_SHA1_SSSE3 897 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 898 depends on X86 && 64BIT 899 select CRYPTO_SHA1 900 select CRYPTO_HASH 901 help 902 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 903 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 904 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 905 when available. 906 907config CRYPTO_SHA256_SSSE3 908 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 909 depends on X86 && 64BIT 910 select CRYPTO_SHA256 911 select CRYPTO_HASH 912 help 913 SHA-256 secure hash standard (DFIPS 180-2) implemented 914 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 915 Extensions version 1 (AVX1), or Advanced Vector Extensions 916 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 917 Instructions) when available. 918 919config CRYPTO_SHA512_SSSE3 920 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 921 depends on X86 && 64BIT 922 select CRYPTO_SHA512 923 select CRYPTO_HASH 924 help 925 SHA-512 secure hash standard (DFIPS 180-2) implemented 926 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 927 Extensions version 1 (AVX1), or Advanced Vector Extensions 928 version 2 (AVX2) instructions, when available. 929 930config CRYPTO_SHA1_OCTEON 931 tristate "SHA1 digest algorithm (OCTEON)" 932 depends on CPU_CAVIUM_OCTEON 933 select CRYPTO_SHA1 934 select CRYPTO_HASH 935 help 936 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 937 using OCTEON crypto instructions, when available. 938 939config CRYPTO_SHA1_SPARC64 940 tristate "SHA1 digest algorithm (SPARC64)" 941 depends on SPARC64 942 select CRYPTO_SHA1 943 select CRYPTO_HASH 944 help 945 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 946 using sparc64 crypto instructions, when available. 947 948config CRYPTO_SHA1_PPC 949 tristate "SHA1 digest algorithm (powerpc)" 950 depends on PPC 951 help 952 This is the powerpc hardware accelerated implementation of the 953 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 954 955config CRYPTO_SHA1_PPC_SPE 956 tristate "SHA1 digest algorithm (PPC SPE)" 957 depends on PPC && SPE 958 help 959 SHA-1 secure hash standard (DFIPS 180-4) implemented 960 using powerpc SPE SIMD instruction set. 961 962config CRYPTO_SHA256 963 tristate "SHA224 and SHA256 digest algorithm" 964 select CRYPTO_HASH 965 select CRYPTO_LIB_SHA256 966 help 967 SHA256 secure hash standard (DFIPS 180-2). 968 969 This version of SHA implements a 256 bit hash with 128 bits of 970 security against collision attacks. 971 972 This code also includes SHA-224, a 224 bit hash with 112 bits 973 of security against collision attacks. 974 975config CRYPTO_SHA256_PPC_SPE 976 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 977 depends on PPC && SPE 978 select CRYPTO_SHA256 979 select CRYPTO_HASH 980 help 981 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 982 implemented using powerpc SPE SIMD instruction set. 983 984config CRYPTO_SHA256_OCTEON 985 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 986 depends on CPU_CAVIUM_OCTEON 987 select CRYPTO_SHA256 988 select CRYPTO_HASH 989 help 990 SHA-256 secure hash standard (DFIPS 180-2) implemented 991 using OCTEON crypto instructions, when available. 992 993config CRYPTO_SHA256_SPARC64 994 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 995 depends on SPARC64 996 select CRYPTO_SHA256 997 select CRYPTO_HASH 998 help 999 SHA-256 secure hash standard (DFIPS 180-2) implemented 1000 using sparc64 crypto instructions, when available. 1001 1002config CRYPTO_SHA512 1003 tristate "SHA384 and SHA512 digest algorithms" 1004 select CRYPTO_HASH 1005 help 1006 SHA512 secure hash standard (DFIPS 180-2). 1007 1008 This version of SHA implements a 512 bit hash with 256 bits of 1009 security against collision attacks. 1010 1011 This code also includes SHA-384, a 384 bit hash with 192 bits 1012 of security against collision attacks. 1013 1014config CRYPTO_SHA512_OCTEON 1015 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1016 depends on CPU_CAVIUM_OCTEON 1017 select CRYPTO_SHA512 1018 select CRYPTO_HASH 1019 help 1020 SHA-512 secure hash standard (DFIPS 180-2) implemented 1021 using OCTEON crypto instructions, when available. 1022 1023config CRYPTO_SHA512_SPARC64 1024 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1025 depends on SPARC64 1026 select CRYPTO_SHA512 1027 select CRYPTO_HASH 1028 help 1029 SHA-512 secure hash standard (DFIPS 180-2) implemented 1030 using sparc64 crypto instructions, when available. 1031 1032config CRYPTO_SHA3 1033 tristate "SHA3 digest algorithm" 1034 select CRYPTO_HASH 1035 help 1036 SHA-3 secure hash standard (DFIPS 202). It's based on 1037 cryptographic sponge function family called Keccak. 1038 1039 References: 1040 http://keccak.noekeon.org/ 1041 1042config CRYPTO_SM3 1043 tristate "SM3 digest algorithm" 1044 select CRYPTO_HASH 1045 help 1046 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1047 It is part of the Chinese Commercial Cryptography suite. 1048 1049 References: 1050 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1051 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1052 1053config CRYPTO_STREEBOG 1054 tristate "Streebog Hash Function" 1055 select CRYPTO_HASH 1056 help 1057 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1058 cryptographic standard algorithms (called GOST algorithms). 1059 This setting enables two hash algorithms with 256 and 512 bits output. 1060 1061 References: 1062 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1063 https://tools.ietf.org/html/rfc6986 1064 1065config CRYPTO_TGR192 1066 tristate "Tiger digest algorithms" 1067 select CRYPTO_HASH 1068 help 1069 Tiger hash algorithm 192, 160 and 128-bit hashes 1070 1071 Tiger is a hash function optimized for 64-bit processors while 1072 still having decent performance on 32-bit processors. 1073 Tiger was developed by Ross Anderson and Eli Biham. 1074 1075 See also: 1076 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1077 1078config CRYPTO_WP512 1079 tristate "Whirlpool digest algorithms" 1080 select CRYPTO_HASH 1081 help 1082 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1083 1084 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1085 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1086 1087 See also: 1088 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1089 1090config CRYPTO_GHASH_CLMUL_NI_INTEL 1091 tristate "GHASH hash function (CLMUL-NI accelerated)" 1092 depends on X86 && 64BIT 1093 select CRYPTO_CRYPTD 1094 help 1095 This is the x86_64 CLMUL-NI accelerated implementation of 1096 GHASH, the hash function used in GCM (Galois/Counter mode). 1097 1098comment "Ciphers" 1099 1100config CRYPTO_AES 1101 tristate "AES cipher algorithms" 1102 select CRYPTO_ALGAPI 1103 select CRYPTO_LIB_AES 1104 help 1105 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1106 algorithm. 1107 1108 Rijndael appears to be consistently a very good performer in 1109 both hardware and software across a wide range of computing 1110 environments regardless of its use in feedback or non-feedback 1111 modes. Its key setup time is excellent, and its key agility is 1112 good. Rijndael's very low memory requirements make it very well 1113 suited for restricted-space environments, in which it also 1114 demonstrates excellent performance. Rijndael's operations are 1115 among the easiest to defend against power and timing attacks. 1116 1117 The AES specifies three key sizes: 128, 192 and 256 bits 1118 1119 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1120 1121config CRYPTO_AES_TI 1122 tristate "Fixed time AES cipher" 1123 select CRYPTO_ALGAPI 1124 select CRYPTO_LIB_AES 1125 help 1126 This is a generic implementation of AES that attempts to eliminate 1127 data dependent latencies as much as possible without affecting 1128 performance too much. It is intended for use by the generic CCM 1129 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1130 solely on encryption (although decryption is supported as well, but 1131 with a more dramatic performance hit) 1132 1133 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1134 8 for decryption), this implementation only uses just two S-boxes of 1135 256 bytes each, and attempts to eliminate data dependent latencies by 1136 prefetching the entire table into the cache at the start of each 1137 block. Interrupts are also disabled to avoid races where cachelines 1138 are evicted when the CPU is interrupted to do something else. 1139 1140config CRYPTO_AES_NI_INTEL 1141 tristate "AES cipher algorithms (AES-NI)" 1142 depends on X86 1143 select CRYPTO_AEAD 1144 select CRYPTO_LIB_AES 1145 select CRYPTO_ALGAPI 1146 select CRYPTO_SKCIPHER 1147 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1148 select CRYPTO_SIMD 1149 help 1150 Use Intel AES-NI instructions for AES algorithm. 1151 1152 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1153 algorithm. 1154 1155 Rijndael appears to be consistently a very good performer in 1156 both hardware and software across a wide range of computing 1157 environments regardless of its use in feedback or non-feedback 1158 modes. Its key setup time is excellent, and its key agility is 1159 good. Rijndael's very low memory requirements make it very well 1160 suited for restricted-space environments, in which it also 1161 demonstrates excellent performance. Rijndael's operations are 1162 among the easiest to defend against power and timing attacks. 1163 1164 The AES specifies three key sizes: 128, 192 and 256 bits 1165 1166 See <http://csrc.nist.gov/encryption/aes/> for more information. 1167 1168 In addition to AES cipher algorithm support, the acceleration 1169 for some popular block cipher mode is supported too, including 1170 ECB, CBC, LRW, XTS. The 64 bit version has additional 1171 acceleration for CTR. 1172 1173config CRYPTO_AES_SPARC64 1174 tristate "AES cipher algorithms (SPARC64)" 1175 depends on SPARC64 1176 select CRYPTO_SKCIPHER 1177 help 1178 Use SPARC64 crypto opcodes for AES algorithm. 1179 1180 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1181 algorithm. 1182 1183 Rijndael appears to be consistently a very good performer in 1184 both hardware and software across a wide range of computing 1185 environments regardless of its use in feedback or non-feedback 1186 modes. Its key setup time is excellent, and its key agility is 1187 good. Rijndael's very low memory requirements make it very well 1188 suited for restricted-space environments, in which it also 1189 demonstrates excellent performance. Rijndael's operations are 1190 among the easiest to defend against power and timing attacks. 1191 1192 The AES specifies three key sizes: 128, 192 and 256 bits 1193 1194 See <http://csrc.nist.gov/encryption/aes/> for more information. 1195 1196 In addition to AES cipher algorithm support, the acceleration 1197 for some popular block cipher mode is supported too, including 1198 ECB and CBC. 1199 1200config CRYPTO_AES_PPC_SPE 1201 tristate "AES cipher algorithms (PPC SPE)" 1202 depends on PPC && SPE 1203 select CRYPTO_SKCIPHER 1204 help 1205 AES cipher algorithms (FIPS-197). Additionally the acceleration 1206 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1207 This module should only be used for low power (router) devices 1208 without hardware AES acceleration (e.g. caam crypto). It reduces the 1209 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1210 timining attacks. Nevertheless it might be not as secure as other 1211 architecture specific assembler implementations that work on 1KB 1212 tables or 256 bytes S-boxes. 1213 1214config CRYPTO_ANUBIS 1215 tristate "Anubis cipher algorithm" 1216 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1217 select CRYPTO_ALGAPI 1218 help 1219 Anubis cipher algorithm. 1220 1221 Anubis is a variable key length cipher which can use keys from 1222 128 bits to 320 bits in length. It was evaluated as a entrant 1223 in the NESSIE competition. 1224 1225 See also: 1226 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1227 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1228 1229config CRYPTO_ARC4 1230 tristate "ARC4 cipher algorithm" 1231 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1232 select CRYPTO_SKCIPHER 1233 select CRYPTO_LIB_ARC4 1234 help 1235 ARC4 cipher algorithm. 1236 1237 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1238 bits in length. This algorithm is required for driver-based 1239 WEP, but it should not be for other purposes because of the 1240 weakness of the algorithm. 1241 1242config CRYPTO_BLOWFISH 1243 tristate "Blowfish cipher algorithm" 1244 select CRYPTO_ALGAPI 1245 select CRYPTO_BLOWFISH_COMMON 1246 help 1247 Blowfish cipher algorithm, by Bruce Schneier. 1248 1249 This is a variable key length cipher which can use keys from 32 1250 bits to 448 bits in length. It's fast, simple and specifically 1251 designed for use on "large microprocessors". 1252 1253 See also: 1254 <https://www.schneier.com/blowfish.html> 1255 1256config CRYPTO_BLOWFISH_COMMON 1257 tristate 1258 help 1259 Common parts of the Blowfish cipher algorithm shared by the 1260 generic c and the assembler implementations. 1261 1262 See also: 1263 <https://www.schneier.com/blowfish.html> 1264 1265config CRYPTO_BLOWFISH_X86_64 1266 tristate "Blowfish cipher algorithm (x86_64)" 1267 depends on X86 && 64BIT 1268 select CRYPTO_SKCIPHER 1269 select CRYPTO_BLOWFISH_COMMON 1270 help 1271 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1272 1273 This is a variable key length cipher which can use keys from 32 1274 bits to 448 bits in length. It's fast, simple and specifically 1275 designed for use on "large microprocessors". 1276 1277 See also: 1278 <https://www.schneier.com/blowfish.html> 1279 1280config CRYPTO_CAMELLIA 1281 tristate "Camellia cipher algorithms" 1282 depends on CRYPTO 1283 select CRYPTO_ALGAPI 1284 help 1285 Camellia cipher algorithms module. 1286 1287 Camellia is a symmetric key block cipher developed jointly 1288 at NTT and Mitsubishi Electric Corporation. 1289 1290 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1291 1292 See also: 1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1294 1295config CRYPTO_CAMELLIA_X86_64 1296 tristate "Camellia cipher algorithm (x86_64)" 1297 depends on X86 && 64BIT 1298 depends on CRYPTO 1299 select CRYPTO_SKCIPHER 1300 select CRYPTO_GLUE_HELPER_X86 1301 help 1302 Camellia cipher algorithm module (x86_64). 1303 1304 Camellia is a symmetric key block cipher developed jointly 1305 at NTT and Mitsubishi Electric Corporation. 1306 1307 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1308 1309 See also: 1310 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1311 1312config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1313 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1314 depends on X86 && 64BIT 1315 depends on CRYPTO 1316 select CRYPTO_SKCIPHER 1317 select CRYPTO_CAMELLIA_X86_64 1318 select CRYPTO_GLUE_HELPER_X86 1319 select CRYPTO_SIMD 1320 select CRYPTO_XTS 1321 help 1322 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1323 1324 Camellia is a symmetric key block cipher developed jointly 1325 at NTT and Mitsubishi Electric Corporation. 1326 1327 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1328 1329 See also: 1330 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1331 1332config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1333 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1334 depends on X86 && 64BIT 1335 depends on CRYPTO 1336 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1337 help 1338 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1339 1340 Camellia is a symmetric key block cipher developed jointly 1341 at NTT and Mitsubishi Electric Corporation. 1342 1343 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1344 1345 See also: 1346 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1347 1348config CRYPTO_CAMELLIA_SPARC64 1349 tristate "Camellia cipher algorithm (SPARC64)" 1350 depends on SPARC64 1351 depends on CRYPTO 1352 select CRYPTO_ALGAPI 1353 select CRYPTO_SKCIPHER 1354 help 1355 Camellia cipher algorithm module (SPARC64). 1356 1357 Camellia is a symmetric key block cipher developed jointly 1358 at NTT and Mitsubishi Electric Corporation. 1359 1360 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1361 1362 See also: 1363 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1364 1365config CRYPTO_CAST_COMMON 1366 tristate 1367 help 1368 Common parts of the CAST cipher algorithms shared by the 1369 generic c and the assembler implementations. 1370 1371config CRYPTO_CAST5 1372 tristate "CAST5 (CAST-128) cipher algorithm" 1373 select CRYPTO_ALGAPI 1374 select CRYPTO_CAST_COMMON 1375 help 1376 The CAST5 encryption algorithm (synonymous with CAST-128) is 1377 described in RFC2144. 1378 1379config CRYPTO_CAST5_AVX_X86_64 1380 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1381 depends on X86 && 64BIT 1382 select CRYPTO_SKCIPHER 1383 select CRYPTO_CAST5 1384 select CRYPTO_CAST_COMMON 1385 select CRYPTO_SIMD 1386 help 1387 The CAST5 encryption algorithm (synonymous with CAST-128) is 1388 described in RFC2144. 1389 1390 This module provides the Cast5 cipher algorithm that processes 1391 sixteen blocks parallel using the AVX instruction set. 1392 1393config CRYPTO_CAST6 1394 tristate "CAST6 (CAST-256) cipher algorithm" 1395 select CRYPTO_ALGAPI 1396 select CRYPTO_CAST_COMMON 1397 help 1398 The CAST6 encryption algorithm (synonymous with CAST-256) is 1399 described in RFC2612. 1400 1401config CRYPTO_CAST6_AVX_X86_64 1402 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1403 depends on X86 && 64BIT 1404 select CRYPTO_SKCIPHER 1405 select CRYPTO_CAST6 1406 select CRYPTO_CAST_COMMON 1407 select CRYPTO_GLUE_HELPER_X86 1408 select CRYPTO_SIMD 1409 select CRYPTO_XTS 1410 help 1411 The CAST6 encryption algorithm (synonymous with CAST-256) is 1412 described in RFC2612. 1413 1414 This module provides the Cast6 cipher algorithm that processes 1415 eight blocks parallel using the AVX instruction set. 1416 1417config CRYPTO_DES 1418 tristate "DES and Triple DES EDE cipher algorithms" 1419 select CRYPTO_ALGAPI 1420 select CRYPTO_LIB_DES 1421 help 1422 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1423 1424config CRYPTO_DES_SPARC64 1425 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1426 depends on SPARC64 1427 select CRYPTO_ALGAPI 1428 select CRYPTO_LIB_DES 1429 select CRYPTO_SKCIPHER 1430 help 1431 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1432 optimized using SPARC64 crypto opcodes. 1433 1434config CRYPTO_DES3_EDE_X86_64 1435 tristate "Triple DES EDE cipher algorithm (x86-64)" 1436 depends on X86 && 64BIT 1437 select CRYPTO_SKCIPHER 1438 select CRYPTO_LIB_DES 1439 help 1440 Triple DES EDE (FIPS 46-3) algorithm. 1441 1442 This module provides implementation of the Triple DES EDE cipher 1443 algorithm that is optimized for x86-64 processors. Two versions of 1444 algorithm are provided; regular processing one input block and 1445 one that processes three blocks parallel. 1446 1447config CRYPTO_FCRYPT 1448 tristate "FCrypt cipher algorithm" 1449 select CRYPTO_ALGAPI 1450 select CRYPTO_SKCIPHER 1451 help 1452 FCrypt algorithm used by RxRPC. 1453 1454config CRYPTO_KHAZAD 1455 tristate "Khazad cipher algorithm" 1456 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1457 select CRYPTO_ALGAPI 1458 help 1459 Khazad cipher algorithm. 1460 1461 Khazad was a finalist in the initial NESSIE competition. It is 1462 an algorithm optimized for 64-bit processors with good performance 1463 on 32-bit processors. Khazad uses an 128 bit key size. 1464 1465 See also: 1466 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1467 1468config CRYPTO_SALSA20 1469 tristate "Salsa20 stream cipher algorithm" 1470 select CRYPTO_SKCIPHER 1471 help 1472 Salsa20 stream cipher algorithm. 1473 1474 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1475 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/> 1476 1477 The Salsa20 stream cipher algorithm is designed by Daniel J. 1478 Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html> 1479 1480config CRYPTO_CHACHA20 1481 tristate "ChaCha stream cipher algorithms" 1482 select CRYPTO_LIB_CHACHA_GENERIC 1483 select CRYPTO_SKCIPHER 1484 help 1485 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1486 1487 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1488 Bernstein and further specified in RFC7539 for use in IETF protocols. 1489 This is the portable C implementation of ChaCha20. See also: 1490 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1491 1492 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1493 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1494 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1495 while provably retaining ChaCha20's security. See also: 1496 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1497 1498 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1499 reduced security margin but increased performance. It can be needed 1500 in some performance-sensitive scenarios. 1501 1502config CRYPTO_CHACHA20_X86_64 1503 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1504 depends on X86 && 64BIT 1505 select CRYPTO_SKCIPHER 1506 select CRYPTO_LIB_CHACHA_GENERIC 1507 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1508 help 1509 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1510 XChaCha20, and XChaCha12 stream ciphers. 1511 1512config CRYPTO_CHACHA_MIPS 1513 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1514 depends on CPU_MIPS32_R2 1515 select CRYPTO_SKCIPHER 1516 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1517 1518config CRYPTO_SEED 1519 tristate "SEED cipher algorithm" 1520 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1521 select CRYPTO_ALGAPI 1522 help 1523 SEED cipher algorithm (RFC4269). 1524 1525 SEED is a 128-bit symmetric key block cipher that has been 1526 developed by KISA (Korea Information Security Agency) as a 1527 national standard encryption algorithm of the Republic of Korea. 1528 It is a 16 round block cipher with the key size of 128 bit. 1529 1530 See also: 1531 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1532 1533config CRYPTO_SERPENT 1534 tristate "Serpent cipher algorithm" 1535 select CRYPTO_ALGAPI 1536 help 1537 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1538 1539 Keys are allowed to be from 0 to 256 bits in length, in steps 1540 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1541 variant of Serpent for compatibility with old kerneli.org code. 1542 1543 See also: 1544 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1545 1546config CRYPTO_SERPENT_SSE2_X86_64 1547 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1548 depends on X86 && 64BIT 1549 select CRYPTO_SKCIPHER 1550 select CRYPTO_GLUE_HELPER_X86 1551 select CRYPTO_SERPENT 1552 select CRYPTO_SIMD 1553 help 1554 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1555 1556 Keys are allowed to be from 0 to 256 bits in length, in steps 1557 of 8 bits. 1558 1559 This module provides Serpent cipher algorithm that processes eight 1560 blocks parallel using SSE2 instruction set. 1561 1562 See also: 1563 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1564 1565config CRYPTO_SERPENT_SSE2_586 1566 tristate "Serpent cipher algorithm (i586/SSE2)" 1567 depends on X86 && !64BIT 1568 select CRYPTO_SKCIPHER 1569 select CRYPTO_GLUE_HELPER_X86 1570 select CRYPTO_SERPENT 1571 select CRYPTO_SIMD 1572 help 1573 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1574 1575 Keys are allowed to be from 0 to 256 bits in length, in steps 1576 of 8 bits. 1577 1578 This module provides Serpent cipher algorithm that processes four 1579 blocks parallel using SSE2 instruction set. 1580 1581 See also: 1582 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1583 1584config CRYPTO_SERPENT_AVX_X86_64 1585 tristate "Serpent cipher algorithm (x86_64/AVX)" 1586 depends on X86 && 64BIT 1587 select CRYPTO_SKCIPHER 1588 select CRYPTO_GLUE_HELPER_X86 1589 select CRYPTO_SERPENT 1590 select CRYPTO_SIMD 1591 select CRYPTO_XTS 1592 help 1593 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1594 1595 Keys are allowed to be from 0 to 256 bits in length, in steps 1596 of 8 bits. 1597 1598 This module provides the Serpent cipher algorithm that processes 1599 eight blocks parallel using the AVX instruction set. 1600 1601 See also: 1602 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1603 1604config CRYPTO_SERPENT_AVX2_X86_64 1605 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1606 depends on X86 && 64BIT 1607 select CRYPTO_SERPENT_AVX_X86_64 1608 help 1609 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1610 1611 Keys are allowed to be from 0 to 256 bits in length, in steps 1612 of 8 bits. 1613 1614 This module provides Serpent cipher algorithm that processes 16 1615 blocks parallel using AVX2 instruction set. 1616 1617 See also: 1618 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1619 1620config CRYPTO_SM4 1621 tristate "SM4 cipher algorithm" 1622 select CRYPTO_ALGAPI 1623 help 1624 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1625 1626 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1627 Organization of State Commercial Administration of China (OSCCA) 1628 as an authorized cryptographic algorithms for the use within China. 1629 1630 SMS4 was originally created for use in protecting wireless 1631 networks, and is mandated in the Chinese National Standard for 1632 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1633 (GB.15629.11-2003). 1634 1635 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1636 standardized through TC 260 of the Standardization Administration 1637 of the People's Republic of China (SAC). 1638 1639 The input, output, and key of SMS4 are each 128 bits. 1640 1641 See also: <https://eprint.iacr.org/2008/329.pdf> 1642 1643 If unsure, say N. 1644 1645config CRYPTO_TEA 1646 tristate "TEA, XTEA and XETA cipher algorithms" 1647 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1648 select CRYPTO_ALGAPI 1649 help 1650 TEA cipher algorithm. 1651 1652 Tiny Encryption Algorithm is a simple cipher that uses 1653 many rounds for security. It is very fast and uses 1654 little memory. 1655 1656 Xtendend Tiny Encryption Algorithm is a modification to 1657 the TEA algorithm to address a potential key weakness 1658 in the TEA algorithm. 1659 1660 Xtendend Encryption Tiny Algorithm is a mis-implementation 1661 of the XTEA algorithm for compatibility purposes. 1662 1663config CRYPTO_TWOFISH 1664 tristate "Twofish cipher algorithm" 1665 select CRYPTO_ALGAPI 1666 select CRYPTO_TWOFISH_COMMON 1667 help 1668 Twofish cipher algorithm. 1669 1670 Twofish was submitted as an AES (Advanced Encryption Standard) 1671 candidate cipher by researchers at CounterPane Systems. It is a 1672 16 round block cipher supporting key sizes of 128, 192, and 256 1673 bits. 1674 1675 See also: 1676 <https://www.schneier.com/twofish.html> 1677 1678config CRYPTO_TWOFISH_COMMON 1679 tristate 1680 help 1681 Common parts of the Twofish cipher algorithm shared by the 1682 generic c and the assembler implementations. 1683 1684config CRYPTO_TWOFISH_586 1685 tristate "Twofish cipher algorithms (i586)" 1686 depends on (X86 || UML_X86) && !64BIT 1687 select CRYPTO_ALGAPI 1688 select CRYPTO_TWOFISH_COMMON 1689 help 1690 Twofish cipher algorithm. 1691 1692 Twofish was submitted as an AES (Advanced Encryption Standard) 1693 candidate cipher by researchers at CounterPane Systems. It is a 1694 16 round block cipher supporting key sizes of 128, 192, and 256 1695 bits. 1696 1697 See also: 1698 <https://www.schneier.com/twofish.html> 1699 1700config CRYPTO_TWOFISH_X86_64 1701 tristate "Twofish cipher algorithm (x86_64)" 1702 depends on (X86 || UML_X86) && 64BIT 1703 select CRYPTO_ALGAPI 1704 select CRYPTO_TWOFISH_COMMON 1705 help 1706 Twofish cipher algorithm (x86_64). 1707 1708 Twofish was submitted as an AES (Advanced Encryption Standard) 1709 candidate cipher by researchers at CounterPane Systems. It is a 1710 16 round block cipher supporting key sizes of 128, 192, and 256 1711 bits. 1712 1713 See also: 1714 <https://www.schneier.com/twofish.html> 1715 1716config CRYPTO_TWOFISH_X86_64_3WAY 1717 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1718 depends on X86 && 64BIT 1719 select CRYPTO_SKCIPHER 1720 select CRYPTO_TWOFISH_COMMON 1721 select CRYPTO_TWOFISH_X86_64 1722 select CRYPTO_GLUE_HELPER_X86 1723 help 1724 Twofish cipher algorithm (x86_64, 3-way parallel). 1725 1726 Twofish was submitted as an AES (Advanced Encryption Standard) 1727 candidate cipher by researchers at CounterPane Systems. It is a 1728 16 round block cipher supporting key sizes of 128, 192, and 256 1729 bits. 1730 1731 This module provides Twofish cipher algorithm that processes three 1732 blocks parallel, utilizing resources of out-of-order CPUs better. 1733 1734 See also: 1735 <https://www.schneier.com/twofish.html> 1736 1737config CRYPTO_TWOFISH_AVX_X86_64 1738 tristate "Twofish cipher algorithm (x86_64/AVX)" 1739 depends on X86 && 64BIT 1740 select CRYPTO_SKCIPHER 1741 select CRYPTO_GLUE_HELPER_X86 1742 select CRYPTO_SIMD 1743 select CRYPTO_TWOFISH_COMMON 1744 select CRYPTO_TWOFISH_X86_64 1745 select CRYPTO_TWOFISH_X86_64_3WAY 1746 help 1747 Twofish cipher algorithm (x86_64/AVX). 1748 1749 Twofish was submitted as an AES (Advanced Encryption Standard) 1750 candidate cipher by researchers at CounterPane Systems. It is a 1751 16 round block cipher supporting key sizes of 128, 192, and 256 1752 bits. 1753 1754 This module provides the Twofish cipher algorithm that processes 1755 eight blocks parallel using the AVX Instruction Set. 1756 1757 See also: 1758 <https://www.schneier.com/twofish.html> 1759 1760comment "Compression" 1761 1762config CRYPTO_DEFLATE 1763 tristate "Deflate compression algorithm" 1764 select CRYPTO_ALGAPI 1765 select CRYPTO_ACOMP2 1766 select ZLIB_INFLATE 1767 select ZLIB_DEFLATE 1768 help 1769 This is the Deflate algorithm (RFC1951), specified for use in 1770 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1771 1772 You will most probably want this if using IPSec. 1773 1774config CRYPTO_LZO 1775 tristate "LZO compression algorithm" 1776 select CRYPTO_ALGAPI 1777 select CRYPTO_ACOMP2 1778 select LZO_COMPRESS 1779 select LZO_DECOMPRESS 1780 help 1781 This is the LZO algorithm. 1782 1783config CRYPTO_842 1784 tristate "842 compression algorithm" 1785 select CRYPTO_ALGAPI 1786 select CRYPTO_ACOMP2 1787 select 842_COMPRESS 1788 select 842_DECOMPRESS 1789 help 1790 This is the 842 algorithm. 1791 1792config CRYPTO_LZ4 1793 tristate "LZ4 compression algorithm" 1794 select CRYPTO_ALGAPI 1795 select CRYPTO_ACOMP2 1796 select LZ4_COMPRESS 1797 select LZ4_DECOMPRESS 1798 help 1799 This is the LZ4 algorithm. 1800 1801config CRYPTO_LZ4HC 1802 tristate "LZ4HC compression algorithm" 1803 select CRYPTO_ALGAPI 1804 select CRYPTO_ACOMP2 1805 select LZ4HC_COMPRESS 1806 select LZ4_DECOMPRESS 1807 help 1808 This is the LZ4 high compression mode algorithm. 1809 1810config CRYPTO_ZSTD 1811 tristate "Zstd compression algorithm" 1812 select CRYPTO_ALGAPI 1813 select CRYPTO_ACOMP2 1814 select ZSTD_COMPRESS 1815 select ZSTD_DECOMPRESS 1816 help 1817 This is the zstd algorithm. 1818 1819comment "Random Number Generation" 1820 1821config CRYPTO_ANSI_CPRNG 1822 tristate "Pseudo Random Number Generation for Cryptographic modules" 1823 select CRYPTO_AES 1824 select CRYPTO_RNG 1825 help 1826 This option enables the generic pseudo random number generator 1827 for cryptographic modules. Uses the Algorithm specified in 1828 ANSI X9.31 A.2.4. Note that this option must be enabled if 1829 CRYPTO_FIPS is selected 1830 1831menuconfig CRYPTO_DRBG_MENU 1832 tristate "NIST SP800-90A DRBG" 1833 help 1834 NIST SP800-90A compliant DRBG. In the following submenu, one or 1835 more of the DRBG types must be selected. 1836 1837if CRYPTO_DRBG_MENU 1838 1839config CRYPTO_DRBG_HMAC 1840 bool 1841 default y 1842 select CRYPTO_HMAC 1843 select CRYPTO_SHA256 1844 1845config CRYPTO_DRBG_HASH 1846 bool "Enable Hash DRBG" 1847 select CRYPTO_SHA256 1848 help 1849 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1850 1851config CRYPTO_DRBG_CTR 1852 bool "Enable CTR DRBG" 1853 select CRYPTO_AES 1854 select CRYPTO_CTR 1855 help 1856 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1857 1858config CRYPTO_DRBG 1859 tristate 1860 default CRYPTO_DRBG_MENU 1861 select CRYPTO_RNG 1862 select CRYPTO_JITTERENTROPY 1863 1864endif # if CRYPTO_DRBG_MENU 1865 1866config CRYPTO_JITTERENTROPY 1867 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1868 select CRYPTO_RNG 1869 help 1870 The Jitterentropy RNG is a noise that is intended 1871 to provide seed to another RNG. The RNG does not 1872 perform any cryptographic whitening of the generated 1873 random numbers. This Jitterentropy RNG registers with 1874 the kernel crypto API and can be used by any caller. 1875 1876config CRYPTO_USER_API 1877 tristate 1878 1879config CRYPTO_USER_API_HASH 1880 tristate "User-space interface for hash algorithms" 1881 depends on NET 1882 select CRYPTO_HASH 1883 select CRYPTO_USER_API 1884 help 1885 This option enables the user-spaces interface for hash 1886 algorithms. 1887 1888config CRYPTO_USER_API_SKCIPHER 1889 tristate "User-space interface for symmetric key cipher algorithms" 1890 depends on NET 1891 select CRYPTO_SKCIPHER 1892 select CRYPTO_USER_API 1893 help 1894 This option enables the user-spaces interface for symmetric 1895 key cipher algorithms. 1896 1897config CRYPTO_USER_API_RNG 1898 tristate "User-space interface for random number generator algorithms" 1899 depends on NET 1900 select CRYPTO_RNG 1901 select CRYPTO_USER_API 1902 help 1903 This option enables the user-spaces interface for random 1904 number generator algorithms. 1905 1906config CRYPTO_USER_API_RNG_CAVP 1907 bool "Enable CAVP testing of DRBG" 1908 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1909 help 1910 This option enables extra API for CAVP testing via the user-space 1911 interface: resetting of DRBG entropy, and providing Additional Data. 1912 This should only be enabled for CAVP testing. You should say 1913 no unless you know what this is. 1914 1915config CRYPTO_USER_API_AEAD 1916 tristate "User-space interface for AEAD cipher algorithms" 1917 depends on NET 1918 select CRYPTO_AEAD 1919 select CRYPTO_SKCIPHER 1920 select CRYPTO_NULL 1921 select CRYPTO_USER_API 1922 help 1923 This option enables the user-spaces interface for AEAD 1924 cipher algorithms. 1925 1926config CRYPTO_USER_API_ENABLE_OBSOLETE 1927 bool "Enable obsolete cryptographic algorithms for userspace" 1928 depends on CRYPTO_USER_API 1929 default y 1930 help 1931 Allow obsolete cryptographic algorithms to be selected that have 1932 already been phased out from internal use by the kernel, and are 1933 only useful for userspace clients that still rely on them. 1934 1935config CRYPTO_STATS 1936 bool "Crypto usage statistics for User-space" 1937 depends on CRYPTO_USER 1938 help 1939 This option enables the gathering of crypto stats. 1940 This will collect: 1941 - encrypt/decrypt size and numbers of symmeric operations 1942 - compress/decompress size and numbers of compress operations 1943 - size and numbers of hash operations 1944 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1945 - generate/seed numbers for rng operations 1946 1947config CRYPTO_HASH_INFO 1948 bool 1949 1950source "drivers/crypto/Kconfig" 1951source "crypto/asymmetric_keys/Kconfig" 1952source "certs/Kconfig" 1953 1954endif # if CRYPTO 1955