• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	select LIB_MEMNEQ
19	help
20	  This option provides the core Cryptographic API.
21
22if CRYPTO
23
24comment "Crypto core or helper"
25
26config CRYPTO_FIPS
27	bool "FIPS 200 compliance"
28	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29	depends on (MODULE_SIG || !MODULES)
30	help
31	  This option enables the fips boot option which is
32	  required if you want the system to operate in a FIPS 200
33	  certification.  You should say no unless you know what
34	  this is.
35
36config CRYPTO_ALGAPI
37	tristate
38	select CRYPTO_ALGAPI2
39	help
40	  This option provides the API for cryptographic algorithms.
41
42config CRYPTO_ALGAPI2
43	tristate
44
45config CRYPTO_AEAD
46	tristate
47	select CRYPTO_AEAD2
48	select CRYPTO_ALGAPI
49
50config CRYPTO_AEAD2
51	tristate
52	select CRYPTO_ALGAPI2
53	select CRYPTO_NULL2
54	select CRYPTO_RNG2
55
56config CRYPTO_SKCIPHER
57	tristate
58	select CRYPTO_SKCIPHER2
59	select CRYPTO_ALGAPI
60
61config CRYPTO_SKCIPHER2
62	tristate
63	select CRYPTO_ALGAPI2
64	select CRYPTO_RNG2
65
66config CRYPTO_HASH
67	tristate
68	select CRYPTO_HASH2
69	select CRYPTO_ALGAPI
70
71config CRYPTO_HASH2
72	tristate
73	select CRYPTO_ALGAPI2
74
75config CRYPTO_RNG
76	tristate
77	select CRYPTO_RNG2
78	select CRYPTO_ALGAPI
79
80config CRYPTO_RNG2
81	tristate
82	select CRYPTO_ALGAPI2
83
84config CRYPTO_RNG_DEFAULT
85	tristate
86	select CRYPTO_DRBG_MENU
87
88config CRYPTO_AKCIPHER2
89	tristate
90	select CRYPTO_ALGAPI2
91
92config CRYPTO_AKCIPHER
93	tristate
94	select CRYPTO_AKCIPHER2
95	select CRYPTO_ALGAPI
96
97config CRYPTO_KPP2
98	tristate
99	select CRYPTO_ALGAPI2
100
101config CRYPTO_KPP
102	tristate
103	select CRYPTO_ALGAPI
104	select CRYPTO_KPP2
105
106config CRYPTO_ACOMP2
107	tristate
108	select CRYPTO_ALGAPI2
109	select SGL_ALLOC
110
111config CRYPTO_ACOMP
112	tristate
113	select CRYPTO_ALGAPI
114	select CRYPTO_ACOMP2
115
116config CRYPTO_MANAGER
117	tristate "Cryptographic algorithm manager"
118	select CRYPTO_MANAGER2
119	help
120	  Create default cryptographic template instantiations such as
121	  cbc(aes).
122
123config CRYPTO_MANAGER2
124	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
125	select CRYPTO_AEAD2
126	select CRYPTO_HASH2
127	select CRYPTO_SKCIPHER2
128	select CRYPTO_AKCIPHER2
129	select CRYPTO_KPP2
130	select CRYPTO_ACOMP2
131
132config CRYPTO_USER
133	tristate "Userspace cryptographic algorithm configuration"
134	depends on NET
135	select CRYPTO_MANAGER
136	help
137	  Userspace configuration for cryptographic instantiations such as
138	  cbc(aes).
139
140config CRYPTO_MANAGER_DISABLE_TESTS
141	bool "Disable run-time self tests"
142	default y
143	help
144	  Disable run-time self tests that normally take place at
145	  algorithm registration.
146
147config CRYPTO_MANAGER_EXTRA_TESTS
148	bool "Enable extra run-time crypto self tests"
149	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
150	help
151	  Enable extra run-time self tests of registered crypto algorithms,
152	  including randomized fuzz tests.
153
154	  This is intended for developer use only, as these tests take much
155	  longer to run than the normal self tests.
156
157config CRYPTO_GF128MUL
158	tristate
159
160config CRYPTO_NULL
161	tristate "Null algorithms"
162	select CRYPTO_NULL2
163	help
164	  These are 'Null' algorithms, used by IPsec, which do nothing.
165
166config CRYPTO_NULL2
167	tristate
168	select CRYPTO_ALGAPI2
169	select CRYPTO_SKCIPHER2
170	select CRYPTO_HASH2
171
172config CRYPTO_PCRYPT
173	tristate "Parallel crypto engine"
174	depends on SMP
175	select PADATA
176	select CRYPTO_MANAGER
177	select CRYPTO_AEAD
178	help
179	  This converts an arbitrary crypto algorithm into a parallel
180	  algorithm that executes in kernel threads.
181
182config CRYPTO_CRYPTD
183	tristate "Software async crypto daemon"
184	select CRYPTO_SKCIPHER
185	select CRYPTO_HASH
186	select CRYPTO_MANAGER
187	help
188	  This is a generic software asynchronous crypto daemon that
189	  converts an arbitrary synchronous software crypto algorithm
190	  into an asynchronous algorithm that executes in a kernel thread.
191
192config CRYPTO_AUTHENC
193	tristate "Authenc support"
194	select CRYPTO_AEAD
195	select CRYPTO_SKCIPHER
196	select CRYPTO_MANAGER
197	select CRYPTO_HASH
198	select CRYPTO_NULL
199	help
200	  Authenc: Combined mode wrapper for IPsec.
201	  This is required for IPSec.
202
203config CRYPTO_TEST
204	tristate "Testing module"
205	depends on m
206	select CRYPTO_MANAGER
207	help
208	  Quick & dirty crypto test module.
209
210config CRYPTO_SIMD
211	tristate
212	select CRYPTO_CRYPTD
213
214config CRYPTO_GLUE_HELPER_X86
215	tristate
216	depends on X86
217	select CRYPTO_SKCIPHER
218
219config CRYPTO_ENGINE
220	tristate
221
222comment "Public-key cryptography"
223
224config CRYPTO_RSA
225	tristate "RSA algorithm"
226	select CRYPTO_AKCIPHER
227	select CRYPTO_MANAGER
228	select MPILIB
229	select ASN1
230	help
231	  Generic implementation of the RSA public key algorithm.
232
233config CRYPTO_DH
234	tristate "Diffie-Hellman algorithm"
235	select CRYPTO_KPP
236	select MPILIB
237	help
238	  Generic implementation of the Diffie-Hellman algorithm.
239
240config CRYPTO_ECC
241	tristate
242	select CRYPTO_RNG_DEFAULT
243
244config CRYPTO_ECDH
245	tristate "ECDH algorithm"
246	select CRYPTO_ECC
247	select CRYPTO_KPP
248	help
249	  Generic implementation of the ECDH algorithm
250
251config CRYPTO_ECDSA
252	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
253	select CRYPTO_ECC
254	select CRYPTO_AKCIPHER
255	select ASN1
256	help
257	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
258	  is A NIST cryptographic standard algorithm. Only signature verification
259	  is implemented.
260
261config CRYPTO_ECRDSA
262	tristate "EC-RDSA (GOST 34.10) algorithm"
263	select CRYPTO_ECC
264	select CRYPTO_AKCIPHER
265	select CRYPTO_STREEBOG
266	select OID_REGISTRY
267	select ASN1
268	help
269	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
270	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
271	  standard algorithms (called GOST algorithms). Only signature verification
272	  is implemented.
273
274config CRYPTO_SM2
275	tristate "SM2 algorithm"
276	select CRYPTO_SM3
277	select CRYPTO_AKCIPHER
278	select CRYPTO_MANAGER
279	select MPILIB
280	select ASN1
281	help
282	  Generic implementation of the SM2 public key algorithm. It was
283	  published by State Encryption Management Bureau, China.
284	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
285
286	  References:
287	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
288	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
289	  http://www.gmbz.org.cn/main/bzlb.html
290
291config CRYPTO_CURVE25519
292	tristate "Curve25519 algorithm"
293	select CRYPTO_KPP
294	select CRYPTO_LIB_CURVE25519_GENERIC
295
296config CRYPTO_CURVE25519_X86
297	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
298	depends on X86 && 64BIT
299	select CRYPTO_LIB_CURVE25519_GENERIC
300	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
301
302comment "Authenticated Encryption with Associated Data"
303
304config CRYPTO_CCM
305	tristate "CCM support"
306	select CRYPTO_CTR
307	select CRYPTO_HASH
308	select CRYPTO_AEAD
309	select CRYPTO_MANAGER
310	help
311	  Support for Counter with CBC MAC. Required for IPsec.
312
313config CRYPTO_GCM
314	tristate "GCM/GMAC support"
315	select CRYPTO_CTR
316	select CRYPTO_AEAD
317	select CRYPTO_GHASH
318	select CRYPTO_NULL
319	select CRYPTO_MANAGER
320	help
321	  Support for Galois/Counter Mode (GCM) and Galois Message
322	  Authentication Code (GMAC). Required for IPSec.
323
324config CRYPTO_CHACHA20POLY1305
325	tristate "ChaCha20-Poly1305 AEAD support"
326	select CRYPTO_CHACHA20
327	select CRYPTO_POLY1305
328	select CRYPTO_AEAD
329	select CRYPTO_MANAGER
330	help
331	  ChaCha20-Poly1305 AEAD support, RFC7539.
332
333	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
334	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
335	  IETF protocols.
336
337config CRYPTO_AEGIS128
338	tristate "AEGIS-128 AEAD algorithm"
339	select CRYPTO_AEAD
340	select CRYPTO_AES  # for AES S-box tables
341	help
342	 Support for the AEGIS-128 dedicated AEAD algorithm.
343
344config CRYPTO_AEGIS128_SIMD
345	bool "Support SIMD acceleration for AEGIS-128"
346	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
347	default y
348
349config CRYPTO_AEGIS128_AESNI_SSE2
350	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
351	depends on X86 && 64BIT
352	select CRYPTO_AEAD
353	select CRYPTO_SIMD
354	help
355	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
356
357config CRYPTO_SEQIV
358	tristate "Sequence Number IV Generator"
359	select CRYPTO_AEAD
360	select CRYPTO_SKCIPHER
361	select CRYPTO_NULL
362	select CRYPTO_RNG_DEFAULT
363	select CRYPTO_MANAGER
364	help
365	  This IV generator generates an IV based on a sequence number by
366	  xoring it with a salt.  This algorithm is mainly useful for CTR
367
368config CRYPTO_ECHAINIV
369	tristate "Encrypted Chain IV Generator"
370	select CRYPTO_AEAD
371	select CRYPTO_NULL
372	select CRYPTO_RNG_DEFAULT
373	select CRYPTO_MANAGER
374	help
375	  This IV generator generates an IV based on the encryption of
376	  a sequence number xored with a salt.  This is the default
377	  algorithm for CBC.
378
379comment "Block modes"
380
381config CRYPTO_CBC
382	tristate "CBC support"
383	select CRYPTO_SKCIPHER
384	select CRYPTO_MANAGER
385	help
386	  CBC: Cipher Block Chaining mode
387	  This block cipher algorithm is required for IPSec.
388
389config CRYPTO_CFB
390	tristate "CFB support"
391	select CRYPTO_SKCIPHER
392	select CRYPTO_MANAGER
393	help
394	  CFB: Cipher FeedBack mode
395	  This block cipher algorithm is required for TPM2 Cryptography.
396
397config CRYPTO_CTR
398	tristate "CTR support"
399	select CRYPTO_SKCIPHER
400	select CRYPTO_MANAGER
401	help
402	  CTR: Counter mode
403	  This block cipher algorithm is required for IPSec.
404
405config CRYPTO_CTS
406	tristate "CTS support"
407	select CRYPTO_SKCIPHER
408	select CRYPTO_MANAGER
409	help
410	  CTS: Cipher Text Stealing
411	  This is the Cipher Text Stealing mode as described by
412	  Section 8 of rfc2040 and referenced by rfc3962
413	  (rfc3962 includes errata information in its Appendix A) or
414	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
415	  This mode is required for Kerberos gss mechanism support
416	  for AES encryption.
417
418	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
419
420config CRYPTO_ECB
421	tristate "ECB support"
422	select CRYPTO_SKCIPHER
423	select CRYPTO_MANAGER
424	help
425	  ECB: Electronic CodeBook mode
426	  This is the simplest block cipher algorithm.  It simply encrypts
427	  the input block by block.
428
429config CRYPTO_LRW
430	tristate "LRW support"
431	select CRYPTO_SKCIPHER
432	select CRYPTO_MANAGER
433	select CRYPTO_GF128MUL
434	help
435	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
436	  narrow block cipher mode for dm-crypt.  Use it with cipher
437	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
438	  The first 128, 192 or 256 bits in the key are used for AES and the
439	  rest is used to tie each cipher block to its logical position.
440
441config CRYPTO_OFB
442	tristate "OFB support"
443	select CRYPTO_SKCIPHER
444	select CRYPTO_MANAGER
445	help
446	  OFB: the Output Feedback mode makes a block cipher into a synchronous
447	  stream cipher. It generates keystream blocks, which are then XORed
448	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
449	  ciphertext produces a flipped bit in the plaintext at the same
450	  location. This property allows many error correcting codes to function
451	  normally even when applied before encryption.
452
453config CRYPTO_PCBC
454	tristate "PCBC support"
455	select CRYPTO_SKCIPHER
456	select CRYPTO_MANAGER
457	help
458	  PCBC: Propagating Cipher Block Chaining mode
459	  This block cipher algorithm is required for RxRPC.
460
461config CRYPTO_XTS
462	tristate "XTS support"
463	select CRYPTO_SKCIPHER
464	select CRYPTO_MANAGER
465	select CRYPTO_ECB
466	help
467	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
468	  key size 256, 384 or 512 bits. This implementation currently
469	  can't handle a sectorsize which is not a multiple of 16 bytes.
470
471config CRYPTO_KEYWRAP
472	tristate "Key wrapping support"
473	select CRYPTO_SKCIPHER
474	select CRYPTO_MANAGER
475	help
476	  Support for key wrapping (NIST SP800-38F / RFC3394) without
477	  padding.
478
479config CRYPTO_NHPOLY1305
480	tristate
481	select CRYPTO_HASH
482	select CRYPTO_LIB_POLY1305_GENERIC
483
484config CRYPTO_NHPOLY1305_SSE2
485	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
486	depends on X86 && 64BIT
487	select CRYPTO_NHPOLY1305
488	help
489	  SSE2 optimized implementation of the hash function used by the
490	  Adiantum encryption mode.
491
492config CRYPTO_NHPOLY1305_AVX2
493	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
494	depends on X86 && 64BIT
495	select CRYPTO_NHPOLY1305
496	help
497	  AVX2 optimized implementation of the hash function used by the
498	  Adiantum encryption mode.
499
500config CRYPTO_ADIANTUM
501	tristate "Adiantum support"
502	select CRYPTO_CHACHA20
503	select CRYPTO_LIB_POLY1305_GENERIC
504	select CRYPTO_NHPOLY1305
505	select CRYPTO_MANAGER
506	help
507	  Adiantum is a tweakable, length-preserving encryption mode
508	  designed for fast and secure disk encryption, especially on
509	  CPUs without dedicated crypto instructions.  It encrypts
510	  each sector using the XChaCha12 stream cipher, two passes of
511	  an ε-almost-∆-universal hash function, and an invocation of
512	  the AES-256 block cipher on a single 16-byte block.  On CPUs
513	  without AES instructions, Adiantum is much faster than
514	  AES-XTS.
515
516	  Adiantum's security is provably reducible to that of its
517	  underlying stream and block ciphers, subject to a security
518	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
519	  mode, so it actually provides an even stronger notion of
520	  security than XTS, subject to the security bound.
521
522	  If unsure, say N.
523
524config CRYPTO_ESSIV
525	tristate "ESSIV support for block encryption"
526	select CRYPTO_AUTHENC
527	help
528	  Encrypted salt-sector initialization vector (ESSIV) is an IV
529	  generation method that is used in some cases by fscrypt and/or
530	  dm-crypt. It uses the hash of the block encryption key as the
531	  symmetric key for a block encryption pass applied to the input
532	  IV, making low entropy IV sources more suitable for block
533	  encryption.
534
535	  This driver implements a crypto API template that can be
536	  instantiated either as an skcipher or as an AEAD (depending on the
537	  type of the first template argument), and which defers encryption
538	  and decryption requests to the encapsulated cipher after applying
539	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
540	  that the keys are presented in the same format used by the authenc
541	  template, and that the IV appears at the end of the authenticated
542	  associated data (AAD) region (which is how dm-crypt uses it.)
543
544	  Note that the use of ESSIV is not recommended for new deployments,
545	  and so this only needs to be enabled when interoperability with
546	  existing encrypted volumes of filesystems is required, or when
547	  building for a particular system that requires it (e.g., when
548	  the SoC in question has accelerated CBC but not XTS, making CBC
549	  combined with ESSIV the only feasible mode for h/w accelerated
550	  block encryption)
551
552comment "Hash modes"
553
554config CRYPTO_CMAC
555	tristate "CMAC support"
556	select CRYPTO_HASH
557	select CRYPTO_MANAGER
558	help
559	  Cipher-based Message Authentication Code (CMAC) specified by
560	  The National Institute of Standards and Technology (NIST).
561
562	  https://tools.ietf.org/html/rfc4493
563	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
564
565config CRYPTO_HMAC
566	tristate "HMAC support"
567	select CRYPTO_HASH
568	select CRYPTO_MANAGER
569	help
570	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
571	  This is required for IPSec.
572
573config CRYPTO_XCBC
574	tristate "XCBC support"
575	select CRYPTO_HASH
576	select CRYPTO_MANAGER
577	help
578	  XCBC: Keyed-Hashing with encryption algorithm
579		https://www.ietf.org/rfc/rfc3566.txt
580		http://csrc.nist.gov/encryption/modes/proposedmodes/
581		 xcbc-mac/xcbc-mac-spec.pdf
582
583config CRYPTO_VMAC
584	tristate "VMAC support"
585	select CRYPTO_HASH
586	select CRYPTO_MANAGER
587	help
588	  VMAC is a message authentication algorithm designed for
589	  very high speed on 64-bit architectures.
590
591	  See also:
592	  <https://fastcrypto.org/vmac>
593
594comment "Digest"
595
596config CRYPTO_CRC32C
597	tristate "CRC32c CRC algorithm"
598	select CRYPTO_HASH
599	select CRC32
600	help
601	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
602	  by iSCSI for header and data digests and by others.
603	  See Castagnoli93.  Module will be crc32c.
604
605config CRYPTO_CRC32C_INTEL
606	tristate "CRC32c INTEL hardware acceleration"
607	depends on X86
608	select CRYPTO_HASH
609	help
610	  In Intel processor with SSE4.2 supported, the processor will
611	  support CRC32C implementation using hardware accelerated CRC32
612	  instruction. This option will create 'crc32c-intel' module,
613	  which will enable any routine to use the CRC32 instruction to
614	  gain performance compared with software implementation.
615	  Module will be crc32c-intel.
616
617config CRYPTO_CRC32C_VPMSUM
618	tristate "CRC32c CRC algorithm (powerpc64)"
619	depends on PPC64 && ALTIVEC
620	select CRYPTO_HASH
621	select CRC32
622	help
623	  CRC32c algorithm implemented using vector polynomial multiply-sum
624	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
625	  and newer processors for improved performance.
626
627
628config CRYPTO_CRC32C_SPARC64
629	tristate "CRC32c CRC algorithm (SPARC64)"
630	depends on SPARC64
631	select CRYPTO_HASH
632	select CRC32
633	help
634	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
635	  when available.
636
637config CRYPTO_CRC32
638	tristate "CRC32 CRC algorithm"
639	select CRYPTO_HASH
640	select CRC32
641	help
642	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
643	  Shash crypto api wrappers to crc32_le function.
644
645config CRYPTO_CRC32_PCLMUL
646	tristate "CRC32 PCLMULQDQ hardware acceleration"
647	depends on X86
648	select CRYPTO_HASH
649	select CRC32
650	help
651	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
652	  and PCLMULQDQ supported, the processor will support
653	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
654	  instruction. This option will create 'crc32-pclmul' module,
655	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
656	  and gain better performance as compared with the table implementation.
657
658config CRYPTO_CRC32_MIPS
659	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
660	depends on MIPS_CRC_SUPPORT
661	select CRYPTO_HASH
662	help
663	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
664	  instructions, when available.
665
666
667config CRYPTO_XXHASH
668	tristate "xxHash hash algorithm"
669	select CRYPTO_HASH
670	select XXHASH
671	help
672	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
673	  speeds close to RAM limits.
674
675config CRYPTO_BLAKE2B
676	tristate "BLAKE2b digest algorithm"
677	select CRYPTO_HASH
678	help
679	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
680	  optimized for 64bit platforms and can produce digests of any size
681	  between 1 to 64.  The keyed hash is also implemented.
682
683	  This module provides the following algorithms:
684
685	  - blake2b-160
686	  - blake2b-256
687	  - blake2b-384
688	  - blake2b-512
689
690	  See https://blake2.net for further information.
691
692config CRYPTO_BLAKE2S
693	tristate "BLAKE2s digest algorithm"
694	select CRYPTO_LIB_BLAKE2S_GENERIC
695	select CRYPTO_HASH
696	help
697	  Implementation of cryptographic hash function BLAKE2s
698	  optimized for 8-32bit platforms and can produce digests of any size
699	  between 1 to 32.  The keyed hash is also implemented.
700
701	  This module provides the following algorithms:
702
703	  - blake2s-128
704	  - blake2s-160
705	  - blake2s-224
706	  - blake2s-256
707
708	  See https://blake2.net for further information.
709
710config CRYPTO_BLAKE2S_X86
711	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
712	depends on X86 && 64BIT
713	select CRYPTO_LIB_BLAKE2S_GENERIC
714	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
715
716config CRYPTO_CRCT10DIF
717	tristate "CRCT10DIF algorithm"
718	select CRYPTO_HASH
719	help
720	  CRC T10 Data Integrity Field computation is being cast as
721	  a crypto transform.  This allows for faster crc t10 diff
722	  transforms to be used if they are available.
723
724config CRYPTO_CRCT10DIF_PCLMUL
725	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
726	depends on X86 && 64BIT && CRC_T10DIF
727	select CRYPTO_HASH
728	help
729	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
730	  CRC T10 DIF PCLMULQDQ computation can be hardware
731	  accelerated PCLMULQDQ instruction. This option will create
732	  'crct10dif-pclmul' module, which is faster when computing the
733	  crct10dif checksum as compared with the generic table implementation.
734
735config CRYPTO_CRCT10DIF_VPMSUM
736	tristate "CRC32T10DIF powerpc64 hardware acceleration"
737	depends on PPC64 && ALTIVEC && CRC_T10DIF
738	select CRYPTO_HASH
739	help
740	  CRC10T10DIF algorithm implemented using vector polynomial
741	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
742	  POWER8 and newer processors for improved performance.
743
744config CRYPTO_VPMSUM_TESTER
745	tristate "Powerpc64 vpmsum hardware acceleration tester"
746	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
747	help
748	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
749	  POWER8 vpmsum instructions.
750	  Unless you are testing these algorithms, you don't need this.
751
752config CRYPTO_GHASH
753	tristate "GHASH hash function"
754	select CRYPTO_GF128MUL
755	select CRYPTO_HASH
756	help
757	  GHASH is the hash function used in GCM (Galois/Counter Mode).
758	  It is not a general-purpose cryptographic hash function.
759
760config CRYPTO_POLY1305
761	tristate "Poly1305 authenticator algorithm"
762	select CRYPTO_HASH
763	select CRYPTO_LIB_POLY1305_GENERIC
764	help
765	  Poly1305 authenticator algorithm, RFC7539.
766
767	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
768	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
769	  in IETF protocols. This is the portable C implementation of Poly1305.
770
771config CRYPTO_POLY1305_X86_64
772	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
773	depends on X86 && 64BIT
774	select CRYPTO_LIB_POLY1305_GENERIC
775	select CRYPTO_ARCH_HAVE_LIB_POLY1305
776	help
777	  Poly1305 authenticator algorithm, RFC7539.
778
779	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
780	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
781	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
782	  instructions.
783
784config CRYPTO_POLY1305_MIPS
785	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
786	depends on MIPS
787	select CRYPTO_ARCH_HAVE_LIB_POLY1305
788
789config CRYPTO_MD4
790	tristate "MD4 digest algorithm"
791	select CRYPTO_HASH
792	help
793	  MD4 message digest algorithm (RFC1320).
794
795config CRYPTO_MD5
796	tristate "MD5 digest algorithm"
797	select CRYPTO_HASH
798	help
799	  MD5 message digest algorithm (RFC1321).
800
801config CRYPTO_MD5_OCTEON
802	tristate "MD5 digest algorithm (OCTEON)"
803	depends on CPU_CAVIUM_OCTEON
804	select CRYPTO_MD5
805	select CRYPTO_HASH
806	help
807	  MD5 message digest algorithm (RFC1321) implemented
808	  using OCTEON crypto instructions, when available.
809
810config CRYPTO_MD5_PPC
811	tristate "MD5 digest algorithm (PPC)"
812	depends on PPC
813	select CRYPTO_HASH
814	help
815	  MD5 message digest algorithm (RFC1321) implemented
816	  in PPC assembler.
817
818config CRYPTO_MD5_SPARC64
819	tristate "MD5 digest algorithm (SPARC64)"
820	depends on SPARC64
821	select CRYPTO_MD5
822	select CRYPTO_HASH
823	help
824	  MD5 message digest algorithm (RFC1321) implemented
825	  using sparc64 crypto instructions, when available.
826
827config CRYPTO_MICHAEL_MIC
828	tristate "Michael MIC keyed digest algorithm"
829	select CRYPTO_HASH
830	help
831	  Michael MIC is used for message integrity protection in TKIP
832	  (IEEE 802.11i). This algorithm is required for TKIP, but it
833	  should not be used for other purposes because of the weakness
834	  of the algorithm.
835
836config CRYPTO_RMD128
837	tristate "RIPEMD-128 digest algorithm"
838	select CRYPTO_HASH
839	help
840	  RIPEMD-128 (ISO/IEC 10118-3:2004).
841
842	  RIPEMD-128 is a 128-bit cryptographic hash function. It should only
843	  be used as a secure replacement for RIPEMD. For other use cases,
844	  RIPEMD-160 should be used.
845
846	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
847	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
848
849config CRYPTO_RMD160
850	tristate "RIPEMD-160 digest algorithm"
851	select CRYPTO_HASH
852	help
853	  RIPEMD-160 (ISO/IEC 10118-3:2004).
854
855	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
856	  to be used as a secure replacement for the 128-bit hash functions
857	  MD4, MD5 and it's predecessor RIPEMD
858	  (not to be confused with RIPEMD-128).
859
860	  It's speed is comparable to SHA1 and there are no known attacks
861	  against RIPEMD-160.
862
863	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
864	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
865
866config CRYPTO_RMD256
867	tristate "RIPEMD-256 digest algorithm"
868	select CRYPTO_HASH
869	help
870	  RIPEMD-256 is an optional extension of RIPEMD-128 with a
871	  256 bit hash. It is intended for applications that require
872	  longer hash-results, without needing a larger security level
873	  (than RIPEMD-128).
874
875	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
876	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
877
878config CRYPTO_RMD320
879	tristate "RIPEMD-320 digest algorithm"
880	select CRYPTO_HASH
881	help
882	  RIPEMD-320 is an optional extension of RIPEMD-160 with a
883	  320 bit hash. It is intended for applications that require
884	  longer hash-results, without needing a larger security level
885	  (than RIPEMD-160).
886
887	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
888	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
889
890config CRYPTO_SHA1
891	tristate "SHA1 digest algorithm"
892	select CRYPTO_HASH
893	help
894	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
895
896config CRYPTO_SHA1_SSSE3
897	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
898	depends on X86 && 64BIT
899	select CRYPTO_SHA1
900	select CRYPTO_HASH
901	help
902	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
903	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
904	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
905	  when available.
906
907config CRYPTO_SHA256_SSSE3
908	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
909	depends on X86 && 64BIT
910	select CRYPTO_SHA256
911	select CRYPTO_HASH
912	help
913	  SHA-256 secure hash standard (DFIPS 180-2) implemented
914	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
915	  Extensions version 1 (AVX1), or Advanced Vector Extensions
916	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
917	  Instructions) when available.
918
919config CRYPTO_SHA512_SSSE3
920	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
921	depends on X86 && 64BIT
922	select CRYPTO_SHA512
923	select CRYPTO_HASH
924	help
925	  SHA-512 secure hash standard (DFIPS 180-2) implemented
926	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
927	  Extensions version 1 (AVX1), or Advanced Vector Extensions
928	  version 2 (AVX2) instructions, when available.
929
930config CRYPTO_SHA1_OCTEON
931	tristate "SHA1 digest algorithm (OCTEON)"
932	depends on CPU_CAVIUM_OCTEON
933	select CRYPTO_SHA1
934	select CRYPTO_HASH
935	help
936	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
937	  using OCTEON crypto instructions, when available.
938
939config CRYPTO_SHA1_SPARC64
940	tristate "SHA1 digest algorithm (SPARC64)"
941	depends on SPARC64
942	select CRYPTO_SHA1
943	select CRYPTO_HASH
944	help
945	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
946	  using sparc64 crypto instructions, when available.
947
948config CRYPTO_SHA1_PPC
949	tristate "SHA1 digest algorithm (powerpc)"
950	depends on PPC
951	help
952	  This is the powerpc hardware accelerated implementation of the
953	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
954
955config CRYPTO_SHA1_PPC_SPE
956	tristate "SHA1 digest algorithm (PPC SPE)"
957	depends on PPC && SPE
958	help
959	  SHA-1 secure hash standard (DFIPS 180-4) implemented
960	  using powerpc SPE SIMD instruction set.
961
962config CRYPTO_SHA256
963	tristate "SHA224 and SHA256 digest algorithm"
964	select CRYPTO_HASH
965	select CRYPTO_LIB_SHA256
966	help
967	  SHA256 secure hash standard (DFIPS 180-2).
968
969	  This version of SHA implements a 256 bit hash with 128 bits of
970	  security against collision attacks.
971
972	  This code also includes SHA-224, a 224 bit hash with 112 bits
973	  of security against collision attacks.
974
975config CRYPTO_SHA256_PPC_SPE
976	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
977	depends on PPC && SPE
978	select CRYPTO_SHA256
979	select CRYPTO_HASH
980	help
981	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
982	  implemented using powerpc SPE SIMD instruction set.
983
984config CRYPTO_SHA256_OCTEON
985	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
986	depends on CPU_CAVIUM_OCTEON
987	select CRYPTO_SHA256
988	select CRYPTO_HASH
989	help
990	  SHA-256 secure hash standard (DFIPS 180-2) implemented
991	  using OCTEON crypto instructions, when available.
992
993config CRYPTO_SHA256_SPARC64
994	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
995	depends on SPARC64
996	select CRYPTO_SHA256
997	select CRYPTO_HASH
998	help
999	  SHA-256 secure hash standard (DFIPS 180-2) implemented
1000	  using sparc64 crypto instructions, when available.
1001
1002config CRYPTO_SHA512
1003	tristate "SHA384 and SHA512 digest algorithms"
1004	select CRYPTO_HASH
1005	help
1006	  SHA512 secure hash standard (DFIPS 180-2).
1007
1008	  This version of SHA implements a 512 bit hash with 256 bits of
1009	  security against collision attacks.
1010
1011	  This code also includes SHA-384, a 384 bit hash with 192 bits
1012	  of security against collision attacks.
1013
1014config CRYPTO_SHA512_OCTEON
1015	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
1016	depends on CPU_CAVIUM_OCTEON
1017	select CRYPTO_SHA512
1018	select CRYPTO_HASH
1019	help
1020	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1021	  using OCTEON crypto instructions, when available.
1022
1023config CRYPTO_SHA512_SPARC64
1024	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
1025	depends on SPARC64
1026	select CRYPTO_SHA512
1027	select CRYPTO_HASH
1028	help
1029	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1030	  using sparc64 crypto instructions, when available.
1031
1032config CRYPTO_SHA3
1033	tristate "SHA3 digest algorithm"
1034	select CRYPTO_HASH
1035	help
1036	  SHA-3 secure hash standard (DFIPS 202). It's based on
1037	  cryptographic sponge function family called Keccak.
1038
1039	  References:
1040	  http://keccak.noekeon.org/
1041
1042config CRYPTO_SM3
1043	tristate "SM3 digest algorithm"
1044	select CRYPTO_HASH
1045	help
1046	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1047	  It is part of the Chinese Commercial Cryptography suite.
1048
1049	  References:
1050	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1051	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1052
1053config CRYPTO_STREEBOG
1054	tristate "Streebog Hash Function"
1055	select CRYPTO_HASH
1056	help
1057	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1058	  cryptographic standard algorithms (called GOST algorithms).
1059	  This setting enables two hash algorithms with 256 and 512 bits output.
1060
1061	  References:
1062	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1063	  https://tools.ietf.org/html/rfc6986
1064
1065config CRYPTO_TGR192
1066	tristate "Tiger digest algorithms"
1067	select CRYPTO_HASH
1068	help
1069	  Tiger hash algorithm 192, 160 and 128-bit hashes
1070
1071	  Tiger is a hash function optimized for 64-bit processors while
1072	  still having decent performance on 32-bit processors.
1073	  Tiger was developed by Ross Anderson and Eli Biham.
1074
1075	  See also:
1076	  <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1077
1078config CRYPTO_WP512
1079	tristate "Whirlpool digest algorithms"
1080	select CRYPTO_HASH
1081	help
1082	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1083
1084	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1085	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1086
1087	  See also:
1088	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1089
1090config CRYPTO_GHASH_CLMUL_NI_INTEL
1091	tristate "GHASH hash function (CLMUL-NI accelerated)"
1092	depends on X86 && 64BIT
1093	select CRYPTO_CRYPTD
1094	help
1095	  This is the x86_64 CLMUL-NI accelerated implementation of
1096	  GHASH, the hash function used in GCM (Galois/Counter mode).
1097
1098comment "Ciphers"
1099
1100config CRYPTO_AES
1101	tristate "AES cipher algorithms"
1102	select CRYPTO_ALGAPI
1103	select CRYPTO_LIB_AES
1104	help
1105	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1106	  algorithm.
1107
1108	  Rijndael appears to be consistently a very good performer in
1109	  both hardware and software across a wide range of computing
1110	  environments regardless of its use in feedback or non-feedback
1111	  modes. Its key setup time is excellent, and its key agility is
1112	  good. Rijndael's very low memory requirements make it very well
1113	  suited for restricted-space environments, in which it also
1114	  demonstrates excellent performance. Rijndael's operations are
1115	  among the easiest to defend against power and timing attacks.
1116
1117	  The AES specifies three key sizes: 128, 192 and 256 bits
1118
1119	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1120
1121config CRYPTO_AES_TI
1122	tristate "Fixed time AES cipher"
1123	select CRYPTO_ALGAPI
1124	select CRYPTO_LIB_AES
1125	help
1126	  This is a generic implementation of AES that attempts to eliminate
1127	  data dependent latencies as much as possible without affecting
1128	  performance too much. It is intended for use by the generic CCM
1129	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1130	  solely on encryption (although decryption is supported as well, but
1131	  with a more dramatic performance hit)
1132
1133	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1134	  8 for decryption), this implementation only uses just two S-boxes of
1135	  256 bytes each, and attempts to eliminate data dependent latencies by
1136	  prefetching the entire table into the cache at the start of each
1137	  block. Interrupts are also disabled to avoid races where cachelines
1138	  are evicted when the CPU is interrupted to do something else.
1139
1140config CRYPTO_AES_NI_INTEL
1141	tristate "AES cipher algorithms (AES-NI)"
1142	depends on X86
1143	select CRYPTO_AEAD
1144	select CRYPTO_LIB_AES
1145	select CRYPTO_ALGAPI
1146	select CRYPTO_SKCIPHER
1147	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1148	select CRYPTO_SIMD
1149	help
1150	  Use Intel AES-NI instructions for AES algorithm.
1151
1152	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1153	  algorithm.
1154
1155	  Rijndael appears to be consistently a very good performer in
1156	  both hardware and software across a wide range of computing
1157	  environments regardless of its use in feedback or non-feedback
1158	  modes. Its key setup time is excellent, and its key agility is
1159	  good. Rijndael's very low memory requirements make it very well
1160	  suited for restricted-space environments, in which it also
1161	  demonstrates excellent performance. Rijndael's operations are
1162	  among the easiest to defend against power and timing attacks.
1163
1164	  The AES specifies three key sizes: 128, 192 and 256 bits
1165
1166	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1167
1168	  In addition to AES cipher algorithm support, the acceleration
1169	  for some popular block cipher mode is supported too, including
1170	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1171	  acceleration for CTR.
1172
1173config CRYPTO_AES_SPARC64
1174	tristate "AES cipher algorithms (SPARC64)"
1175	depends on SPARC64
1176	select CRYPTO_SKCIPHER
1177	help
1178	  Use SPARC64 crypto opcodes for AES algorithm.
1179
1180	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1181	  algorithm.
1182
1183	  Rijndael appears to be consistently a very good performer in
1184	  both hardware and software across a wide range of computing
1185	  environments regardless of its use in feedback or non-feedback
1186	  modes. Its key setup time is excellent, and its key agility is
1187	  good. Rijndael's very low memory requirements make it very well
1188	  suited for restricted-space environments, in which it also
1189	  demonstrates excellent performance. Rijndael's operations are
1190	  among the easiest to defend against power and timing attacks.
1191
1192	  The AES specifies three key sizes: 128, 192 and 256 bits
1193
1194	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1195
1196	  In addition to AES cipher algorithm support, the acceleration
1197	  for some popular block cipher mode is supported too, including
1198	  ECB and CBC.
1199
1200config CRYPTO_AES_PPC_SPE
1201	tristate "AES cipher algorithms (PPC SPE)"
1202	depends on PPC && SPE
1203	select CRYPTO_SKCIPHER
1204	help
1205	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1206	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1207	  This module should only be used for low power (router) devices
1208	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1209	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1210	  timining attacks. Nevertheless it might be not as secure as other
1211	  architecture specific assembler implementations that work on 1KB
1212	  tables or 256 bytes S-boxes.
1213
1214config CRYPTO_ANUBIS
1215	tristate "Anubis cipher algorithm"
1216	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1217	select CRYPTO_ALGAPI
1218	help
1219	  Anubis cipher algorithm.
1220
1221	  Anubis is a variable key length cipher which can use keys from
1222	  128 bits to 320 bits in length.  It was evaluated as a entrant
1223	  in the NESSIE competition.
1224
1225	  See also:
1226	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1227	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1228
1229config CRYPTO_ARC4
1230	tristate "ARC4 cipher algorithm"
1231	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1232	select CRYPTO_SKCIPHER
1233	select CRYPTO_LIB_ARC4
1234	help
1235	  ARC4 cipher algorithm.
1236
1237	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1238	  bits in length.  This algorithm is required for driver-based
1239	  WEP, but it should not be for other purposes because of the
1240	  weakness of the algorithm.
1241
1242config CRYPTO_BLOWFISH
1243	tristate "Blowfish cipher algorithm"
1244	select CRYPTO_ALGAPI
1245	select CRYPTO_BLOWFISH_COMMON
1246	help
1247	  Blowfish cipher algorithm, by Bruce Schneier.
1248
1249	  This is a variable key length cipher which can use keys from 32
1250	  bits to 448 bits in length.  It's fast, simple and specifically
1251	  designed for use on "large microprocessors".
1252
1253	  See also:
1254	  <https://www.schneier.com/blowfish.html>
1255
1256config CRYPTO_BLOWFISH_COMMON
1257	tristate
1258	help
1259	  Common parts of the Blowfish cipher algorithm shared by the
1260	  generic c and the assembler implementations.
1261
1262	  See also:
1263	  <https://www.schneier.com/blowfish.html>
1264
1265config CRYPTO_BLOWFISH_X86_64
1266	tristate "Blowfish cipher algorithm (x86_64)"
1267	depends on X86 && 64BIT
1268	select CRYPTO_SKCIPHER
1269	select CRYPTO_BLOWFISH_COMMON
1270	help
1271	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1272
1273	  This is a variable key length cipher which can use keys from 32
1274	  bits to 448 bits in length.  It's fast, simple and specifically
1275	  designed for use on "large microprocessors".
1276
1277	  See also:
1278	  <https://www.schneier.com/blowfish.html>
1279
1280config CRYPTO_CAMELLIA
1281	tristate "Camellia cipher algorithms"
1282	depends on CRYPTO
1283	select CRYPTO_ALGAPI
1284	help
1285	  Camellia cipher algorithms module.
1286
1287	  Camellia is a symmetric key block cipher developed jointly
1288	  at NTT and Mitsubishi Electric Corporation.
1289
1290	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1291
1292	  See also:
1293	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1294
1295config CRYPTO_CAMELLIA_X86_64
1296	tristate "Camellia cipher algorithm (x86_64)"
1297	depends on X86 && 64BIT
1298	depends on CRYPTO
1299	select CRYPTO_SKCIPHER
1300	select CRYPTO_GLUE_HELPER_X86
1301	help
1302	  Camellia cipher algorithm module (x86_64).
1303
1304	  Camellia is a symmetric key block cipher developed jointly
1305	  at NTT and Mitsubishi Electric Corporation.
1306
1307	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1308
1309	  See also:
1310	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1311
1312config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1313	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1314	depends on X86 && 64BIT
1315	depends on CRYPTO
1316	select CRYPTO_SKCIPHER
1317	select CRYPTO_CAMELLIA_X86_64
1318	select CRYPTO_GLUE_HELPER_X86
1319	select CRYPTO_SIMD
1320	select CRYPTO_XTS
1321	help
1322	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1323
1324	  Camellia is a symmetric key block cipher developed jointly
1325	  at NTT and Mitsubishi Electric Corporation.
1326
1327	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1328
1329	  See also:
1330	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1331
1332config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1333	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1334	depends on X86 && 64BIT
1335	depends on CRYPTO
1336	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1337	help
1338	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1339
1340	  Camellia is a symmetric key block cipher developed jointly
1341	  at NTT and Mitsubishi Electric Corporation.
1342
1343	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1344
1345	  See also:
1346	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1347
1348config CRYPTO_CAMELLIA_SPARC64
1349	tristate "Camellia cipher algorithm (SPARC64)"
1350	depends on SPARC64
1351	depends on CRYPTO
1352	select CRYPTO_ALGAPI
1353	select CRYPTO_SKCIPHER
1354	help
1355	  Camellia cipher algorithm module (SPARC64).
1356
1357	  Camellia is a symmetric key block cipher developed jointly
1358	  at NTT and Mitsubishi Electric Corporation.
1359
1360	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1361
1362	  See also:
1363	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1364
1365config CRYPTO_CAST_COMMON
1366	tristate
1367	help
1368	  Common parts of the CAST cipher algorithms shared by the
1369	  generic c and the assembler implementations.
1370
1371config CRYPTO_CAST5
1372	tristate "CAST5 (CAST-128) cipher algorithm"
1373	select CRYPTO_ALGAPI
1374	select CRYPTO_CAST_COMMON
1375	help
1376	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1377	  described in RFC2144.
1378
1379config CRYPTO_CAST5_AVX_X86_64
1380	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1381	depends on X86 && 64BIT
1382	select CRYPTO_SKCIPHER
1383	select CRYPTO_CAST5
1384	select CRYPTO_CAST_COMMON
1385	select CRYPTO_SIMD
1386	help
1387	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1388	  described in RFC2144.
1389
1390	  This module provides the Cast5 cipher algorithm that processes
1391	  sixteen blocks parallel using the AVX instruction set.
1392
1393config CRYPTO_CAST6
1394	tristate "CAST6 (CAST-256) cipher algorithm"
1395	select CRYPTO_ALGAPI
1396	select CRYPTO_CAST_COMMON
1397	help
1398	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1399	  described in RFC2612.
1400
1401config CRYPTO_CAST6_AVX_X86_64
1402	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1403	depends on X86 && 64BIT
1404	select CRYPTO_SKCIPHER
1405	select CRYPTO_CAST6
1406	select CRYPTO_CAST_COMMON
1407	select CRYPTO_GLUE_HELPER_X86
1408	select CRYPTO_SIMD
1409	select CRYPTO_XTS
1410	help
1411	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1412	  described in RFC2612.
1413
1414	  This module provides the Cast6 cipher algorithm that processes
1415	  eight blocks parallel using the AVX instruction set.
1416
1417config CRYPTO_DES
1418	tristate "DES and Triple DES EDE cipher algorithms"
1419	select CRYPTO_ALGAPI
1420	select CRYPTO_LIB_DES
1421	help
1422	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1423
1424config CRYPTO_DES_SPARC64
1425	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1426	depends on SPARC64
1427	select CRYPTO_ALGAPI
1428	select CRYPTO_LIB_DES
1429	select CRYPTO_SKCIPHER
1430	help
1431	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1432	  optimized using SPARC64 crypto opcodes.
1433
1434config CRYPTO_DES3_EDE_X86_64
1435	tristate "Triple DES EDE cipher algorithm (x86-64)"
1436	depends on X86 && 64BIT
1437	select CRYPTO_SKCIPHER
1438	select CRYPTO_LIB_DES
1439	help
1440	  Triple DES EDE (FIPS 46-3) algorithm.
1441
1442	  This module provides implementation of the Triple DES EDE cipher
1443	  algorithm that is optimized for x86-64 processors. Two versions of
1444	  algorithm are provided; regular processing one input block and
1445	  one that processes three blocks parallel.
1446
1447config CRYPTO_FCRYPT
1448	tristate "FCrypt cipher algorithm"
1449	select CRYPTO_ALGAPI
1450	select CRYPTO_SKCIPHER
1451	help
1452	  FCrypt algorithm used by RxRPC.
1453
1454config CRYPTO_KHAZAD
1455	tristate "Khazad cipher algorithm"
1456	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1457	select CRYPTO_ALGAPI
1458	help
1459	  Khazad cipher algorithm.
1460
1461	  Khazad was a finalist in the initial NESSIE competition.  It is
1462	  an algorithm optimized for 64-bit processors with good performance
1463	  on 32-bit processors.  Khazad uses an 128 bit key size.
1464
1465	  See also:
1466	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1467
1468config CRYPTO_SALSA20
1469	tristate "Salsa20 stream cipher algorithm"
1470	select CRYPTO_SKCIPHER
1471	help
1472	  Salsa20 stream cipher algorithm.
1473
1474	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1475	  Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/>
1476
1477	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1478	  Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html>
1479
1480config CRYPTO_CHACHA20
1481	tristate "ChaCha stream cipher algorithms"
1482	select CRYPTO_LIB_CHACHA_GENERIC
1483	select CRYPTO_SKCIPHER
1484	help
1485	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1486
1487	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1488	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1489	  This is the portable C implementation of ChaCha20.  See also:
1490	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1491
1492	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1493	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1494	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1495	  while provably retaining ChaCha20's security.  See also:
1496	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1497
1498	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1499	  reduced security margin but increased performance.  It can be needed
1500	  in some performance-sensitive scenarios.
1501
1502config CRYPTO_CHACHA20_X86_64
1503	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1504	depends on X86 && 64BIT
1505	select CRYPTO_SKCIPHER
1506	select CRYPTO_LIB_CHACHA_GENERIC
1507	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1508	help
1509	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1510	  XChaCha20, and XChaCha12 stream ciphers.
1511
1512config CRYPTO_CHACHA_MIPS
1513	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1514	depends on CPU_MIPS32_R2
1515	select CRYPTO_SKCIPHER
1516	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1517
1518config CRYPTO_SEED
1519	tristate "SEED cipher algorithm"
1520	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1521	select CRYPTO_ALGAPI
1522	help
1523	  SEED cipher algorithm (RFC4269).
1524
1525	  SEED is a 128-bit symmetric key block cipher that has been
1526	  developed by KISA (Korea Information Security Agency) as a
1527	  national standard encryption algorithm of the Republic of Korea.
1528	  It is a 16 round block cipher with the key size of 128 bit.
1529
1530	  See also:
1531	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1532
1533config CRYPTO_SERPENT
1534	tristate "Serpent cipher algorithm"
1535	select CRYPTO_ALGAPI
1536	help
1537	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1538
1539	  Keys are allowed to be from 0 to 256 bits in length, in steps
1540	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
1541	  variant of Serpent for compatibility with old kerneli.org code.
1542
1543	  See also:
1544	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1545
1546config CRYPTO_SERPENT_SSE2_X86_64
1547	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1548	depends on X86 && 64BIT
1549	select CRYPTO_SKCIPHER
1550	select CRYPTO_GLUE_HELPER_X86
1551	select CRYPTO_SERPENT
1552	select CRYPTO_SIMD
1553	help
1554	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1555
1556	  Keys are allowed to be from 0 to 256 bits in length, in steps
1557	  of 8 bits.
1558
1559	  This module provides Serpent cipher algorithm that processes eight
1560	  blocks parallel using SSE2 instruction set.
1561
1562	  See also:
1563	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1564
1565config CRYPTO_SERPENT_SSE2_586
1566	tristate "Serpent cipher algorithm (i586/SSE2)"
1567	depends on X86 && !64BIT
1568	select CRYPTO_SKCIPHER
1569	select CRYPTO_GLUE_HELPER_X86
1570	select CRYPTO_SERPENT
1571	select CRYPTO_SIMD
1572	help
1573	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1574
1575	  Keys are allowed to be from 0 to 256 bits in length, in steps
1576	  of 8 bits.
1577
1578	  This module provides Serpent cipher algorithm that processes four
1579	  blocks parallel using SSE2 instruction set.
1580
1581	  See also:
1582	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1583
1584config CRYPTO_SERPENT_AVX_X86_64
1585	tristate "Serpent cipher algorithm (x86_64/AVX)"
1586	depends on X86 && 64BIT
1587	select CRYPTO_SKCIPHER
1588	select CRYPTO_GLUE_HELPER_X86
1589	select CRYPTO_SERPENT
1590	select CRYPTO_SIMD
1591	select CRYPTO_XTS
1592	help
1593	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1594
1595	  Keys are allowed to be from 0 to 256 bits in length, in steps
1596	  of 8 bits.
1597
1598	  This module provides the Serpent cipher algorithm that processes
1599	  eight blocks parallel using the AVX instruction set.
1600
1601	  See also:
1602	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1603
1604config CRYPTO_SERPENT_AVX2_X86_64
1605	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1606	depends on X86 && 64BIT
1607	select CRYPTO_SERPENT_AVX_X86_64
1608	help
1609	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1610
1611	  Keys are allowed to be from 0 to 256 bits in length, in steps
1612	  of 8 bits.
1613
1614	  This module provides Serpent cipher algorithm that processes 16
1615	  blocks parallel using AVX2 instruction set.
1616
1617	  See also:
1618	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1619
1620config CRYPTO_SM4
1621	tristate "SM4 cipher algorithm"
1622	select CRYPTO_ALGAPI
1623	help
1624	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1625
1626	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1627	  Organization of State Commercial Administration of China (OSCCA)
1628	  as an authorized cryptographic algorithms for the use within China.
1629
1630	  SMS4 was originally created for use in protecting wireless
1631	  networks, and is mandated in the Chinese National Standard for
1632	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1633	  (GB.15629.11-2003).
1634
1635	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1636	  standardized through TC 260 of the Standardization Administration
1637	  of the People's Republic of China (SAC).
1638
1639	  The input, output, and key of SMS4 are each 128 bits.
1640
1641	  See also: <https://eprint.iacr.org/2008/329.pdf>
1642
1643	  If unsure, say N.
1644
1645config CRYPTO_TEA
1646	tristate "TEA, XTEA and XETA cipher algorithms"
1647	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1648	select CRYPTO_ALGAPI
1649	help
1650	  TEA cipher algorithm.
1651
1652	  Tiny Encryption Algorithm is a simple cipher that uses
1653	  many rounds for security.  It is very fast and uses
1654	  little memory.
1655
1656	  Xtendend Tiny Encryption Algorithm is a modification to
1657	  the TEA algorithm to address a potential key weakness
1658	  in the TEA algorithm.
1659
1660	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1661	  of the XTEA algorithm for compatibility purposes.
1662
1663config CRYPTO_TWOFISH
1664	tristate "Twofish cipher algorithm"
1665	select CRYPTO_ALGAPI
1666	select CRYPTO_TWOFISH_COMMON
1667	help
1668	  Twofish cipher algorithm.
1669
1670	  Twofish was submitted as an AES (Advanced Encryption Standard)
1671	  candidate cipher by researchers at CounterPane Systems.  It is a
1672	  16 round block cipher supporting key sizes of 128, 192, and 256
1673	  bits.
1674
1675	  See also:
1676	  <https://www.schneier.com/twofish.html>
1677
1678config CRYPTO_TWOFISH_COMMON
1679	tristate
1680	help
1681	  Common parts of the Twofish cipher algorithm shared by the
1682	  generic c and the assembler implementations.
1683
1684config CRYPTO_TWOFISH_586
1685	tristate "Twofish cipher algorithms (i586)"
1686	depends on (X86 || UML_X86) && !64BIT
1687	select CRYPTO_ALGAPI
1688	select CRYPTO_TWOFISH_COMMON
1689	help
1690	  Twofish cipher algorithm.
1691
1692	  Twofish was submitted as an AES (Advanced Encryption Standard)
1693	  candidate cipher by researchers at CounterPane Systems.  It is a
1694	  16 round block cipher supporting key sizes of 128, 192, and 256
1695	  bits.
1696
1697	  See also:
1698	  <https://www.schneier.com/twofish.html>
1699
1700config CRYPTO_TWOFISH_X86_64
1701	tristate "Twofish cipher algorithm (x86_64)"
1702	depends on (X86 || UML_X86) && 64BIT
1703	select CRYPTO_ALGAPI
1704	select CRYPTO_TWOFISH_COMMON
1705	help
1706	  Twofish cipher algorithm (x86_64).
1707
1708	  Twofish was submitted as an AES (Advanced Encryption Standard)
1709	  candidate cipher by researchers at CounterPane Systems.  It is a
1710	  16 round block cipher supporting key sizes of 128, 192, and 256
1711	  bits.
1712
1713	  See also:
1714	  <https://www.schneier.com/twofish.html>
1715
1716config CRYPTO_TWOFISH_X86_64_3WAY
1717	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1718	depends on X86 && 64BIT
1719	select CRYPTO_SKCIPHER
1720	select CRYPTO_TWOFISH_COMMON
1721	select CRYPTO_TWOFISH_X86_64
1722	select CRYPTO_GLUE_HELPER_X86
1723	help
1724	  Twofish cipher algorithm (x86_64, 3-way parallel).
1725
1726	  Twofish was submitted as an AES (Advanced Encryption Standard)
1727	  candidate cipher by researchers at CounterPane Systems.  It is a
1728	  16 round block cipher supporting key sizes of 128, 192, and 256
1729	  bits.
1730
1731	  This module provides Twofish cipher algorithm that processes three
1732	  blocks parallel, utilizing resources of out-of-order CPUs better.
1733
1734	  See also:
1735	  <https://www.schneier.com/twofish.html>
1736
1737config CRYPTO_TWOFISH_AVX_X86_64
1738	tristate "Twofish cipher algorithm (x86_64/AVX)"
1739	depends on X86 && 64BIT
1740	select CRYPTO_SKCIPHER
1741	select CRYPTO_GLUE_HELPER_X86
1742	select CRYPTO_SIMD
1743	select CRYPTO_TWOFISH_COMMON
1744	select CRYPTO_TWOFISH_X86_64
1745	select CRYPTO_TWOFISH_X86_64_3WAY
1746	help
1747	  Twofish cipher algorithm (x86_64/AVX).
1748
1749	  Twofish was submitted as an AES (Advanced Encryption Standard)
1750	  candidate cipher by researchers at CounterPane Systems.  It is a
1751	  16 round block cipher supporting key sizes of 128, 192, and 256
1752	  bits.
1753
1754	  This module provides the Twofish cipher algorithm that processes
1755	  eight blocks parallel using the AVX Instruction Set.
1756
1757	  See also:
1758	  <https://www.schneier.com/twofish.html>
1759
1760comment "Compression"
1761
1762config CRYPTO_DEFLATE
1763	tristate "Deflate compression algorithm"
1764	select CRYPTO_ALGAPI
1765	select CRYPTO_ACOMP2
1766	select ZLIB_INFLATE
1767	select ZLIB_DEFLATE
1768	help
1769	  This is the Deflate algorithm (RFC1951), specified for use in
1770	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1771
1772	  You will most probably want this if using IPSec.
1773
1774config CRYPTO_LZO
1775	tristate "LZO compression algorithm"
1776	select CRYPTO_ALGAPI
1777	select CRYPTO_ACOMP2
1778	select LZO_COMPRESS
1779	select LZO_DECOMPRESS
1780	help
1781	  This is the LZO algorithm.
1782
1783config CRYPTO_842
1784	tristate "842 compression algorithm"
1785	select CRYPTO_ALGAPI
1786	select CRYPTO_ACOMP2
1787	select 842_COMPRESS
1788	select 842_DECOMPRESS
1789	help
1790	  This is the 842 algorithm.
1791
1792config CRYPTO_LZ4
1793	tristate "LZ4 compression algorithm"
1794	select CRYPTO_ALGAPI
1795	select CRYPTO_ACOMP2
1796	select LZ4_COMPRESS
1797	select LZ4_DECOMPRESS
1798	help
1799	  This is the LZ4 algorithm.
1800
1801config CRYPTO_LZ4HC
1802	tristate "LZ4HC compression algorithm"
1803	select CRYPTO_ALGAPI
1804	select CRYPTO_ACOMP2
1805	select LZ4HC_COMPRESS
1806	select LZ4_DECOMPRESS
1807	help
1808	  This is the LZ4 high compression mode algorithm.
1809
1810config CRYPTO_ZSTD
1811	tristate "Zstd compression algorithm"
1812	select CRYPTO_ALGAPI
1813	select CRYPTO_ACOMP2
1814	select ZSTD_COMPRESS
1815	select ZSTD_DECOMPRESS
1816	help
1817	  This is the zstd algorithm.
1818
1819comment "Random Number Generation"
1820
1821config CRYPTO_ANSI_CPRNG
1822	tristate "Pseudo Random Number Generation for Cryptographic modules"
1823	select CRYPTO_AES
1824	select CRYPTO_RNG
1825	help
1826	  This option enables the generic pseudo random number generator
1827	  for cryptographic modules.  Uses the Algorithm specified in
1828	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1829	  CRYPTO_FIPS is selected
1830
1831menuconfig CRYPTO_DRBG_MENU
1832	tristate "NIST SP800-90A DRBG"
1833	help
1834	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1835	  more of the DRBG types must be selected.
1836
1837if CRYPTO_DRBG_MENU
1838
1839config CRYPTO_DRBG_HMAC
1840	bool
1841	default y
1842	select CRYPTO_HMAC
1843	select CRYPTO_SHA256
1844
1845config CRYPTO_DRBG_HASH
1846	bool "Enable Hash DRBG"
1847	select CRYPTO_SHA256
1848	help
1849	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1850
1851config CRYPTO_DRBG_CTR
1852	bool "Enable CTR DRBG"
1853	select CRYPTO_AES
1854	select CRYPTO_CTR
1855	help
1856	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1857
1858config CRYPTO_DRBG
1859	tristate
1860	default CRYPTO_DRBG_MENU
1861	select CRYPTO_RNG
1862	select CRYPTO_JITTERENTROPY
1863
1864endif	# if CRYPTO_DRBG_MENU
1865
1866config CRYPTO_JITTERENTROPY
1867	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1868	select CRYPTO_RNG
1869	help
1870	  The Jitterentropy RNG is a noise that is intended
1871	  to provide seed to another RNG. The RNG does not
1872	  perform any cryptographic whitening of the generated
1873	  random numbers. This Jitterentropy RNG registers with
1874	  the kernel crypto API and can be used by any caller.
1875
1876config CRYPTO_USER_API
1877	tristate
1878
1879config CRYPTO_USER_API_HASH
1880	tristate "User-space interface for hash algorithms"
1881	depends on NET
1882	select CRYPTO_HASH
1883	select CRYPTO_USER_API
1884	help
1885	  This option enables the user-spaces interface for hash
1886	  algorithms.
1887
1888config CRYPTO_USER_API_SKCIPHER
1889	tristate "User-space interface for symmetric key cipher algorithms"
1890	depends on NET
1891	select CRYPTO_SKCIPHER
1892	select CRYPTO_USER_API
1893	help
1894	  This option enables the user-spaces interface for symmetric
1895	  key cipher algorithms.
1896
1897config CRYPTO_USER_API_RNG
1898	tristate "User-space interface for random number generator algorithms"
1899	depends on NET
1900	select CRYPTO_RNG
1901	select CRYPTO_USER_API
1902	help
1903	  This option enables the user-spaces interface for random
1904	  number generator algorithms.
1905
1906config CRYPTO_USER_API_RNG_CAVP
1907	bool "Enable CAVP testing of DRBG"
1908	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1909	help
1910	  This option enables extra API for CAVP testing via the user-space
1911	  interface: resetting of DRBG entropy, and providing Additional Data.
1912	  This should only be enabled for CAVP testing. You should say
1913	  no unless you know what this is.
1914
1915config CRYPTO_USER_API_AEAD
1916	tristate "User-space interface for AEAD cipher algorithms"
1917	depends on NET
1918	select CRYPTO_AEAD
1919	select CRYPTO_SKCIPHER
1920	select CRYPTO_NULL
1921	select CRYPTO_USER_API
1922	help
1923	  This option enables the user-spaces interface for AEAD
1924	  cipher algorithms.
1925
1926config CRYPTO_USER_API_ENABLE_OBSOLETE
1927	bool "Enable obsolete cryptographic algorithms for userspace"
1928	depends on CRYPTO_USER_API
1929	default y
1930	help
1931	  Allow obsolete cryptographic algorithms to be selected that have
1932	  already been phased out from internal use by the kernel, and are
1933	  only useful for userspace clients that still rely on them.
1934
1935config CRYPTO_STATS
1936	bool "Crypto usage statistics for User-space"
1937	depends on CRYPTO_USER
1938	help
1939	  This option enables the gathering of crypto stats.
1940	  This will collect:
1941	  - encrypt/decrypt size and numbers of symmeric operations
1942	  - compress/decompress size and numbers of compress operations
1943	  - size and numbers of hash operations
1944	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1945	  - generate/seed numbers for rng operations
1946
1947config CRYPTO_HASH_INFO
1948	bool
1949
1950source "drivers/crypto/Kconfig"
1951source "crypto/asymmetric_keys/Kconfig"
1952source "certs/Kconfig"
1953
1954endif	# if CRYPTO
1955