1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_GLUE_HELPER_X86 214 tristate 215 depends on X86 216 select CRYPTO_SKCIPHER 217 218config CRYPTO_ENGINE 219 tristate 220 221comment "Public-key cryptography" 222 223config CRYPTO_RSA 224 tristate "RSA algorithm" 225 select CRYPTO_AKCIPHER 226 select CRYPTO_MANAGER 227 select MPILIB 228 select ASN1 229 help 230 Generic implementation of the RSA public key algorithm. 231 232config CRYPTO_DH 233 tristate "Diffie-Hellman algorithm" 234 select CRYPTO_KPP 235 select MPILIB 236 help 237 Generic implementation of the Diffie-Hellman algorithm. 238 239config CRYPTO_ECC 240 tristate 241 242config CRYPTO_ECDH 243 tristate "ECDH algorithm" 244 select CRYPTO_ECC 245 select CRYPTO_KPP 246 select CRYPTO_RNG_DEFAULT 247 help 248 Generic implementation of the ECDH algorithm 249 250config CRYPTO_ECRDSA 251 tristate "EC-RDSA (GOST 34.10) algorithm" 252 select CRYPTO_ECC 253 select CRYPTO_AKCIPHER 254 select CRYPTO_STREEBOG 255 select OID_REGISTRY 256 select ASN1 257 help 258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 260 standard algorithms (called GOST algorithms). Only signature verification 261 is implemented. 262 263config CRYPTO_SM2 264 tristate "SM2 algorithm" 265 select CRYPTO_SM3 266 select CRYPTO_AKCIPHER 267 select CRYPTO_MANAGER 268 select MPILIB 269 select ASN1 270 help 271 Generic implementation of the SM2 public key algorithm. It was 272 published by State Encryption Management Bureau, China. 273 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 274 275 References: 276 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 277 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 278 http://www.gmbz.org.cn/main/bzlb.html 279 280config CRYPTO_CURVE25519 281 tristate "Curve25519 algorithm" 282 select CRYPTO_KPP 283 select CRYPTO_LIB_CURVE25519_GENERIC 284 285config CRYPTO_CURVE25519_X86 286 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 287 depends on X86 && 64BIT 288 select CRYPTO_LIB_CURVE25519_GENERIC 289 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 290 291comment "Authenticated Encryption with Associated Data" 292 293config CRYPTO_CCM 294 tristate "CCM support" 295 select CRYPTO_CTR 296 select CRYPTO_HASH 297 select CRYPTO_AEAD 298 select CRYPTO_MANAGER 299 help 300 Support for Counter with CBC MAC. Required for IPsec. 301 302config CRYPTO_GCM 303 tristate "GCM/GMAC support" 304 select CRYPTO_CTR 305 select CRYPTO_AEAD 306 select CRYPTO_GHASH 307 select CRYPTO_NULL 308 select CRYPTO_MANAGER 309 help 310 Support for Galois/Counter Mode (GCM) and Galois Message 311 Authentication Code (GMAC). Required for IPSec. 312 313config CRYPTO_CHACHA20POLY1305 314 tristate "ChaCha20-Poly1305 AEAD support" 315 select CRYPTO_CHACHA20 316 select CRYPTO_POLY1305 317 select CRYPTO_AEAD 318 select CRYPTO_MANAGER 319 help 320 ChaCha20-Poly1305 AEAD support, RFC7539. 321 322 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 323 with the Poly1305 authenticator. It is defined in RFC7539 for use in 324 IETF protocols. 325 326config CRYPTO_AEGIS128 327 tristate "AEGIS-128 AEAD algorithm" 328 select CRYPTO_AEAD 329 select CRYPTO_AES # for AES S-box tables 330 help 331 Support for the AEGIS-128 dedicated AEAD algorithm. 332 333config CRYPTO_AEGIS128_SIMD 334 bool "Support SIMD acceleration for AEGIS-128" 335 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 336 default y 337 338config CRYPTO_AEGIS128_AESNI_SSE2 339 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 340 depends on X86 && 64BIT 341 select CRYPTO_AEAD 342 select CRYPTO_SIMD 343 help 344 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 345 346config CRYPTO_SEQIV 347 tristate "Sequence Number IV Generator" 348 select CRYPTO_AEAD 349 select CRYPTO_SKCIPHER 350 select CRYPTO_NULL 351 select CRYPTO_RNG_DEFAULT 352 select CRYPTO_MANAGER 353 help 354 This IV generator generates an IV based on a sequence number by 355 xoring it with a salt. This algorithm is mainly useful for CTR 356 357config CRYPTO_ECHAINIV 358 tristate "Encrypted Chain IV Generator" 359 select CRYPTO_AEAD 360 select CRYPTO_NULL 361 select CRYPTO_RNG_DEFAULT 362 select CRYPTO_MANAGER 363 help 364 This IV generator generates an IV based on the encryption of 365 a sequence number xored with a salt. This is the default 366 algorithm for CBC. 367 368comment "Block modes" 369 370config CRYPTO_CBC 371 tristate "CBC support" 372 select CRYPTO_SKCIPHER 373 select CRYPTO_MANAGER 374 help 375 CBC: Cipher Block Chaining mode 376 This block cipher algorithm is required for IPSec. 377 378config CRYPTO_CFB 379 tristate "CFB support" 380 select CRYPTO_SKCIPHER 381 select CRYPTO_MANAGER 382 help 383 CFB: Cipher FeedBack mode 384 This block cipher algorithm is required for TPM2 Cryptography. 385 386config CRYPTO_CTR 387 tristate "CTR support" 388 select CRYPTO_SKCIPHER 389 select CRYPTO_MANAGER 390 help 391 CTR: Counter mode 392 This block cipher algorithm is required for IPSec. 393 394config CRYPTO_CTS 395 tristate "CTS support" 396 select CRYPTO_SKCIPHER 397 select CRYPTO_MANAGER 398 help 399 CTS: Cipher Text Stealing 400 This is the Cipher Text Stealing mode as described by 401 Section 8 of rfc2040 and referenced by rfc3962 402 (rfc3962 includes errata information in its Appendix A) or 403 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 404 This mode is required for Kerberos gss mechanism support 405 for AES encryption. 406 407 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 408 409config CRYPTO_ECB 410 tristate "ECB support" 411 select CRYPTO_SKCIPHER 412 select CRYPTO_MANAGER 413 help 414 ECB: Electronic CodeBook mode 415 This is the simplest block cipher algorithm. It simply encrypts 416 the input block by block. 417 418config CRYPTO_LRW 419 tristate "LRW support" 420 select CRYPTO_SKCIPHER 421 select CRYPTO_MANAGER 422 select CRYPTO_GF128MUL 423 help 424 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 425 narrow block cipher mode for dm-crypt. Use it with cipher 426 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 427 The first 128, 192 or 256 bits in the key are used for AES and the 428 rest is used to tie each cipher block to its logical position. 429 430config CRYPTO_OFB 431 tristate "OFB support" 432 select CRYPTO_SKCIPHER 433 select CRYPTO_MANAGER 434 help 435 OFB: the Output Feedback mode makes a block cipher into a synchronous 436 stream cipher. It generates keystream blocks, which are then XORed 437 with the plaintext blocks to get the ciphertext. Flipping a bit in the 438 ciphertext produces a flipped bit in the plaintext at the same 439 location. This property allows many error correcting codes to function 440 normally even when applied before encryption. 441 442config CRYPTO_PCBC 443 tristate "PCBC support" 444 select CRYPTO_SKCIPHER 445 select CRYPTO_MANAGER 446 help 447 PCBC: Propagating Cipher Block Chaining mode 448 This block cipher algorithm is required for RxRPC. 449 450config CRYPTO_XTS 451 tristate "XTS support" 452 select CRYPTO_SKCIPHER 453 select CRYPTO_MANAGER 454 select CRYPTO_ECB 455 help 456 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 457 key size 256, 384 or 512 bits. This implementation currently 458 can't handle a sectorsize which is not a multiple of 16 bytes. 459 460config CRYPTO_KEYWRAP 461 tristate "Key wrapping support" 462 select CRYPTO_SKCIPHER 463 select CRYPTO_MANAGER 464 help 465 Support for key wrapping (NIST SP800-38F / RFC3394) without 466 padding. 467 468config CRYPTO_NHPOLY1305 469 tristate 470 select CRYPTO_HASH 471 select CRYPTO_LIB_POLY1305_GENERIC 472 473config CRYPTO_NHPOLY1305_SSE2 474 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 475 depends on X86 && 64BIT 476 select CRYPTO_NHPOLY1305 477 help 478 SSE2 optimized implementation of the hash function used by the 479 Adiantum encryption mode. 480 481config CRYPTO_NHPOLY1305_AVX2 482 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 483 depends on X86 && 64BIT 484 select CRYPTO_NHPOLY1305 485 help 486 AVX2 optimized implementation of the hash function used by the 487 Adiantum encryption mode. 488 489config CRYPTO_ADIANTUM 490 tristate "Adiantum support" 491 select CRYPTO_CHACHA20 492 select CRYPTO_LIB_POLY1305_GENERIC 493 select CRYPTO_NHPOLY1305 494 select CRYPTO_MANAGER 495 help 496 Adiantum is a tweakable, length-preserving encryption mode 497 designed for fast and secure disk encryption, especially on 498 CPUs without dedicated crypto instructions. It encrypts 499 each sector using the XChaCha12 stream cipher, two passes of 500 an ε-almost-∆-universal hash function, and an invocation of 501 the AES-256 block cipher on a single 16-byte block. On CPUs 502 without AES instructions, Adiantum is much faster than 503 AES-XTS. 504 505 Adiantum's security is provably reducible to that of its 506 underlying stream and block ciphers, subject to a security 507 bound. Unlike XTS, Adiantum is a true wide-block encryption 508 mode, so it actually provides an even stronger notion of 509 security than XTS, subject to the security bound. 510 511 If unsure, say N. 512 513config CRYPTO_ESSIV 514 tristate "ESSIV support for block encryption" 515 select CRYPTO_AUTHENC 516 help 517 Encrypted salt-sector initialization vector (ESSIV) is an IV 518 generation method that is used in some cases by fscrypt and/or 519 dm-crypt. It uses the hash of the block encryption key as the 520 symmetric key for a block encryption pass applied to the input 521 IV, making low entropy IV sources more suitable for block 522 encryption. 523 524 This driver implements a crypto API template that can be 525 instantiated either as an skcipher or as an AEAD (depending on the 526 type of the first template argument), and which defers encryption 527 and decryption requests to the encapsulated cipher after applying 528 ESSIV to the input IV. Note that in the AEAD case, it is assumed 529 that the keys are presented in the same format used by the authenc 530 template, and that the IV appears at the end of the authenticated 531 associated data (AAD) region (which is how dm-crypt uses it.) 532 533 Note that the use of ESSIV is not recommended for new deployments, 534 and so this only needs to be enabled when interoperability with 535 existing encrypted volumes of filesystems is required, or when 536 building for a particular system that requires it (e.g., when 537 the SoC in question has accelerated CBC but not XTS, making CBC 538 combined with ESSIV the only feasible mode for h/w accelerated 539 block encryption) 540 541comment "Hash modes" 542 543config CRYPTO_CMAC 544 tristate "CMAC support" 545 select CRYPTO_HASH 546 select CRYPTO_MANAGER 547 help 548 Cipher-based Message Authentication Code (CMAC) specified by 549 The National Institute of Standards and Technology (NIST). 550 551 https://tools.ietf.org/html/rfc4493 552 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 553 554config CRYPTO_HMAC 555 tristate "HMAC support" 556 select CRYPTO_HASH 557 select CRYPTO_MANAGER 558 help 559 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 560 This is required for IPSec. 561 562config CRYPTO_XCBC 563 tristate "XCBC support" 564 select CRYPTO_HASH 565 select CRYPTO_MANAGER 566 help 567 XCBC: Keyed-Hashing with encryption algorithm 568 https://www.ietf.org/rfc/rfc3566.txt 569 http://csrc.nist.gov/encryption/modes/proposedmodes/ 570 xcbc-mac/xcbc-mac-spec.pdf 571 572config CRYPTO_VMAC 573 tristate "VMAC support" 574 select CRYPTO_HASH 575 select CRYPTO_MANAGER 576 help 577 VMAC is a message authentication algorithm designed for 578 very high speed on 64-bit architectures. 579 580 See also: 581 <https://fastcrypto.org/vmac> 582 583comment "Digest" 584 585config CRYPTO_CRC32C 586 tristate "CRC32c CRC algorithm" 587 select CRYPTO_HASH 588 select CRC32 589 help 590 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 591 by iSCSI for header and data digests and by others. 592 See Castagnoli93. Module will be crc32c. 593 594config CRYPTO_CRC32C_INTEL 595 tristate "CRC32c INTEL hardware acceleration" 596 depends on X86 597 select CRYPTO_HASH 598 help 599 In Intel processor with SSE4.2 supported, the processor will 600 support CRC32C implementation using hardware accelerated CRC32 601 instruction. This option will create 'crc32c-intel' module, 602 which will enable any routine to use the CRC32 instruction to 603 gain performance compared with software implementation. 604 Module will be crc32c-intel. 605 606config CRYPTO_CRC32C_VPMSUM 607 tristate "CRC32c CRC algorithm (powerpc64)" 608 depends on PPC64 && ALTIVEC 609 select CRYPTO_HASH 610 select CRC32 611 help 612 CRC32c algorithm implemented using vector polynomial multiply-sum 613 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 614 and newer processors for improved performance. 615 616 617config CRYPTO_CRC32C_SPARC64 618 tristate "CRC32c CRC algorithm (SPARC64)" 619 depends on SPARC64 620 select CRYPTO_HASH 621 select CRC32 622 help 623 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 624 when available. 625 626config CRYPTO_CRC32 627 tristate "CRC32 CRC algorithm" 628 select CRYPTO_HASH 629 select CRC32 630 help 631 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 632 Shash crypto api wrappers to crc32_le function. 633 634config CRYPTO_CRC32_PCLMUL 635 tristate "CRC32 PCLMULQDQ hardware acceleration" 636 depends on X86 637 select CRYPTO_HASH 638 select CRC32 639 help 640 From Intel Westmere and AMD Bulldozer processor with SSE4.2 641 and PCLMULQDQ supported, the processor will support 642 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 643 instruction. This option will create 'crc32-pclmul' module, 644 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 645 and gain better performance as compared with the table implementation. 646 647config CRYPTO_CRC32_MIPS 648 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 649 depends on MIPS_CRC_SUPPORT 650 select CRYPTO_HASH 651 help 652 CRC32c and CRC32 CRC algorithms implemented using mips crypto 653 instructions, when available. 654 655 656config CRYPTO_XXHASH 657 tristate "xxHash hash algorithm" 658 select CRYPTO_HASH 659 select XXHASH 660 help 661 xxHash non-cryptographic hash algorithm. Extremely fast, working at 662 speeds close to RAM limits. 663 664config CRYPTO_BLAKE2B 665 tristate "BLAKE2b digest algorithm" 666 select CRYPTO_HASH 667 help 668 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 669 optimized for 64bit platforms and can produce digests of any size 670 between 1 to 64. The keyed hash is also implemented. 671 672 This module provides the following algorithms: 673 674 - blake2b-160 675 - blake2b-256 676 - blake2b-384 677 - blake2b-512 678 679 See https://blake2.net for further information. 680 681config CRYPTO_BLAKE2S 682 tristate "BLAKE2s digest algorithm" 683 select CRYPTO_LIB_BLAKE2S_GENERIC 684 select CRYPTO_HASH 685 help 686 Implementation of cryptographic hash function BLAKE2s 687 optimized for 8-32bit platforms and can produce digests of any size 688 between 1 to 32. The keyed hash is also implemented. 689 690 This module provides the following algorithms: 691 692 - blake2s-128 693 - blake2s-160 694 - blake2s-224 695 - blake2s-256 696 697 See https://blake2.net for further information. 698 699config CRYPTO_BLAKE2S_X86 700 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 701 depends on X86 && 64BIT 702 select CRYPTO_LIB_BLAKE2S_GENERIC 703 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 704 705config CRYPTO_CRCT10DIF 706 tristate "CRCT10DIF algorithm" 707 select CRYPTO_HASH 708 help 709 CRC T10 Data Integrity Field computation is being cast as 710 a crypto transform. This allows for faster crc t10 diff 711 transforms to be used if they are available. 712 713config CRYPTO_CRCT10DIF_PCLMUL 714 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 715 depends on X86 && 64BIT && CRC_T10DIF 716 select CRYPTO_HASH 717 help 718 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 719 CRC T10 DIF PCLMULQDQ computation can be hardware 720 accelerated PCLMULQDQ instruction. This option will create 721 'crct10dif-pclmul' module, which is faster when computing the 722 crct10dif checksum as compared with the generic table implementation. 723 724config CRYPTO_CRCT10DIF_VPMSUM 725 tristate "CRC32T10DIF powerpc64 hardware acceleration" 726 depends on PPC64 && ALTIVEC && CRC_T10DIF 727 select CRYPTO_HASH 728 help 729 CRC10T10DIF algorithm implemented using vector polynomial 730 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 731 POWER8 and newer processors for improved performance. 732 733config CRYPTO_VPMSUM_TESTER 734 tristate "Powerpc64 vpmsum hardware acceleration tester" 735 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 736 help 737 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 738 POWER8 vpmsum instructions. 739 Unless you are testing these algorithms, you don't need this. 740 741config CRYPTO_GHASH 742 tristate "GHASH hash function" 743 select CRYPTO_GF128MUL 744 select CRYPTO_HASH 745 help 746 GHASH is the hash function used in GCM (Galois/Counter Mode). 747 It is not a general-purpose cryptographic hash function. 748 749config CRYPTO_POLY1305 750 tristate "Poly1305 authenticator algorithm" 751 select CRYPTO_HASH 752 select CRYPTO_LIB_POLY1305_GENERIC 753 help 754 Poly1305 authenticator algorithm, RFC7539. 755 756 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 757 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 758 in IETF protocols. This is the portable C implementation of Poly1305. 759 760config CRYPTO_POLY1305_X86_64 761 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 762 depends on X86 && 64BIT 763 select CRYPTO_LIB_POLY1305_GENERIC 764 select CRYPTO_ARCH_HAVE_LIB_POLY1305 765 help 766 Poly1305 authenticator algorithm, RFC7539. 767 768 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 769 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 770 in IETF protocols. This is the x86_64 assembler implementation using SIMD 771 instructions. 772 773config CRYPTO_POLY1305_MIPS 774 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 775 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 776 select CRYPTO_ARCH_HAVE_LIB_POLY1305 777 778config CRYPTO_MD4 779 tristate "MD4 digest algorithm" 780 select CRYPTO_HASH 781 help 782 MD4 message digest algorithm (RFC1320). 783 784config CRYPTO_MD5 785 tristate "MD5 digest algorithm" 786 select CRYPTO_HASH 787 help 788 MD5 message digest algorithm (RFC1321). 789 790config CRYPTO_MD5_OCTEON 791 tristate "MD5 digest algorithm (OCTEON)" 792 depends on CPU_CAVIUM_OCTEON 793 select CRYPTO_MD5 794 select CRYPTO_HASH 795 help 796 MD5 message digest algorithm (RFC1321) implemented 797 using OCTEON crypto instructions, when available. 798 799config CRYPTO_MD5_PPC 800 tristate "MD5 digest algorithm (PPC)" 801 depends on PPC 802 select CRYPTO_HASH 803 help 804 MD5 message digest algorithm (RFC1321) implemented 805 in PPC assembler. 806 807config CRYPTO_MD5_SPARC64 808 tristate "MD5 digest algorithm (SPARC64)" 809 depends on SPARC64 810 select CRYPTO_MD5 811 select CRYPTO_HASH 812 help 813 MD5 message digest algorithm (RFC1321) implemented 814 using sparc64 crypto instructions, when available. 815 816config CRYPTO_MICHAEL_MIC 817 tristate "Michael MIC keyed digest algorithm" 818 select CRYPTO_HASH 819 help 820 Michael MIC is used for message integrity protection in TKIP 821 (IEEE 802.11i). This algorithm is required for TKIP, but it 822 should not be used for other purposes because of the weakness 823 of the algorithm. 824 825config CRYPTO_RMD128 826 tristate "RIPEMD-128 digest algorithm" 827 select CRYPTO_HASH 828 help 829 RIPEMD-128 (ISO/IEC 10118-3:2004). 830 831 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 832 be used as a secure replacement for RIPEMD. For other use cases, 833 RIPEMD-160 should be used. 834 835 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 836 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 837 838config CRYPTO_RMD160 839 tristate "RIPEMD-160 digest algorithm" 840 select CRYPTO_HASH 841 help 842 RIPEMD-160 (ISO/IEC 10118-3:2004). 843 844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 845 to be used as a secure replacement for the 128-bit hash functions 846 MD4, MD5 and it's predecessor RIPEMD 847 (not to be confused with RIPEMD-128). 848 849 It's speed is comparable to SHA1 and there are no known attacks 850 against RIPEMD-160. 851 852 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 853 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 854 855config CRYPTO_RMD256 856 tristate "RIPEMD-256 digest algorithm" 857 select CRYPTO_HASH 858 help 859 RIPEMD-256 is an optional extension of RIPEMD-128 with a 860 256 bit hash. It is intended for applications that require 861 longer hash-results, without needing a larger security level 862 (than RIPEMD-128). 863 864 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 865 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 866 867config CRYPTO_RMD320 868 tristate "RIPEMD-320 digest algorithm" 869 select CRYPTO_HASH 870 help 871 RIPEMD-320 is an optional extension of RIPEMD-160 with a 872 320 bit hash. It is intended for applications that require 873 longer hash-results, without needing a larger security level 874 (than RIPEMD-160). 875 876 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 877 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 878 879config CRYPTO_SHA1 880 tristate "SHA1 digest algorithm" 881 select CRYPTO_HASH 882 help 883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 884 885config CRYPTO_SHA1_SSSE3 886 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 887 depends on X86 && 64BIT 888 select CRYPTO_SHA1 889 select CRYPTO_HASH 890 help 891 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 892 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 893 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 894 when available. 895 896config CRYPTO_SHA256_SSSE3 897 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 898 depends on X86 && 64BIT 899 select CRYPTO_SHA256 900 select CRYPTO_HASH 901 help 902 SHA-256 secure hash standard (DFIPS 180-2) implemented 903 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 904 Extensions version 1 (AVX1), or Advanced Vector Extensions 905 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 906 Instructions) when available. 907 908config CRYPTO_SHA512_SSSE3 909 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 910 depends on X86 && 64BIT 911 select CRYPTO_SHA512 912 select CRYPTO_HASH 913 help 914 SHA-512 secure hash standard (DFIPS 180-2) implemented 915 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 916 Extensions version 1 (AVX1), or Advanced Vector Extensions 917 version 2 (AVX2) instructions, when available. 918 919config CRYPTO_SHA1_OCTEON 920 tristate "SHA1 digest algorithm (OCTEON)" 921 depends on CPU_CAVIUM_OCTEON 922 select CRYPTO_SHA1 923 select CRYPTO_HASH 924 help 925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 926 using OCTEON crypto instructions, when available. 927 928config CRYPTO_SHA1_SPARC64 929 tristate "SHA1 digest algorithm (SPARC64)" 930 depends on SPARC64 931 select CRYPTO_SHA1 932 select CRYPTO_HASH 933 help 934 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 935 using sparc64 crypto instructions, when available. 936 937config CRYPTO_SHA1_PPC 938 tristate "SHA1 digest algorithm (powerpc)" 939 depends on PPC 940 help 941 This is the powerpc hardware accelerated implementation of the 942 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 943 944config CRYPTO_SHA1_PPC_SPE 945 tristate "SHA1 digest algorithm (PPC SPE)" 946 depends on PPC && SPE 947 help 948 SHA-1 secure hash standard (DFIPS 180-4) implemented 949 using powerpc SPE SIMD instruction set. 950 951config CRYPTO_SHA256 952 tristate "SHA224 and SHA256 digest algorithm" 953 select CRYPTO_HASH 954 select CRYPTO_LIB_SHA256 955 help 956 SHA256 secure hash standard (DFIPS 180-2). 957 958 This version of SHA implements a 256 bit hash with 128 bits of 959 security against collision attacks. 960 961 This code also includes SHA-224, a 224 bit hash with 112 bits 962 of security against collision attacks. 963 964config CRYPTO_SHA256_PPC_SPE 965 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 966 depends on PPC && SPE 967 select CRYPTO_SHA256 968 select CRYPTO_HASH 969 help 970 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 971 implemented using powerpc SPE SIMD instruction set. 972 973config CRYPTO_SHA256_OCTEON 974 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 975 depends on CPU_CAVIUM_OCTEON 976 select CRYPTO_SHA256 977 select CRYPTO_HASH 978 help 979 SHA-256 secure hash standard (DFIPS 180-2) implemented 980 using OCTEON crypto instructions, when available. 981 982config CRYPTO_SHA256_SPARC64 983 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 984 depends on SPARC64 985 select CRYPTO_SHA256 986 select CRYPTO_HASH 987 help 988 SHA-256 secure hash standard (DFIPS 180-2) implemented 989 using sparc64 crypto instructions, when available. 990 991config CRYPTO_SHA512 992 tristate "SHA384 and SHA512 digest algorithms" 993 select CRYPTO_HASH 994 help 995 SHA512 secure hash standard (DFIPS 180-2). 996 997 This version of SHA implements a 512 bit hash with 256 bits of 998 security against collision attacks. 999 1000 This code also includes SHA-384, a 384 bit hash with 192 bits 1001 of security against collision attacks. 1002 1003config CRYPTO_SHA512_OCTEON 1004 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1005 depends on CPU_CAVIUM_OCTEON 1006 select CRYPTO_SHA512 1007 select CRYPTO_HASH 1008 help 1009 SHA-512 secure hash standard (DFIPS 180-2) implemented 1010 using OCTEON crypto instructions, when available. 1011 1012config CRYPTO_SHA512_SPARC64 1013 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1014 depends on SPARC64 1015 select CRYPTO_SHA512 1016 select CRYPTO_HASH 1017 help 1018 SHA-512 secure hash standard (DFIPS 180-2) implemented 1019 using sparc64 crypto instructions, when available. 1020 1021config CRYPTO_SHA3 1022 tristate "SHA3 digest algorithm" 1023 select CRYPTO_HASH 1024 help 1025 SHA-3 secure hash standard (DFIPS 202). It's based on 1026 cryptographic sponge function family called Keccak. 1027 1028 References: 1029 http://keccak.noekeon.org/ 1030 1031config CRYPTO_SM3 1032 tristate "SM3 digest algorithm" 1033 select CRYPTO_HASH 1034 help 1035 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1036 It is part of the Chinese Commercial Cryptography suite. 1037 1038 References: 1039 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1040 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1041 1042config CRYPTO_STREEBOG 1043 tristate "Streebog Hash Function" 1044 select CRYPTO_HASH 1045 help 1046 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1047 cryptographic standard algorithms (called GOST algorithms). 1048 This setting enables two hash algorithms with 256 and 512 bits output. 1049 1050 References: 1051 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1052 https://tools.ietf.org/html/rfc6986 1053 1054config CRYPTO_TGR192 1055 tristate "Tiger digest algorithms" 1056 select CRYPTO_HASH 1057 help 1058 Tiger hash algorithm 192, 160 and 128-bit hashes 1059 1060 Tiger is a hash function optimized for 64-bit processors while 1061 still having decent performance on 32-bit processors. 1062 Tiger was developed by Ross Anderson and Eli Biham. 1063 1064 See also: 1065 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1066 1067config CRYPTO_WP512 1068 tristate "Whirlpool digest algorithms" 1069 select CRYPTO_HASH 1070 help 1071 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1072 1073 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1074 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1075 1076 See also: 1077 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1078 1079config CRYPTO_GHASH_CLMUL_NI_INTEL 1080 tristate "GHASH hash function (CLMUL-NI accelerated)" 1081 depends on X86 && 64BIT 1082 select CRYPTO_CRYPTD 1083 help 1084 This is the x86_64 CLMUL-NI accelerated implementation of 1085 GHASH, the hash function used in GCM (Galois/Counter mode). 1086 1087comment "Ciphers" 1088 1089config CRYPTO_AES 1090 tristate "AES cipher algorithms" 1091 select CRYPTO_ALGAPI 1092 select CRYPTO_LIB_AES 1093 help 1094 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1095 algorithm. 1096 1097 Rijndael appears to be consistently a very good performer in 1098 both hardware and software across a wide range of computing 1099 environments regardless of its use in feedback or non-feedback 1100 modes. Its key setup time is excellent, and its key agility is 1101 good. Rijndael's very low memory requirements make it very well 1102 suited for restricted-space environments, in which it also 1103 demonstrates excellent performance. Rijndael's operations are 1104 among the easiest to defend against power and timing attacks. 1105 1106 The AES specifies three key sizes: 128, 192 and 256 bits 1107 1108 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1109 1110config CRYPTO_AES_TI 1111 tristate "Fixed time AES cipher" 1112 select CRYPTO_ALGAPI 1113 select CRYPTO_LIB_AES 1114 help 1115 This is a generic implementation of AES that attempts to eliminate 1116 data dependent latencies as much as possible without affecting 1117 performance too much. It is intended for use by the generic CCM 1118 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1119 solely on encryption (although decryption is supported as well, but 1120 with a more dramatic performance hit) 1121 1122 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1123 8 for decryption), this implementation only uses just two S-boxes of 1124 256 bytes each, and attempts to eliminate data dependent latencies by 1125 prefetching the entire table into the cache at the start of each 1126 block. Interrupts are also disabled to avoid races where cachelines 1127 are evicted when the CPU is interrupted to do something else. 1128 1129config CRYPTO_AES_NI_INTEL 1130 tristate "AES cipher algorithms (AES-NI)" 1131 depends on X86 1132 select CRYPTO_AEAD 1133 select CRYPTO_LIB_AES 1134 select CRYPTO_ALGAPI 1135 select CRYPTO_SKCIPHER 1136 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1137 select CRYPTO_SIMD 1138 help 1139 Use Intel AES-NI instructions for AES algorithm. 1140 1141 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1142 algorithm. 1143 1144 Rijndael appears to be consistently a very good performer in 1145 both hardware and software across a wide range of computing 1146 environments regardless of its use in feedback or non-feedback 1147 modes. Its key setup time is excellent, and its key agility is 1148 good. Rijndael's very low memory requirements make it very well 1149 suited for restricted-space environments, in which it also 1150 demonstrates excellent performance. Rijndael's operations are 1151 among the easiest to defend against power and timing attacks. 1152 1153 The AES specifies three key sizes: 128, 192 and 256 bits 1154 1155 See <http://csrc.nist.gov/encryption/aes/> for more information. 1156 1157 In addition to AES cipher algorithm support, the acceleration 1158 for some popular block cipher mode is supported too, including 1159 ECB, CBC, LRW, XTS. The 64 bit version has additional 1160 acceleration for CTR. 1161 1162config CRYPTO_AES_SPARC64 1163 tristate "AES cipher algorithms (SPARC64)" 1164 depends on SPARC64 1165 select CRYPTO_SKCIPHER 1166 help 1167 Use SPARC64 crypto opcodes for AES algorithm. 1168 1169 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1170 algorithm. 1171 1172 Rijndael appears to be consistently a very good performer in 1173 both hardware and software across a wide range of computing 1174 environments regardless of its use in feedback or non-feedback 1175 modes. Its key setup time is excellent, and its key agility is 1176 good. Rijndael's very low memory requirements make it very well 1177 suited for restricted-space environments, in which it also 1178 demonstrates excellent performance. Rijndael's operations are 1179 among the easiest to defend against power and timing attacks. 1180 1181 The AES specifies three key sizes: 128, 192 and 256 bits 1182 1183 See <http://csrc.nist.gov/encryption/aes/> for more information. 1184 1185 In addition to AES cipher algorithm support, the acceleration 1186 for some popular block cipher mode is supported too, including 1187 ECB and CBC. 1188 1189config CRYPTO_AES_PPC_SPE 1190 tristate "AES cipher algorithms (PPC SPE)" 1191 depends on PPC && SPE 1192 select CRYPTO_SKCIPHER 1193 help 1194 AES cipher algorithms (FIPS-197). Additionally the acceleration 1195 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1196 This module should only be used for low power (router) devices 1197 without hardware AES acceleration (e.g. caam crypto). It reduces the 1198 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1199 timining attacks. Nevertheless it might be not as secure as other 1200 architecture specific assembler implementations that work on 1KB 1201 tables or 256 bytes S-boxes. 1202 1203config CRYPTO_ANUBIS 1204 tristate "Anubis cipher algorithm" 1205 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1206 select CRYPTO_ALGAPI 1207 help 1208 Anubis cipher algorithm. 1209 1210 Anubis is a variable key length cipher which can use keys from 1211 128 bits to 320 bits in length. It was evaluated as a entrant 1212 in the NESSIE competition. 1213 1214 See also: 1215 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1216 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1217 1218config CRYPTO_ARC4 1219 tristate "ARC4 cipher algorithm" 1220 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1221 select CRYPTO_SKCIPHER 1222 select CRYPTO_LIB_ARC4 1223 help 1224 ARC4 cipher algorithm. 1225 1226 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1227 bits in length. This algorithm is required for driver-based 1228 WEP, but it should not be for other purposes because of the 1229 weakness of the algorithm. 1230 1231config CRYPTO_BLOWFISH 1232 tristate "Blowfish cipher algorithm" 1233 select CRYPTO_ALGAPI 1234 select CRYPTO_BLOWFISH_COMMON 1235 help 1236 Blowfish cipher algorithm, by Bruce Schneier. 1237 1238 This is a variable key length cipher which can use keys from 32 1239 bits to 448 bits in length. It's fast, simple and specifically 1240 designed for use on "large microprocessors". 1241 1242 See also: 1243 <https://www.schneier.com/blowfish.html> 1244 1245config CRYPTO_BLOWFISH_COMMON 1246 tristate 1247 help 1248 Common parts of the Blowfish cipher algorithm shared by the 1249 generic c and the assembler implementations. 1250 1251 See also: 1252 <https://www.schneier.com/blowfish.html> 1253 1254config CRYPTO_BLOWFISH_X86_64 1255 tristate "Blowfish cipher algorithm (x86_64)" 1256 depends on X86 && 64BIT 1257 select CRYPTO_SKCIPHER 1258 select CRYPTO_BLOWFISH_COMMON 1259 help 1260 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1261 1262 This is a variable key length cipher which can use keys from 32 1263 bits to 448 bits in length. It's fast, simple and specifically 1264 designed for use on "large microprocessors". 1265 1266 See also: 1267 <https://www.schneier.com/blowfish.html> 1268 1269config CRYPTO_CAMELLIA 1270 tristate "Camellia cipher algorithms" 1271 depends on CRYPTO 1272 select CRYPTO_ALGAPI 1273 help 1274 Camellia cipher algorithms module. 1275 1276 Camellia is a symmetric key block cipher developed jointly 1277 at NTT and Mitsubishi Electric Corporation. 1278 1279 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1280 1281 See also: 1282 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1283 1284config CRYPTO_CAMELLIA_X86_64 1285 tristate "Camellia cipher algorithm (x86_64)" 1286 depends on X86 && 64BIT 1287 depends on CRYPTO 1288 select CRYPTO_SKCIPHER 1289 select CRYPTO_GLUE_HELPER_X86 1290 help 1291 Camellia cipher algorithm module (x86_64). 1292 1293 Camellia is a symmetric key block cipher developed jointly 1294 at NTT and Mitsubishi Electric Corporation. 1295 1296 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1297 1298 See also: 1299 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1300 1301config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1302 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1303 depends on X86 && 64BIT 1304 depends on CRYPTO 1305 select CRYPTO_SKCIPHER 1306 select CRYPTO_CAMELLIA_X86_64 1307 select CRYPTO_GLUE_HELPER_X86 1308 select CRYPTO_SIMD 1309 select CRYPTO_XTS 1310 help 1311 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1312 1313 Camellia is a symmetric key block cipher developed jointly 1314 at NTT and Mitsubishi Electric Corporation. 1315 1316 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1317 1318 See also: 1319 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1320 1321config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1322 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1323 depends on X86 && 64BIT 1324 depends on CRYPTO 1325 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1326 help 1327 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1328 1329 Camellia is a symmetric key block cipher developed jointly 1330 at NTT and Mitsubishi Electric Corporation. 1331 1332 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1333 1334 See also: 1335 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1336 1337config CRYPTO_CAMELLIA_SPARC64 1338 tristate "Camellia cipher algorithm (SPARC64)" 1339 depends on SPARC64 1340 depends on CRYPTO 1341 select CRYPTO_ALGAPI 1342 select CRYPTO_SKCIPHER 1343 help 1344 Camellia cipher algorithm module (SPARC64). 1345 1346 Camellia is a symmetric key block cipher developed jointly 1347 at NTT and Mitsubishi Electric Corporation. 1348 1349 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1350 1351 See also: 1352 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1353 1354config CRYPTO_CAST_COMMON 1355 tristate 1356 help 1357 Common parts of the CAST cipher algorithms shared by the 1358 generic c and the assembler implementations. 1359 1360config CRYPTO_CAST5 1361 tristate "CAST5 (CAST-128) cipher algorithm" 1362 select CRYPTO_ALGAPI 1363 select CRYPTO_CAST_COMMON 1364 help 1365 The CAST5 encryption algorithm (synonymous with CAST-128) is 1366 described in RFC2144. 1367 1368config CRYPTO_CAST5_AVX_X86_64 1369 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1370 depends on X86 && 64BIT 1371 select CRYPTO_SKCIPHER 1372 select CRYPTO_CAST5 1373 select CRYPTO_CAST_COMMON 1374 select CRYPTO_SIMD 1375 help 1376 The CAST5 encryption algorithm (synonymous with CAST-128) is 1377 described in RFC2144. 1378 1379 This module provides the Cast5 cipher algorithm that processes 1380 sixteen blocks parallel using the AVX instruction set. 1381 1382config CRYPTO_CAST6 1383 tristate "CAST6 (CAST-256) cipher algorithm" 1384 select CRYPTO_ALGAPI 1385 select CRYPTO_CAST_COMMON 1386 help 1387 The CAST6 encryption algorithm (synonymous with CAST-256) is 1388 described in RFC2612. 1389 1390config CRYPTO_CAST6_AVX_X86_64 1391 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1392 depends on X86 && 64BIT 1393 select CRYPTO_SKCIPHER 1394 select CRYPTO_CAST6 1395 select CRYPTO_CAST_COMMON 1396 select CRYPTO_GLUE_HELPER_X86 1397 select CRYPTO_SIMD 1398 select CRYPTO_XTS 1399 help 1400 The CAST6 encryption algorithm (synonymous with CAST-256) is 1401 described in RFC2612. 1402 1403 This module provides the Cast6 cipher algorithm that processes 1404 eight blocks parallel using the AVX instruction set. 1405 1406config CRYPTO_DES 1407 tristate "DES and Triple DES EDE cipher algorithms" 1408 select CRYPTO_ALGAPI 1409 select CRYPTO_LIB_DES 1410 help 1411 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1412 1413config CRYPTO_DES_SPARC64 1414 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1415 depends on SPARC64 1416 select CRYPTO_ALGAPI 1417 select CRYPTO_LIB_DES 1418 select CRYPTO_SKCIPHER 1419 help 1420 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1421 optimized using SPARC64 crypto opcodes. 1422 1423config CRYPTO_DES3_EDE_X86_64 1424 tristate "Triple DES EDE cipher algorithm (x86-64)" 1425 depends on X86 && 64BIT 1426 select CRYPTO_SKCIPHER 1427 select CRYPTO_LIB_DES 1428 help 1429 Triple DES EDE (FIPS 46-3) algorithm. 1430 1431 This module provides implementation of the Triple DES EDE cipher 1432 algorithm that is optimized for x86-64 processors. Two versions of 1433 algorithm are provided; regular processing one input block and 1434 one that processes three blocks parallel. 1435 1436config CRYPTO_FCRYPT 1437 tristate "FCrypt cipher algorithm" 1438 select CRYPTO_ALGAPI 1439 select CRYPTO_SKCIPHER 1440 help 1441 FCrypt algorithm used by RxRPC. 1442 1443config CRYPTO_KHAZAD 1444 tristate "Khazad cipher algorithm" 1445 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1446 select CRYPTO_ALGAPI 1447 help 1448 Khazad cipher algorithm. 1449 1450 Khazad was a finalist in the initial NESSIE competition. It is 1451 an algorithm optimized for 64-bit processors with good performance 1452 on 32-bit processors. Khazad uses an 128 bit key size. 1453 1454 See also: 1455 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1456 1457config CRYPTO_SALSA20 1458 tristate "Salsa20 stream cipher algorithm" 1459 select CRYPTO_SKCIPHER 1460 help 1461 Salsa20 stream cipher algorithm. 1462 1463 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1464 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/> 1465 1466 The Salsa20 stream cipher algorithm is designed by Daniel J. 1467 Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html> 1468 1469config CRYPTO_CHACHA20 1470 tristate "ChaCha stream cipher algorithms" 1471 select CRYPTO_LIB_CHACHA_GENERIC 1472 select CRYPTO_SKCIPHER 1473 help 1474 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1475 1476 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1477 Bernstein and further specified in RFC7539 for use in IETF protocols. 1478 This is the portable C implementation of ChaCha20. See also: 1479 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1480 1481 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1482 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1483 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1484 while provably retaining ChaCha20's security. See also: 1485 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1486 1487 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1488 reduced security margin but increased performance. It can be needed 1489 in some performance-sensitive scenarios. 1490 1491config CRYPTO_CHACHA20_X86_64 1492 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1493 depends on X86 && 64BIT 1494 select CRYPTO_SKCIPHER 1495 select CRYPTO_LIB_CHACHA_GENERIC 1496 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1497 help 1498 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1499 XChaCha20, and XChaCha12 stream ciphers. 1500 1501config CRYPTO_CHACHA_MIPS 1502 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1503 depends on CPU_MIPS32_R2 1504 select CRYPTO_SKCIPHER 1505 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1506 1507config CRYPTO_SEED 1508 tristate "SEED cipher algorithm" 1509 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1510 select CRYPTO_ALGAPI 1511 help 1512 SEED cipher algorithm (RFC4269). 1513 1514 SEED is a 128-bit symmetric key block cipher that has been 1515 developed by KISA (Korea Information Security Agency) as a 1516 national standard encryption algorithm of the Republic of Korea. 1517 It is a 16 round block cipher with the key size of 128 bit. 1518 1519 See also: 1520 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1521 1522config CRYPTO_SERPENT 1523 tristate "Serpent cipher algorithm" 1524 select CRYPTO_ALGAPI 1525 help 1526 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1527 1528 Keys are allowed to be from 0 to 256 bits in length, in steps 1529 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1530 variant of Serpent for compatibility with old kerneli.org code. 1531 1532 See also: 1533 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1534 1535config CRYPTO_SERPENT_SSE2_X86_64 1536 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1537 depends on X86 && 64BIT 1538 select CRYPTO_SKCIPHER 1539 select CRYPTO_GLUE_HELPER_X86 1540 select CRYPTO_SERPENT 1541 select CRYPTO_SIMD 1542 help 1543 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1544 1545 Keys are allowed to be from 0 to 256 bits in length, in steps 1546 of 8 bits. 1547 1548 This module provides Serpent cipher algorithm that processes eight 1549 blocks parallel using SSE2 instruction set. 1550 1551 See also: 1552 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1553 1554config CRYPTO_SERPENT_SSE2_586 1555 tristate "Serpent cipher algorithm (i586/SSE2)" 1556 depends on X86 && !64BIT 1557 select CRYPTO_SKCIPHER 1558 select CRYPTO_GLUE_HELPER_X86 1559 select CRYPTO_SERPENT 1560 select CRYPTO_SIMD 1561 help 1562 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1563 1564 Keys are allowed to be from 0 to 256 bits in length, in steps 1565 of 8 bits. 1566 1567 This module provides Serpent cipher algorithm that processes four 1568 blocks parallel using SSE2 instruction set. 1569 1570 See also: 1571 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1572 1573config CRYPTO_SERPENT_AVX_X86_64 1574 tristate "Serpent cipher algorithm (x86_64/AVX)" 1575 depends on X86 && 64BIT 1576 select CRYPTO_SKCIPHER 1577 select CRYPTO_GLUE_HELPER_X86 1578 select CRYPTO_SERPENT 1579 select CRYPTO_SIMD 1580 select CRYPTO_XTS 1581 help 1582 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1583 1584 Keys are allowed to be from 0 to 256 bits in length, in steps 1585 of 8 bits. 1586 1587 This module provides the Serpent cipher algorithm that processes 1588 eight blocks parallel using the AVX instruction set. 1589 1590 See also: 1591 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1592 1593config CRYPTO_SERPENT_AVX2_X86_64 1594 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1595 depends on X86 && 64BIT 1596 select CRYPTO_SERPENT_AVX_X86_64 1597 help 1598 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1599 1600 Keys are allowed to be from 0 to 256 bits in length, in steps 1601 of 8 bits. 1602 1603 This module provides Serpent cipher algorithm that processes 16 1604 blocks parallel using AVX2 instruction set. 1605 1606 See also: 1607 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1608 1609config CRYPTO_SM4 1610 tristate "SM4 cipher algorithm" 1611 select CRYPTO_ALGAPI 1612 help 1613 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1614 1615 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1616 Organization of State Commercial Administration of China (OSCCA) 1617 as an authorized cryptographic algorithms for the use within China. 1618 1619 SMS4 was originally created for use in protecting wireless 1620 networks, and is mandated in the Chinese National Standard for 1621 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1622 (GB.15629.11-2003). 1623 1624 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1625 standardized through TC 260 of the Standardization Administration 1626 of the People's Republic of China (SAC). 1627 1628 The input, output, and key of SMS4 are each 128 bits. 1629 1630 See also: <https://eprint.iacr.org/2008/329.pdf> 1631 1632 If unsure, say N. 1633 1634config CRYPTO_TEA 1635 tristate "TEA, XTEA and XETA cipher algorithms" 1636 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1637 select CRYPTO_ALGAPI 1638 help 1639 TEA cipher algorithm. 1640 1641 Tiny Encryption Algorithm is a simple cipher that uses 1642 many rounds for security. It is very fast and uses 1643 little memory. 1644 1645 Xtendend Tiny Encryption Algorithm is a modification to 1646 the TEA algorithm to address a potential key weakness 1647 in the TEA algorithm. 1648 1649 Xtendend Encryption Tiny Algorithm is a mis-implementation 1650 of the XTEA algorithm for compatibility purposes. 1651 1652config CRYPTO_TWOFISH 1653 tristate "Twofish cipher algorithm" 1654 select CRYPTO_ALGAPI 1655 select CRYPTO_TWOFISH_COMMON 1656 help 1657 Twofish cipher algorithm. 1658 1659 Twofish was submitted as an AES (Advanced Encryption Standard) 1660 candidate cipher by researchers at CounterPane Systems. It is a 1661 16 round block cipher supporting key sizes of 128, 192, and 256 1662 bits. 1663 1664 See also: 1665 <https://www.schneier.com/twofish.html> 1666 1667config CRYPTO_TWOFISH_COMMON 1668 tristate 1669 help 1670 Common parts of the Twofish cipher algorithm shared by the 1671 generic c and the assembler implementations. 1672 1673config CRYPTO_TWOFISH_586 1674 tristate "Twofish cipher algorithms (i586)" 1675 depends on (X86 || UML_X86) && !64BIT 1676 select CRYPTO_ALGAPI 1677 select CRYPTO_TWOFISH_COMMON 1678 help 1679 Twofish cipher algorithm. 1680 1681 Twofish was submitted as an AES (Advanced Encryption Standard) 1682 candidate cipher by researchers at CounterPane Systems. It is a 1683 16 round block cipher supporting key sizes of 128, 192, and 256 1684 bits. 1685 1686 See also: 1687 <https://www.schneier.com/twofish.html> 1688 1689config CRYPTO_TWOFISH_X86_64 1690 tristate "Twofish cipher algorithm (x86_64)" 1691 depends on (X86 || UML_X86) && 64BIT 1692 select CRYPTO_ALGAPI 1693 select CRYPTO_TWOFISH_COMMON 1694 help 1695 Twofish cipher algorithm (x86_64). 1696 1697 Twofish was submitted as an AES (Advanced Encryption Standard) 1698 candidate cipher by researchers at CounterPane Systems. It is a 1699 16 round block cipher supporting key sizes of 128, 192, and 256 1700 bits. 1701 1702 See also: 1703 <https://www.schneier.com/twofish.html> 1704 1705config CRYPTO_TWOFISH_X86_64_3WAY 1706 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1707 depends on X86 && 64BIT 1708 select CRYPTO_SKCIPHER 1709 select CRYPTO_TWOFISH_COMMON 1710 select CRYPTO_TWOFISH_X86_64 1711 select CRYPTO_GLUE_HELPER_X86 1712 help 1713 Twofish cipher algorithm (x86_64, 3-way parallel). 1714 1715 Twofish was submitted as an AES (Advanced Encryption Standard) 1716 candidate cipher by researchers at CounterPane Systems. It is a 1717 16 round block cipher supporting key sizes of 128, 192, and 256 1718 bits. 1719 1720 This module provides Twofish cipher algorithm that processes three 1721 blocks parallel, utilizing resources of out-of-order CPUs better. 1722 1723 See also: 1724 <https://www.schneier.com/twofish.html> 1725 1726config CRYPTO_TWOFISH_AVX_X86_64 1727 tristate "Twofish cipher algorithm (x86_64/AVX)" 1728 depends on X86 && 64BIT 1729 select CRYPTO_SKCIPHER 1730 select CRYPTO_GLUE_HELPER_X86 1731 select CRYPTO_SIMD 1732 select CRYPTO_TWOFISH_COMMON 1733 select CRYPTO_TWOFISH_X86_64 1734 select CRYPTO_TWOFISH_X86_64_3WAY 1735 help 1736 Twofish cipher algorithm (x86_64/AVX). 1737 1738 Twofish was submitted as an AES (Advanced Encryption Standard) 1739 candidate cipher by researchers at CounterPane Systems. It is a 1740 16 round block cipher supporting key sizes of 128, 192, and 256 1741 bits. 1742 1743 This module provides the Twofish cipher algorithm that processes 1744 eight blocks parallel using the AVX Instruction Set. 1745 1746 See also: 1747 <https://www.schneier.com/twofish.html> 1748 1749comment "Compression" 1750 1751config CRYPTO_DEFLATE 1752 tristate "Deflate compression algorithm" 1753 select CRYPTO_ALGAPI 1754 select CRYPTO_ACOMP2 1755 select ZLIB_INFLATE 1756 select ZLIB_DEFLATE 1757 help 1758 This is the Deflate algorithm (RFC1951), specified for use in 1759 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1760 1761 You will most probably want this if using IPSec. 1762 1763config CRYPTO_LZO 1764 tristate "LZO compression algorithm" 1765 select CRYPTO_ALGAPI 1766 select CRYPTO_ACOMP2 1767 select LZO_COMPRESS 1768 select LZO_DECOMPRESS 1769 help 1770 This is the LZO algorithm. 1771 1772config CRYPTO_842 1773 tristate "842 compression algorithm" 1774 select CRYPTO_ALGAPI 1775 select CRYPTO_ACOMP2 1776 select 842_COMPRESS 1777 select 842_DECOMPRESS 1778 help 1779 This is the 842 algorithm. 1780 1781config CRYPTO_LZ4 1782 tristate "LZ4 compression algorithm" 1783 select CRYPTO_ALGAPI 1784 select CRYPTO_ACOMP2 1785 select LZ4_COMPRESS 1786 select LZ4_DECOMPRESS 1787 help 1788 This is the LZ4 algorithm. 1789 1790config CRYPTO_LZ4HC 1791 tristate "LZ4HC compression algorithm" 1792 select CRYPTO_ALGAPI 1793 select CRYPTO_ACOMP2 1794 select LZ4HC_COMPRESS 1795 select LZ4_DECOMPRESS 1796 help 1797 This is the LZ4 high compression mode algorithm. 1798 1799config CRYPTO_ZSTD 1800 tristate "Zstd compression algorithm" 1801 select CRYPTO_ALGAPI 1802 select CRYPTO_ACOMP2 1803 select ZSTD_COMPRESS 1804 select ZSTD_DECOMPRESS 1805 help 1806 This is the zstd algorithm. 1807 1808comment "Random Number Generation" 1809 1810config CRYPTO_ANSI_CPRNG 1811 tristate "Pseudo Random Number Generation for Cryptographic modules" 1812 select CRYPTO_AES 1813 select CRYPTO_RNG 1814 help 1815 This option enables the generic pseudo random number generator 1816 for cryptographic modules. Uses the Algorithm specified in 1817 ANSI X9.31 A.2.4. Note that this option must be enabled if 1818 CRYPTO_FIPS is selected 1819 1820menuconfig CRYPTO_DRBG_MENU 1821 tristate "NIST SP800-90A DRBG" 1822 help 1823 NIST SP800-90A compliant DRBG. In the following submenu, one or 1824 more of the DRBG types must be selected. 1825 1826if CRYPTO_DRBG_MENU 1827 1828config CRYPTO_DRBG_HMAC 1829 bool 1830 default y 1831 select CRYPTO_HMAC 1832 select CRYPTO_SHA256 1833 1834config CRYPTO_DRBG_HASH 1835 bool "Enable Hash DRBG" 1836 select CRYPTO_SHA256 1837 help 1838 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1839 1840config CRYPTO_DRBG_CTR 1841 bool "Enable CTR DRBG" 1842 select CRYPTO_AES 1843 select CRYPTO_CTR 1844 help 1845 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1846 1847config CRYPTO_DRBG 1848 tristate 1849 default CRYPTO_DRBG_MENU 1850 select CRYPTO_RNG 1851 select CRYPTO_JITTERENTROPY 1852 1853endif # if CRYPTO_DRBG_MENU 1854 1855config CRYPTO_JITTERENTROPY 1856 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1857 select CRYPTO_RNG 1858 help 1859 The Jitterentropy RNG is a noise that is intended 1860 to provide seed to another RNG. The RNG does not 1861 perform any cryptographic whitening of the generated 1862 random numbers. This Jitterentropy RNG registers with 1863 the kernel crypto API and can be used by any caller. 1864 1865config CRYPTO_USER_API 1866 tristate 1867 1868config CRYPTO_USER_API_HASH 1869 tristate "User-space interface for hash algorithms" 1870 depends on NET 1871 select CRYPTO_HASH 1872 select CRYPTO_USER_API 1873 help 1874 This option enables the user-spaces interface for hash 1875 algorithms. 1876 1877config CRYPTO_USER_API_SKCIPHER 1878 tristate "User-space interface for symmetric key cipher algorithms" 1879 depends on NET 1880 select CRYPTO_SKCIPHER 1881 select CRYPTO_USER_API 1882 help 1883 This option enables the user-spaces interface for symmetric 1884 key cipher algorithms. 1885 1886config CRYPTO_USER_API_RNG 1887 tristate "User-space interface for random number generator algorithms" 1888 depends on NET 1889 select CRYPTO_RNG 1890 select CRYPTO_USER_API 1891 help 1892 This option enables the user-spaces interface for random 1893 number generator algorithms. 1894 1895config CRYPTO_USER_API_RNG_CAVP 1896 bool "Enable CAVP testing of DRBG" 1897 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1898 help 1899 This option enables extra API for CAVP testing via the user-space 1900 interface: resetting of DRBG entropy, and providing Additional Data. 1901 This should only be enabled for CAVP testing. You should say 1902 no unless you know what this is. 1903 1904config CRYPTO_USER_API_AEAD 1905 tristate "User-space interface for AEAD cipher algorithms" 1906 depends on NET 1907 select CRYPTO_AEAD 1908 select CRYPTO_SKCIPHER 1909 select CRYPTO_NULL 1910 select CRYPTO_USER_API 1911 help 1912 This option enables the user-spaces interface for AEAD 1913 cipher algorithms. 1914 1915config CRYPTO_USER_API_ENABLE_OBSOLETE 1916 bool "Enable obsolete cryptographic algorithms for userspace" 1917 depends on CRYPTO_USER_API 1918 default y 1919 help 1920 Allow obsolete cryptographic algorithms to be selected that have 1921 already been phased out from internal use by the kernel, and are 1922 only useful for userspace clients that still rely on them. 1923 1924config CRYPTO_STATS 1925 bool "Crypto usage statistics for User-space" 1926 depends on CRYPTO_USER 1927 help 1928 This option enables the gathering of crypto stats. 1929 This will collect: 1930 - encrypt/decrypt size and numbers of symmeric operations 1931 - compress/decompress size and numbers of compress operations 1932 - size and numbers of hash operations 1933 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1934 - generate/seed numbers for rng operations 1935 1936config CRYPTO_HASH_INFO 1937 bool 1938 1939source "lib/crypto/Kconfig" 1940source "drivers/crypto/Kconfig" 1941source "crypto/asymmetric_keys/Kconfig" 1942source "certs/Kconfig" 1943 1944endif # if CRYPTO 1945