1# SPDX-License-Identifier: GPL-2.0
2#
3# Generic algorithms support
4#
5config XOR_BLOCKS
6	tristate
7
8#
9# async_tx api: hardware offloaded memory transfer/transform support
10#
11source "crypto/async_tx/Kconfig"
12
13#
14# Cryptographic API Configuration
15#
16menuconfig CRYPTO
17	tristate "Cryptographic API"
18	help
19	  This option provides the core Cryptographic API.
20
21if CRYPTO
22
23comment "Crypto core or helper"
24
25config CRYPTO_FIPS
26	bool "FIPS 200 compliance"
27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28	depends on (MODULE_SIG || !MODULES)
29	help
30	  This option enables the fips boot option which is
31	  required if you want the system to operate in a FIPS 200
32	  certification.  You should say no unless you know what
33	  this is.
34
35config CRYPTO_ALGAPI
36	tristate
37	select CRYPTO_ALGAPI2
38	help
39	  This option provides the API for cryptographic algorithms.
40
41config CRYPTO_ALGAPI2
42	tristate
43
44config CRYPTO_AEAD
45	tristate
46	select CRYPTO_AEAD2
47	select CRYPTO_ALGAPI
48
49config CRYPTO_AEAD2
50	tristate
51	select CRYPTO_ALGAPI2
52	select CRYPTO_NULL2
53	select CRYPTO_RNG2
54
55config CRYPTO_SKCIPHER
56	tristate
57	select CRYPTO_SKCIPHER2
58	select CRYPTO_ALGAPI
59
60config CRYPTO_SKCIPHER2
61	tristate
62	select CRYPTO_ALGAPI2
63	select CRYPTO_RNG2
64
65config CRYPTO_HASH
66	tristate
67	select CRYPTO_HASH2
68	select CRYPTO_ALGAPI
69
70config CRYPTO_HASH2
71	tristate
72	select CRYPTO_ALGAPI2
73
74config CRYPTO_RNG
75	tristate
76	select CRYPTO_RNG2
77	select CRYPTO_ALGAPI
78
79config CRYPTO_RNG2
80	tristate
81	select CRYPTO_ALGAPI2
82
83config CRYPTO_RNG_DEFAULT
84	tristate
85	select CRYPTO_DRBG_MENU
86
87config CRYPTO_AKCIPHER2
88	tristate
89	select CRYPTO_ALGAPI2
90
91config CRYPTO_AKCIPHER
92	tristate
93	select CRYPTO_AKCIPHER2
94	select CRYPTO_ALGAPI
95
96config CRYPTO_KPP2
97	tristate
98	select CRYPTO_ALGAPI2
99
100config CRYPTO_KPP
101	tristate
102	select CRYPTO_ALGAPI
103	select CRYPTO_KPP2
104
105config CRYPTO_ACOMP2
106	tristate
107	select CRYPTO_ALGAPI2
108	select SGL_ALLOC
109
110config CRYPTO_ACOMP
111	tristate
112	select CRYPTO_ALGAPI
113	select CRYPTO_ACOMP2
114
115config CRYPTO_MANAGER
116	tristate "Cryptographic algorithm manager"
117	select CRYPTO_MANAGER2
118	help
119	  Create default cryptographic template instantiations such as
120	  cbc(aes).
121
122config CRYPTO_MANAGER2
123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
124	select CRYPTO_AEAD2
125	select CRYPTO_HASH2
126	select CRYPTO_SKCIPHER2
127	select CRYPTO_AKCIPHER2
128	select CRYPTO_KPP2
129	select CRYPTO_ACOMP2
130
131config CRYPTO_USER
132	tristate "Userspace cryptographic algorithm configuration"
133	depends on NET
134	select CRYPTO_MANAGER
135	help
136	  Userspace configuration for cryptographic instantiations such as
137	  cbc(aes).
138
139config CRYPTO_MANAGER_DISABLE_TESTS
140	bool "Disable run-time self tests"
141	default y
142	help
143	  Disable run-time self tests that normally take place at
144	  algorithm registration.
145
146config CRYPTO_MANAGER_EXTRA_TESTS
147	bool "Enable extra run-time crypto self tests"
148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
149	help
150	  Enable extra run-time self tests of registered crypto algorithms,
151	  including randomized fuzz tests.
152
153	  This is intended for developer use only, as these tests take much
154	  longer to run than the normal self tests.
155
156config CRYPTO_GF128MUL
157	tristate
158
159config CRYPTO_NULL
160	tristate "Null algorithms"
161	select CRYPTO_NULL2
162	help
163	  These are 'Null' algorithms, used by IPsec, which do nothing.
164
165config CRYPTO_NULL2
166	tristate
167	select CRYPTO_ALGAPI2
168	select CRYPTO_SKCIPHER2
169	select CRYPTO_HASH2
170
171config CRYPTO_PCRYPT
172	tristate "Parallel crypto engine"
173	depends on SMP
174	select PADATA
175	select CRYPTO_MANAGER
176	select CRYPTO_AEAD
177	help
178	  This converts an arbitrary crypto algorithm into a parallel
179	  algorithm that executes in kernel threads.
180
181config CRYPTO_CRYPTD
182	tristate "Software async crypto daemon"
183	select CRYPTO_SKCIPHER
184	select CRYPTO_HASH
185	select CRYPTO_MANAGER
186	help
187	  This is a generic software asynchronous crypto daemon that
188	  converts an arbitrary synchronous software crypto algorithm
189	  into an asynchronous algorithm that executes in a kernel thread.
190
191config CRYPTO_AUTHENC
192	tristate "Authenc support"
193	select CRYPTO_AEAD
194	select CRYPTO_SKCIPHER
195	select CRYPTO_MANAGER
196	select CRYPTO_HASH
197	select CRYPTO_NULL
198	help
199	  Authenc: Combined mode wrapper for IPsec.
200	  This is required for IPSec.
201
202config CRYPTO_TEST
203	tristate "Testing module"
204	depends on m || EXPERT
205	select CRYPTO_MANAGER
206	help
207	  Quick & dirty crypto test module.
208
209config CRYPTO_SIMD
210	tristate
211	select CRYPTO_CRYPTD
212
213config CRYPTO_ENGINE
214	tristate
215
216comment "Public-key cryptography"
217
218config CRYPTO_RSA
219	tristate "RSA algorithm"
220	select CRYPTO_AKCIPHER
221	select CRYPTO_MANAGER
222	select MPILIB
223	select ASN1
224	help
225	  Generic implementation of the RSA public key algorithm.
226
227config CRYPTO_DH
228	tristate "Diffie-Hellman algorithm"
229	select CRYPTO_KPP
230	select MPILIB
231	help
232	  Generic implementation of the Diffie-Hellman algorithm.
233
234config CRYPTO_ECC
235	tristate
236
237config CRYPTO_ECDH
238	tristate "ECDH algorithm"
239	select CRYPTO_ECC
240	select CRYPTO_KPP
241	select CRYPTO_RNG_DEFAULT
242	help
243	  Generic implementation of the ECDH algorithm
244
245config CRYPTO_ECDSA
246	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
247	select CRYPTO_ECC
248	select CRYPTO_AKCIPHER
249	select ASN1
250	help
251	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
252	  is A NIST cryptographic standard algorithm. Only signature verification
253	  is implemented.
254
255config CRYPTO_ECRDSA
256	tristate "EC-RDSA (GOST 34.10) algorithm"
257	select CRYPTO_ECC
258	select CRYPTO_AKCIPHER
259	select CRYPTO_STREEBOG
260	select OID_REGISTRY
261	select ASN1
262	help
263	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
264	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
265	  standard algorithms (called GOST algorithms). Only signature verification
266	  is implemented.
267
268config CRYPTO_SM2
269	tristate "SM2 algorithm"
270	select CRYPTO_SM3
271	select CRYPTO_AKCIPHER
272	select CRYPTO_MANAGER
273	select MPILIB
274	select ASN1
275	help
276	  Generic implementation of the SM2 public key algorithm. It was
277	  published by State Encryption Management Bureau, China.
278	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
279
280	  References:
281	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
282	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
283	  http://www.gmbz.org.cn/main/bzlb.html
284
285config CRYPTO_CURVE25519
286	tristate "Curve25519 algorithm"
287	select CRYPTO_KPP
288	select CRYPTO_LIB_CURVE25519_GENERIC
289
290config CRYPTO_CURVE25519_X86
291	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
292	depends on X86 && 64BIT
293	select CRYPTO_LIB_CURVE25519_GENERIC
294	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
295
296comment "Authenticated Encryption with Associated Data"
297
298config CRYPTO_CCM
299	tristate "CCM support"
300	select CRYPTO_CTR
301	select CRYPTO_HASH
302	select CRYPTO_AEAD
303	select CRYPTO_MANAGER
304	help
305	  Support for Counter with CBC MAC. Required for IPsec.
306
307config CRYPTO_GCM
308	tristate "GCM/GMAC support"
309	select CRYPTO_CTR
310	select CRYPTO_AEAD
311	select CRYPTO_GHASH
312	select CRYPTO_NULL
313	select CRYPTO_MANAGER
314	help
315	  Support for Galois/Counter Mode (GCM) and Galois Message
316	  Authentication Code (GMAC). Required for IPSec.
317
318config CRYPTO_CHACHA20POLY1305
319	tristate "ChaCha20-Poly1305 AEAD support"
320	select CRYPTO_CHACHA20
321	select CRYPTO_POLY1305
322	select CRYPTO_AEAD
323	select CRYPTO_MANAGER
324	help
325	  ChaCha20-Poly1305 AEAD support, RFC7539.
326
327	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
328	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
329	  IETF protocols.
330
331config CRYPTO_AEGIS128
332	tristate "AEGIS-128 AEAD algorithm"
333	select CRYPTO_AEAD
334	select CRYPTO_AES  # for AES S-box tables
335	help
336	 Support for the AEGIS-128 dedicated AEAD algorithm.
337
338config CRYPTO_AEGIS128_SIMD
339	bool "Support SIMD acceleration for AEGIS-128"
340	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
341	default y
342
343config CRYPTO_AEGIS128_AESNI_SSE2
344	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
345	depends on X86 && 64BIT
346	select CRYPTO_AEAD
347	select CRYPTO_SIMD
348	help
349	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
350
351config CRYPTO_SEQIV
352	tristate "Sequence Number IV Generator"
353	select CRYPTO_AEAD
354	select CRYPTO_SKCIPHER
355	select CRYPTO_NULL
356	select CRYPTO_RNG_DEFAULT
357	select CRYPTO_MANAGER
358	help
359	  This IV generator generates an IV based on a sequence number by
360	  xoring it with a salt.  This algorithm is mainly useful for CTR
361
362config CRYPTO_ECHAINIV
363	tristate "Encrypted Chain IV Generator"
364	select CRYPTO_AEAD
365	select CRYPTO_NULL
366	select CRYPTO_RNG_DEFAULT
367	select CRYPTO_MANAGER
368	help
369	  This IV generator generates an IV based on the encryption of
370	  a sequence number xored with a salt.  This is the default
371	  algorithm for CBC.
372
373comment "Block modes"
374
375config CRYPTO_CBC
376	tristate "CBC support"
377	select CRYPTO_SKCIPHER
378	select CRYPTO_MANAGER
379	help
380	  CBC: Cipher Block Chaining mode
381	  This block cipher algorithm is required for IPSec.
382
383config CRYPTO_CFB
384	tristate "CFB support"
385	select CRYPTO_SKCIPHER
386	select CRYPTO_MANAGER
387	help
388	  CFB: Cipher FeedBack mode
389	  This block cipher algorithm is required for TPM2 Cryptography.
390
391config CRYPTO_CTR
392	tristate "CTR support"
393	select CRYPTO_SKCIPHER
394	select CRYPTO_MANAGER
395	help
396	  CTR: Counter mode
397	  This block cipher algorithm is required for IPSec.
398
399config CRYPTO_CTS
400	tristate "CTS support"
401	select CRYPTO_SKCIPHER
402	select CRYPTO_MANAGER
403	help
404	  CTS: Cipher Text Stealing
405	  This is the Cipher Text Stealing mode as described by
406	  Section 8 of rfc2040 and referenced by rfc3962
407	  (rfc3962 includes errata information in its Appendix A) or
408	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
409	  This mode is required for Kerberos gss mechanism support
410	  for AES encryption.
411
412	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
413
414config CRYPTO_ECB
415	tristate "ECB support"
416	select CRYPTO_SKCIPHER
417	select CRYPTO_MANAGER
418	help
419	  ECB: Electronic CodeBook mode
420	  This is the simplest block cipher algorithm.  It simply encrypts
421	  the input block by block.
422
423config CRYPTO_LRW
424	tristate "LRW support"
425	select CRYPTO_SKCIPHER
426	select CRYPTO_MANAGER
427	select CRYPTO_GF128MUL
428	help
429	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
430	  narrow block cipher mode for dm-crypt.  Use it with cipher
431	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
432	  The first 128, 192 or 256 bits in the key are used for AES and the
433	  rest is used to tie each cipher block to its logical position.
434
435config CRYPTO_OFB
436	tristate "OFB support"
437	select CRYPTO_SKCIPHER
438	select CRYPTO_MANAGER
439	help
440	  OFB: the Output Feedback mode makes a block cipher into a synchronous
441	  stream cipher. It generates keystream blocks, which are then XORed
442	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
443	  ciphertext produces a flipped bit in the plaintext at the same
444	  location. This property allows many error correcting codes to function
445	  normally even when applied before encryption.
446
447config CRYPTO_PCBC
448	tristate "PCBC support"
449	select CRYPTO_SKCIPHER
450	select CRYPTO_MANAGER
451	help
452	  PCBC: Propagating Cipher Block Chaining mode
453	  This block cipher algorithm is required for RxRPC.
454
455config CRYPTO_XTS
456	tristate "XTS support"
457	select CRYPTO_SKCIPHER
458	select CRYPTO_MANAGER
459	select CRYPTO_ECB
460	help
461	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
462	  key size 256, 384 or 512 bits. This implementation currently
463	  can't handle a sectorsize which is not a multiple of 16 bytes.
464
465config CRYPTO_KEYWRAP
466	tristate "Key wrapping support"
467	select CRYPTO_SKCIPHER
468	select CRYPTO_MANAGER
469	help
470	  Support for key wrapping (NIST SP800-38F / RFC3394) without
471	  padding.
472
473config CRYPTO_NHPOLY1305
474	tristate
475	select CRYPTO_HASH
476	select CRYPTO_LIB_POLY1305_GENERIC
477
478config CRYPTO_NHPOLY1305_SSE2
479	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
480	depends on X86 && 64BIT
481	select CRYPTO_NHPOLY1305
482	help
483	  SSE2 optimized implementation of the hash function used by the
484	  Adiantum encryption mode.
485
486config CRYPTO_NHPOLY1305_AVX2
487	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
488	depends on X86 && 64BIT
489	select CRYPTO_NHPOLY1305
490	help
491	  AVX2 optimized implementation of the hash function used by the
492	  Adiantum encryption mode.
493
494config CRYPTO_ADIANTUM
495	tristate "Adiantum support"
496	select CRYPTO_CHACHA20
497	select CRYPTO_LIB_POLY1305_GENERIC
498	select CRYPTO_NHPOLY1305
499	select CRYPTO_MANAGER
500	help
501	  Adiantum is a tweakable, length-preserving encryption mode
502	  designed for fast and secure disk encryption, especially on
503	  CPUs without dedicated crypto instructions.  It encrypts
504	  each sector using the XChaCha12 stream cipher, two passes of
505	  an ε-almost-∆-universal hash function, and an invocation of
506	  the AES-256 block cipher on a single 16-byte block.  On CPUs
507	  without AES instructions, Adiantum is much faster than
508	  AES-XTS.
509
510	  Adiantum's security is provably reducible to that of its
511	  underlying stream and block ciphers, subject to a security
512	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
513	  mode, so it actually provides an even stronger notion of
514	  security than XTS, subject to the security bound.
515
516	  If unsure, say N.
517
518config CRYPTO_ESSIV
519	tristate "ESSIV support for block encryption"
520	select CRYPTO_AUTHENC
521	help
522	  Encrypted salt-sector initialization vector (ESSIV) is an IV
523	  generation method that is used in some cases by fscrypt and/or
524	  dm-crypt. It uses the hash of the block encryption key as the
525	  symmetric key for a block encryption pass applied to the input
526	  IV, making low entropy IV sources more suitable for block
527	  encryption.
528
529	  This driver implements a crypto API template that can be
530	  instantiated either as an skcipher or as an AEAD (depending on the
531	  type of the first template argument), and which defers encryption
532	  and decryption requests to the encapsulated cipher after applying
533	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
534	  that the keys are presented in the same format used by the authenc
535	  template, and that the IV appears at the end of the authenticated
536	  associated data (AAD) region (which is how dm-crypt uses it.)
537
538	  Note that the use of ESSIV is not recommended for new deployments,
539	  and so this only needs to be enabled when interoperability with
540	  existing encrypted volumes of filesystems is required, or when
541	  building for a particular system that requires it (e.g., when
542	  the SoC in question has accelerated CBC but not XTS, making CBC
543	  combined with ESSIV the only feasible mode for h/w accelerated
544	  block encryption)
545
546comment "Hash modes"
547
548config CRYPTO_CMAC
549	tristate "CMAC support"
550	select CRYPTO_HASH
551	select CRYPTO_MANAGER
552	help
553	  Cipher-based Message Authentication Code (CMAC) specified by
554	  The National Institute of Standards and Technology (NIST).
555
556	  https://tools.ietf.org/html/rfc4493
557	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
558
559config CRYPTO_HMAC
560	tristate "HMAC support"
561	select CRYPTO_HASH
562	select CRYPTO_MANAGER
563	help
564	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
565	  This is required for IPSec.
566
567config CRYPTO_XCBC
568	tristate "XCBC support"
569	select CRYPTO_HASH
570	select CRYPTO_MANAGER
571	help
572	  XCBC: Keyed-Hashing with encryption algorithm
573		https://www.ietf.org/rfc/rfc3566.txt
574		http://csrc.nist.gov/encryption/modes/proposedmodes/
575		 xcbc-mac/xcbc-mac-spec.pdf
576
577config CRYPTO_VMAC
578	tristate "VMAC support"
579	select CRYPTO_HASH
580	select CRYPTO_MANAGER
581	help
582	  VMAC is a message authentication algorithm designed for
583	  very high speed on 64-bit architectures.
584
585	  See also:
586	  <https://fastcrypto.org/vmac>
587
588comment "Digest"
589
590config CRYPTO_CRC32C
591	tristate "CRC32c CRC algorithm"
592	select CRYPTO_HASH
593	select CRC32
594	help
595	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
596	  by iSCSI for header and data digests and by others.
597	  See Castagnoli93.  Module will be crc32c.
598
599config CRYPTO_CRC32C_INTEL
600	tristate "CRC32c INTEL hardware acceleration"
601	depends on X86
602	select CRYPTO_HASH
603	help
604	  In Intel processor with SSE4.2 supported, the processor will
605	  support CRC32C implementation using hardware accelerated CRC32
606	  instruction. This option will create 'crc32c-intel' module,
607	  which will enable any routine to use the CRC32 instruction to
608	  gain performance compared with software implementation.
609	  Module will be crc32c-intel.
610
611config CRYPTO_CRC32C_VPMSUM
612	tristate "CRC32c CRC algorithm (powerpc64)"
613	depends on PPC64 && ALTIVEC
614	select CRYPTO_HASH
615	select CRC32
616	help
617	  CRC32c algorithm implemented using vector polynomial multiply-sum
618	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
619	  and newer processors for improved performance.
620
621
622config CRYPTO_CRC32C_SPARC64
623	tristate "CRC32c CRC algorithm (SPARC64)"
624	depends on SPARC64
625	select CRYPTO_HASH
626	select CRC32
627	help
628	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
629	  when available.
630
631config CRYPTO_CRC32
632	tristate "CRC32 CRC algorithm"
633	select CRYPTO_HASH
634	select CRC32
635	help
636	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
637	  Shash crypto api wrappers to crc32_le function.
638
639config CRYPTO_CRC32_PCLMUL
640	tristate "CRC32 PCLMULQDQ hardware acceleration"
641	depends on X86
642	select CRYPTO_HASH
643	select CRC32
644	help
645	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
646	  and PCLMULQDQ supported, the processor will support
647	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
648	  instruction. This option will create 'crc32-pclmul' module,
649	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
650	  and gain better performance as compared with the table implementation.
651
652config CRYPTO_CRC32_MIPS
653	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
654	depends on MIPS_CRC_SUPPORT
655	select CRYPTO_HASH
656	help
657	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
658	  instructions, when available.
659
660
661config CRYPTO_XXHASH
662	tristate "xxHash hash algorithm"
663	select CRYPTO_HASH
664	select XXHASH
665	help
666	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
667	  speeds close to RAM limits.
668
669config CRYPTO_BLAKE2B
670	tristate "BLAKE2b digest algorithm"
671	select CRYPTO_HASH
672	help
673	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
674	  optimized for 64bit platforms and can produce digests of any size
675	  between 1 to 64.  The keyed hash is also implemented.
676
677	  This module provides the following algorithms:
678
679	  - blake2b-160
680	  - blake2b-256
681	  - blake2b-384
682	  - blake2b-512
683
684	  See https://blake2.net for further information.
685
686config CRYPTO_BLAKE2S
687	tristate "BLAKE2s digest algorithm"
688	select CRYPTO_LIB_BLAKE2S_GENERIC
689	select CRYPTO_HASH
690	help
691	  Implementation of cryptographic hash function BLAKE2s
692	  optimized for 8-32bit platforms and can produce digests of any size
693	  between 1 to 32.  The keyed hash is also implemented.
694
695	  This module provides the following algorithms:
696
697	  - blake2s-128
698	  - blake2s-160
699	  - blake2s-224
700	  - blake2s-256
701
702	  See https://blake2.net for further information.
703
704config CRYPTO_BLAKE2S_X86
705	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
706	depends on X86 && 64BIT
707	select CRYPTO_LIB_BLAKE2S_GENERIC
708	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
709
710config CRYPTO_CRCT10DIF
711	tristate "CRCT10DIF algorithm"
712	select CRYPTO_HASH
713	help
714	  CRC T10 Data Integrity Field computation is being cast as
715	  a crypto transform.  This allows for faster crc t10 diff
716	  transforms to be used if they are available.
717
718config CRYPTO_CRCT10DIF_PCLMUL
719	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
720	depends on X86 && 64BIT && CRC_T10DIF
721	select CRYPTO_HASH
722	help
723	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
724	  CRC T10 DIF PCLMULQDQ computation can be hardware
725	  accelerated PCLMULQDQ instruction. This option will create
726	  'crct10dif-pclmul' module, which is faster when computing the
727	  crct10dif checksum as compared with the generic table implementation.
728
729config CRYPTO_CRCT10DIF_VPMSUM
730	tristate "CRC32T10DIF powerpc64 hardware acceleration"
731	depends on PPC64 && ALTIVEC && CRC_T10DIF
732	select CRYPTO_HASH
733	help
734	  CRC10T10DIF algorithm implemented using vector polynomial
735	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
736	  POWER8 and newer processors for improved performance.
737
738config CRYPTO_VPMSUM_TESTER
739	tristate "Powerpc64 vpmsum hardware acceleration tester"
740	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
741	help
742	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
743	  POWER8 vpmsum instructions.
744	  Unless you are testing these algorithms, you don't need this.
745
746config CRYPTO_GHASH
747	tristate "GHASH hash function"
748	select CRYPTO_GF128MUL
749	select CRYPTO_HASH
750	help
751	  GHASH is the hash function used in GCM (Galois/Counter Mode).
752	  It is not a general-purpose cryptographic hash function.
753
754config CRYPTO_POLY1305
755	tristate "Poly1305 authenticator algorithm"
756	select CRYPTO_HASH
757	select CRYPTO_LIB_POLY1305_GENERIC
758	help
759	  Poly1305 authenticator algorithm, RFC7539.
760
761	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
762	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
763	  in IETF protocols. This is the portable C implementation of Poly1305.
764
765config CRYPTO_POLY1305_X86_64
766	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
767	depends on X86 && 64BIT
768	select CRYPTO_LIB_POLY1305_GENERIC
769	select CRYPTO_ARCH_HAVE_LIB_POLY1305
770	help
771	  Poly1305 authenticator algorithm, RFC7539.
772
773	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
774	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
775	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
776	  instructions.
777
778config CRYPTO_POLY1305_MIPS
779	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
780	depends on MIPS
781	select CRYPTO_ARCH_HAVE_LIB_POLY1305
782
783config CRYPTO_MD4
784	tristate "MD4 digest algorithm"
785	select CRYPTO_HASH
786	help
787	  MD4 message digest algorithm (RFC1320).
788
789config CRYPTO_MD5
790	tristate "MD5 digest algorithm"
791	select CRYPTO_HASH
792	help
793	  MD5 message digest algorithm (RFC1321).
794
795config CRYPTO_MD5_OCTEON
796	tristate "MD5 digest algorithm (OCTEON)"
797	depends on CPU_CAVIUM_OCTEON
798	select CRYPTO_MD5
799	select CRYPTO_HASH
800	help
801	  MD5 message digest algorithm (RFC1321) implemented
802	  using OCTEON crypto instructions, when available.
803
804config CRYPTO_MD5_PPC
805	tristate "MD5 digest algorithm (PPC)"
806	depends on PPC
807	select CRYPTO_HASH
808	help
809	  MD5 message digest algorithm (RFC1321) implemented
810	  in PPC assembler.
811
812config CRYPTO_MD5_SPARC64
813	tristate "MD5 digest algorithm (SPARC64)"
814	depends on SPARC64
815	select CRYPTO_MD5
816	select CRYPTO_HASH
817	help
818	  MD5 message digest algorithm (RFC1321) implemented
819	  using sparc64 crypto instructions, when available.
820
821config CRYPTO_MICHAEL_MIC
822	tristate "Michael MIC keyed digest algorithm"
823	select CRYPTO_HASH
824	help
825	  Michael MIC is used for message integrity protection in TKIP
826	  (IEEE 802.11i). This algorithm is required for TKIP, but it
827	  should not be used for other purposes because of the weakness
828	  of the algorithm.
829
830config CRYPTO_RMD160
831	tristate "RIPEMD-160 digest algorithm"
832	select CRYPTO_HASH
833	help
834	  RIPEMD-160 (ISO/IEC 10118-3:2004).
835
836	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
837	  to be used as a secure replacement for the 128-bit hash functions
838	  MD4, MD5 and it's predecessor RIPEMD
839	  (not to be confused with RIPEMD-128).
840
841	  It's speed is comparable to SHA1 and there are no known attacks
842	  against RIPEMD-160.
843
844	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
845	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
846
847config CRYPTO_SHA1
848	tristate "SHA1 digest algorithm"
849	select CRYPTO_HASH
850	help
851	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
852
853config CRYPTO_SHA1_SSSE3
854	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
855	depends on X86 && 64BIT
856	select CRYPTO_SHA1
857	select CRYPTO_HASH
858	help
859	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
860	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
861	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
862	  when available.
863
864config CRYPTO_SHA256_SSSE3
865	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
866	depends on X86 && 64BIT
867	select CRYPTO_SHA256
868	select CRYPTO_HASH
869	help
870	  SHA-256 secure hash standard (DFIPS 180-2) implemented
871	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
872	  Extensions version 1 (AVX1), or Advanced Vector Extensions
873	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
874	  Instructions) when available.
875
876config CRYPTO_SHA512_SSSE3
877	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
878	depends on X86 && 64BIT
879	select CRYPTO_SHA512
880	select CRYPTO_HASH
881	help
882	  SHA-512 secure hash standard (DFIPS 180-2) implemented
883	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
884	  Extensions version 1 (AVX1), or Advanced Vector Extensions
885	  version 2 (AVX2) instructions, when available.
886
887config CRYPTO_SHA1_OCTEON
888	tristate "SHA1 digest algorithm (OCTEON)"
889	depends on CPU_CAVIUM_OCTEON
890	select CRYPTO_SHA1
891	select CRYPTO_HASH
892	help
893	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
894	  using OCTEON crypto instructions, when available.
895
896config CRYPTO_SHA1_SPARC64
897	tristate "SHA1 digest algorithm (SPARC64)"
898	depends on SPARC64
899	select CRYPTO_SHA1
900	select CRYPTO_HASH
901	help
902	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
903	  using sparc64 crypto instructions, when available.
904
905config CRYPTO_SHA1_PPC
906	tristate "SHA1 digest algorithm (powerpc)"
907	depends on PPC
908	help
909	  This is the powerpc hardware accelerated implementation of the
910	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
911
912config CRYPTO_SHA1_PPC_SPE
913	tristate "SHA1 digest algorithm (PPC SPE)"
914	depends on PPC && SPE
915	help
916	  SHA-1 secure hash standard (DFIPS 180-4) implemented
917	  using powerpc SPE SIMD instruction set.
918
919config CRYPTO_SHA256
920	tristate "SHA224 and SHA256 digest algorithm"
921	select CRYPTO_HASH
922	select CRYPTO_LIB_SHA256
923	help
924	  SHA256 secure hash standard (DFIPS 180-2).
925
926	  This version of SHA implements a 256 bit hash with 128 bits of
927	  security against collision attacks.
928
929	  This code also includes SHA-224, a 224 bit hash with 112 bits
930	  of security against collision attacks.
931
932config CRYPTO_SHA256_PPC_SPE
933	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
934	depends on PPC && SPE
935	select CRYPTO_SHA256
936	select CRYPTO_HASH
937	help
938	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
939	  implemented using powerpc SPE SIMD instruction set.
940
941config CRYPTO_SHA256_OCTEON
942	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
943	depends on CPU_CAVIUM_OCTEON
944	select CRYPTO_SHA256
945	select CRYPTO_HASH
946	help
947	  SHA-256 secure hash standard (DFIPS 180-2) implemented
948	  using OCTEON crypto instructions, when available.
949
950config CRYPTO_SHA256_SPARC64
951	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
952	depends on SPARC64
953	select CRYPTO_SHA256
954	select CRYPTO_HASH
955	help
956	  SHA-256 secure hash standard (DFIPS 180-2) implemented
957	  using sparc64 crypto instructions, when available.
958
959config CRYPTO_SHA512
960	tristate "SHA384 and SHA512 digest algorithms"
961	select CRYPTO_HASH
962	help
963	  SHA512 secure hash standard (DFIPS 180-2).
964
965	  This version of SHA implements a 512 bit hash with 256 bits of
966	  security against collision attacks.
967
968	  This code also includes SHA-384, a 384 bit hash with 192 bits
969	  of security against collision attacks.
970
971config CRYPTO_SHA512_OCTEON
972	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
973	depends on CPU_CAVIUM_OCTEON
974	select CRYPTO_SHA512
975	select CRYPTO_HASH
976	help
977	  SHA-512 secure hash standard (DFIPS 180-2) implemented
978	  using OCTEON crypto instructions, when available.
979
980config CRYPTO_SHA512_SPARC64
981	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
982	depends on SPARC64
983	select CRYPTO_SHA512
984	select CRYPTO_HASH
985	help
986	  SHA-512 secure hash standard (DFIPS 180-2) implemented
987	  using sparc64 crypto instructions, when available.
988
989config CRYPTO_SHA3
990	tristate "SHA3 digest algorithm"
991	select CRYPTO_HASH
992	help
993	  SHA-3 secure hash standard (DFIPS 202). It's based on
994	  cryptographic sponge function family called Keccak.
995
996	  References:
997	  http://keccak.noekeon.org/
998
999config CRYPTO_SM3
1000	tristate "SM3 digest algorithm"
1001	select CRYPTO_HASH
1002	help
1003	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1004	  It is part of the Chinese Commercial Cryptography suite.
1005
1006	  References:
1007	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1008	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1009
1010config CRYPTO_STREEBOG
1011	tristate "Streebog Hash Function"
1012	select CRYPTO_HASH
1013	help
1014	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1015	  cryptographic standard algorithms (called GOST algorithms).
1016	  This setting enables two hash algorithms with 256 and 512 bits output.
1017
1018	  References:
1019	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1020	  https://tools.ietf.org/html/rfc6986
1021
1022config CRYPTO_WP512
1023	tristate "Whirlpool digest algorithms"
1024	select CRYPTO_HASH
1025	help
1026	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1027
1028	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1029	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1030
1031	  See also:
1032	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1033
1034config CRYPTO_GHASH_CLMUL_NI_INTEL
1035	tristate "GHASH hash function (CLMUL-NI accelerated)"
1036	depends on X86 && 64BIT
1037	select CRYPTO_CRYPTD
1038	help
1039	  This is the x86_64 CLMUL-NI accelerated implementation of
1040	  GHASH, the hash function used in GCM (Galois/Counter mode).
1041
1042comment "Ciphers"
1043
1044config CRYPTO_AES
1045	tristate "AES cipher algorithms"
1046	select CRYPTO_ALGAPI
1047	select CRYPTO_LIB_AES
1048	help
1049	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1050	  algorithm.
1051
1052	  Rijndael appears to be consistently a very good performer in
1053	  both hardware and software across a wide range of computing
1054	  environments regardless of its use in feedback or non-feedback
1055	  modes. Its key setup time is excellent, and its key agility is
1056	  good. Rijndael's very low memory requirements make it very well
1057	  suited for restricted-space environments, in which it also
1058	  demonstrates excellent performance. Rijndael's operations are
1059	  among the easiest to defend against power and timing attacks.
1060
1061	  The AES specifies three key sizes: 128, 192 and 256 bits
1062
1063	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1064
1065config CRYPTO_AES_TI
1066	tristate "Fixed time AES cipher"
1067	select CRYPTO_ALGAPI
1068	select CRYPTO_LIB_AES
1069	help
1070	  This is a generic implementation of AES that attempts to eliminate
1071	  data dependent latencies as much as possible without affecting
1072	  performance too much. It is intended for use by the generic CCM
1073	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1074	  solely on encryption (although decryption is supported as well, but
1075	  with a more dramatic performance hit)
1076
1077	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1078	  8 for decryption), this implementation only uses just two S-boxes of
1079	  256 bytes each, and attempts to eliminate data dependent latencies by
1080	  prefetching the entire table into the cache at the start of each
1081	  block. Interrupts are also disabled to avoid races where cachelines
1082	  are evicted when the CPU is interrupted to do something else.
1083
1084config CRYPTO_AES_NI_INTEL
1085	tristate "AES cipher algorithms (AES-NI)"
1086	depends on X86
1087	select CRYPTO_AEAD
1088	select CRYPTO_LIB_AES
1089	select CRYPTO_ALGAPI
1090	select CRYPTO_SKCIPHER
1091	select CRYPTO_SIMD
1092	help
1093	  Use Intel AES-NI instructions for AES algorithm.
1094
1095	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1096	  algorithm.
1097
1098	  Rijndael appears to be consistently a very good performer in
1099	  both hardware and software across a wide range of computing
1100	  environments regardless of its use in feedback or non-feedback
1101	  modes. Its key setup time is excellent, and its key agility is
1102	  good. Rijndael's very low memory requirements make it very well
1103	  suited for restricted-space environments, in which it also
1104	  demonstrates excellent performance. Rijndael's operations are
1105	  among the easiest to defend against power and timing attacks.
1106
1107	  The AES specifies three key sizes: 128, 192 and 256 bits
1108
1109	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1110
1111	  In addition to AES cipher algorithm support, the acceleration
1112	  for some popular block cipher mode is supported too, including
1113	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1114	  acceleration for CTR.
1115
1116config CRYPTO_AES_SPARC64
1117	tristate "AES cipher algorithms (SPARC64)"
1118	depends on SPARC64
1119	select CRYPTO_SKCIPHER
1120	help
1121	  Use SPARC64 crypto opcodes for AES algorithm.
1122
1123	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1124	  algorithm.
1125
1126	  Rijndael appears to be consistently a very good performer in
1127	  both hardware and software across a wide range of computing
1128	  environments regardless of its use in feedback or non-feedback
1129	  modes. Its key setup time is excellent, and its key agility is
1130	  good. Rijndael's very low memory requirements make it very well
1131	  suited for restricted-space environments, in which it also
1132	  demonstrates excellent performance. Rijndael's operations are
1133	  among the easiest to defend against power and timing attacks.
1134
1135	  The AES specifies three key sizes: 128, 192 and 256 bits
1136
1137	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1138
1139	  In addition to AES cipher algorithm support, the acceleration
1140	  for some popular block cipher mode is supported too, including
1141	  ECB and CBC.
1142
1143config CRYPTO_AES_PPC_SPE
1144	tristate "AES cipher algorithms (PPC SPE)"
1145	depends on PPC && SPE
1146	select CRYPTO_SKCIPHER
1147	help
1148	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1149	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1150	  This module should only be used for low power (router) devices
1151	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1152	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1153	  timining attacks. Nevertheless it might be not as secure as other
1154	  architecture specific assembler implementations that work on 1KB
1155	  tables or 256 bytes S-boxes.
1156
1157config CRYPTO_ANUBIS
1158	tristate "Anubis cipher algorithm"
1159	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1160	select CRYPTO_ALGAPI
1161	help
1162	  Anubis cipher algorithm.
1163
1164	  Anubis is a variable key length cipher which can use keys from
1165	  128 bits to 320 bits in length.  It was evaluated as a entrant
1166	  in the NESSIE competition.
1167
1168	  See also:
1169	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1170	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1171
1172config CRYPTO_ARC4
1173	tristate "ARC4 cipher algorithm"
1174	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1175	select CRYPTO_SKCIPHER
1176	select CRYPTO_LIB_ARC4
1177	help
1178	  ARC4 cipher algorithm.
1179
1180	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1181	  bits in length.  This algorithm is required for driver-based
1182	  WEP, but it should not be for other purposes because of the
1183	  weakness of the algorithm.
1184
1185config CRYPTO_BLOWFISH
1186	tristate "Blowfish cipher algorithm"
1187	select CRYPTO_ALGAPI
1188	select CRYPTO_BLOWFISH_COMMON
1189	help
1190	  Blowfish cipher algorithm, by Bruce Schneier.
1191
1192	  This is a variable key length cipher which can use keys from 32
1193	  bits to 448 bits in length.  It's fast, simple and specifically
1194	  designed for use on "large microprocessors".
1195
1196	  See also:
1197	  <https://www.schneier.com/blowfish.html>
1198
1199config CRYPTO_BLOWFISH_COMMON
1200	tristate
1201	help
1202	  Common parts of the Blowfish cipher algorithm shared by the
1203	  generic c and the assembler implementations.
1204
1205	  See also:
1206	  <https://www.schneier.com/blowfish.html>
1207
1208config CRYPTO_BLOWFISH_X86_64
1209	tristate "Blowfish cipher algorithm (x86_64)"
1210	depends on X86 && 64BIT
1211	select CRYPTO_SKCIPHER
1212	select CRYPTO_BLOWFISH_COMMON
1213	imply CRYPTO_CTR
1214	help
1215	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1216
1217	  This is a variable key length cipher which can use keys from 32
1218	  bits to 448 bits in length.  It's fast, simple and specifically
1219	  designed for use on "large microprocessors".
1220
1221	  See also:
1222	  <https://www.schneier.com/blowfish.html>
1223
1224config CRYPTO_CAMELLIA
1225	tristate "Camellia cipher algorithms"
1226	select CRYPTO_ALGAPI
1227	help
1228	  Camellia cipher algorithms module.
1229
1230	  Camellia is a symmetric key block cipher developed jointly
1231	  at NTT and Mitsubishi Electric Corporation.
1232
1233	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1234
1235	  See also:
1236	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1237
1238config CRYPTO_CAMELLIA_X86_64
1239	tristate "Camellia cipher algorithm (x86_64)"
1240	depends on X86 && 64BIT
1241	select CRYPTO_SKCIPHER
1242	imply CRYPTO_CTR
1243	help
1244	  Camellia cipher algorithm module (x86_64).
1245
1246	  Camellia is a symmetric key block cipher developed jointly
1247	  at NTT and Mitsubishi Electric Corporation.
1248
1249	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1250
1251	  See also:
1252	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1253
1254config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1255	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1256	depends on X86 && 64BIT
1257	select CRYPTO_SKCIPHER
1258	select CRYPTO_CAMELLIA_X86_64
1259	select CRYPTO_SIMD
1260	imply CRYPTO_XTS
1261	help
1262	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1263
1264	  Camellia is a symmetric key block cipher developed jointly
1265	  at NTT and Mitsubishi Electric Corporation.
1266
1267	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1268
1269	  See also:
1270	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1271
1272config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1273	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1274	depends on X86 && 64BIT
1275	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1276	help
1277	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1278
1279	  Camellia is a symmetric key block cipher developed jointly
1280	  at NTT and Mitsubishi Electric Corporation.
1281
1282	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1283
1284	  See also:
1285	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1286
1287config CRYPTO_CAMELLIA_SPARC64
1288	tristate "Camellia cipher algorithm (SPARC64)"
1289	depends on SPARC64
1290	select CRYPTO_ALGAPI
1291	select CRYPTO_SKCIPHER
1292	help
1293	  Camellia cipher algorithm module (SPARC64).
1294
1295	  Camellia is a symmetric key block cipher developed jointly
1296	  at NTT and Mitsubishi Electric Corporation.
1297
1298	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1299
1300	  See also:
1301	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1302
1303config CRYPTO_CAST_COMMON
1304	tristate
1305	help
1306	  Common parts of the CAST cipher algorithms shared by the
1307	  generic c and the assembler implementations.
1308
1309config CRYPTO_CAST5
1310	tristate "CAST5 (CAST-128) cipher algorithm"
1311	select CRYPTO_ALGAPI
1312	select CRYPTO_CAST_COMMON
1313	help
1314	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1315	  described in RFC2144.
1316
1317config CRYPTO_CAST5_AVX_X86_64
1318	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1319	depends on X86 && 64BIT
1320	select CRYPTO_SKCIPHER
1321	select CRYPTO_CAST5
1322	select CRYPTO_CAST_COMMON
1323	select CRYPTO_SIMD
1324	imply CRYPTO_CTR
1325	help
1326	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1327	  described in RFC2144.
1328
1329	  This module provides the Cast5 cipher algorithm that processes
1330	  sixteen blocks parallel using the AVX instruction set.
1331
1332config CRYPTO_CAST6
1333	tristate "CAST6 (CAST-256) cipher algorithm"
1334	select CRYPTO_ALGAPI
1335	select CRYPTO_CAST_COMMON
1336	help
1337	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1338	  described in RFC2612.
1339
1340config CRYPTO_CAST6_AVX_X86_64
1341	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1342	depends on X86 && 64BIT
1343	select CRYPTO_SKCIPHER
1344	select CRYPTO_CAST6
1345	select CRYPTO_CAST_COMMON
1346	select CRYPTO_SIMD
1347	imply CRYPTO_XTS
1348	imply CRYPTO_CTR
1349	help
1350	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1351	  described in RFC2612.
1352
1353	  This module provides the Cast6 cipher algorithm that processes
1354	  eight blocks parallel using the AVX instruction set.
1355
1356config CRYPTO_DES
1357	tristate "DES and Triple DES EDE cipher algorithms"
1358	select CRYPTO_ALGAPI
1359	select CRYPTO_LIB_DES
1360	help
1361	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1362
1363config CRYPTO_DES_SPARC64
1364	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1365	depends on SPARC64
1366	select CRYPTO_ALGAPI
1367	select CRYPTO_LIB_DES
1368	select CRYPTO_SKCIPHER
1369	help
1370	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1371	  optimized using SPARC64 crypto opcodes.
1372
1373config CRYPTO_DES3_EDE_X86_64
1374	tristate "Triple DES EDE cipher algorithm (x86-64)"
1375	depends on X86 && 64BIT
1376	select CRYPTO_SKCIPHER
1377	select CRYPTO_LIB_DES
1378	imply CRYPTO_CTR
1379	help
1380	  Triple DES EDE (FIPS 46-3) algorithm.
1381
1382	  This module provides implementation of the Triple DES EDE cipher
1383	  algorithm that is optimized for x86-64 processors. Two versions of
1384	  algorithm are provided; regular processing one input block and
1385	  one that processes three blocks parallel.
1386
1387config CRYPTO_FCRYPT
1388	tristate "FCrypt cipher algorithm"
1389	select CRYPTO_ALGAPI
1390	select CRYPTO_SKCIPHER
1391	help
1392	  FCrypt algorithm used by RxRPC.
1393
1394config CRYPTO_KHAZAD
1395	tristate "Khazad cipher algorithm"
1396	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1397	select CRYPTO_ALGAPI
1398	help
1399	  Khazad cipher algorithm.
1400
1401	  Khazad was a finalist in the initial NESSIE competition.  It is
1402	  an algorithm optimized for 64-bit processors with good performance
1403	  on 32-bit processors.  Khazad uses an 128 bit key size.
1404
1405	  See also:
1406	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1407
1408config CRYPTO_CHACHA20
1409	tristate "ChaCha stream cipher algorithms"
1410	select CRYPTO_LIB_CHACHA_GENERIC
1411	select CRYPTO_SKCIPHER
1412	help
1413	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1414
1415	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1416	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1417	  This is the portable C implementation of ChaCha20.  See also:
1418	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1419
1420	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1421	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1422	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1423	  while provably retaining ChaCha20's security.  See also:
1424	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1425
1426	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1427	  reduced security margin but increased performance.  It can be needed
1428	  in some performance-sensitive scenarios.
1429
1430config CRYPTO_CHACHA20_X86_64
1431	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1432	depends on X86 && 64BIT
1433	select CRYPTO_SKCIPHER
1434	select CRYPTO_LIB_CHACHA_GENERIC
1435	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1436	help
1437	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1438	  XChaCha20, and XChaCha12 stream ciphers.
1439
1440config CRYPTO_CHACHA_MIPS
1441	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1442	depends on CPU_MIPS32_R2
1443	select CRYPTO_SKCIPHER
1444	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1445
1446config CRYPTO_SEED
1447	tristate "SEED cipher algorithm"
1448	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1449	select CRYPTO_ALGAPI
1450	help
1451	  SEED cipher algorithm (RFC4269).
1452
1453	  SEED is a 128-bit symmetric key block cipher that has been
1454	  developed by KISA (Korea Information Security Agency) as a
1455	  national standard encryption algorithm of the Republic of Korea.
1456	  It is a 16 round block cipher with the key size of 128 bit.
1457
1458	  See also:
1459	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1460
1461config CRYPTO_SERPENT
1462	tristate "Serpent cipher algorithm"
1463	select CRYPTO_ALGAPI
1464	help
1465	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1466
1467	  Keys are allowed to be from 0 to 256 bits in length, in steps
1468	  of 8 bits.
1469
1470	  See also:
1471	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1472
1473config CRYPTO_SERPENT_SSE2_X86_64
1474	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1475	depends on X86 && 64BIT
1476	select CRYPTO_SKCIPHER
1477	select CRYPTO_SERPENT
1478	select CRYPTO_SIMD
1479	imply CRYPTO_CTR
1480	help
1481	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1482
1483	  Keys are allowed to be from 0 to 256 bits in length, in steps
1484	  of 8 bits.
1485
1486	  This module provides Serpent cipher algorithm that processes eight
1487	  blocks parallel using SSE2 instruction set.
1488
1489	  See also:
1490	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1491
1492config CRYPTO_SERPENT_SSE2_586
1493	tristate "Serpent cipher algorithm (i586/SSE2)"
1494	depends on X86 && !64BIT
1495	select CRYPTO_SKCIPHER
1496	select CRYPTO_SERPENT
1497	select CRYPTO_SIMD
1498	imply CRYPTO_CTR
1499	help
1500	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1501
1502	  Keys are allowed to be from 0 to 256 bits in length, in steps
1503	  of 8 bits.
1504
1505	  This module provides Serpent cipher algorithm that processes four
1506	  blocks parallel using SSE2 instruction set.
1507
1508	  See also:
1509	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1510
1511config CRYPTO_SERPENT_AVX_X86_64
1512	tristate "Serpent cipher algorithm (x86_64/AVX)"
1513	depends on X86 && 64BIT
1514	select CRYPTO_SKCIPHER
1515	select CRYPTO_SERPENT
1516	select CRYPTO_SIMD
1517	imply CRYPTO_XTS
1518	imply CRYPTO_CTR
1519	help
1520	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1521
1522	  Keys are allowed to be from 0 to 256 bits in length, in steps
1523	  of 8 bits.
1524
1525	  This module provides the Serpent cipher algorithm that processes
1526	  eight blocks parallel using the AVX instruction set.
1527
1528	  See also:
1529	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1530
1531config CRYPTO_SERPENT_AVX2_X86_64
1532	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1533	depends on X86 && 64BIT
1534	select CRYPTO_SERPENT_AVX_X86_64
1535	help
1536	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1537
1538	  Keys are allowed to be from 0 to 256 bits in length, in steps
1539	  of 8 bits.
1540
1541	  This module provides Serpent cipher algorithm that processes 16
1542	  blocks parallel using AVX2 instruction set.
1543
1544	  See also:
1545	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1546
1547config CRYPTO_SM4
1548	tristate "SM4 cipher algorithm"
1549	select CRYPTO_ALGAPI
1550	select CRYPTO_LIB_SM4
1551	help
1552	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1553
1554	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1555	  Organization of State Commercial Administration of China (OSCCA)
1556	  as an authorized cryptographic algorithms for the use within China.
1557
1558	  SMS4 was originally created for use in protecting wireless
1559	  networks, and is mandated in the Chinese National Standard for
1560	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1561	  (GB.15629.11-2003).
1562
1563	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1564	  standardized through TC 260 of the Standardization Administration
1565	  of the People's Republic of China (SAC).
1566
1567	  The input, output, and key of SMS4 are each 128 bits.
1568
1569	  See also: <https://eprint.iacr.org/2008/329.pdf>
1570
1571	  If unsure, say N.
1572
1573config CRYPTO_SM4_AESNI_AVX_X86_64
1574	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1575	depends on X86 && 64BIT
1576	select CRYPTO_SKCIPHER
1577	select CRYPTO_SIMD
1578	select CRYPTO_ALGAPI
1579	select CRYPTO_LIB_SM4
1580	help
1581	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1582
1583	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1584	  Organization of State Commercial Administration of China (OSCCA)
1585	  as an authorized cryptographic algorithms for the use within China.
1586
1587	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
1588	  instruction set for block cipher. Through two affine transforms,
1589	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1590	  effect of instruction acceleration.
1591
1592	  If unsure, say N.
1593
1594config CRYPTO_SM4_AESNI_AVX2_X86_64
1595	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1596	depends on X86 && 64BIT
1597	select CRYPTO_SKCIPHER
1598	select CRYPTO_SIMD
1599	select CRYPTO_ALGAPI
1600	select CRYPTO_LIB_SM4
1601	select CRYPTO_SM4_AESNI_AVX_X86_64
1602	help
1603	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1604
1605	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1606	  Organization of State Commercial Administration of China (OSCCA)
1607	  as an authorized cryptographic algorithms for the use within China.
1608
1609	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1610	  instruction set for block cipher. Through two affine transforms,
1611	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1612	  effect of instruction acceleration.
1613
1614	  If unsure, say N.
1615
1616config CRYPTO_TEA
1617	tristate "TEA, XTEA and XETA cipher algorithms"
1618	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1619	select CRYPTO_ALGAPI
1620	help
1621	  TEA cipher algorithm.
1622
1623	  Tiny Encryption Algorithm is a simple cipher that uses
1624	  many rounds for security.  It is very fast and uses
1625	  little memory.
1626
1627	  Xtendend Tiny Encryption Algorithm is a modification to
1628	  the TEA algorithm to address a potential key weakness
1629	  in the TEA algorithm.
1630
1631	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1632	  of the XTEA algorithm for compatibility purposes.
1633
1634config CRYPTO_TWOFISH
1635	tristate "Twofish cipher algorithm"
1636	select CRYPTO_ALGAPI
1637	select CRYPTO_TWOFISH_COMMON
1638	help
1639	  Twofish cipher algorithm.
1640
1641	  Twofish was submitted as an AES (Advanced Encryption Standard)
1642	  candidate cipher by researchers at CounterPane Systems.  It is a
1643	  16 round block cipher supporting key sizes of 128, 192, and 256
1644	  bits.
1645
1646	  See also:
1647	  <https://www.schneier.com/twofish.html>
1648
1649config CRYPTO_TWOFISH_COMMON
1650	tristate
1651	help
1652	  Common parts of the Twofish cipher algorithm shared by the
1653	  generic c and the assembler implementations.
1654
1655config CRYPTO_TWOFISH_586
1656	tristate "Twofish cipher algorithms (i586)"
1657	depends on (X86 || UML_X86) && !64BIT
1658	select CRYPTO_ALGAPI
1659	select CRYPTO_TWOFISH_COMMON
1660	imply CRYPTO_CTR
1661	help
1662	  Twofish cipher algorithm.
1663
1664	  Twofish was submitted as an AES (Advanced Encryption Standard)
1665	  candidate cipher by researchers at CounterPane Systems.  It is a
1666	  16 round block cipher supporting key sizes of 128, 192, and 256
1667	  bits.
1668
1669	  See also:
1670	  <https://www.schneier.com/twofish.html>
1671
1672config CRYPTO_TWOFISH_X86_64
1673	tristate "Twofish cipher algorithm (x86_64)"
1674	depends on (X86 || UML_X86) && 64BIT
1675	select CRYPTO_ALGAPI
1676	select CRYPTO_TWOFISH_COMMON
1677	imply CRYPTO_CTR
1678	help
1679	  Twofish cipher algorithm (x86_64).
1680
1681	  Twofish was submitted as an AES (Advanced Encryption Standard)
1682	  candidate cipher by researchers at CounterPane Systems.  It is a
1683	  16 round block cipher supporting key sizes of 128, 192, and 256
1684	  bits.
1685
1686	  See also:
1687	  <https://www.schneier.com/twofish.html>
1688
1689config CRYPTO_TWOFISH_X86_64_3WAY
1690	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1691	depends on X86 && 64BIT
1692	select CRYPTO_SKCIPHER
1693	select CRYPTO_TWOFISH_COMMON
1694	select CRYPTO_TWOFISH_X86_64
1695	help
1696	  Twofish cipher algorithm (x86_64, 3-way parallel).
1697
1698	  Twofish was submitted as an AES (Advanced Encryption Standard)
1699	  candidate cipher by researchers at CounterPane Systems.  It is a
1700	  16 round block cipher supporting key sizes of 128, 192, and 256
1701	  bits.
1702
1703	  This module provides Twofish cipher algorithm that processes three
1704	  blocks parallel, utilizing resources of out-of-order CPUs better.
1705
1706	  See also:
1707	  <https://www.schneier.com/twofish.html>
1708
1709config CRYPTO_TWOFISH_AVX_X86_64
1710	tristate "Twofish cipher algorithm (x86_64/AVX)"
1711	depends on X86 && 64BIT
1712	select CRYPTO_SKCIPHER
1713	select CRYPTO_SIMD
1714	select CRYPTO_TWOFISH_COMMON
1715	select CRYPTO_TWOFISH_X86_64
1716	select CRYPTO_TWOFISH_X86_64_3WAY
1717	imply CRYPTO_XTS
1718	help
1719	  Twofish cipher algorithm (x86_64/AVX).
1720
1721	  Twofish was submitted as an AES (Advanced Encryption Standard)
1722	  candidate cipher by researchers at CounterPane Systems.  It is a
1723	  16 round block cipher supporting key sizes of 128, 192, and 256
1724	  bits.
1725
1726	  This module provides the Twofish cipher algorithm that processes
1727	  eight blocks parallel using the AVX Instruction Set.
1728
1729	  See also:
1730	  <https://www.schneier.com/twofish.html>
1731
1732comment "Compression"
1733
1734config CRYPTO_DEFLATE
1735	tristate "Deflate compression algorithm"
1736	select CRYPTO_ALGAPI
1737	select CRYPTO_ACOMP2
1738	select ZLIB_INFLATE
1739	select ZLIB_DEFLATE
1740	help
1741	  This is the Deflate algorithm (RFC1951), specified for use in
1742	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1743
1744	  You will most probably want this if using IPSec.
1745
1746config CRYPTO_LZO
1747	tristate "LZO compression algorithm"
1748	select CRYPTO_ALGAPI
1749	select CRYPTO_ACOMP2
1750	select LZO_COMPRESS
1751	select LZO_DECOMPRESS
1752	help
1753	  This is the LZO algorithm.
1754
1755config CRYPTO_842
1756	tristate "842 compression algorithm"
1757	select CRYPTO_ALGAPI
1758	select CRYPTO_ACOMP2
1759	select 842_COMPRESS
1760	select 842_DECOMPRESS
1761	help
1762	  This is the 842 algorithm.
1763
1764config CRYPTO_LZ4
1765	tristate "LZ4 compression algorithm"
1766	select CRYPTO_ALGAPI
1767	select CRYPTO_ACOMP2
1768	select LZ4_COMPRESS
1769	select LZ4_DECOMPRESS
1770	help
1771	  This is the LZ4 algorithm.
1772
1773config CRYPTO_LZ4HC
1774	tristate "LZ4HC compression algorithm"
1775	select CRYPTO_ALGAPI
1776	select CRYPTO_ACOMP2
1777	select LZ4HC_COMPRESS
1778	select LZ4_DECOMPRESS
1779	help
1780	  This is the LZ4 high compression mode algorithm.
1781
1782config CRYPTO_ZSTD
1783	tristate "Zstd compression algorithm"
1784	select CRYPTO_ALGAPI
1785	select CRYPTO_ACOMP2
1786	select ZSTD_COMPRESS
1787	select ZSTD_DECOMPRESS
1788	help
1789	  This is the zstd algorithm.
1790
1791comment "Random Number Generation"
1792
1793config CRYPTO_ANSI_CPRNG
1794	tristate "Pseudo Random Number Generation for Cryptographic modules"
1795	select CRYPTO_AES
1796	select CRYPTO_RNG
1797	help
1798	  This option enables the generic pseudo random number generator
1799	  for cryptographic modules.  Uses the Algorithm specified in
1800	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1801	  CRYPTO_FIPS is selected
1802
1803menuconfig CRYPTO_DRBG_MENU
1804	tristate "NIST SP800-90A DRBG"
1805	help
1806	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1807	  more of the DRBG types must be selected.
1808
1809if CRYPTO_DRBG_MENU
1810
1811config CRYPTO_DRBG_HMAC
1812	bool
1813	default y
1814	select CRYPTO_HMAC
1815	select CRYPTO_SHA512
1816
1817config CRYPTO_DRBG_HASH
1818	bool "Enable Hash DRBG"
1819	select CRYPTO_SHA256
1820	help
1821	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1822
1823config CRYPTO_DRBG_CTR
1824	bool "Enable CTR DRBG"
1825	select CRYPTO_AES
1826	select CRYPTO_CTR
1827	help
1828	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1829
1830config CRYPTO_DRBG
1831	tristate
1832	default CRYPTO_DRBG_MENU
1833	select CRYPTO_RNG
1834	select CRYPTO_JITTERENTROPY
1835
1836endif	# if CRYPTO_DRBG_MENU
1837
1838config CRYPTO_JITTERENTROPY
1839	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1840	select CRYPTO_RNG
1841	help
1842	  The Jitterentropy RNG is a noise that is intended
1843	  to provide seed to another RNG. The RNG does not
1844	  perform any cryptographic whitening of the generated
1845	  random numbers. This Jitterentropy RNG registers with
1846	  the kernel crypto API and can be used by any caller.
1847
1848config CRYPTO_USER_API
1849	tristate
1850
1851config CRYPTO_USER_API_HASH
1852	tristate "User-space interface for hash algorithms"
1853	depends on NET
1854	select CRYPTO_HASH
1855	select CRYPTO_USER_API
1856	help
1857	  This option enables the user-spaces interface for hash
1858	  algorithms.
1859
1860config CRYPTO_USER_API_SKCIPHER
1861	tristate "User-space interface for symmetric key cipher algorithms"
1862	depends on NET
1863	select CRYPTO_SKCIPHER
1864	select CRYPTO_USER_API
1865	help
1866	  This option enables the user-spaces interface for symmetric
1867	  key cipher algorithms.
1868
1869config CRYPTO_USER_API_RNG
1870	tristate "User-space interface for random number generator algorithms"
1871	depends on NET
1872	select CRYPTO_RNG
1873	select CRYPTO_USER_API
1874	help
1875	  This option enables the user-spaces interface for random
1876	  number generator algorithms.
1877
1878config CRYPTO_USER_API_RNG_CAVP
1879	bool "Enable CAVP testing of DRBG"
1880	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1881	help
1882	  This option enables extra API for CAVP testing via the user-space
1883	  interface: resetting of DRBG entropy, and providing Additional Data.
1884	  This should only be enabled for CAVP testing. You should say
1885	  no unless you know what this is.
1886
1887config CRYPTO_USER_API_AEAD
1888	tristate "User-space interface for AEAD cipher algorithms"
1889	depends on NET
1890	select CRYPTO_AEAD
1891	select CRYPTO_SKCIPHER
1892	select CRYPTO_NULL
1893	select CRYPTO_USER_API
1894	help
1895	  This option enables the user-spaces interface for AEAD
1896	  cipher algorithms.
1897
1898config CRYPTO_USER_API_ENABLE_OBSOLETE
1899	bool "Enable obsolete cryptographic algorithms for userspace"
1900	depends on CRYPTO_USER_API
1901	default y
1902	help
1903	  Allow obsolete cryptographic algorithms to be selected that have
1904	  already been phased out from internal use by the kernel, and are
1905	  only useful for userspace clients that still rely on them.
1906
1907config CRYPTO_STATS
1908	bool "Crypto usage statistics for User-space"
1909	depends on CRYPTO_USER
1910	help
1911	  This option enables the gathering of crypto stats.
1912	  This will collect:
1913	  - encrypt/decrypt size and numbers of symmeric operations
1914	  - compress/decompress size and numbers of compress operations
1915	  - size and numbers of hash operations
1916	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1917	  - generate/seed numbers for rng operations
1918
1919config CRYPTO_HASH_INFO
1920	bool
1921
1922source "lib/crypto/Kconfig"
1923source "drivers/crypto/Kconfig"
1924source "crypto/asymmetric_keys/Kconfig"
1925source "certs/Kconfig"
1926
1927endif	# if CRYPTO
1928