crypto/Kconfig at v5.18 · tjh.dev/kernel

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / crypto / Kconfig
at v5.18 1958 lines 58 kB view raw
wrap content
   1# SPDX-License-Identifier: GPL-2.0
   2#
   3# Generic algorithms support
   4#
   5config XOR_BLOCKS
   6	tristate
   7
   8#
   9# async_tx api: hardware offloaded memory transfer/transform support
  10#
  11source "crypto/async_tx/Kconfig"
  12
  13#
  14# Cryptographic API Configuration
  15#
  16menuconfig CRYPTO
  17	tristate "Cryptographic API"
  18	help
  19	  This option provides the core Cryptographic API.
  20
  21if CRYPTO
  22
  23comment "Crypto core or helper"
  24
  25config CRYPTO_FIPS
  26	bool "FIPS 200 compliance"
  27	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
  28	depends on (MODULE_SIG || !MODULES)
  29	help
  30	  This option enables the fips boot option which is
  31	  required if you want the system to operate in a FIPS 200
  32	  certification.  You should say no unless you know what
  33	  this is.
  34
  35config CRYPTO_ALGAPI
  36	tristate
  37	select CRYPTO_ALGAPI2
  38	help
  39	  This option provides the API for cryptographic algorithms.
  40
  41config CRYPTO_ALGAPI2
  42	tristate
  43
  44config CRYPTO_AEAD
  45	tristate
  46	select CRYPTO_AEAD2
  47	select CRYPTO_ALGAPI
  48
  49config CRYPTO_AEAD2
  50	tristate
  51	select CRYPTO_ALGAPI2
  52	select CRYPTO_NULL2
  53	select CRYPTO_RNG2
  54
  55config CRYPTO_SKCIPHER
  56	tristate
  57	select CRYPTO_SKCIPHER2
  58	select CRYPTO_ALGAPI
  59
  60config CRYPTO_SKCIPHER2
  61	tristate
  62	select CRYPTO_ALGAPI2
  63	select CRYPTO_RNG2
  64
  65config CRYPTO_HASH
  66	tristate
  67	select CRYPTO_HASH2
  68	select CRYPTO_ALGAPI
  69
  70config CRYPTO_HASH2
  71	tristate
  72	select CRYPTO_ALGAPI2
  73
  74config CRYPTO_RNG
  75	tristate
  76	select CRYPTO_RNG2
  77	select CRYPTO_ALGAPI
  78
  79config CRYPTO_RNG2
  80	tristate
  81	select CRYPTO_ALGAPI2
  82
  83config CRYPTO_RNG_DEFAULT
  84	tristate
  85	select CRYPTO_DRBG_MENU
  86
  87config CRYPTO_AKCIPHER2
  88	tristate
  89	select CRYPTO_ALGAPI2
  90
  91config CRYPTO_AKCIPHER
  92	tristate
  93	select CRYPTO_AKCIPHER2
  94	select CRYPTO_ALGAPI
  95
  96config CRYPTO_KPP2
  97	tristate
  98	select CRYPTO_ALGAPI2
  99
 100config CRYPTO_KPP
 101	tristate
 102	select CRYPTO_ALGAPI
 103	select CRYPTO_KPP2
 104
 105config CRYPTO_ACOMP2
 106	tristate
 107	select CRYPTO_ALGAPI2
 108	select SGL_ALLOC
 109
 110config CRYPTO_ACOMP
 111	tristate
 112	select CRYPTO_ALGAPI
 113	select CRYPTO_ACOMP2
 114
 115config CRYPTO_MANAGER
 116	tristate "Cryptographic algorithm manager"
 117	select CRYPTO_MANAGER2
 118	help
 119	  Create default cryptographic template instantiations such as
 120	  cbc(aes).
 121
 122config CRYPTO_MANAGER2
 123	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
 124	select CRYPTO_AEAD2
 125	select CRYPTO_HASH2
 126	select CRYPTO_SKCIPHER2
 127	select CRYPTO_AKCIPHER2
 128	select CRYPTO_KPP2
 129	select CRYPTO_ACOMP2
 130
 131config CRYPTO_USER
 132	tristate "Userspace cryptographic algorithm configuration"
 133	depends on NET
 134	select CRYPTO_MANAGER
 135	help
 136	  Userspace configuration for cryptographic instantiations such as
 137	  cbc(aes).
 138
 139config CRYPTO_MANAGER_DISABLE_TESTS
 140	bool "Disable run-time self tests"
 141	default y
 142	help
 143	  Disable run-time self tests that normally take place at
 144	  algorithm registration.
 145
 146config CRYPTO_MANAGER_EXTRA_TESTS
 147	bool "Enable extra run-time crypto self tests"
 148	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
 149	help
 150	  Enable extra run-time self tests of registered crypto algorithms,
 151	  including randomized fuzz tests.
 152
 153	  This is intended for developer use only, as these tests take much
 154	  longer to run than the normal self tests.
 155
 156config CRYPTO_GF128MUL
 157	tristate
 158
 159config CRYPTO_NULL
 160	tristate "Null algorithms"
 161	select CRYPTO_NULL2
 162	help
 163	  These are 'Null' algorithms, used by IPsec, which do nothing.
 164
 165config CRYPTO_NULL2
 166	tristate
 167	select CRYPTO_ALGAPI2
 168	select CRYPTO_SKCIPHER2
 169	select CRYPTO_HASH2
 170
 171config CRYPTO_PCRYPT
 172	tristate "Parallel crypto engine"
 173	depends on SMP
 174	select PADATA
 175	select CRYPTO_MANAGER
 176	select CRYPTO_AEAD
 177	help
 178	  This converts an arbitrary crypto algorithm into a parallel
 179	  algorithm that executes in kernel threads.
 180
 181config CRYPTO_CRYPTD
 182	tristate "Software async crypto daemon"
 183	select CRYPTO_SKCIPHER
 184	select CRYPTO_HASH
 185	select CRYPTO_MANAGER
 186	help
 187	  This is a generic software asynchronous crypto daemon that
 188	  converts an arbitrary synchronous software crypto algorithm
 189	  into an asynchronous algorithm that executes in a kernel thread.
 190
 191config CRYPTO_AUTHENC
 192	tristate "Authenc support"
 193	select CRYPTO_AEAD
 194	select CRYPTO_SKCIPHER
 195	select CRYPTO_MANAGER
 196	select CRYPTO_HASH
 197	select CRYPTO_NULL
 198	help
 199	  Authenc: Combined mode wrapper for IPsec.
 200	  This is required for IPSec.
 201
 202config CRYPTO_TEST
 203	tristate "Testing module"
 204	depends on m || EXPERT
 205	select CRYPTO_MANAGER
 206	help
 207	  Quick & dirty crypto test module.
 208
 209config CRYPTO_SIMD
 210	tristate
 211	select CRYPTO_CRYPTD
 212
 213config CRYPTO_ENGINE
 214	tristate
 215
 216comment "Public-key cryptography"
 217
 218config CRYPTO_RSA
 219	tristate "RSA algorithm"
 220	select CRYPTO_AKCIPHER
 221	select CRYPTO_MANAGER
 222	select MPILIB
 223	select ASN1
 224	help
 225	  Generic implementation of the RSA public key algorithm.
 226
 227config CRYPTO_DH
 228	tristate "Diffie-Hellman algorithm"
 229	select CRYPTO_KPP
 230	select MPILIB
 231	help
 232	  Generic implementation of the Diffie-Hellman algorithm.
 233
 234config CRYPTO_DH_RFC7919_GROUPS
 235	bool "Support for RFC 7919 FFDHE group parameters"
 236	depends on CRYPTO_DH
 237	select CRYPTO_RNG_DEFAULT
 238	help
 239	  Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
 240
 241config CRYPTO_ECC
 242	tristate
 243	select CRYPTO_RNG_DEFAULT
 244
 245config CRYPTO_ECDH
 246	tristate "ECDH algorithm"
 247	select CRYPTO_ECC
 248	select CRYPTO_KPP
 249	help
 250	  Generic implementation of the ECDH algorithm
 251
 252config CRYPTO_ECDSA
 253	tristate "ECDSA (NIST P192, P256 etc.) algorithm"
 254	select CRYPTO_ECC
 255	select CRYPTO_AKCIPHER
 256	select ASN1
 257	help
 258	  Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
 259	  is A NIST cryptographic standard algorithm. Only signature verification
 260	  is implemented.
 261
 262config CRYPTO_ECRDSA
 263	tristate "EC-RDSA (GOST 34.10) algorithm"
 264	select CRYPTO_ECC
 265	select CRYPTO_AKCIPHER
 266	select CRYPTO_STREEBOG
 267	select OID_REGISTRY
 268	select ASN1
 269	help
 270	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
 271	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
 272	  standard algorithms (called GOST algorithms). Only signature verification
 273	  is implemented.
 274
 275config CRYPTO_SM2
 276	tristate "SM2 algorithm"
 277	select CRYPTO_LIB_SM3
 278	select CRYPTO_AKCIPHER
 279	select CRYPTO_MANAGER
 280	select MPILIB
 281	select ASN1
 282	help
 283	  Generic implementation of the SM2 public key algorithm. It was
 284	  published by State Encryption Management Bureau, China.
 285	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
 286
 287	  References:
 288	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
 289	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
 290	  http://www.gmbz.org.cn/main/bzlb.html
 291
 292config CRYPTO_CURVE25519
 293	tristate "Curve25519 algorithm"
 294	select CRYPTO_KPP
 295	select CRYPTO_LIB_CURVE25519_GENERIC
 296
 297config CRYPTO_CURVE25519_X86
 298	tristate "x86_64 accelerated Curve25519 scalar multiplication library"
 299	depends on X86 && 64BIT
 300	select CRYPTO_LIB_CURVE25519_GENERIC
 301	select CRYPTO_ARCH_HAVE_LIB_CURVE25519
 302
 303comment "Authenticated Encryption with Associated Data"
 304
 305config CRYPTO_CCM
 306	tristate "CCM support"
 307	select CRYPTO_CTR
 308	select CRYPTO_HASH
 309	select CRYPTO_AEAD
 310	select CRYPTO_MANAGER
 311	help
 312	  Support for Counter with CBC MAC. Required for IPsec.
 313
 314config CRYPTO_GCM
 315	tristate "GCM/GMAC support"
 316	select CRYPTO_CTR
 317	select CRYPTO_AEAD
 318	select CRYPTO_GHASH
 319	select CRYPTO_NULL
 320	select CRYPTO_MANAGER
 321	help
 322	  Support for Galois/Counter Mode (GCM) and Galois Message
 323	  Authentication Code (GMAC). Required for IPSec.
 324
 325config CRYPTO_CHACHA20POLY1305
 326	tristate "ChaCha20-Poly1305 AEAD support"
 327	select CRYPTO_CHACHA20
 328	select CRYPTO_POLY1305
 329	select CRYPTO_AEAD
 330	select CRYPTO_MANAGER
 331	help
 332	  ChaCha20-Poly1305 AEAD support, RFC7539.
 333
 334	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
 335	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
 336	  IETF protocols.
 337
 338config CRYPTO_AEGIS128
 339	tristate "AEGIS-128 AEAD algorithm"
 340	select CRYPTO_AEAD
 341	select CRYPTO_AES  # for AES S-box tables
 342	help
 343	 Support for the AEGIS-128 dedicated AEAD algorithm.
 344
 345config CRYPTO_AEGIS128_SIMD
 346	bool "Support SIMD acceleration for AEGIS-128"
 347	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
 348	default y
 349
 350config CRYPTO_AEGIS128_AESNI_SSE2
 351	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
 352	depends on X86 && 64BIT
 353	select CRYPTO_AEAD
 354	select CRYPTO_SIMD
 355	help
 356	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
 357
 358config CRYPTO_SEQIV
 359	tristate "Sequence Number IV Generator"
 360	select CRYPTO_AEAD
 361	select CRYPTO_SKCIPHER
 362	select CRYPTO_NULL
 363	select CRYPTO_RNG_DEFAULT
 364	select CRYPTO_MANAGER
 365	help
 366	  This IV generator generates an IV based on a sequence number by
 367	  xoring it with a salt.  This algorithm is mainly useful for CTR
 368
 369config CRYPTO_ECHAINIV
 370	tristate "Encrypted Chain IV Generator"
 371	select CRYPTO_AEAD
 372	select CRYPTO_NULL
 373	select CRYPTO_RNG_DEFAULT
 374	select CRYPTO_MANAGER
 375	help
 376	  This IV generator generates an IV based on the encryption of
 377	  a sequence number xored with a salt.  This is the default
 378	  algorithm for CBC.
 379
 380comment "Block modes"
 381
 382config CRYPTO_CBC
 383	tristate "CBC support"
 384	select CRYPTO_SKCIPHER
 385	select CRYPTO_MANAGER
 386	help
 387	  CBC: Cipher Block Chaining mode
 388	  This block cipher algorithm is required for IPSec.
 389
 390config CRYPTO_CFB
 391	tristate "CFB support"
 392	select CRYPTO_SKCIPHER
 393	select CRYPTO_MANAGER
 394	help
 395	  CFB: Cipher FeedBack mode
 396	  This block cipher algorithm is required for TPM2 Cryptography.
 397
 398config CRYPTO_CTR
 399	tristate "CTR support"
 400	select CRYPTO_SKCIPHER
 401	select CRYPTO_MANAGER
 402	help
 403	  CTR: Counter mode
 404	  This block cipher algorithm is required for IPSec.
 405
 406config CRYPTO_CTS
 407	tristate "CTS support"
 408	select CRYPTO_SKCIPHER
 409	select CRYPTO_MANAGER
 410	help
 411	  CTS: Cipher Text Stealing
 412	  This is the Cipher Text Stealing mode as described by
 413	  Section 8 of rfc2040 and referenced by rfc3962
 414	  (rfc3962 includes errata information in its Appendix A) or
 415	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
 416	  This mode is required for Kerberos gss mechanism support
 417	  for AES encryption.
 418
 419	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
 420
 421config CRYPTO_ECB
 422	tristate "ECB support"
 423	select CRYPTO_SKCIPHER
 424	select CRYPTO_MANAGER
 425	help
 426	  ECB: Electronic CodeBook mode
 427	  This is the simplest block cipher algorithm.  It simply encrypts
 428	  the input block by block.
 429
 430config CRYPTO_LRW
 431	tristate "LRW support"
 432	select CRYPTO_SKCIPHER
 433	select CRYPTO_MANAGER
 434	select CRYPTO_GF128MUL
 435	select CRYPTO_ECB
 436	help
 437	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
 438	  narrow block cipher mode for dm-crypt.  Use it with cipher
 439	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
 440	  The first 128, 192 or 256 bits in the key are used for AES and the
 441	  rest is used to tie each cipher block to its logical position.
 442
 443config CRYPTO_OFB
 444	tristate "OFB support"
 445	select CRYPTO_SKCIPHER
 446	select CRYPTO_MANAGER
 447	help
 448	  OFB: the Output Feedback mode makes a block cipher into a synchronous
 449	  stream cipher. It generates keystream blocks, which are then XORed
 450	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
 451	  ciphertext produces a flipped bit in the plaintext at the same
 452	  location. This property allows many error correcting codes to function
 453	  normally even when applied before encryption.
 454
 455config CRYPTO_PCBC
 456	tristate "PCBC support"
 457	select CRYPTO_SKCIPHER
 458	select CRYPTO_MANAGER
 459	help
 460	  PCBC: Propagating Cipher Block Chaining mode
 461	  This block cipher algorithm is required for RxRPC.
 462
 463config CRYPTO_XTS
 464	tristate "XTS support"
 465	select CRYPTO_SKCIPHER
 466	select CRYPTO_MANAGER
 467	select CRYPTO_ECB
 468	help
 469	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
 470	  key size 256, 384 or 512 bits. This implementation currently
 471	  can't handle a sectorsize which is not a multiple of 16 bytes.
 472
 473config CRYPTO_KEYWRAP
 474	tristate "Key wrapping support"
 475	select CRYPTO_SKCIPHER
 476	select CRYPTO_MANAGER
 477	help
 478	  Support for key wrapping (NIST SP800-38F / RFC3394) without
 479	  padding.
 480
 481config CRYPTO_NHPOLY1305
 482	tristate
 483	select CRYPTO_HASH
 484	select CRYPTO_LIB_POLY1305_GENERIC
 485
 486config CRYPTO_NHPOLY1305_SSE2
 487	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
 488	depends on X86 && 64BIT
 489	select CRYPTO_NHPOLY1305
 490	help
 491	  SSE2 optimized implementation of the hash function used by the
 492	  Adiantum encryption mode.
 493
 494config CRYPTO_NHPOLY1305_AVX2
 495	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
 496	depends on X86 && 64BIT
 497	select CRYPTO_NHPOLY1305
 498	help
 499	  AVX2 optimized implementation of the hash function used by the
 500	  Adiantum encryption mode.
 501
 502config CRYPTO_ADIANTUM
 503	tristate "Adiantum support"
 504	select CRYPTO_CHACHA20
 505	select CRYPTO_LIB_POLY1305_GENERIC
 506	select CRYPTO_NHPOLY1305
 507	select CRYPTO_MANAGER
 508	help
 509	  Adiantum is a tweakable, length-preserving encryption mode
 510	  designed for fast and secure disk encryption, especially on
 511	  CPUs without dedicated crypto instructions.  It encrypts
 512	  each sector using the XChaCha12 stream cipher, two passes of
 513	  an ε-almost-∆-universal hash function, and an invocation of
 514	  the AES-256 block cipher on a single 16-byte block.  On CPUs
 515	  without AES instructions, Adiantum is much faster than
 516	  AES-XTS.
 517
 518	  Adiantum's security is provably reducible to that of its
 519	  underlying stream and block ciphers, subject to a security
 520	  bound.  Unlike XTS, Adiantum is a true wide-block encryption
 521	  mode, so it actually provides an even stronger notion of
 522	  security than XTS, subject to the security bound.
 523
 524	  If unsure, say N.
 525
 526config CRYPTO_ESSIV
 527	tristate "ESSIV support for block encryption"
 528	select CRYPTO_AUTHENC
 529	help
 530	  Encrypted salt-sector initialization vector (ESSIV) is an IV
 531	  generation method that is used in some cases by fscrypt and/or
 532	  dm-crypt. It uses the hash of the block encryption key as the
 533	  symmetric key for a block encryption pass applied to the input
 534	  IV, making low entropy IV sources more suitable for block
 535	  encryption.
 536
 537	  This driver implements a crypto API template that can be
 538	  instantiated either as an skcipher or as an AEAD (depending on the
 539	  type of the first template argument), and which defers encryption
 540	  and decryption requests to the encapsulated cipher after applying
 541	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
 542	  that the keys are presented in the same format used by the authenc
 543	  template, and that the IV appears at the end of the authenticated
 544	  associated data (AAD) region (which is how dm-crypt uses it.)
 545
 546	  Note that the use of ESSIV is not recommended for new deployments,
 547	  and so this only needs to be enabled when interoperability with
 548	  existing encrypted volumes of filesystems is required, or when
 549	  building for a particular system that requires it (e.g., when
 550	  the SoC in question has accelerated CBC but not XTS, making CBC
 551	  combined with ESSIV the only feasible mode for h/w accelerated
 552	  block encryption)
 553
 554comment "Hash modes"
 555
 556config CRYPTO_CMAC
 557	tristate "CMAC support"
 558	select CRYPTO_HASH
 559	select CRYPTO_MANAGER
 560	help
 561	  Cipher-based Message Authentication Code (CMAC) specified by
 562	  The National Institute of Standards and Technology (NIST).
 563
 564	  https://tools.ietf.org/html/rfc4493
 565	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
 566
 567config CRYPTO_HMAC
 568	tristate "HMAC support"
 569	select CRYPTO_HASH
 570	select CRYPTO_MANAGER
 571	help
 572	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
 573	  This is required for IPSec.
 574
 575config CRYPTO_XCBC
 576	tristate "XCBC support"
 577	select CRYPTO_HASH
 578	select CRYPTO_MANAGER
 579	help
 580	  XCBC: Keyed-Hashing with encryption algorithm
 581		https://www.ietf.org/rfc/rfc3566.txt
 582		http://csrc.nist.gov/encryption/modes/proposedmodes/
 583		 xcbc-mac/xcbc-mac-spec.pdf
 584
 585config CRYPTO_VMAC
 586	tristate "VMAC support"
 587	select CRYPTO_HASH
 588	select CRYPTO_MANAGER
 589	help
 590	  VMAC is a message authentication algorithm designed for
 591	  very high speed on 64-bit architectures.
 592
 593	  See also:
 594	  <https://fastcrypto.org/vmac>
 595
 596comment "Digest"
 597
 598config CRYPTO_CRC32C
 599	tristate "CRC32c CRC algorithm"
 600	select CRYPTO_HASH
 601	select CRC32
 602	help
 603	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
 604	  by iSCSI for header and data digests and by others.
 605	  See Castagnoli93.  Module will be crc32c.
 606
 607config CRYPTO_CRC32C_INTEL
 608	tristate "CRC32c INTEL hardware acceleration"
 609	depends on X86
 610	select CRYPTO_HASH
 611	help
 612	  In Intel processor with SSE4.2 supported, the processor will
 613	  support CRC32C implementation using hardware accelerated CRC32
 614	  instruction. This option will create 'crc32c-intel' module,
 615	  which will enable any routine to use the CRC32 instruction to
 616	  gain performance compared with software implementation.
 617	  Module will be crc32c-intel.
 618
 619config CRYPTO_CRC32C_VPMSUM
 620	tristate "CRC32c CRC algorithm (powerpc64)"
 621	depends on PPC64 && ALTIVEC
 622	select CRYPTO_HASH
 623	select CRC32
 624	help
 625	  CRC32c algorithm implemented using vector polynomial multiply-sum
 626	  (vpmsum) instructions, introduced in POWER8. Enable on POWER8
 627	  and newer processors for improved performance.
 628
 629
 630config CRYPTO_CRC32C_SPARC64
 631	tristate "CRC32c CRC algorithm (SPARC64)"
 632	depends on SPARC64
 633	select CRYPTO_HASH
 634	select CRC32
 635	help
 636	  CRC32c CRC algorithm implemented using sparc64 crypto instructions,
 637	  when available.
 638
 639config CRYPTO_CRC32
 640	tristate "CRC32 CRC algorithm"
 641	select CRYPTO_HASH
 642	select CRC32
 643	help
 644	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
 645	  Shash crypto api wrappers to crc32_le function.
 646
 647config CRYPTO_CRC32_PCLMUL
 648	tristate "CRC32 PCLMULQDQ hardware acceleration"
 649	depends on X86
 650	select CRYPTO_HASH
 651	select CRC32
 652	help
 653	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
 654	  and PCLMULQDQ supported, the processor will support
 655	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
 656	  instruction. This option will create 'crc32-pclmul' module,
 657	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
 658	  and gain better performance as compared with the table implementation.
 659
 660config CRYPTO_CRC32_MIPS
 661	tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
 662	depends on MIPS_CRC_SUPPORT
 663	select CRYPTO_HASH
 664	help
 665	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
 666	  instructions, when available.
 667
 668
 669config CRYPTO_XXHASH
 670	tristate "xxHash hash algorithm"
 671	select CRYPTO_HASH
 672	select XXHASH
 673	help
 674	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
 675	  speeds close to RAM limits.
 676
 677config CRYPTO_BLAKE2B
 678	tristate "BLAKE2b digest algorithm"
 679	select CRYPTO_HASH
 680	help
 681	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
 682	  optimized for 64bit platforms and can produce digests of any size
 683	  between 1 to 64.  The keyed hash is also implemented.
 684
 685	  This module provides the following algorithms:
 686
 687	  - blake2b-160
 688	  - blake2b-256
 689	  - blake2b-384
 690	  - blake2b-512
 691
 692	  See https://blake2.net for further information.
 693
 694config CRYPTO_BLAKE2S
 695	tristate "BLAKE2s digest algorithm"
 696	select CRYPTO_LIB_BLAKE2S_GENERIC
 697	select CRYPTO_HASH
 698	help
 699	  Implementation of cryptographic hash function BLAKE2s
 700	  optimized for 8-32bit platforms and can produce digests of any size
 701	  between 1 to 32.  The keyed hash is also implemented.
 702
 703	  This module provides the following algorithms:
 704
 705	  - blake2s-128
 706	  - blake2s-160
 707	  - blake2s-224
 708	  - blake2s-256
 709
 710	  See https://blake2.net for further information.
 711
 712config CRYPTO_BLAKE2S_X86
 713	tristate "BLAKE2s digest algorithm (x86 accelerated version)"
 714	depends on X86 && 64BIT
 715	select CRYPTO_LIB_BLAKE2S_GENERIC
 716	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
 717
 718config CRYPTO_CRCT10DIF
 719	tristate "CRCT10DIF algorithm"
 720	select CRYPTO_HASH
 721	help
 722	  CRC T10 Data Integrity Field computation is being cast as
 723	  a crypto transform.  This allows for faster crc t10 diff
 724	  transforms to be used if they are available.
 725
 726config CRYPTO_CRCT10DIF_PCLMUL
 727	tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
 728	depends on X86 && 64BIT && CRC_T10DIF
 729	select CRYPTO_HASH
 730	help
 731	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
 732	  CRC T10 DIF PCLMULQDQ computation can be hardware
 733	  accelerated PCLMULQDQ instruction. This option will create
 734	  'crct10dif-pclmul' module, which is faster when computing the
 735	  crct10dif checksum as compared with the generic table implementation.
 736
 737config CRYPTO_CRCT10DIF_VPMSUM
 738	tristate "CRC32T10DIF powerpc64 hardware acceleration"
 739	depends on PPC64 && ALTIVEC && CRC_T10DIF
 740	select CRYPTO_HASH
 741	help
 742	  CRC10T10DIF algorithm implemented using vector polynomial
 743	  multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
 744	  POWER8 and newer processors for improved performance.
 745
 746config CRYPTO_CRC64_ROCKSOFT
 747	tristate "Rocksoft Model CRC64 algorithm"
 748	depends on CRC64
 749	select CRYPTO_HASH
 750
 751config CRYPTO_VPMSUM_TESTER
 752	tristate "Powerpc64 vpmsum hardware acceleration tester"
 753	depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
 754	help
 755	  Stress test for CRC32c and CRC-T10DIF algorithms implemented with
 756	  POWER8 vpmsum instructions.
 757	  Unless you are testing these algorithms, you don't need this.
 758
 759config CRYPTO_GHASH
 760	tristate "GHASH hash function"
 761	select CRYPTO_GF128MUL
 762	select CRYPTO_HASH
 763	help
 764	  GHASH is the hash function used in GCM (Galois/Counter Mode).
 765	  It is not a general-purpose cryptographic hash function.
 766
 767config CRYPTO_POLY1305
 768	tristate "Poly1305 authenticator algorithm"
 769	select CRYPTO_HASH
 770	select CRYPTO_LIB_POLY1305_GENERIC
 771	help
 772	  Poly1305 authenticator algorithm, RFC7539.
 773
 774	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 775	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 776	  in IETF protocols. This is the portable C implementation of Poly1305.
 777
 778config CRYPTO_POLY1305_X86_64
 779	tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
 780	depends on X86 && 64BIT
 781	select CRYPTO_LIB_POLY1305_GENERIC
 782	select CRYPTO_ARCH_HAVE_LIB_POLY1305
 783	help
 784	  Poly1305 authenticator algorithm, RFC7539.
 785
 786	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 787	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 788	  in IETF protocols. This is the x86_64 assembler implementation using SIMD
 789	  instructions.
 790
 791config CRYPTO_POLY1305_MIPS
 792	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
 793	depends on MIPS
 794	select CRYPTO_ARCH_HAVE_LIB_POLY1305
 795
 796config CRYPTO_MD4
 797	tristate "MD4 digest algorithm"
 798	select CRYPTO_HASH
 799	help
 800	  MD4 message digest algorithm (RFC1320).
 801
 802config CRYPTO_MD5
 803	tristate "MD5 digest algorithm"
 804	select CRYPTO_HASH
 805	help
 806	  MD5 message digest algorithm (RFC1321).
 807
 808config CRYPTO_MD5_OCTEON
 809	tristate "MD5 digest algorithm (OCTEON)"
 810	depends on CPU_CAVIUM_OCTEON
 811	select CRYPTO_MD5
 812	select CRYPTO_HASH
 813	help
 814	  MD5 message digest algorithm (RFC1321) implemented
 815	  using OCTEON crypto instructions, when available.
 816
 817config CRYPTO_MD5_PPC
 818	tristate "MD5 digest algorithm (PPC)"
 819	depends on PPC
 820	select CRYPTO_HASH
 821	help
 822	  MD5 message digest algorithm (RFC1321) implemented
 823	  in PPC assembler.
 824
 825config CRYPTO_MD5_SPARC64
 826	tristate "MD5 digest algorithm (SPARC64)"
 827	depends on SPARC64
 828	select CRYPTO_MD5
 829	select CRYPTO_HASH
 830	help
 831	  MD5 message digest algorithm (RFC1321) implemented
 832	  using sparc64 crypto instructions, when available.
 833
 834config CRYPTO_MICHAEL_MIC
 835	tristate "Michael MIC keyed digest algorithm"
 836	select CRYPTO_HASH
 837	help
 838	  Michael MIC is used for message integrity protection in TKIP
 839	  (IEEE 802.11i). This algorithm is required for TKIP, but it
 840	  should not be used for other purposes because of the weakness
 841	  of the algorithm.
 842
 843config CRYPTO_RMD160
 844	tristate "RIPEMD-160 digest algorithm"
 845	select CRYPTO_HASH
 846	help
 847	  RIPEMD-160 (ISO/IEC 10118-3:2004).
 848
 849	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
 850	  to be used as a secure replacement for the 128-bit hash functions
 851	  MD4, MD5 and it's predecessor RIPEMD
 852	  (not to be confused with RIPEMD-128).
 853
 854	  It's speed is comparable to SHA1 and there are no known attacks
 855	  against RIPEMD-160.
 856
 857	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 858	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 859
 860config CRYPTO_SHA1
 861	tristate "SHA1 digest algorithm"
 862	select CRYPTO_HASH
 863	help
 864	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 865
 866config CRYPTO_SHA1_SSSE3
 867	tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 868	depends on X86 && 64BIT
 869	select CRYPTO_SHA1
 870	select CRYPTO_HASH
 871	help
 872	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 873	  using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
 874	  Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
 875	  when available.
 876
 877config CRYPTO_SHA256_SSSE3
 878	tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
 879	depends on X86 && 64BIT
 880	select CRYPTO_SHA256
 881	select CRYPTO_HASH
 882	help
 883	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 884	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 885	  Extensions version 1 (AVX1), or Advanced Vector Extensions
 886	  version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
 887	  Instructions) when available.
 888
 889config CRYPTO_SHA512_SSSE3
 890	tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
 891	depends on X86 && 64BIT
 892	select CRYPTO_SHA512
 893	select CRYPTO_HASH
 894	help
 895	  SHA-512 secure hash standard (DFIPS 180-2) implemented
 896	  using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
 897	  Extensions version 1 (AVX1), or Advanced Vector Extensions
 898	  version 2 (AVX2) instructions, when available.
 899
 900config CRYPTO_SHA1_OCTEON
 901	tristate "SHA1 digest algorithm (OCTEON)"
 902	depends on CPU_CAVIUM_OCTEON
 903	select CRYPTO_SHA1
 904	select CRYPTO_HASH
 905	help
 906	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 907	  using OCTEON crypto instructions, when available.
 908
 909config CRYPTO_SHA1_SPARC64
 910	tristate "SHA1 digest algorithm (SPARC64)"
 911	depends on SPARC64
 912	select CRYPTO_SHA1
 913	select CRYPTO_HASH
 914	help
 915	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
 916	  using sparc64 crypto instructions, when available.
 917
 918config CRYPTO_SHA1_PPC
 919	tristate "SHA1 digest algorithm (powerpc)"
 920	depends on PPC
 921	help
 922	  This is the powerpc hardware accelerated implementation of the
 923	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 924
 925config CRYPTO_SHA1_PPC_SPE
 926	tristate "SHA1 digest algorithm (PPC SPE)"
 927	depends on PPC && SPE
 928	help
 929	  SHA-1 secure hash standard (DFIPS 180-4) implemented
 930	  using powerpc SPE SIMD instruction set.
 931
 932config CRYPTO_SHA256
 933	tristate "SHA224 and SHA256 digest algorithm"
 934	select CRYPTO_HASH
 935	select CRYPTO_LIB_SHA256
 936	help
 937	  SHA256 secure hash standard (DFIPS 180-2).
 938
 939	  This version of SHA implements a 256 bit hash with 128 bits of
 940	  security against collision attacks.
 941
 942	  This code also includes SHA-224, a 224 bit hash with 112 bits
 943	  of security against collision attacks.
 944
 945config CRYPTO_SHA256_PPC_SPE
 946	tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
 947	depends on PPC && SPE
 948	select CRYPTO_SHA256
 949	select CRYPTO_HASH
 950	help
 951	  SHA224 and SHA256 secure hash standard (DFIPS 180-2)
 952	  implemented using powerpc SPE SIMD instruction set.
 953
 954config CRYPTO_SHA256_OCTEON
 955	tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
 956	depends on CPU_CAVIUM_OCTEON
 957	select CRYPTO_SHA256
 958	select CRYPTO_HASH
 959	help
 960	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 961	  using OCTEON crypto instructions, when available.
 962
 963config CRYPTO_SHA256_SPARC64
 964	tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
 965	depends on SPARC64
 966	select CRYPTO_SHA256
 967	select CRYPTO_HASH
 968	help
 969	  SHA-256 secure hash standard (DFIPS 180-2) implemented
 970	  using sparc64 crypto instructions, when available.
 971
 972config CRYPTO_SHA512
 973	tristate "SHA384 and SHA512 digest algorithms"
 974	select CRYPTO_HASH
 975	help
 976	  SHA512 secure hash standard (DFIPS 180-2).
 977
 978	  This version of SHA implements a 512 bit hash with 256 bits of
 979	  security against collision attacks.
 980
 981	  This code also includes SHA-384, a 384 bit hash with 192 bits
 982	  of security against collision attacks.
 983
 984config CRYPTO_SHA512_OCTEON
 985	tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
 986	depends on CPU_CAVIUM_OCTEON
 987	select CRYPTO_SHA512
 988	select CRYPTO_HASH
 989	help
 990	  SHA-512 secure hash standard (DFIPS 180-2) implemented
 991	  using OCTEON crypto instructions, when available.
 992
 993config CRYPTO_SHA512_SPARC64
 994	tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
 995	depends on SPARC64
 996	select CRYPTO_SHA512
 997	select CRYPTO_HASH
 998	help
 999	  SHA-512 secure hash standard (DFIPS 180-2) implemented
1000	  using sparc64 crypto instructions, when available.
1001
1002config CRYPTO_SHA3
1003	tristate "SHA3 digest algorithm"
1004	select CRYPTO_HASH
1005	help
1006	  SHA-3 secure hash standard (DFIPS 202). It's based on
1007	  cryptographic sponge function family called Keccak.
1008
1009	  References:
1010	  http://keccak.noekeon.org/
1011
1012config CRYPTO_SM3
1013	tristate "SM3 digest algorithm"
1014	select CRYPTO_HASH
1015	select CRYPTO_LIB_SM3
1016	help
1017	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1018	  It is part of the Chinese Commercial Cryptography suite.
1019
1020	  References:
1021	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1022	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1023
1024config CRYPTO_SM3_AVX_X86_64
1025	tristate "SM3 digest algorithm (x86_64/AVX)"
1026	depends on X86 && 64BIT
1027	select CRYPTO_HASH
1028	select CRYPTO_LIB_SM3
1029	help
1030	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1031	  It is part of the Chinese Commercial Cryptography suite. This is
1032	  SM3 optimized implementation using Advanced Vector Extensions (AVX)
1033	  when available.
1034
1035	  If unsure, say N.
1036
1037config CRYPTO_STREEBOG
1038	tristate "Streebog Hash Function"
1039	select CRYPTO_HASH
1040	help
1041	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1042	  cryptographic standard algorithms (called GOST algorithms).
1043	  This setting enables two hash algorithms with 256 and 512 bits output.
1044
1045	  References:
1046	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1047	  https://tools.ietf.org/html/rfc6986
1048
1049config CRYPTO_WP512
1050	tristate "Whirlpool digest algorithms"
1051	select CRYPTO_HASH
1052	help
1053	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
1054
1055	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
1056	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1057
1058	  See also:
1059	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1060
1061config CRYPTO_GHASH_CLMUL_NI_INTEL
1062	tristate "GHASH hash function (CLMUL-NI accelerated)"
1063	depends on X86 && 64BIT
1064	select CRYPTO_CRYPTD
1065	help
1066	  This is the x86_64 CLMUL-NI accelerated implementation of
1067	  GHASH, the hash function used in GCM (Galois/Counter mode).
1068
1069comment "Ciphers"
1070
1071config CRYPTO_AES
1072	tristate "AES cipher algorithms"
1073	select CRYPTO_ALGAPI
1074	select CRYPTO_LIB_AES
1075	help
1076	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1077	  algorithm.
1078
1079	  Rijndael appears to be consistently a very good performer in
1080	  both hardware and software across a wide range of computing
1081	  environments regardless of its use in feedback or non-feedback
1082	  modes. Its key setup time is excellent, and its key agility is
1083	  good. Rijndael's very low memory requirements make it very well
1084	  suited for restricted-space environments, in which it also
1085	  demonstrates excellent performance. Rijndael's operations are
1086	  among the easiest to defend against power and timing attacks.
1087
1088	  The AES specifies three key sizes: 128, 192 and 256 bits
1089
1090	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1091
1092config CRYPTO_AES_TI
1093	tristate "Fixed time AES cipher"
1094	select CRYPTO_ALGAPI
1095	select CRYPTO_LIB_AES
1096	help
1097	  This is a generic implementation of AES that attempts to eliminate
1098	  data dependent latencies as much as possible without affecting
1099	  performance too much. It is intended for use by the generic CCM
1100	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1101	  solely on encryption (although decryption is supported as well, but
1102	  with a more dramatic performance hit)
1103
1104	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1105	  8 for decryption), this implementation only uses just two S-boxes of
1106	  256 bytes each, and attempts to eliminate data dependent latencies by
1107	  prefetching the entire table into the cache at the start of each
1108	  block. Interrupts are also disabled to avoid races where cachelines
1109	  are evicted when the CPU is interrupted to do something else.
1110
1111config CRYPTO_AES_NI_INTEL
1112	tristate "AES cipher algorithms (AES-NI)"
1113	depends on X86
1114	select CRYPTO_AEAD
1115	select CRYPTO_LIB_AES
1116	select CRYPTO_ALGAPI
1117	select CRYPTO_SKCIPHER
1118	select CRYPTO_SIMD
1119	help
1120	  Use Intel AES-NI instructions for AES algorithm.
1121
1122	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1123	  algorithm.
1124
1125	  Rijndael appears to be consistently a very good performer in
1126	  both hardware and software across a wide range of computing
1127	  environments regardless of its use in feedback or non-feedback
1128	  modes. Its key setup time is excellent, and its key agility is
1129	  good. Rijndael's very low memory requirements make it very well
1130	  suited for restricted-space environments, in which it also
1131	  demonstrates excellent performance. Rijndael's operations are
1132	  among the easiest to defend against power and timing attacks.
1133
1134	  The AES specifies three key sizes: 128, 192 and 256 bits
1135
1136	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1137
1138	  In addition to AES cipher algorithm support, the acceleration
1139	  for some popular block cipher mode is supported too, including
1140	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1141	  acceleration for CTR.
1142
1143config CRYPTO_AES_SPARC64
1144	tristate "AES cipher algorithms (SPARC64)"
1145	depends on SPARC64
1146	select CRYPTO_SKCIPHER
1147	help
1148	  Use SPARC64 crypto opcodes for AES algorithm.
1149
1150	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1151	  algorithm.
1152
1153	  Rijndael appears to be consistently a very good performer in
1154	  both hardware and software across a wide range of computing
1155	  environments regardless of its use in feedback or non-feedback
1156	  modes. Its key setup time is excellent, and its key agility is
1157	  good. Rijndael's very low memory requirements make it very well
1158	  suited for restricted-space environments, in which it also
1159	  demonstrates excellent performance. Rijndael's operations are
1160	  among the easiest to defend against power and timing attacks.
1161
1162	  The AES specifies three key sizes: 128, 192 and 256 bits
1163
1164	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1165
1166	  In addition to AES cipher algorithm support, the acceleration
1167	  for some popular block cipher mode is supported too, including
1168	  ECB and CBC.
1169
1170config CRYPTO_AES_PPC_SPE
1171	tristate "AES cipher algorithms (PPC SPE)"
1172	depends on PPC && SPE
1173	select CRYPTO_SKCIPHER
1174	help
1175	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1176	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1177	  This module should only be used for low power (router) devices
1178	  without hardware AES acceleration (e.g. caam crypto). It reduces the
1179	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1180	  timining attacks. Nevertheless it might be not as secure as other
1181	  architecture specific assembler implementations that work on 1KB
1182	  tables or 256 bytes S-boxes.
1183
1184config CRYPTO_ANUBIS
1185	tristate "Anubis cipher algorithm"
1186	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1187	select CRYPTO_ALGAPI
1188	help
1189	  Anubis cipher algorithm.
1190
1191	  Anubis is a variable key length cipher which can use keys from
1192	  128 bits to 320 bits in length.  It was evaluated as a entrant
1193	  in the NESSIE competition.
1194
1195	  See also:
1196	  <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1197	  <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1198
1199config CRYPTO_ARC4
1200	tristate "ARC4 cipher algorithm"
1201	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1202	select CRYPTO_SKCIPHER
1203	select CRYPTO_LIB_ARC4
1204	help
1205	  ARC4 cipher algorithm.
1206
1207	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1208	  bits in length.  This algorithm is required for driver-based
1209	  WEP, but it should not be for other purposes because of the
1210	  weakness of the algorithm.
1211
1212config CRYPTO_BLOWFISH
1213	tristate "Blowfish cipher algorithm"
1214	select CRYPTO_ALGAPI
1215	select CRYPTO_BLOWFISH_COMMON
1216	help
1217	  Blowfish cipher algorithm, by Bruce Schneier.
1218
1219	  This is a variable key length cipher which can use keys from 32
1220	  bits to 448 bits in length.  It's fast, simple and specifically
1221	  designed for use on "large microprocessors".
1222
1223	  See also:
1224	  <https://www.schneier.com/blowfish.html>
1225
1226config CRYPTO_BLOWFISH_COMMON
1227	tristate
1228	help
1229	  Common parts of the Blowfish cipher algorithm shared by the
1230	  generic c and the assembler implementations.
1231
1232	  See also:
1233	  <https://www.schneier.com/blowfish.html>
1234
1235config CRYPTO_BLOWFISH_X86_64
1236	tristate "Blowfish cipher algorithm (x86_64)"
1237	depends on X86 && 64BIT
1238	select CRYPTO_SKCIPHER
1239	select CRYPTO_BLOWFISH_COMMON
1240	imply CRYPTO_CTR
1241	help
1242	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1243
1244	  This is a variable key length cipher which can use keys from 32
1245	  bits to 448 bits in length.  It's fast, simple and specifically
1246	  designed for use on "large microprocessors".
1247
1248	  See also:
1249	  <https://www.schneier.com/blowfish.html>
1250
1251config CRYPTO_CAMELLIA
1252	tristate "Camellia cipher algorithms"
1253	select CRYPTO_ALGAPI
1254	help
1255	  Camellia cipher algorithms module.
1256
1257	  Camellia is a symmetric key block cipher developed jointly
1258	  at NTT and Mitsubishi Electric Corporation.
1259
1260	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1261
1262	  See also:
1263	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1264
1265config CRYPTO_CAMELLIA_X86_64
1266	tristate "Camellia cipher algorithm (x86_64)"
1267	depends on X86 && 64BIT
1268	select CRYPTO_SKCIPHER
1269	imply CRYPTO_CTR
1270	help
1271	  Camellia cipher algorithm module (x86_64).
1272
1273	  Camellia is a symmetric key block cipher developed jointly
1274	  at NTT and Mitsubishi Electric Corporation.
1275
1276	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1277
1278	  See also:
1279	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1280
1281config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1282	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1283	depends on X86 && 64BIT
1284	select CRYPTO_SKCIPHER
1285	select CRYPTO_CAMELLIA_X86_64
1286	select CRYPTO_SIMD
1287	imply CRYPTO_XTS
1288	help
1289	  Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1290
1291	  Camellia is a symmetric key block cipher developed jointly
1292	  at NTT and Mitsubishi Electric Corporation.
1293
1294	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1295
1296	  See also:
1297	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1298
1299config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1300	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1301	depends on X86 && 64BIT
1302	select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1303	help
1304	  Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1305
1306	  Camellia is a symmetric key block cipher developed jointly
1307	  at NTT and Mitsubishi Electric Corporation.
1308
1309	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1310
1311	  See also:
1312	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1313
1314config CRYPTO_CAMELLIA_SPARC64
1315	tristate "Camellia cipher algorithm (SPARC64)"
1316	depends on SPARC64
1317	select CRYPTO_ALGAPI
1318	select CRYPTO_SKCIPHER
1319	help
1320	  Camellia cipher algorithm module (SPARC64).
1321
1322	  Camellia is a symmetric key block cipher developed jointly
1323	  at NTT and Mitsubishi Electric Corporation.
1324
1325	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
1326
1327	  See also:
1328	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1329
1330config CRYPTO_CAST_COMMON
1331	tristate
1332	help
1333	  Common parts of the CAST cipher algorithms shared by the
1334	  generic c and the assembler implementations.
1335
1336config CRYPTO_CAST5
1337	tristate "CAST5 (CAST-128) cipher algorithm"
1338	select CRYPTO_ALGAPI
1339	select CRYPTO_CAST_COMMON
1340	help
1341	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1342	  described in RFC2144.
1343
1344config CRYPTO_CAST5_AVX_X86_64
1345	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1346	depends on X86 && 64BIT
1347	select CRYPTO_SKCIPHER
1348	select CRYPTO_CAST5
1349	select CRYPTO_CAST_COMMON
1350	select CRYPTO_SIMD
1351	imply CRYPTO_CTR
1352	help
1353	  The CAST5 encryption algorithm (synonymous with CAST-128) is
1354	  described in RFC2144.
1355
1356	  This module provides the Cast5 cipher algorithm that processes
1357	  sixteen blocks parallel using the AVX instruction set.
1358
1359config CRYPTO_CAST6
1360	tristate "CAST6 (CAST-256) cipher algorithm"
1361	select CRYPTO_ALGAPI
1362	select CRYPTO_CAST_COMMON
1363	help
1364	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1365	  described in RFC2612.
1366
1367config CRYPTO_CAST6_AVX_X86_64
1368	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1369	depends on X86 && 64BIT
1370	select CRYPTO_SKCIPHER
1371	select CRYPTO_CAST6
1372	select CRYPTO_CAST_COMMON
1373	select CRYPTO_SIMD
1374	imply CRYPTO_XTS
1375	imply CRYPTO_CTR
1376	help
1377	  The CAST6 encryption algorithm (synonymous with CAST-256) is
1378	  described in RFC2612.
1379
1380	  This module provides the Cast6 cipher algorithm that processes
1381	  eight blocks parallel using the AVX instruction set.
1382
1383config CRYPTO_DES
1384	tristate "DES and Triple DES EDE cipher algorithms"
1385	select CRYPTO_ALGAPI
1386	select CRYPTO_LIB_DES
1387	help
1388	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1389
1390config CRYPTO_DES_SPARC64
1391	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1392	depends on SPARC64
1393	select CRYPTO_ALGAPI
1394	select CRYPTO_LIB_DES
1395	select CRYPTO_SKCIPHER
1396	help
1397	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1398	  optimized using SPARC64 crypto opcodes.
1399
1400config CRYPTO_DES3_EDE_X86_64
1401	tristate "Triple DES EDE cipher algorithm (x86-64)"
1402	depends on X86 && 64BIT
1403	select CRYPTO_SKCIPHER
1404	select CRYPTO_LIB_DES
1405	imply CRYPTO_CTR
1406	help
1407	  Triple DES EDE (FIPS 46-3) algorithm.
1408
1409	  This module provides implementation of the Triple DES EDE cipher
1410	  algorithm that is optimized for x86-64 processors. Two versions of
1411	  algorithm are provided; regular processing one input block and
1412	  one that processes three blocks parallel.
1413
1414config CRYPTO_FCRYPT
1415	tristate "FCrypt cipher algorithm"
1416	select CRYPTO_ALGAPI
1417	select CRYPTO_SKCIPHER
1418	help
1419	  FCrypt algorithm used by RxRPC.
1420
1421config CRYPTO_KHAZAD
1422	tristate "Khazad cipher algorithm"
1423	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1424	select CRYPTO_ALGAPI
1425	help
1426	  Khazad cipher algorithm.
1427
1428	  Khazad was a finalist in the initial NESSIE competition.  It is
1429	  an algorithm optimized for 64-bit processors with good performance
1430	  on 32-bit processors.  Khazad uses an 128 bit key size.
1431
1432	  See also:
1433	  <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1434
1435config CRYPTO_CHACHA20
1436	tristate "ChaCha stream cipher algorithms"
1437	select CRYPTO_LIB_CHACHA_GENERIC
1438	select CRYPTO_SKCIPHER
1439	help
1440	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1441
1442	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1443	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1444	  This is the portable C implementation of ChaCha20.  See also:
1445	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1446
1447	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1448	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
1449	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1450	  while provably retaining ChaCha20's security.  See also:
1451	  <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1452
1453	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1454	  reduced security margin but increased performance.  It can be needed
1455	  in some performance-sensitive scenarios.
1456
1457config CRYPTO_CHACHA20_X86_64
1458	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1459	depends on X86 && 64BIT
1460	select CRYPTO_SKCIPHER
1461	select CRYPTO_LIB_CHACHA_GENERIC
1462	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1463	help
1464	  SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1465	  XChaCha20, and XChaCha12 stream ciphers.
1466
1467config CRYPTO_CHACHA_MIPS
1468	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1469	depends on CPU_MIPS32_R2
1470	select CRYPTO_SKCIPHER
1471	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1472
1473config CRYPTO_SEED
1474	tristate "SEED cipher algorithm"
1475	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1476	select CRYPTO_ALGAPI
1477	help
1478	  SEED cipher algorithm (RFC4269).
1479
1480	  SEED is a 128-bit symmetric key block cipher that has been
1481	  developed by KISA (Korea Information Security Agency) as a
1482	  national standard encryption algorithm of the Republic of Korea.
1483	  It is a 16 round block cipher with the key size of 128 bit.
1484
1485	  See also:
1486	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1487
1488config CRYPTO_SERPENT
1489	tristate "Serpent cipher algorithm"
1490	select CRYPTO_ALGAPI
1491	help
1492	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1493
1494	  Keys are allowed to be from 0 to 256 bits in length, in steps
1495	  of 8 bits.
1496
1497	  See also:
1498	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1499
1500config CRYPTO_SERPENT_SSE2_X86_64
1501	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1502	depends on X86 && 64BIT
1503	select CRYPTO_SKCIPHER
1504	select CRYPTO_SERPENT
1505	select CRYPTO_SIMD
1506	imply CRYPTO_CTR
1507	help
1508	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1509
1510	  Keys are allowed to be from 0 to 256 bits in length, in steps
1511	  of 8 bits.
1512
1513	  This module provides Serpent cipher algorithm that processes eight
1514	  blocks parallel using SSE2 instruction set.
1515
1516	  See also:
1517	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1518
1519config CRYPTO_SERPENT_SSE2_586
1520	tristate "Serpent cipher algorithm (i586/SSE2)"
1521	depends on X86 && !64BIT
1522	select CRYPTO_SKCIPHER
1523	select CRYPTO_SERPENT
1524	select CRYPTO_SIMD
1525	imply CRYPTO_CTR
1526	help
1527	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1528
1529	  Keys are allowed to be from 0 to 256 bits in length, in steps
1530	  of 8 bits.
1531
1532	  This module provides Serpent cipher algorithm that processes four
1533	  blocks parallel using SSE2 instruction set.
1534
1535	  See also:
1536	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1537
1538config CRYPTO_SERPENT_AVX_X86_64
1539	tristate "Serpent cipher algorithm (x86_64/AVX)"
1540	depends on X86 && 64BIT
1541	select CRYPTO_SKCIPHER
1542	select CRYPTO_SERPENT
1543	select CRYPTO_SIMD
1544	imply CRYPTO_XTS
1545	imply CRYPTO_CTR
1546	help
1547	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1548
1549	  Keys are allowed to be from 0 to 256 bits in length, in steps
1550	  of 8 bits.
1551
1552	  This module provides the Serpent cipher algorithm that processes
1553	  eight blocks parallel using the AVX instruction set.
1554
1555	  See also:
1556	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1557
1558config CRYPTO_SERPENT_AVX2_X86_64
1559	tristate "Serpent cipher algorithm (x86_64/AVX2)"
1560	depends on X86 && 64BIT
1561	select CRYPTO_SERPENT_AVX_X86_64
1562	help
1563	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1564
1565	  Keys are allowed to be from 0 to 256 bits in length, in steps
1566	  of 8 bits.
1567
1568	  This module provides Serpent cipher algorithm that processes 16
1569	  blocks parallel using AVX2 instruction set.
1570
1571	  See also:
1572	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1573
1574config CRYPTO_SM4
1575	tristate "SM4 cipher algorithm"
1576	select CRYPTO_ALGAPI
1577	select CRYPTO_LIB_SM4
1578	help
1579	  SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1580
1581	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1582	  Organization of State Commercial Administration of China (OSCCA)
1583	  as an authorized cryptographic algorithms for the use within China.
1584
1585	  SMS4 was originally created for use in protecting wireless
1586	  networks, and is mandated in the Chinese National Standard for
1587	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1588	  (GB.15629.11-2003).
1589
1590	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1591	  standardized through TC 260 of the Standardization Administration
1592	  of the People's Republic of China (SAC).
1593
1594	  The input, output, and key of SMS4 are each 128 bits.
1595
1596	  See also: <https://eprint.iacr.org/2008/329.pdf>
1597
1598	  If unsure, say N.
1599
1600config CRYPTO_SM4_AESNI_AVX_X86_64
1601	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1602	depends on X86 && 64BIT
1603	select CRYPTO_SKCIPHER
1604	select CRYPTO_SIMD
1605	select CRYPTO_ALGAPI
1606	select CRYPTO_LIB_SM4
1607	help
1608	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1609
1610	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1611	  Organization of State Commercial Administration of China (OSCCA)
1612	  as an authorized cryptographic algorithms for the use within China.
1613
1614	  This is SM4 optimized implementation using AES-NI/AVX/x86_64
1615	  instruction set for block cipher. Through two affine transforms,
1616	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1617	  effect of instruction acceleration.
1618
1619	  If unsure, say N.
1620
1621config CRYPTO_SM4_AESNI_AVX2_X86_64
1622	tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1623	depends on X86 && 64BIT
1624	select CRYPTO_SKCIPHER
1625	select CRYPTO_SIMD
1626	select CRYPTO_ALGAPI
1627	select CRYPTO_LIB_SM4
1628	select CRYPTO_SM4_AESNI_AVX_X86_64
1629	help
1630	  SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1631
1632	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1633	  Organization of State Commercial Administration of China (OSCCA)
1634	  as an authorized cryptographic algorithms for the use within China.
1635
1636	  This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1637	  instruction set for block cipher. Through two affine transforms,
1638	  we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1639	  effect of instruction acceleration.
1640
1641	  If unsure, say N.
1642
1643config CRYPTO_TEA
1644	tristate "TEA, XTEA and XETA cipher algorithms"
1645	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1646	select CRYPTO_ALGAPI
1647	help
1648	  TEA cipher algorithm.
1649
1650	  Tiny Encryption Algorithm is a simple cipher that uses
1651	  many rounds for security.  It is very fast and uses
1652	  little memory.
1653
1654	  Xtendend Tiny Encryption Algorithm is a modification to
1655	  the TEA algorithm to address a potential key weakness
1656	  in the TEA algorithm.
1657
1658	  Xtendend Encryption Tiny Algorithm is a mis-implementation
1659	  of the XTEA algorithm for compatibility purposes.
1660
1661config CRYPTO_TWOFISH
1662	tristate "Twofish cipher algorithm"
1663	select CRYPTO_ALGAPI
1664	select CRYPTO_TWOFISH_COMMON
1665	help
1666	  Twofish cipher algorithm.
1667
1668	  Twofish was submitted as an AES (Advanced Encryption Standard)
1669	  candidate cipher by researchers at CounterPane Systems.  It is a
1670	  16 round block cipher supporting key sizes of 128, 192, and 256
1671	  bits.
1672
1673	  See also:
1674	  <https://www.schneier.com/twofish.html>
1675
1676config CRYPTO_TWOFISH_COMMON
1677	tristate
1678	help
1679	  Common parts of the Twofish cipher algorithm shared by the
1680	  generic c and the assembler implementations.
1681
1682config CRYPTO_TWOFISH_586
1683	tristate "Twofish cipher algorithms (i586)"
1684	depends on (X86 || UML_X86) && !64BIT
1685	select CRYPTO_ALGAPI
1686	select CRYPTO_TWOFISH_COMMON
1687	imply CRYPTO_CTR
1688	help
1689	  Twofish cipher algorithm.
1690
1691	  Twofish was submitted as an AES (Advanced Encryption Standard)
1692	  candidate cipher by researchers at CounterPane Systems.  It is a
1693	  16 round block cipher supporting key sizes of 128, 192, and 256
1694	  bits.
1695
1696	  See also:
1697	  <https://www.schneier.com/twofish.html>
1698
1699config CRYPTO_TWOFISH_X86_64
1700	tristate "Twofish cipher algorithm (x86_64)"
1701	depends on (X86 || UML_X86) && 64BIT
1702	select CRYPTO_ALGAPI
1703	select CRYPTO_TWOFISH_COMMON
1704	imply CRYPTO_CTR
1705	help
1706	  Twofish cipher algorithm (x86_64).
1707
1708	  Twofish was submitted as an AES (Advanced Encryption Standard)
1709	  candidate cipher by researchers at CounterPane Systems.  It is a
1710	  16 round block cipher supporting key sizes of 128, 192, and 256
1711	  bits.
1712
1713	  See also:
1714	  <https://www.schneier.com/twofish.html>
1715
1716config CRYPTO_TWOFISH_X86_64_3WAY
1717	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1718	depends on X86 && 64BIT
1719	select CRYPTO_SKCIPHER
1720	select CRYPTO_TWOFISH_COMMON
1721	select CRYPTO_TWOFISH_X86_64
1722	help
1723	  Twofish cipher algorithm (x86_64, 3-way parallel).
1724
1725	  Twofish was submitted as an AES (Advanced Encryption Standard)
1726	  candidate cipher by researchers at CounterPane Systems.  It is a
1727	  16 round block cipher supporting key sizes of 128, 192, and 256
1728	  bits.
1729
1730	  This module provides Twofish cipher algorithm that processes three
1731	  blocks parallel, utilizing resources of out-of-order CPUs better.
1732
1733	  See also:
1734	  <https://www.schneier.com/twofish.html>
1735
1736config CRYPTO_TWOFISH_AVX_X86_64
1737	tristate "Twofish cipher algorithm (x86_64/AVX)"
1738	depends on X86 && 64BIT
1739	select CRYPTO_SKCIPHER
1740	select CRYPTO_SIMD
1741	select CRYPTO_TWOFISH_COMMON
1742	select CRYPTO_TWOFISH_X86_64
1743	select CRYPTO_TWOFISH_X86_64_3WAY
1744	imply CRYPTO_XTS
1745	help
1746	  Twofish cipher algorithm (x86_64/AVX).
1747
1748	  Twofish was submitted as an AES (Advanced Encryption Standard)
1749	  candidate cipher by researchers at CounterPane Systems.  It is a
1750	  16 round block cipher supporting key sizes of 128, 192, and 256
1751	  bits.
1752
1753	  This module provides the Twofish cipher algorithm that processes
1754	  eight blocks parallel using the AVX Instruction Set.
1755
1756	  See also:
1757	  <https://www.schneier.com/twofish.html>
1758
1759comment "Compression"
1760
1761config CRYPTO_DEFLATE
1762	tristate "Deflate compression algorithm"
1763	select CRYPTO_ALGAPI
1764	select CRYPTO_ACOMP2
1765	select ZLIB_INFLATE
1766	select ZLIB_DEFLATE
1767	help
1768	  This is the Deflate algorithm (RFC1951), specified for use in
1769	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1770
1771	  You will most probably want this if using IPSec.
1772
1773config CRYPTO_LZO
1774	tristate "LZO compression algorithm"
1775	select CRYPTO_ALGAPI
1776	select CRYPTO_ACOMP2
1777	select LZO_COMPRESS
1778	select LZO_DECOMPRESS
1779	help
1780	  This is the LZO algorithm.
1781
1782config CRYPTO_842
1783	tristate "842 compression algorithm"
1784	select CRYPTO_ALGAPI
1785	select CRYPTO_ACOMP2
1786	select 842_COMPRESS
1787	select 842_DECOMPRESS
1788	help
1789	  This is the 842 algorithm.
1790
1791config CRYPTO_LZ4
1792	tristate "LZ4 compression algorithm"
1793	select CRYPTO_ALGAPI
1794	select CRYPTO_ACOMP2
1795	select LZ4_COMPRESS
1796	select LZ4_DECOMPRESS
1797	help
1798	  This is the LZ4 algorithm.
1799
1800config CRYPTO_LZ4HC
1801	tristate "LZ4HC compression algorithm"
1802	select CRYPTO_ALGAPI
1803	select CRYPTO_ACOMP2
1804	select LZ4HC_COMPRESS
1805	select LZ4_DECOMPRESS
1806	help
1807	  This is the LZ4 high compression mode algorithm.
1808
1809config CRYPTO_ZSTD
1810	tristate "Zstd compression algorithm"
1811	select CRYPTO_ALGAPI
1812	select CRYPTO_ACOMP2
1813	select ZSTD_COMPRESS
1814	select ZSTD_DECOMPRESS
1815	help
1816	  This is the zstd algorithm.
1817
1818comment "Random Number Generation"
1819
1820config CRYPTO_ANSI_CPRNG
1821	tristate "Pseudo Random Number Generation for Cryptographic modules"
1822	select CRYPTO_AES
1823	select CRYPTO_RNG
1824	help
1825	  This option enables the generic pseudo random number generator
1826	  for cryptographic modules.  Uses the Algorithm specified in
1827	  ANSI X9.31 A.2.4. Note that this option must be enabled if
1828	  CRYPTO_FIPS is selected
1829
1830menuconfig CRYPTO_DRBG_MENU
1831	tristate "NIST SP800-90A DRBG"
1832	help
1833	  NIST SP800-90A compliant DRBG. In the following submenu, one or
1834	  more of the DRBG types must be selected.
1835
1836if CRYPTO_DRBG_MENU
1837
1838config CRYPTO_DRBG_HMAC
1839	bool
1840	default y
1841	select CRYPTO_HMAC
1842	select CRYPTO_SHA512
1843
1844config CRYPTO_DRBG_HASH
1845	bool "Enable Hash DRBG"
1846	select CRYPTO_SHA256
1847	help
1848	  Enable the Hash DRBG variant as defined in NIST SP800-90A.
1849
1850config CRYPTO_DRBG_CTR
1851	bool "Enable CTR DRBG"
1852	select CRYPTO_AES
1853	select CRYPTO_CTR
1854	help
1855	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1856
1857config CRYPTO_DRBG
1858	tristate
1859	default CRYPTO_DRBG_MENU
1860	select CRYPTO_RNG
1861	select CRYPTO_JITTERENTROPY
1862
1863endif	# if CRYPTO_DRBG_MENU
1864
1865config CRYPTO_JITTERENTROPY
1866	tristate "Jitterentropy Non-Deterministic Random Number Generator"
1867	select CRYPTO_RNG
1868	help
1869	  The Jitterentropy RNG is a noise that is intended
1870	  to provide seed to another RNG. The RNG does not
1871	  perform any cryptographic whitening of the generated
1872	  random numbers. This Jitterentropy RNG registers with
1873	  the kernel crypto API and can be used by any caller.
1874
1875config CRYPTO_KDF800108_CTR
1876	tristate
1877	select CRYPTO_HMAC
1878	select CRYPTO_SHA256
1879
1880config CRYPTO_USER_API
1881	tristate
1882
1883config CRYPTO_USER_API_HASH
1884	tristate "User-space interface for hash algorithms"
1885	depends on NET
1886	select CRYPTO_HASH
1887	select CRYPTO_USER_API
1888	help
1889	  This option enables the user-spaces interface for hash
1890	  algorithms.
1891
1892config CRYPTO_USER_API_SKCIPHER
1893	tristate "User-space interface for symmetric key cipher algorithms"
1894	depends on NET
1895	select CRYPTO_SKCIPHER
1896	select CRYPTO_USER_API
1897	help
1898	  This option enables the user-spaces interface for symmetric
1899	  key cipher algorithms.
1900
1901config CRYPTO_USER_API_RNG
1902	tristate "User-space interface for random number generator algorithms"
1903	depends on NET
1904	select CRYPTO_RNG
1905	select CRYPTO_USER_API
1906	help
1907	  This option enables the user-spaces interface for random
1908	  number generator algorithms.
1909
1910config CRYPTO_USER_API_RNG_CAVP
1911	bool "Enable CAVP testing of DRBG"
1912	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1913	help
1914	  This option enables extra API for CAVP testing via the user-space
1915	  interface: resetting of DRBG entropy, and providing Additional Data.
1916	  This should only be enabled for CAVP testing. You should say
1917	  no unless you know what this is.
1918
1919config CRYPTO_USER_API_AEAD
1920	tristate "User-space interface for AEAD cipher algorithms"
1921	depends on NET
1922	select CRYPTO_AEAD
1923	select CRYPTO_SKCIPHER
1924	select CRYPTO_NULL
1925	select CRYPTO_USER_API
1926	help
1927	  This option enables the user-spaces interface for AEAD
1928	  cipher algorithms.
1929
1930config CRYPTO_USER_API_ENABLE_OBSOLETE
1931	bool "Enable obsolete cryptographic algorithms for userspace"
1932	depends on CRYPTO_USER_API
1933	default y
1934	help
1935	  Allow obsolete cryptographic algorithms to be selected that have
1936	  already been phased out from internal use by the kernel, and are
1937	  only useful for userspace clients that still rely on them.
1938
1939config CRYPTO_STATS
1940	bool "Crypto usage statistics for User-space"
1941	depends on CRYPTO_USER
1942	help
1943	  This option enables the gathering of crypto stats.
1944	  This will collect:
1945	  - encrypt/decrypt size and numbers of symmeric operations
1946	  - compress/decompress size and numbers of compress operations
1947	  - size and numbers of hash operations
1948	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1949	  - generate/seed numbers for rng operations
1950
1951config CRYPTO_HASH_INFO
1952	bool
1953
1954source "drivers/crypto/Kconfig"
1955source "crypto/asymmetric_keys/Kconfig"
1956source "certs/Kconfig"
1957
1958endif	# if CRYPTO