1 # SPDX-License-Identifier: GPL-2.0 2 # 3 # Generic algorithms support 4 # 5 config XOR_BLOCKS 6 tristate 7 8 # 9 # async_tx api: hardware offloaded memory transfer/transform support 10 # 11 source "crypto/async_tx/Kconfig" 12 13 # 14 # Cryptographic API Configuration 15 # 16 menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21 if CRYPTO 22 23 comment "Crypto core or helper" 24 25 config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35 config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41 config CRYPTO_ALGAPI2 42 tristate 43 44 config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49 config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55 config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60 config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65 config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70 config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74 config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79 config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83 config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87 config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91 config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96 config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100 config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105 config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110 config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115 config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122 config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131 config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139 config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146 config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156 config CRYPTO_GF128MUL 157 tristate 158 159 config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165 config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171 config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181 config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191 config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202 config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m || EXPERT 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209 config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213 config CRYPTO_ENGINE 214 tristate 215 216 comment "Public-key cryptography" 217 218 config CRYPTO_RSA 219 tristate "RSA algorithm" 220 select CRYPTO_AKCIPHER 221 select CRYPTO_MANAGER 222 select MPILIB 223 select ASN1 224 help 225 Generic implementation of the RSA public key algorithm. 226 227 config CRYPTO_DH 228 tristate "Diffie-Hellman algorithm" 229 select CRYPTO_KPP 230 select MPILIB 231 help 232 Generic implementation of the Diffie-Hellman algorithm. 233 234 config CRYPTO_ECC 235 tristate 236 select CRYPTO_RNG_DEFAULT 237 238 config CRYPTO_ECDH 239 tristate "ECDH algorithm" 240 select CRYPTO_ECC 241 select CRYPTO_KPP 242 help 243 Generic implementation of the ECDH algorithm 244 245 config CRYPTO_ECDSA 246 tristate "ECDSA (NIST P192, P256 etc.) algorithm" 247 select CRYPTO_ECC 248 select CRYPTO_AKCIPHER 249 select ASN1 250 help 251 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 252 is A NIST cryptographic standard algorithm. Only signature verification 253 is implemented. 254 255 config CRYPTO_ECRDSA 256 tristate "EC-RDSA (GOST 34.10) algorithm" 257 select CRYPTO_ECC 258 select CRYPTO_AKCIPHER 259 select CRYPTO_STREEBOG 260 select OID_REGISTRY 261 select ASN1 262 help 263 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 264 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 265 standard algorithms (called GOST algorithms). Only signature verification 266 is implemented. 267 268 config CRYPTO_SM2 269 tristate "SM2 algorithm" 270 select CRYPTO_SM3 271 select CRYPTO_AKCIPHER 272 select CRYPTO_MANAGER 273 select MPILIB 274 select ASN1 275 help 276 Generic implementation of the SM2 public key algorithm. It was 277 published by State Encryption Management Bureau, China. 278 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 279 280 References: 281 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 282 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 283 http://www.gmbz.org.cn/main/bzlb.html 284 285 config CRYPTO_CURVE25519 286 tristate "Curve25519 algorithm" 287 select CRYPTO_KPP 288 select CRYPTO_LIB_CURVE25519_GENERIC 289 290 config CRYPTO_CURVE25519_X86 291 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 292 depends on X86 && 64BIT 293 select CRYPTO_LIB_CURVE25519_GENERIC 294 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 295 296 comment "Authenticated Encryption with Associated Data" 297 298 config CRYPTO_CCM 299 tristate "CCM support" 300 select CRYPTO_CTR 301 select CRYPTO_HASH 302 select CRYPTO_AEAD 303 select CRYPTO_MANAGER 304 help 305 Support for Counter with CBC MAC. Required for IPsec. 306 307 config CRYPTO_GCM 308 tristate "GCM/GMAC support" 309 select CRYPTO_CTR 310 select CRYPTO_AEAD 311 select CRYPTO_GHASH 312 select CRYPTO_NULL 313 select CRYPTO_MANAGER 314 help 315 Support for Galois/Counter Mode (GCM) and Galois Message 316 Authentication Code (GMAC). Required for IPSec. 317 318 config CRYPTO_CHACHA20POLY1305 319 tristate "ChaCha20-Poly1305 AEAD support" 320 select CRYPTO_CHACHA20 321 select CRYPTO_POLY1305 322 select CRYPTO_AEAD 323 select CRYPTO_MANAGER 324 help 325 ChaCha20-Poly1305 AEAD support, RFC7539. 326 327 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 328 with the Poly1305 authenticator. It is defined in RFC7539 for use in 329 IETF protocols. 330 331 config CRYPTO_AEGIS128 332 tristate "AEGIS-128 AEAD algorithm" 333 select CRYPTO_AEAD 334 select CRYPTO_AES # for AES S-box tables 335 help 336 Support for the AEGIS-128 dedicated AEAD algorithm. 337 338 config CRYPTO_AEGIS128_SIMD 339 bool "Support SIMD acceleration for AEGIS-128" 340 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 341 default y 342 343 config CRYPTO_AEGIS128_AESNI_SSE2 344 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 345 depends on X86 && 64BIT 346 select CRYPTO_AEAD 347 select CRYPTO_SIMD 348 help 349 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 350 351 config CRYPTO_SEQIV 352 tristate "Sequence Number IV Generator" 353 select CRYPTO_AEAD 354 select CRYPTO_SKCIPHER 355 select CRYPTO_NULL 356 select CRYPTO_RNG_DEFAULT 357 select CRYPTO_MANAGER 358 help 359 This IV generator generates an IV based on a sequence number by 360 xoring it with a salt. This algorithm is mainly useful for CTR 361 362 config CRYPTO_ECHAINIV 363 tristate "Encrypted Chain IV Generator" 364 select CRYPTO_AEAD 365 select CRYPTO_NULL 366 select CRYPTO_RNG_DEFAULT 367 select CRYPTO_MANAGER 368 help 369 This IV generator generates an IV based on the encryption of 370 a sequence number xored with a salt. This is the default 371 algorithm for CBC. 372 373 comment "Block modes" 374 375 config CRYPTO_CBC 376 tristate "CBC support" 377 select CRYPTO_SKCIPHER 378 select CRYPTO_MANAGER 379 help 380 CBC: Cipher Block Chaining mode 381 This block cipher algorithm is required for IPSec. 382 383 config CRYPTO_CFB 384 tristate "CFB support" 385 select CRYPTO_SKCIPHER 386 select CRYPTO_MANAGER 387 help 388 CFB: Cipher FeedBack mode 389 This block cipher algorithm is required for TPM2 Cryptography. 390 391 config CRYPTO_CTR 392 tristate "CTR support" 393 select CRYPTO_SKCIPHER 394 select CRYPTO_MANAGER 395 help 396 CTR: Counter mode 397 This block cipher algorithm is required for IPSec. 398 399 config CRYPTO_CTS 400 tristate "CTS support" 401 select CRYPTO_SKCIPHER 402 select CRYPTO_MANAGER 403 help 404 CTS: Cipher Text Stealing 405 This is the Cipher Text Stealing mode as described by 406 Section 8 of rfc2040 and referenced by rfc3962 407 (rfc3962 includes errata information in its Appendix A) or 408 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 409 This mode is required for Kerberos gss mechanism support 410 for AES encryption. 411 412 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 413 414 config CRYPTO_ECB 415 tristate "ECB support" 416 select CRYPTO_SKCIPHER 417 select CRYPTO_MANAGER 418 help 419 ECB: Electronic CodeBook mode 420 This is the simplest block cipher algorithm. It simply encrypts 421 the input block by block. 422 423 config CRYPTO_LRW 424 tristate "LRW support" 425 select CRYPTO_SKCIPHER 426 select CRYPTO_MANAGER 427 select CRYPTO_GF128MUL 428 help 429 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 430 narrow block cipher mode for dm-crypt. Use it with cipher 431 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 432 The first 128, 192 or 256 bits in the key are used for AES and the 433 rest is used to tie each cipher block to its logical position. 434 435 config CRYPTO_OFB 436 tristate "OFB support" 437 select CRYPTO_SKCIPHER 438 select CRYPTO_MANAGER 439 help 440 OFB: the Output Feedback mode makes a block cipher into a synchronous 441 stream cipher. It generates keystream blocks, which are then XORed 442 with the plaintext blocks to get the ciphertext. Flipping a bit in the 443 ciphertext produces a flipped bit in the plaintext at the same 444 location. This property allows many error correcting codes to function 445 normally even when applied before encryption. 446 447 config CRYPTO_PCBC 448 tristate "PCBC support" 449 select CRYPTO_SKCIPHER 450 select CRYPTO_MANAGER 451 help 452 PCBC: Propagating Cipher Block Chaining mode 453 This block cipher algorithm is required for RxRPC. 454 455 config CRYPTO_XTS 456 tristate "XTS support" 457 select CRYPTO_SKCIPHER 458 select CRYPTO_MANAGER 459 select CRYPTO_ECB 460 help 461 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 462 key size 256, 384 or 512 bits. This implementation currently 463 can't handle a sectorsize which is not a multiple of 16 bytes. 464 465 config CRYPTO_KEYWRAP 466 tristate "Key wrapping support" 467 select CRYPTO_SKCIPHER 468 select CRYPTO_MANAGER 469 help 470 Support for key wrapping (NIST SP800-38F / RFC3394) without 471 padding. 472 473 config CRYPTO_NHPOLY1305 474 tristate 475 select CRYPTO_HASH 476 select CRYPTO_LIB_POLY1305_GENERIC 477 478 config CRYPTO_NHPOLY1305_SSE2 479 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 480 depends on X86 && 64BIT 481 select CRYPTO_NHPOLY1305 482 help 483 SSE2 optimized implementation of the hash function used by the 484 Adiantum encryption mode. 485 486 config CRYPTO_NHPOLY1305_AVX2 487 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 488 depends on X86 && 64BIT 489 select CRYPTO_NHPOLY1305 490 help 491 AVX2 optimized implementation of the hash function used by the 492 Adiantum encryption mode. 493 494 config CRYPTO_ADIANTUM 495 tristate "Adiantum support" 496 select CRYPTO_CHACHA20 497 select CRYPTO_LIB_POLY1305_GENERIC 498 select CRYPTO_NHPOLY1305 499 select CRYPTO_MANAGER 500 help 501 Adiantum is a tweakable, length-preserving encryption mode 502 designed for fast and secure disk encryption, especially on 503 CPUs without dedicated crypto instructions. It encrypts 504 each sector using the XChaCha12 stream cipher, two passes of 505 an ε-almost-∆-universal hash function, and an invocation of 506 the AES-256 block cipher on a single 16-byte block. On CPUs 507 without AES instructions, Adiantum is much faster than 508 AES-XTS. 509 510 Adiantum's security is provably reducible to that of its 511 underlying stream and block ciphers, subject to a security 512 bound. Unlike XTS, Adiantum is a true wide-block encryption 513 mode, so it actually provides an even stronger notion of 514 security than XTS, subject to the security bound. 515 516 If unsure, say N. 517 518 config CRYPTO_ESSIV 519 tristate "ESSIV support for block encryption" 520 select CRYPTO_AUTHENC 521 help 522 Encrypted salt-sector initialization vector (ESSIV) is an IV 523 generation method that is used in some cases by fscrypt and/or 524 dm-crypt. It uses the hash of the block encryption key as the 525 symmetric key for a block encryption pass applied to the input 526 IV, making low entropy IV sources more suitable for block 527 encryption. 528 529 This driver implements a crypto API template that can be 530 instantiated either as an skcipher or as an AEAD (depending on the 531 type of the first template argument), and which defers encryption 532 and decryption requests to the encapsulated cipher after applying 533 ESSIV to the input IV. Note that in the AEAD case, it is assumed 534 that the keys are presented in the same format used by the authenc 535 template, and that the IV appears at the end of the authenticated 536 associated data (AAD) region (which is how dm-crypt uses it.) 537 538 Note that the use of ESSIV is not recommended for new deployments, 539 and so this only needs to be enabled when interoperability with 540 existing encrypted volumes of filesystems is required, or when 541 building for a particular system that requires it (e.g., when 542 the SoC in question has accelerated CBC but not XTS, making CBC 543 combined with ESSIV the only feasible mode for h/w accelerated 544 block encryption) 545 546 comment "Hash modes" 547 548 config CRYPTO_CMAC 549 tristate "CMAC support" 550 select CRYPTO_HASH 551 select CRYPTO_MANAGER 552 help 553 Cipher-based Message Authentication Code (CMAC) specified by 554 The National Institute of Standards and Technology (NIST). 555 556 https://tools.ietf.org/html/rfc4493 557 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 558 559 config CRYPTO_HMAC 560 tristate "HMAC support" 561 select CRYPTO_HASH 562 select CRYPTO_MANAGER 563 help 564 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 565 This is required for IPSec. 566 567 config CRYPTO_XCBC 568 tristate "XCBC support" 569 select CRYPTO_HASH 570 select CRYPTO_MANAGER 571 help 572 XCBC: Keyed-Hashing with encryption algorithm 573 https://www.ietf.org/rfc/rfc3566.txt 574 http://csrc.nist.gov/encryption/modes/proposedmodes/ 575 xcbc-mac/xcbc-mac-spec.pdf 576 577 config CRYPTO_VMAC 578 tristate "VMAC support" 579 select CRYPTO_HASH 580 select CRYPTO_MANAGER 581 help 582 VMAC is a message authentication algorithm designed for 583 very high speed on 64-bit architectures. 584 585 See also: 586 <https://fastcrypto.org/vmac> 587 588 comment "Digest" 589 590 config CRYPTO_CRC32C 591 tristate "CRC32c CRC algorithm" 592 select CRYPTO_HASH 593 select CRC32 594 help 595 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 596 by iSCSI for header and data digests and by others. 597 See Castagnoli93. Module will be crc32c. 598 599 config CRYPTO_CRC32C_INTEL 600 tristate "CRC32c INTEL hardware acceleration" 601 depends on X86 602 select CRYPTO_HASH 603 help 604 In Intel processor with SSE4.2 supported, the processor will 605 support CRC32C implementation using hardware accelerated CRC32 606 instruction. This option will create 'crc32c-intel' module, 607 which will enable any routine to use the CRC32 instruction to 608 gain performance compared with software implementation. 609 Module will be crc32c-intel. 610 611 config CRYPTO_CRC32C_VPMSUM 612 tristate "CRC32c CRC algorithm (powerpc64)" 613 depends on PPC64 && ALTIVEC 614 select CRYPTO_HASH 615 select CRC32 616 help 617 CRC32c algorithm implemented using vector polynomial multiply-sum 618 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 619 and newer processors for improved performance. 620 621 622 config CRYPTO_CRC32C_SPARC64 623 tristate "CRC32c CRC algorithm (SPARC64)" 624 depends on SPARC64 625 select CRYPTO_HASH 626 select CRC32 627 help 628 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 629 when available. 630 631 config CRYPTO_CRC32 632 tristate "CRC32 CRC algorithm" 633 select CRYPTO_HASH 634 select CRC32 635 help 636 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 637 Shash crypto api wrappers to crc32_le function. 638 639 config CRYPTO_CRC32_PCLMUL 640 tristate "CRC32 PCLMULQDQ hardware acceleration" 641 depends on X86 642 select CRYPTO_HASH 643 select CRC32 644 help 645 From Intel Westmere and AMD Bulldozer processor with SSE4.2 646 and PCLMULQDQ supported, the processor will support 647 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 648 instruction. This option will create 'crc32-pclmul' module, 649 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 650 and gain better performance as compared with the table implementation. 651 652 config CRYPTO_CRC32_MIPS 653 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 654 depends on MIPS_CRC_SUPPORT 655 select CRYPTO_HASH 656 help 657 CRC32c and CRC32 CRC algorithms implemented using mips crypto 658 instructions, when available. 659 660 661 config CRYPTO_XXHASH 662 tristate "xxHash hash algorithm" 663 select CRYPTO_HASH 664 select XXHASH 665 help 666 xxHash non-cryptographic hash algorithm. Extremely fast, working at 667 speeds close to RAM limits. 668 669 config CRYPTO_BLAKE2B 670 tristate "BLAKE2b digest algorithm" 671 select CRYPTO_HASH 672 help 673 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 674 optimized for 64bit platforms and can produce digests of any size 675 between 1 to 64. The keyed hash is also implemented. 676 677 This module provides the following algorithms: 678 679 - blake2b-160 680 - blake2b-256 681 - blake2b-384 682 - blake2b-512 683 684 See https://blake2.net for further information. 685 686 config CRYPTO_BLAKE2S 687 tristate "BLAKE2s digest algorithm" 688 select CRYPTO_LIB_BLAKE2S_GENERIC 689 select CRYPTO_HASH 690 help 691 Implementation of cryptographic hash function BLAKE2s 692 optimized for 8-32bit platforms and can produce digests of any size 693 between 1 to 32. The keyed hash is also implemented. 694 695 This module provides the following algorithms: 696 697 - blake2s-128 698 - blake2s-160 699 - blake2s-224 700 - blake2s-256 701 702 See https://blake2.net for further information. 703 704 config CRYPTO_BLAKE2S_X86 705 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 706 depends on X86 && 64BIT 707 select CRYPTO_LIB_BLAKE2S_GENERIC 708 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 709 710 config CRYPTO_CRCT10DIF 711 tristate "CRCT10DIF algorithm" 712 select CRYPTO_HASH 713 help 714 CRC T10 Data Integrity Field computation is being cast as 715 a crypto transform. This allows for faster crc t10 diff 716 transforms to be used if they are available. 717 718 config CRYPTO_CRCT10DIF_PCLMUL 719 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 720 depends on X86 && 64BIT && CRC_T10DIF 721 select CRYPTO_HASH 722 help 723 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 724 CRC T10 DIF PCLMULQDQ computation can be hardware 725 accelerated PCLMULQDQ instruction. This option will create 726 'crct10dif-pclmul' module, which is faster when computing the 727 crct10dif checksum as compared with the generic table implementation. 728 729 config CRYPTO_CRCT10DIF_VPMSUM 730 tristate "CRC32T10DIF powerpc64 hardware acceleration" 731 depends on PPC64 && ALTIVEC && CRC_T10DIF 732 select CRYPTO_HASH 733 help 734 CRC10T10DIF algorithm implemented using vector polynomial 735 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 736 POWER8 and newer processors for improved performance. 737 738 config CRYPTO_VPMSUM_TESTER 739 tristate "Powerpc64 vpmsum hardware acceleration tester" 740 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 741 help 742 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 743 POWER8 vpmsum instructions. 744 Unless you are testing these algorithms, you don't need this. 745 746 config CRYPTO_GHASH 747 tristate "GHASH hash function" 748 select CRYPTO_GF128MUL 749 select CRYPTO_HASH 750 help 751 GHASH is the hash function used in GCM (Galois/Counter Mode). 752 It is not a general-purpose cryptographic hash function. 753 754 config CRYPTO_POLY1305 755 tristate "Poly1305 authenticator algorithm" 756 select CRYPTO_HASH 757 select CRYPTO_LIB_POLY1305_GENERIC 758 help 759 Poly1305 authenticator algorithm, RFC7539. 760 761 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 762 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 763 in IETF protocols. This is the portable C implementation of Poly1305. 764 765 config CRYPTO_POLY1305_X86_64 766 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 767 depends on X86 && 64BIT 768 select CRYPTO_LIB_POLY1305_GENERIC 769 select CRYPTO_ARCH_HAVE_LIB_POLY1305 770 help 771 Poly1305 authenticator algorithm, RFC7539. 772 773 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 774 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 775 in IETF protocols. This is the x86_64 assembler implementation using SIMD 776 instructions. 777 778 config CRYPTO_POLY1305_MIPS 779 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 780 depends on MIPS 781 select CRYPTO_ARCH_HAVE_LIB_POLY1305 782 783 config CRYPTO_MD4 784 tristate "MD4 digest algorithm" 785 select CRYPTO_HASH 786 help 787 MD4 message digest algorithm (RFC1320). 788 789 config CRYPTO_MD5 790 tristate "MD5 digest algorithm" 791 select CRYPTO_HASH 792 help 793 MD5 message digest algorithm (RFC1321). 794 795 config CRYPTO_MD5_OCTEON 796 tristate "MD5 digest algorithm (OCTEON)" 797 depends on CPU_CAVIUM_OCTEON 798 select CRYPTO_MD5 799 select CRYPTO_HASH 800 help 801 MD5 message digest algorithm (RFC1321) implemented 802 using OCTEON crypto instructions, when available. 803 804 config CRYPTO_MD5_PPC 805 tristate "MD5 digest algorithm (PPC)" 806 depends on PPC 807 select CRYPTO_HASH 808 help 809 MD5 message digest algorithm (RFC1321) implemented 810 in PPC assembler. 811 812 config CRYPTO_MD5_SPARC64 813 tristate "MD5 digest algorithm (SPARC64)" 814 depends on SPARC64 815 select CRYPTO_MD5 816 select CRYPTO_HASH 817 help 818 MD5 message digest algorithm (RFC1321) implemented 819 using sparc64 crypto instructions, when available. 820 821 config CRYPTO_MICHAEL_MIC 822 tristate "Michael MIC keyed digest algorithm" 823 select CRYPTO_HASH 824 help 825 Michael MIC is used for message integrity protection in TKIP 826 (IEEE 802.11i). This algorithm is required for TKIP, but it 827 should not be used for other purposes because of the weakness 828 of the algorithm. 829 830 config CRYPTO_RMD160 831 tristate "RIPEMD-160 digest algorithm" 832 select CRYPTO_HASH 833 help 834 RIPEMD-160 (ISO/IEC 10118-3:2004). 835 836 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 837 to be used as a secure replacement for the 128-bit hash functions 838 MD4, MD5 and it's predecessor RIPEMD 839 (not to be confused with RIPEMD-128). 840 841 It's speed is comparable to SHA1 and there are no known attacks 842 against RIPEMD-160. 843 844 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 845 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 846 847 config CRYPTO_SHA1 848 tristate "SHA1 digest algorithm" 849 select CRYPTO_HASH 850 help 851 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 852 853 config CRYPTO_SHA1_SSSE3 854 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 855 depends on X86 && 64BIT 856 select CRYPTO_SHA1 857 select CRYPTO_HASH 858 help 859 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 860 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 861 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 862 when available. 863 864 config CRYPTO_SHA256_SSSE3 865 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 866 depends on X86 && 64BIT 867 select CRYPTO_SHA256 868 select CRYPTO_HASH 869 help 870 SHA-256 secure hash standard (DFIPS 180-2) implemented 871 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 872 Extensions version 1 (AVX1), or Advanced Vector Extensions 873 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 874 Instructions) when available. 875 876 config CRYPTO_SHA512_SSSE3 877 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 878 depends on X86 && 64BIT 879 select CRYPTO_SHA512 880 select CRYPTO_HASH 881 help 882 SHA-512 secure hash standard (DFIPS 180-2) implemented 883 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 884 Extensions version 1 (AVX1), or Advanced Vector Extensions 885 version 2 (AVX2) instructions, when available. 886 887 config CRYPTO_SHA1_OCTEON 888 tristate "SHA1 digest algorithm (OCTEON)" 889 depends on CPU_CAVIUM_OCTEON 890 select CRYPTO_SHA1 891 select CRYPTO_HASH 892 help 893 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 894 using OCTEON crypto instructions, when available. 895 896 config CRYPTO_SHA1_SPARC64 897 tristate "SHA1 digest algorithm (SPARC64)" 898 depends on SPARC64 899 select CRYPTO_SHA1 900 select CRYPTO_HASH 901 help 902 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 903 using sparc64 crypto instructions, when available. 904 905 config CRYPTO_SHA1_PPC 906 tristate "SHA1 digest algorithm (powerpc)" 907 depends on PPC 908 help 909 This is the powerpc hardware accelerated implementation of the 910 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 911 912 config CRYPTO_SHA1_PPC_SPE 913 tristate "SHA1 digest algorithm (PPC SPE)" 914 depends on PPC && SPE 915 help 916 SHA-1 secure hash standard (DFIPS 180-4) implemented 917 using powerpc SPE SIMD instruction set. 918 919 config CRYPTO_SHA256 920 tristate "SHA224 and SHA256 digest algorithm" 921 select CRYPTO_HASH 922 select CRYPTO_LIB_SHA256 923 help 924 SHA256 secure hash standard (DFIPS 180-2). 925 926 This version of SHA implements a 256 bit hash with 128 bits of 927 security against collision attacks. 928 929 This code also includes SHA-224, a 224 bit hash with 112 bits 930 of security against collision attacks. 931 932 config CRYPTO_SHA256_PPC_SPE 933 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 934 depends on PPC && SPE 935 select CRYPTO_SHA256 936 select CRYPTO_HASH 937 help 938 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 939 implemented using powerpc SPE SIMD instruction set. 940 941 config CRYPTO_SHA256_OCTEON 942 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 943 depends on CPU_CAVIUM_OCTEON 944 select CRYPTO_SHA256 945 select CRYPTO_HASH 946 help 947 SHA-256 secure hash standard (DFIPS 180-2) implemented 948 using OCTEON crypto instructions, when available. 949 950 config CRYPTO_SHA256_SPARC64 951 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 952 depends on SPARC64 953 select CRYPTO_SHA256 954 select CRYPTO_HASH 955 help 956 SHA-256 secure hash standard (DFIPS 180-2) implemented 957 using sparc64 crypto instructions, when available. 958 959 config CRYPTO_SHA512 960 tristate "SHA384 and SHA512 digest algorithms" 961 select CRYPTO_HASH 962 help 963 SHA512 secure hash standard (DFIPS 180-2). 964 965 This version of SHA implements a 512 bit hash with 256 bits of 966 security against collision attacks. 967 968 This code also includes SHA-384, a 384 bit hash with 192 bits 969 of security against collision attacks. 970 971 config CRYPTO_SHA512_OCTEON 972 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 973 depends on CPU_CAVIUM_OCTEON 974 select CRYPTO_SHA512 975 select CRYPTO_HASH 976 help 977 SHA-512 secure hash standard (DFIPS 180-2) implemented 978 using OCTEON crypto instructions, when available. 979 980 config CRYPTO_SHA512_SPARC64 981 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 982 depends on SPARC64 983 select CRYPTO_SHA512 984 select CRYPTO_HASH 985 help 986 SHA-512 secure hash standard (DFIPS 180-2) implemented 987 using sparc64 crypto instructions, when available. 988 989 config CRYPTO_SHA3 990 tristate "SHA3 digest algorithm" 991 select CRYPTO_HASH 992 help 993 SHA-3 secure hash standard (DFIPS 202). It's based on 994 cryptographic sponge function family called Keccak. 995 996 References: 997 http://keccak.noekeon.org/ 998 999 config CRYPTO_SM3 1000 tristate "SM3 digest algorithm" 1001 select CRYPTO_HASH 1002 help 1003 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1004 It is part of the Chinese Commercial Cryptography suite. 1005 1006 References: 1007 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1008 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1009 1010 config CRYPTO_STREEBOG 1011 tristate "Streebog Hash Function" 1012 select CRYPTO_HASH 1013 help 1014 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1015 cryptographic standard algorithms (called GOST algorithms). 1016 This setting enables two hash algorithms with 256 and 512 bits output. 1017 1018 References: 1019 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1020 https://tools.ietf.org/html/rfc6986 1021 1022 config CRYPTO_WP512 1023 tristate "Whirlpool digest algorithms" 1024 select CRYPTO_HASH 1025 help 1026 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1027 1028 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1029 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1030 1031 See also: 1032 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1033 1034 config CRYPTO_GHASH_CLMUL_NI_INTEL 1035 tristate "GHASH hash function (CLMUL-NI accelerated)" 1036 depends on X86 && 64BIT 1037 select CRYPTO_CRYPTD 1038 help 1039 This is the x86_64 CLMUL-NI accelerated implementation of 1040 GHASH, the hash function used in GCM (Galois/Counter mode). 1041 1042 comment "Ciphers" 1043 1044 config CRYPTO_AES 1045 tristate "AES cipher algorithms" 1046 select CRYPTO_ALGAPI 1047 select CRYPTO_LIB_AES 1048 help 1049 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1050 algorithm. 1051 1052 Rijndael appears to be consistently a very good performer in 1053 both hardware and software across a wide range of computing 1054 environments regardless of its use in feedback or non-feedback 1055 modes. Its key setup time is excellent, and its key agility is 1056 good. Rijndael's very low memory requirements make it very well 1057 suited for restricted-space environments, in which it also 1058 demonstrates excellent performance. Rijndael's operations are 1059 among the easiest to defend against power and timing attacks. 1060 1061 The AES specifies three key sizes: 128, 192 and 256 bits 1062 1063 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1064 1065 config CRYPTO_AES_TI 1066 tristate "Fixed time AES cipher" 1067 select CRYPTO_ALGAPI 1068 select CRYPTO_LIB_AES 1069 help 1070 This is a generic implementation of AES that attempts to eliminate 1071 data dependent latencies as much as possible without affecting 1072 performance too much. It is intended for use by the generic CCM 1073 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1074 solely on encryption (although decryption is supported as well, but 1075 with a more dramatic performance hit) 1076 1077 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1078 8 for decryption), this implementation only uses just two S-boxes of 1079 256 bytes each, and attempts to eliminate data dependent latencies by 1080 prefetching the entire table into the cache at the start of each 1081 block. Interrupts are also disabled to avoid races where cachelines 1082 are evicted when the CPU is interrupted to do something else. 1083 1084 config CRYPTO_AES_NI_INTEL 1085 tristate "AES cipher algorithms (AES-NI)" 1086 depends on X86 1087 select CRYPTO_AEAD 1088 select CRYPTO_LIB_AES 1089 select CRYPTO_ALGAPI 1090 select CRYPTO_SKCIPHER 1091 select CRYPTO_SIMD 1092 help 1093 Use Intel AES-NI instructions for AES algorithm. 1094 1095 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1096 algorithm. 1097 1098 Rijndael appears to be consistently a very good performer in 1099 both hardware and software across a wide range of computing 1100 environments regardless of its use in feedback or non-feedback 1101 modes. Its key setup time is excellent, and its key agility is 1102 good. Rijndael's very low memory requirements make it very well 1103 suited for restricted-space environments, in which it also 1104 demonstrates excellent performance. Rijndael's operations are 1105 among the easiest to defend against power and timing attacks. 1106 1107 The AES specifies three key sizes: 128, 192 and 256 bits 1108 1109 See <http://csrc.nist.gov/encryption/aes/> for more information. 1110 1111 In addition to AES cipher algorithm support, the acceleration 1112 for some popular block cipher mode is supported too, including 1113 ECB, CBC, LRW, XTS. The 64 bit version has additional 1114 acceleration for CTR. 1115 1116 config CRYPTO_AES_SPARC64 1117 tristate "AES cipher algorithms (SPARC64)" 1118 depends on SPARC64 1119 select CRYPTO_SKCIPHER 1120 help 1121 Use SPARC64 crypto opcodes for AES algorithm. 1122 1123 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1124 algorithm. 1125 1126 Rijndael appears to be consistently a very good performer in 1127 both hardware and software across a wide range of computing 1128 environments regardless of its use in feedback or non-feedback 1129 modes. Its key setup time is excellent, and its key agility is 1130 good. Rijndael's very low memory requirements make it very well 1131 suited for restricted-space environments, in which it also 1132 demonstrates excellent performance. Rijndael's operations are 1133 among the easiest to defend against power and timing attacks. 1134 1135 The AES specifies three key sizes: 128, 192 and 256 bits 1136 1137 See <http://csrc.nist.gov/encryption/aes/> for more information. 1138 1139 In addition to AES cipher algorithm support, the acceleration 1140 for some popular block cipher mode is supported too, including 1141 ECB and CBC. 1142 1143 config CRYPTO_AES_PPC_SPE 1144 tristate "AES cipher algorithms (PPC SPE)" 1145 depends on PPC && SPE 1146 select CRYPTO_SKCIPHER 1147 help 1148 AES cipher algorithms (FIPS-197). Additionally the acceleration 1149 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1150 This module should only be used for low power (router) devices 1151 without hardware AES acceleration (e.g. caam crypto). It reduces the 1152 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1153 timining attacks. Nevertheless it might be not as secure as other 1154 architecture specific assembler implementations that work on 1KB 1155 tables or 256 bytes S-boxes. 1156 1157 config CRYPTO_ANUBIS 1158 tristate "Anubis cipher algorithm" 1159 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1160 select CRYPTO_ALGAPI 1161 help 1162 Anubis cipher algorithm. 1163 1164 Anubis is a variable key length cipher which can use keys from 1165 128 bits to 320 bits in length. It was evaluated as a entrant 1166 in the NESSIE competition. 1167 1168 See also: 1169 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1170 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1171 1172 config CRYPTO_ARC4 1173 tristate "ARC4 cipher algorithm" 1174 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1175 select CRYPTO_SKCIPHER 1176 select CRYPTO_LIB_ARC4 1177 help 1178 ARC4 cipher algorithm. 1179 1180 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1181 bits in length. This algorithm is required for driver-based 1182 WEP, but it should not be for other purposes because of the 1183 weakness of the algorithm. 1184 1185 config CRYPTO_BLOWFISH 1186 tristate "Blowfish cipher algorithm" 1187 select CRYPTO_ALGAPI 1188 select CRYPTO_BLOWFISH_COMMON 1189 help 1190 Blowfish cipher algorithm, by Bruce Schneier. 1191 1192 This is a variable key length cipher which can use keys from 32 1193 bits to 448 bits in length. It's fast, simple and specifically 1194 designed for use on "large microprocessors". 1195 1196 See also: 1197 <https://www.schneier.com/blowfish.html> 1198 1199 config CRYPTO_BLOWFISH_COMMON 1200 tristate 1201 help 1202 Common parts of the Blowfish cipher algorithm shared by the 1203 generic c and the assembler implementations. 1204 1205 See also: 1206 <https://www.schneier.com/blowfish.html> 1207 1208 config CRYPTO_BLOWFISH_X86_64 1209 tristate "Blowfish cipher algorithm (x86_64)" 1210 depends on X86 && 64BIT 1211 select CRYPTO_SKCIPHER 1212 select CRYPTO_BLOWFISH_COMMON 1213 imply CRYPTO_CTR 1214 help 1215 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1216 1217 This is a variable key length cipher which can use keys from 32 1218 bits to 448 bits in length. It's fast, simple and specifically 1219 designed for use on "large microprocessors". 1220 1221 See also: 1222 <https://www.schneier.com/blowfish.html> 1223 1224 config CRYPTO_CAMELLIA 1225 tristate "Camellia cipher algorithms" 1226 select CRYPTO_ALGAPI 1227 help 1228 Camellia cipher algorithms module. 1229 1230 Camellia is a symmetric key block cipher developed jointly 1231 at NTT and Mitsubishi Electric Corporation. 1232 1233 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1234 1235 See also: 1236 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1237 1238 config CRYPTO_CAMELLIA_X86_64 1239 tristate "Camellia cipher algorithm (x86_64)" 1240 depends on X86 && 64BIT 1241 select CRYPTO_SKCIPHER 1242 imply CRYPTO_CTR 1243 help 1244 Camellia cipher algorithm module (x86_64). 1245 1246 Camellia is a symmetric key block cipher developed jointly 1247 at NTT and Mitsubishi Electric Corporation. 1248 1249 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1250 1251 See also: 1252 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1253 1254 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1255 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1256 depends on X86 && 64BIT 1257 select CRYPTO_SKCIPHER 1258 select CRYPTO_CAMELLIA_X86_64 1259 select CRYPTO_SIMD 1260 imply CRYPTO_XTS 1261 help 1262 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1263 1264 Camellia is a symmetric key block cipher developed jointly 1265 at NTT and Mitsubishi Electric Corporation. 1266 1267 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1268 1269 See also: 1270 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1271 1272 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1273 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1274 depends on X86 && 64BIT 1275 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1276 help 1277 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1278 1279 Camellia is a symmetric key block cipher developed jointly 1280 at NTT and Mitsubishi Electric Corporation. 1281 1282 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1283 1284 See also: 1285 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1286 1287 config CRYPTO_CAMELLIA_SPARC64 1288 tristate "Camellia cipher algorithm (SPARC64)" 1289 depends on SPARC64 1290 select CRYPTO_ALGAPI 1291 select CRYPTO_SKCIPHER 1292 help 1293 Camellia cipher algorithm module (SPARC64). 1294 1295 Camellia is a symmetric key block cipher developed jointly 1296 at NTT and Mitsubishi Electric Corporation. 1297 1298 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1299 1300 See also: 1301 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1302 1303 config CRYPTO_CAST_COMMON 1304 tristate 1305 help 1306 Common parts of the CAST cipher algorithms shared by the 1307 generic c and the assembler implementations. 1308 1309 config CRYPTO_CAST5 1310 tristate "CAST5 (CAST-128) cipher algorithm" 1311 select CRYPTO_ALGAPI 1312 select CRYPTO_CAST_COMMON 1313 help 1314 The CAST5 encryption algorithm (synonymous with CAST-128) is 1315 described in RFC2144. 1316 1317 config CRYPTO_CAST5_AVX_X86_64 1318 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1319 depends on X86 && 64BIT 1320 select CRYPTO_SKCIPHER 1321 select CRYPTO_CAST5 1322 select CRYPTO_CAST_COMMON 1323 select CRYPTO_SIMD 1324 imply CRYPTO_CTR 1325 help 1326 The CAST5 encryption algorithm (synonymous with CAST-128) is 1327 described in RFC2144. 1328 1329 This module provides the Cast5 cipher algorithm that processes 1330 sixteen blocks parallel using the AVX instruction set. 1331 1332 config CRYPTO_CAST6 1333 tristate "CAST6 (CAST-256) cipher algorithm" 1334 select CRYPTO_ALGAPI 1335 select CRYPTO_CAST_COMMON 1336 help 1337 The CAST6 encryption algorithm (synonymous with CAST-256) is 1338 described in RFC2612. 1339 1340 config CRYPTO_CAST6_AVX_X86_64 1341 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1342 depends on X86 && 64BIT 1343 select CRYPTO_SKCIPHER 1344 select CRYPTO_CAST6 1345 select CRYPTO_CAST_COMMON 1346 select CRYPTO_SIMD 1347 imply CRYPTO_XTS 1348 imply CRYPTO_CTR 1349 help 1350 The CAST6 encryption algorithm (synonymous with CAST-256) is 1351 described in RFC2612. 1352 1353 This module provides the Cast6 cipher algorithm that processes 1354 eight blocks parallel using the AVX instruction set. 1355 1356 config CRYPTO_DES 1357 tristate "DES and Triple DES EDE cipher algorithms" 1358 select CRYPTO_ALGAPI 1359 select CRYPTO_LIB_DES 1360 help 1361 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1362 1363 config CRYPTO_DES_SPARC64 1364 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1365 depends on SPARC64 1366 select CRYPTO_ALGAPI 1367 select CRYPTO_LIB_DES 1368 select CRYPTO_SKCIPHER 1369 help 1370 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1371 optimized using SPARC64 crypto opcodes. 1372 1373 config CRYPTO_DES3_EDE_X86_64 1374 tristate "Triple DES EDE cipher algorithm (x86-64)" 1375 depends on X86 && 64BIT 1376 select CRYPTO_SKCIPHER 1377 select CRYPTO_LIB_DES 1378 imply CRYPTO_CTR 1379 help 1380 Triple DES EDE (FIPS 46-3) algorithm. 1381 1382 This module provides implementation of the Triple DES EDE cipher 1383 algorithm that is optimized for x86-64 processors. Two versions of 1384 algorithm are provided; regular processing one input block and 1385 one that processes three blocks parallel. 1386 1387 config CRYPTO_FCRYPT 1388 tristate "FCrypt cipher algorithm" 1389 select CRYPTO_ALGAPI 1390 select CRYPTO_SKCIPHER 1391 help 1392 FCrypt algorithm used by RxRPC. 1393 1394 config CRYPTO_KHAZAD 1395 tristate "Khazad cipher algorithm" 1396 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1397 select CRYPTO_ALGAPI 1398 help 1399 Khazad cipher algorithm. 1400 1401 Khazad was a finalist in the initial NESSIE competition. It is 1402 an algorithm optimized for 64-bit processors with good performance 1403 on 32-bit processors. Khazad uses an 128 bit key size. 1404 1405 See also: 1406 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1407 1408 config CRYPTO_CHACHA20 1409 tristate "ChaCha stream cipher algorithms" 1410 select CRYPTO_LIB_CHACHA_GENERIC 1411 select CRYPTO_SKCIPHER 1412 help 1413 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1414 1415 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1416 Bernstein and further specified in RFC7539 for use in IETF protocols. 1417 This is the portable C implementation of ChaCha20. See also: 1418 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1419 1420 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1421 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1422 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1423 while provably retaining ChaCha20's security. See also: 1424 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1425 1426 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1427 reduced security margin but increased performance. It can be needed 1428 in some performance-sensitive scenarios. 1429 1430 config CRYPTO_CHACHA20_X86_64 1431 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1432 depends on X86 && 64BIT 1433 select CRYPTO_SKCIPHER 1434 select CRYPTO_LIB_CHACHA_GENERIC 1435 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1436 help 1437 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1438 XChaCha20, and XChaCha12 stream ciphers. 1439 1440 config CRYPTO_CHACHA_MIPS 1441 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1442 depends on CPU_MIPS32_R2 1443 select CRYPTO_SKCIPHER 1444 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1445 1446 config CRYPTO_SEED 1447 tristate "SEED cipher algorithm" 1448 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1449 select CRYPTO_ALGAPI 1450 help 1451 SEED cipher algorithm (RFC4269). 1452 1453 SEED is a 128-bit symmetric key block cipher that has been 1454 developed by KISA (Korea Information Security Agency) as a 1455 national standard encryption algorithm of the Republic of Korea. 1456 It is a 16 round block cipher with the key size of 128 bit. 1457 1458 See also: 1459 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1460 1461 config CRYPTO_SERPENT 1462 tristate "Serpent cipher algorithm" 1463 select CRYPTO_ALGAPI 1464 help 1465 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1466 1467 Keys are allowed to be from 0 to 256 bits in length, in steps 1468 of 8 bits. 1469 1470 See also: 1471 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1472 1473 config CRYPTO_SERPENT_SSE2_X86_64 1474 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1475 depends on X86 && 64BIT 1476 select CRYPTO_SKCIPHER 1477 select CRYPTO_SERPENT 1478 select CRYPTO_SIMD 1479 imply CRYPTO_CTR 1480 help 1481 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1482 1483 Keys are allowed to be from 0 to 256 bits in length, in steps 1484 of 8 bits. 1485 1486 This module provides Serpent cipher algorithm that processes eight 1487 blocks parallel using SSE2 instruction set. 1488 1489 See also: 1490 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1491 1492 config CRYPTO_SERPENT_SSE2_586 1493 tristate "Serpent cipher algorithm (i586/SSE2)" 1494 depends on X86 && !64BIT 1495 select CRYPTO_SKCIPHER 1496 select CRYPTO_SERPENT 1497 select CRYPTO_SIMD 1498 imply CRYPTO_CTR 1499 help 1500 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1501 1502 Keys are allowed to be from 0 to 256 bits in length, in steps 1503 of 8 bits. 1504 1505 This module provides Serpent cipher algorithm that processes four 1506 blocks parallel using SSE2 instruction set. 1507 1508 See also: 1509 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1510 1511 config CRYPTO_SERPENT_AVX_X86_64 1512 tristate "Serpent cipher algorithm (x86_64/AVX)" 1513 depends on X86 && 64BIT 1514 select CRYPTO_SKCIPHER 1515 select CRYPTO_SERPENT 1516 select CRYPTO_SIMD 1517 imply CRYPTO_XTS 1518 imply CRYPTO_CTR 1519 help 1520 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1521 1522 Keys are allowed to be from 0 to 256 bits in length, in steps 1523 of 8 bits. 1524 1525 This module provides the Serpent cipher algorithm that processes 1526 eight blocks parallel using the AVX instruction set. 1527 1528 See also: 1529 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1530 1531 config CRYPTO_SERPENT_AVX2_X86_64 1532 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1533 depends on X86 && 64BIT 1534 select CRYPTO_SERPENT_AVX_X86_64 1535 help 1536 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1537 1538 Keys are allowed to be from 0 to 256 bits in length, in steps 1539 of 8 bits. 1540 1541 This module provides Serpent cipher algorithm that processes 16 1542 blocks parallel using AVX2 instruction set. 1543 1544 See also: 1545 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1546 1547 config CRYPTO_SM4 1548 tristate "SM4 cipher algorithm" 1549 select CRYPTO_ALGAPI 1550 select CRYPTO_LIB_SM4 1551 help 1552 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1553 1554 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1555 Organization of State Commercial Administration of China (OSCCA) 1556 as an authorized cryptographic algorithms for the use within China. 1557 1558 SMS4 was originally created for use in protecting wireless 1559 networks, and is mandated in the Chinese National Standard for 1560 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1561 (GB.15629.11-2003). 1562 1563 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1564 standardized through TC 260 of the Standardization Administration 1565 of the People's Republic of China (SAC). 1566 1567 The input, output, and key of SMS4 are each 128 bits. 1568 1569 See also: <https://eprint.iacr.org/2008/329.pdf> 1570 1571 If unsure, say N. 1572 1573 config CRYPTO_SM4_AESNI_AVX_X86_64 1574 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" 1575 depends on X86 && 64BIT 1576 select CRYPTO_SKCIPHER 1577 select CRYPTO_SIMD 1578 select CRYPTO_ALGAPI 1579 select CRYPTO_LIB_SM4 1580 help 1581 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). 1582 1583 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1584 Organization of State Commercial Administration of China (OSCCA) 1585 as an authorized cryptographic algorithms for the use within China. 1586 1587 This is SM4 optimized implementation using AES-NI/AVX/x86_64 1588 instruction set for block cipher. Through two affine transforms, 1589 we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1590 effect of instruction acceleration. 1591 1592 If unsure, say N. 1593 1594 config CRYPTO_SM4_AESNI_AVX2_X86_64 1595 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" 1596 depends on X86 && 64BIT 1597 select CRYPTO_SKCIPHER 1598 select CRYPTO_SIMD 1599 select CRYPTO_ALGAPI 1600 select CRYPTO_LIB_SM4 1601 select CRYPTO_SM4_AESNI_AVX_X86_64 1602 help 1603 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). 1604 1605 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1606 Organization of State Commercial Administration of China (OSCCA) 1607 as an authorized cryptographic algorithms for the use within China. 1608 1609 This is SM4 optimized implementation using AES-NI/AVX2/x86_64 1610 instruction set for block cipher. Through two affine transforms, 1611 we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1612 effect of instruction acceleration. 1613 1614 If unsure, say N. 1615 1616 config CRYPTO_TEA 1617 tristate "TEA, XTEA and XETA cipher algorithms" 1618 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1619 select CRYPTO_ALGAPI 1620 help 1621 TEA cipher algorithm. 1622 1623 Tiny Encryption Algorithm is a simple cipher that uses 1624 many rounds for security. It is very fast and uses 1625 little memory. 1626 1627 Xtendend Tiny Encryption Algorithm is a modification to 1628 the TEA algorithm to address a potential key weakness 1629 in the TEA algorithm. 1630 1631 Xtendend Encryption Tiny Algorithm is a mis-implementation 1632 of the XTEA algorithm for compatibility purposes. 1633 1634 config CRYPTO_TWOFISH 1635 tristate "Twofish cipher algorithm" 1636 select CRYPTO_ALGAPI 1637 select CRYPTO_TWOFISH_COMMON 1638 help 1639 Twofish cipher algorithm. 1640 1641 Twofish was submitted as an AES (Advanced Encryption Standard) 1642 candidate cipher by researchers at CounterPane Systems. It is a 1643 16 round block cipher supporting key sizes of 128, 192, and 256 1644 bits. 1645 1646 See also: 1647 <https://www.schneier.com/twofish.html> 1648 1649 config CRYPTO_TWOFISH_COMMON 1650 tristate 1651 help 1652 Common parts of the Twofish cipher algorithm shared by the 1653 generic c and the assembler implementations. 1654 1655 config CRYPTO_TWOFISH_586 1656 tristate "Twofish cipher algorithms (i586)" 1657 depends on (X86 || UML_X86) && !64BIT 1658 select CRYPTO_ALGAPI 1659 select CRYPTO_TWOFISH_COMMON 1660 imply CRYPTO_CTR 1661 help 1662 Twofish cipher algorithm. 1663 1664 Twofish was submitted as an AES (Advanced Encryption Standard) 1665 candidate cipher by researchers at CounterPane Systems. It is a 1666 16 round block cipher supporting key sizes of 128, 192, and 256 1667 bits. 1668 1669 See also: 1670 <https://www.schneier.com/twofish.html> 1671 1672 config CRYPTO_TWOFISH_X86_64 1673 tristate "Twofish cipher algorithm (x86_64)" 1674 depends on (X86 || UML_X86) && 64BIT 1675 select CRYPTO_ALGAPI 1676 select CRYPTO_TWOFISH_COMMON 1677 imply CRYPTO_CTR 1678 help 1679 Twofish cipher algorithm (x86_64). 1680 1681 Twofish was submitted as an AES (Advanced Encryption Standard) 1682 candidate cipher by researchers at CounterPane Systems. It is a 1683 16 round block cipher supporting key sizes of 128, 192, and 256 1684 bits. 1685 1686 See also: 1687 <https://www.schneier.com/twofish.html> 1688 1689 config CRYPTO_TWOFISH_X86_64_3WAY 1690 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1691 depends on X86 && 64BIT 1692 select CRYPTO_SKCIPHER 1693 select CRYPTO_TWOFISH_COMMON 1694 select CRYPTO_TWOFISH_X86_64 1695 help 1696 Twofish cipher algorithm (x86_64, 3-way parallel). 1697 1698 Twofish was submitted as an AES (Advanced Encryption Standard) 1699 candidate cipher by researchers at CounterPane Systems. It is a 1700 16 round block cipher supporting key sizes of 128, 192, and 256 1701 bits. 1702 1703 This module provides Twofish cipher algorithm that processes three 1704 blocks parallel, utilizing resources of out-of-order CPUs better. 1705 1706 See also: 1707 <https://www.schneier.com/twofish.html> 1708 1709 config CRYPTO_TWOFISH_AVX_X86_64 1710 tristate "Twofish cipher algorithm (x86_64/AVX)" 1711 depends on X86 && 64BIT 1712 select CRYPTO_SKCIPHER 1713 select CRYPTO_SIMD 1714 select CRYPTO_TWOFISH_COMMON 1715 select CRYPTO_TWOFISH_X86_64 1716 select CRYPTO_TWOFISH_X86_64_3WAY 1717 imply CRYPTO_XTS 1718 help 1719 Twofish cipher algorithm (x86_64/AVX). 1720 1721 Twofish was submitted as an AES (Advanced Encryption Standard) 1722 candidate cipher by researchers at CounterPane Systems. It is a 1723 16 round block cipher supporting key sizes of 128, 192, and 256 1724 bits. 1725 1726 This module provides the Twofish cipher algorithm that processes 1727 eight blocks parallel using the AVX Instruction Set. 1728 1729 See also: 1730 <https://www.schneier.com/twofish.html> 1731 1732 comment "Compression" 1733 1734 config CRYPTO_DEFLATE 1735 tristate "Deflate compression algorithm" 1736 select CRYPTO_ALGAPI 1737 select CRYPTO_ACOMP2 1738 select ZLIB_INFLATE 1739 select ZLIB_DEFLATE 1740 help 1741 This is the Deflate algorithm (RFC1951), specified for use in 1742 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1743 1744 You will most probably want this if using IPSec. 1745 1746 config CRYPTO_LZO 1747 tristate "LZO compression algorithm" 1748 select CRYPTO_ALGAPI 1749 select CRYPTO_ACOMP2 1750 select LZO_COMPRESS 1751 select LZO_DECOMPRESS 1752 help 1753 This is the LZO algorithm. 1754 1755 config CRYPTO_842 1756 tristate "842 compression algorithm" 1757 select CRYPTO_ALGAPI 1758 select CRYPTO_ACOMP2 1759 select 842_COMPRESS 1760 select 842_DECOMPRESS 1761 help 1762 This is the 842 algorithm. 1763 1764 config CRYPTO_LZ4 1765 tristate "LZ4 compression algorithm" 1766 select CRYPTO_ALGAPI 1767 select CRYPTO_ACOMP2 1768 select LZ4_COMPRESS 1769 select LZ4_DECOMPRESS 1770 help 1771 This is the LZ4 algorithm. 1772 1773 config CRYPTO_LZ4HC 1774 tristate "LZ4HC compression algorithm" 1775 select CRYPTO_ALGAPI 1776 select CRYPTO_ACOMP2 1777 select LZ4HC_COMPRESS 1778 select LZ4_DECOMPRESS 1779 help 1780 This is the LZ4 high compression mode algorithm. 1781 1782 config CRYPTO_ZSTD 1783 tristate "Zstd compression algorithm" 1784 select CRYPTO_ALGAPI 1785 select CRYPTO_ACOMP2 1786 select ZSTD_COMPRESS 1787 select ZSTD_DECOMPRESS 1788 help 1789 This is the zstd algorithm. 1790 1791 comment "Random Number Generation" 1792 1793 config CRYPTO_ANSI_CPRNG 1794 tristate "Pseudo Random Number Generation for Cryptographic modules" 1795 select CRYPTO_AES 1796 select CRYPTO_RNG 1797 help 1798 This option enables the generic pseudo random number generator 1799 for cryptographic modules. Uses the Algorithm specified in 1800 ANSI X9.31 A.2.4. Note that this option must be enabled if 1801 CRYPTO_FIPS is selected 1802 1803 menuconfig CRYPTO_DRBG_MENU 1804 tristate "NIST SP800-90A DRBG" 1805 help 1806 NIST SP800-90A compliant DRBG. In the following submenu, one or 1807 more of the DRBG types must be selected. 1808 1809 if CRYPTO_DRBG_MENU 1810 1811 config CRYPTO_DRBG_HMAC 1812 bool 1813 default y 1814 select CRYPTO_HMAC 1815 select CRYPTO_SHA512 1816 1817 config CRYPTO_DRBG_HASH 1818 bool "Enable Hash DRBG" 1819 select CRYPTO_SHA256 1820 help 1821 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1822 1823 config CRYPTO_DRBG_CTR 1824 bool "Enable CTR DRBG" 1825 select CRYPTO_AES 1826 select CRYPTO_CTR 1827 help 1828 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1829 1830 config CRYPTO_DRBG 1831 tristate 1832 default CRYPTO_DRBG_MENU 1833 select CRYPTO_RNG 1834 select CRYPTO_JITTERENTROPY 1835 1836 endif # if CRYPTO_DRBG_MENU 1837 1838 config CRYPTO_JITTERENTROPY 1839 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1840 select CRYPTO_RNG 1841 help 1842 The Jitterentropy RNG is a noise that is intended 1843 to provide seed to another RNG. The RNG does not 1844 perform any cryptographic whitening of the generated 1845 random numbers. This Jitterentropy RNG registers with 1846 the kernel crypto API and can be used by any caller. 1847 1848 config CRYPTO_USER_API 1849 tristate 1850 1851 config CRYPTO_USER_API_HASH 1852 tristate "User-space interface for hash algorithms" 1853 depends on NET 1854 select CRYPTO_HASH 1855 select CRYPTO_USER_API 1856 help 1857 This option enables the user-spaces interface for hash 1858 algorithms. 1859 1860 config CRYPTO_USER_API_SKCIPHER 1861 tristate "User-space interface for symmetric key cipher algorithms" 1862 depends on NET 1863 select CRYPTO_SKCIPHER 1864 select CRYPTO_USER_API 1865 help 1866 This option enables the user-spaces interface for symmetric 1867 key cipher algorithms. 1868 1869 config CRYPTO_USER_API_RNG 1870 tristate "User-space interface for random number generator algorithms" 1871 depends on NET 1872 select CRYPTO_RNG 1873 select CRYPTO_USER_API 1874 help 1875 This option enables the user-spaces interface for random 1876 number generator algorithms. 1877 1878 config CRYPTO_USER_API_RNG_CAVP 1879 bool "Enable CAVP testing of DRBG" 1880 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1881 help 1882 This option enables extra API for CAVP testing via the user-space 1883 interface: resetting of DRBG entropy, and providing Additional Data. 1884 This should only be enabled for CAVP testing. You should say 1885 no unless you know what this is. 1886 1887 config CRYPTO_USER_API_AEAD 1888 tristate "User-space interface for AEAD cipher algorithms" 1889 depends on NET 1890 select CRYPTO_AEAD 1891 select CRYPTO_SKCIPHER 1892 select CRYPTO_NULL 1893 select CRYPTO_USER_API 1894 help 1895 This option enables the user-spaces interface for AEAD 1896 cipher algorithms. 1897 1898 config CRYPTO_USER_API_ENABLE_OBSOLETE 1899 bool "Enable obsolete cryptographic algorithms for userspace" 1900 depends on CRYPTO_USER_API 1901 default y 1902 help 1903 Allow obsolete cryptographic algorithms to be selected that have 1904 already been phased out from internal use by the kernel, and are 1905 only useful for userspace clients that still rely on them. 1906 1907 config CRYPTO_STATS 1908 bool "Crypto usage statistics for User-space" 1909 depends on CRYPTO_USER 1910 help 1911 This option enables the gathering of crypto stats. 1912 This will collect: 1913 - encrypt/decrypt size and numbers of symmeric operations 1914 - compress/decompress size and numbers of compress operations 1915 - size and numbers of hash operations 1916 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1917 - generate/seed numbers for rng operations 1918 1919 config CRYPTO_HASH_INFO 1920 bool 1921 1922 source "lib/crypto/Kconfig" 1923 source "drivers/crypto/Kconfig" 1924 source "crypto/asymmetric_keys/Kconfig" 1925 source "certs/Kconfig" 1926 1927 endif # if CRYPTO 1928