| blob | 74ae5f52b784053848c7d93acc663532a3e5cd42 |
1 # SPDX-License-Identifier: GPL-2.0
2 #
3 # Generic algorithms support
4 #
5 config XOR_BLOCKS
6 tristate
8 #
9 # async_tx api: hardware offloaded memory transfer/transform support
10 #
11 source "crypto/async_tx/Kconfig"
13 #
14 # Cryptographic API Configuration
15 #
16 menuconfig CRYPTO
17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS
19 help
20 This option provides the core Cryptographic API.
22 if CRYPTO
24 menu "Crypto core or helper"
26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES)
30 help
31 This option enables the fips boot option which is
32 required if you want the system to operate in a FIPS 200
33 certification. You should say no unless you know what
34 this is.
36 config CRYPTO_FIPS_NAME
37 string "FIPS Module Name"
38 default "Linux Kernel Cryptographic API"
39 depends on CRYPTO_FIPS
40 help
41 This option sets the FIPS Module name reported by the Crypto API via
42 the /proc/sys/crypto/fips_name file.
44 config CRYPTO_FIPS_CUSTOM_VERSION
45 bool "Use Custom FIPS Module Version"
46 depends on CRYPTO_FIPS
47 default n
49 config CRYPTO_FIPS_VERSION
50 string "FIPS Module Version"
51 default "(none)"
52 depends on CRYPTO_FIPS_CUSTOM_VERSION
53 help
54 This option provides the ability to override the FIPS Module Version.
55 By default the KERNELRELEASE value is used.
57 config CRYPTO_ALGAPI
58 tristate
59 select CRYPTO_ALGAPI2
60 help
61 This option provides the API for cryptographic algorithms.
63 config CRYPTO_ALGAPI2
64 tristate
66 config CRYPTO_AEAD
67 tristate
68 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI
71 config CRYPTO_AEAD2
72 tristate
73 select CRYPTO_ALGAPI2
75 config CRYPTO_SIG
76 tristate
77 select CRYPTO_SIG2
78 select CRYPTO_ALGAPI
80 config CRYPTO_SIG2
81 tristate
82 select CRYPTO_ALGAPI2
84 config CRYPTO_SKCIPHER
85 tristate
86 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI
88 select CRYPTO_ECB
90 config CRYPTO_SKCIPHER2
91 tristate
92 select CRYPTO_ALGAPI2
94 config CRYPTO_HASH
95 tristate
96 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI
99 config CRYPTO_HASH2
100 tristate
101 select CRYPTO_ALGAPI2
103 config CRYPTO_RNG
104 tristate
105 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI
108 config CRYPTO_RNG2
109 tristate
110 select CRYPTO_ALGAPI2
112 config CRYPTO_RNG_DEFAULT
113 tristate
114 select CRYPTO_DRBG_MENU
116 config CRYPTO_AKCIPHER2
117 tristate
118 select CRYPTO_ALGAPI2
120 config CRYPTO_AKCIPHER
121 tristate
122 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI
125 config CRYPTO_KPP2
126 tristate
127 select CRYPTO_ALGAPI2
129 config CRYPTO_KPP
130 tristate
131 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2
134 config CRYPTO_ACOMP2
135 tristate
136 select CRYPTO_ALGAPI2
137 select SGL_ALLOC
139 config CRYPTO_ACOMP
140 tristate
141 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2
144 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2
147 help
148 Create default cryptographic template instantiations such as
149 cbc(aes).
151 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2
154 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2
156 select CRYPTO_SIG2
157 select CRYPTO_HASH2
158 select CRYPTO_KPP2
159 select CRYPTO_RNG2
160 select CRYPTO_SKCIPHER2
162 config CRYPTO_USER
163 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET
165 select CRYPTO_MANAGER
166 help
167 Userspace configuration for cryptographic instantiations such as
168 cbc(aes).
170 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests"
172 default y
173 help
174 Disable run-time self tests that normally take place at
175 algorithm registration.
177 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180 help
181 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests.
184 This is intended for developer use only, as these tests take much
185 longer to run than the normal self tests.
187 config CRYPTO_NULL
188 tristate "Null algorithms"
189 select CRYPTO_NULL2
190 help
191 These are 'Null' algorithms, used by IPsec, which do nothing.
193 config CRYPTO_NULL2
194 tristate
195 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2
199 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine"
201 depends on SMP
202 select PADATA
203 select CRYPTO_MANAGER
204 select CRYPTO_AEAD
205 help
206 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel threads.
209 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH
213 select CRYPTO_MANAGER
214 help
215 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that executes in a kernel thread.
219 config CRYPTO_AUTHENC
220 tristate "Authenc support"
221 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER
224 select CRYPTO_HASH
225 select CRYPTO_NULL
226 help
227 Authenc: Combined mode wrapper for IPsec.
229 This is required for IPSec ESP (XFRM_ESP).
231 config CRYPTO_TEST
232 tristate "Testing module"
233 depends on m || EXPERT
234 select CRYPTO_MANAGER
235 help
236 Quick & dirty crypto test module.
238 config CRYPTO_SIMD
239 tristate
240 select CRYPTO_CRYPTD
242 config CRYPTO_ENGINE
243 tristate
245 endmenu
247 menu "Public-key cryptography"
249 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)"
251 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER
253 select CRYPTO_SIG
254 select MPILIB
255 select ASN1
256 help
257 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
259 config CRYPTO_DH
260 tristate "DH (Diffie-Hellman)"
261 select CRYPTO_KPP
262 select MPILIB
263 help
264 DH (Diffie-Hellman) key exchange algorithm
266 config CRYPTO_DH_RFC7919_GROUPS
267 bool "RFC 7919 FFDHE groups"
268 depends on CRYPTO_DH
269 select CRYPTO_RNG_DEFAULT
270 help
271 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
272 defined in RFC7919.
274 Support these finite-field groups in DH key exchanges:
275 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
277 If unsure, say N.
279 config CRYPTO_ECC
280 tristate
281 select CRYPTO_RNG_DEFAULT
283 config CRYPTO_ECDH
284 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
285 select CRYPTO_ECC
286 select CRYPTO_KPP
287 help
288 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
289 using curves P-192, P-256, and P-384 (FIPS 186)
291 config CRYPTO_ECDSA
292 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
293 select CRYPTO_ECC
294 select CRYPTO_SIG
295 select ASN1
296 help
297 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
298 ISO/IEC 14888-3)
299 using curves P-192, P-256, P-384 and P-521
301 Only signature verification is implemented.
303 config CRYPTO_ECRDSA
304 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
305 select CRYPTO_ECC
306 select CRYPTO_SIG
307 select CRYPTO_STREEBOG
308 select OID_REGISTRY
309 select ASN1
310 help
311 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
312 RFC 7091, ISO/IEC 14888-3)
314 One of the Russian cryptographic standard algorithms (called GOST
315 algorithms). Only signature verification is implemented.
317 config CRYPTO_CURVE25519
318 tristate "Curve25519"
319 select CRYPTO_KPP
320 select CRYPTO_LIB_CURVE25519_GENERIC
321 help
322 Curve25519 elliptic curve (RFC7748)
324 endmenu
326 menu "Block ciphers"
328 config CRYPTO_AES
329 tristate "AES (Advanced Encryption Standard)"
330 select CRYPTO_ALGAPI
331 select CRYPTO_LIB_AES
332 help
333 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
335 Rijndael appears to be consistently a very good performer in
336 both hardware and software across a wide range of computing
337 environments regardless of its use in feedback or non-feedback
338 modes. Its key setup time is excellent, and its key agility is
339 good. Rijndael's very low memory requirements make it very well
340 suited for restricted-space environments, in which it also
341 demonstrates excellent performance. Rijndael's operations are
342 among the easiest to defend against power and timing attacks.
344 The AES specifies three key sizes: 128, 192 and 256 bits
346 config CRYPTO_AES_TI
347 tristate "AES (Advanced Encryption Standard) (fixed time)"
348 select CRYPTO_ALGAPI
349 select CRYPTO_LIB_AES
350 help
351 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
353 This is a generic implementation of AES that attempts to eliminate
354 data dependent latencies as much as possible without affecting
355 performance too much. It is intended for use by the generic CCM
356 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
357 solely on encryption (although decryption is supported as well, but
358 with a more dramatic performance hit)
360 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
361 8 for decryption), this implementation only uses just two S-boxes of
362 256 bytes each, and attempts to eliminate data dependent latencies by
363 prefetching the entire table into the cache at the start of each
364 block. Interrupts are also disabled to avoid races where cachelines
365 are evicted when the CPU is interrupted to do something else.
367 config CRYPTO_ANUBIS
368 tristate "Anubis"
369 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
370 select CRYPTO_ALGAPI
371 help
372 Anubis cipher algorithm
374 Anubis is a variable key length cipher which can use keys from
375 128 bits to 320 bits in length. It was evaluated as a entrant
376 in the NESSIE competition.
378 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
379 for further information.
381 config CRYPTO_ARIA
382 tristate "ARIA"
383 select CRYPTO_ALGAPI
384 help
385 ARIA cipher algorithm (RFC5794)
387 ARIA is a standard encryption algorithm of the Republic of Korea.
388 The ARIA specifies three key sizes and rounds.
389 128-bit: 12 rounds.
390 192-bit: 14 rounds.
391 256-bit: 16 rounds.
393 See:
394 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
396 config CRYPTO_BLOWFISH
397 tristate "Blowfish"
398 select CRYPTO_ALGAPI
399 select CRYPTO_BLOWFISH_COMMON
400 help
401 Blowfish cipher algorithm, by Bruce Schneier
403 This is a variable key length cipher which can use keys from 32
404 bits to 448 bits in length. It's fast, simple and specifically
405 designed for use on "large microprocessors".
407 See https://www.schneier.com/blowfish.html for further information.
409 config CRYPTO_BLOWFISH_COMMON
410 tristate
411 help
412 Common parts of the Blowfish cipher algorithm shared by the
413 generic c and the assembler implementations.
415 config CRYPTO_CAMELLIA
416 tristate "Camellia"
417 select CRYPTO_ALGAPI
418 help
419 Camellia cipher algorithms (ISO/IEC 18033-3)
421 Camellia is a symmetric key block cipher developed jointly
422 at NTT and Mitsubishi Electric Corporation.
424 The Camellia specifies three key sizes: 128, 192 and 256 bits.
426 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
428 config CRYPTO_CAST_COMMON
429 tristate
430 help
431 Common parts of the CAST cipher algorithms shared by the
432 generic c and the assembler implementations.
434 config CRYPTO_CAST5
435 tristate "CAST5 (CAST-128)"
436 select CRYPTO_ALGAPI
437 select CRYPTO_CAST_COMMON
438 help
439 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
441 config CRYPTO_CAST6
442 tristate "CAST6 (CAST-256)"
443 select CRYPTO_ALGAPI
444 select CRYPTO_CAST_COMMON
445 help
446 CAST6 (CAST-256) encryption algorithm (RFC2612)
448 config CRYPTO_DES
449 tristate "DES and Triple DES EDE"
450 select CRYPTO_ALGAPI
451 select CRYPTO_LIB_DES
452 help
453 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
454 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
455 cipher algorithms
457 config CRYPTO_FCRYPT
458 tristate "FCrypt"
459 select CRYPTO_ALGAPI
460 select CRYPTO_SKCIPHER
461 help
462 FCrypt algorithm used by RxRPC
464 See https://ota.polyonymo.us/fcrypt-paper.txt
466 config CRYPTO_KHAZAD
467 tristate "Khazad"
468 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
469 select CRYPTO_ALGAPI
470 help
471 Khazad cipher algorithm
473 Khazad was a finalist in the initial NESSIE competition. It is
474 an algorithm optimized for 64-bit processors with good performance
475 on 32-bit processors. Khazad uses an 128 bit key size.
477 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
478 for further information.
480 config CRYPTO_SEED
481 tristate "SEED"
482 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
483 select CRYPTO_ALGAPI
484 help
485 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
487 SEED is a 128-bit symmetric key block cipher that has been
488 developed by KISA (Korea Information Security Agency) as a
489 national standard encryption algorithm of the Republic of Korea.
490 It is a 16 round block cipher with the key size of 128 bit.
492 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
493 for further information.
495 config CRYPTO_SERPENT
496 tristate "Serpent"
497 select CRYPTO_ALGAPI
498 help
499 Serpent cipher algorithm, by Anderson, Biham & Knudsen
501 Keys are allowed to be from 0 to 256 bits in length, in steps
502 of 8 bits.
504 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
506 config CRYPTO_SM4
507 tristate
509 config CRYPTO_SM4_GENERIC
510 tristate "SM4 (ShangMi 4)"
511 select CRYPTO_ALGAPI
512 select CRYPTO_SM4
513 help
514 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
515 ISO/IEC 18033-3:2010/Amd 1:2021)
517 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
518 Organization of State Commercial Administration of China (OSCCA)
519 as an authorized cryptographic algorithms for the use within China.
521 SMS4 was originally created for use in protecting wireless
522 networks, and is mandated in the Chinese National Standard for
523 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
524 (GB.15629.11-2003).
526 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
527 standardized through TC 260 of the Standardization Administration
528 of the People's Republic of China (SAC).
530 The input, output, and key of SMS4 are each 128 bits.
532 See https://eprint.iacr.org/2008/329.pdf for further information.
534 If unsure, say N.
536 config CRYPTO_TEA
537 tristate "TEA, XTEA and XETA"
538 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
539 select CRYPTO_ALGAPI
540 help
541 TEA (Tiny Encryption Algorithm) cipher algorithms
543 Tiny Encryption Algorithm is a simple cipher that uses
544 many rounds for security. It is very fast and uses
545 little memory.
547 Xtendend Tiny Encryption Algorithm is a modification to
548 the TEA algorithm to address a potential key weakness
549 in the TEA algorithm.
551 Xtendend Encryption Tiny Algorithm is a mis-implementation
552 of the XTEA algorithm for compatibility purposes.
554 config CRYPTO_TWOFISH
555 tristate "Twofish"
556 select CRYPTO_ALGAPI
557 select CRYPTO_TWOFISH_COMMON
558 help
559 Twofish cipher algorithm
561 Twofish was submitted as an AES (Advanced Encryption Standard)
562 candidate cipher by researchers at CounterPane Systems. It is a
563 16 round block cipher supporting key sizes of 128, 192, and 256
564 bits.
566 See https://www.schneier.com/twofish.html for further information.
568 config CRYPTO_TWOFISH_COMMON
569 tristate
570 help
571 Common parts of the Twofish cipher algorithm shared by the
572 generic c and the assembler implementations.
574 endmenu
576 menu "Length-preserving ciphers and modes"
578 config CRYPTO_ADIANTUM
579 tristate "Adiantum"
580 select CRYPTO_CHACHA20
581 select CRYPTO_LIB_POLY1305_GENERIC
582 select CRYPTO_NHPOLY1305
583 select CRYPTO_MANAGER
584 help
585 Adiantum tweakable, length-preserving encryption mode
587 Designed for fast and secure disk encryption, especially on
588 CPUs without dedicated crypto instructions. It encrypts
589 each sector using the XChaCha12 stream cipher, two passes of
590 an ε-almost-∆-universal hash function, and an invocation of
591 the AES-256 block cipher on a single 16-byte block. On CPUs
592 without AES instructions, Adiantum is much faster than
593 AES-XTS.
595 Adiantum's security is provably reducible to that of its
596 underlying stream and block ciphers, subject to a security
597 bound. Unlike XTS, Adiantum is a true wide-block encryption
598 mode, so it actually provides an even stronger notion of
599 security than XTS, subject to the security bound.
601 If unsure, say N.
603 config CRYPTO_ARC4
604 tristate "ARC4 (Alleged Rivest Cipher 4)"
605 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
606 select CRYPTO_SKCIPHER
607 select CRYPTO_LIB_ARC4
608 help
609 ARC4 cipher algorithm
611 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
612 bits in length. This algorithm is required for driver-based
613 WEP, but it should not be for other purposes because of the
614 weakness of the algorithm.
616 config CRYPTO_CHACHA20
617 tristate "ChaCha"
618 select CRYPTO_LIB_CHACHA_GENERIC
619 select CRYPTO_SKCIPHER
620 help
621 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
623 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
624 Bernstein and further specified in RFC7539 for use in IETF protocols.
625 This is the portable C implementation of ChaCha20. See
626 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
628 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
629 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
630 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
631 while provably retaining ChaCha20's security. See
632 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
634 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
635 reduced security margin but increased performance. It can be needed
636 in some performance-sensitive scenarios.
638 config CRYPTO_CBC
639 tristate "CBC (Cipher Block Chaining)"
640 select CRYPTO_SKCIPHER
641 select CRYPTO_MANAGER
642 help
643 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
645 This block cipher mode is required for IPSec ESP (XFRM_ESP).
647 config CRYPTO_CTR
648 tristate "CTR (Counter)"
649 select CRYPTO_SKCIPHER
650 select CRYPTO_MANAGER
651 help
652 CTR (Counter) mode (NIST SP800-38A)
654 config CRYPTO_CTS
655 tristate "CTS (Cipher Text Stealing)"
656 select CRYPTO_SKCIPHER
657 select CRYPTO_MANAGER
658 help
659 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
660 Addendum to SP800-38A (October 2010))
662 This mode is required for Kerberos gss mechanism support
663 for AES encryption.
665 config CRYPTO_ECB
666 tristate "ECB (Electronic Codebook)"
667 select CRYPTO_SKCIPHER2
668 select CRYPTO_MANAGER
669 help
670 ECB (Electronic Codebook) mode (NIST SP800-38A)
672 config CRYPTO_HCTR2
673 tristate "HCTR2"
674 select CRYPTO_XCTR
675 select CRYPTO_POLYVAL
676 select CRYPTO_MANAGER
677 help
678 HCTR2 length-preserving encryption mode
680 A mode for storage encryption that is efficient on processors with
681 instructions to accelerate AES and carryless multiplication, e.g.
682 x86 processors with AES-NI and CLMUL, and ARM processors with the
683 ARMv8 crypto extensions.
685 See https://eprint.iacr.org/2021/1441
687 config CRYPTO_LRW
688 tristate "LRW (Liskov Rivest Wagner)"
689 select CRYPTO_LIB_GF128MUL
690 select CRYPTO_SKCIPHER
691 select CRYPTO_MANAGER
692 select CRYPTO_ECB
693 help
694 LRW (Liskov Rivest Wagner) mode
696 A tweakable, non malleable, non movable
697 narrow block cipher mode for dm-crypt. Use it with cipher
698 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
699 The first 128, 192 or 256 bits in the key are used for AES and the
700 rest is used to tie each cipher block to its logical position.
702 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
704 config CRYPTO_PCBC
705 tristate "PCBC (Propagating Cipher Block Chaining)"
706 select CRYPTO_SKCIPHER
707 select CRYPTO_MANAGER
708 help
709 PCBC (Propagating Cipher Block Chaining) mode
711 This block cipher mode is required for RxRPC.
713 config CRYPTO_XCTR
714 tristate
715 select CRYPTO_SKCIPHER
716 select CRYPTO_MANAGER
717 help
718 XCTR (XOR Counter) mode for HCTR2
720 This blockcipher mode is a variant of CTR mode using XORs and little-endian
721 addition rather than big-endian arithmetic.
723 XCTR mode is used to implement HCTR2.
725 config CRYPTO_XTS
726 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
727 select CRYPTO_SKCIPHER
728 select CRYPTO_MANAGER
729 select CRYPTO_ECB
730 help
731 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
732 and IEEE 1619)
734 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
735 implementation currently can't handle a sectorsize which is not a
736 multiple of 16 bytes.
738 config CRYPTO_NHPOLY1305
739 tristate
740 select CRYPTO_HASH
741 select CRYPTO_LIB_POLY1305_GENERIC
743 endmenu
745 menu "AEAD (authenticated encryption with associated data) ciphers"
747 config CRYPTO_AEGIS128
748 tristate "AEGIS-128"
749 select CRYPTO_AEAD
750 select CRYPTO_AES # for AES S-box tables
751 help
752 AEGIS-128 AEAD algorithm
754 config CRYPTO_AEGIS128_SIMD
755 bool "AEGIS-128 (arm NEON, arm64 NEON)"
756 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
757 default y
758 help
759 AEGIS-128 AEAD algorithm
761 Architecture: arm or arm64 using:
762 - NEON (Advanced SIMD) extension
764 config CRYPTO_CHACHA20POLY1305
765 tristate "ChaCha20-Poly1305"
766 select CRYPTO_CHACHA20
767 select CRYPTO_POLY1305
768 select CRYPTO_AEAD
769 select CRYPTO_MANAGER
770 help
771 ChaCha20 stream cipher and Poly1305 authenticator combined
772 mode (RFC8439)
774 config CRYPTO_CCM
775 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
776 select CRYPTO_CTR
777 select CRYPTO_HASH
778 select CRYPTO_AEAD
779 select CRYPTO_MANAGER
780 help
781 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
782 authenticated encryption mode (NIST SP800-38C)
784 config CRYPTO_GCM
785 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
786 select CRYPTO_CTR
787 select CRYPTO_AEAD
788 select CRYPTO_GHASH
789 select CRYPTO_NULL
790 select CRYPTO_MANAGER
791 help
792 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
793 (GCM Message Authentication Code) (NIST SP800-38D)
795 This is required for IPSec ESP (XFRM_ESP).
797 config CRYPTO_GENIV
798 tristate
799 select CRYPTO_AEAD
800 select CRYPTO_NULL
801 select CRYPTO_MANAGER
802 select CRYPTO_RNG_DEFAULT
804 config CRYPTO_SEQIV
805 tristate "Sequence Number IV Generator"
806 select CRYPTO_GENIV
807 help
808 Sequence Number IV generator
810 This IV generator generates an IV based on a sequence number by
811 xoring it with a salt. This algorithm is mainly useful for CTR.
813 This is required for IPsec ESP (XFRM_ESP).
815 config CRYPTO_ECHAINIV
816 tristate "Encrypted Chain IV Generator"
817 select CRYPTO_GENIV
818 help
819 Encrypted Chain IV generator
821 This IV generator generates an IV based on the encryption of
822 a sequence number xored with a salt. This is the default
823 algorithm for CBC.
825 config CRYPTO_ESSIV
826 tristate "Encrypted Salt-Sector IV Generator"
827 select CRYPTO_AUTHENC
828 help
829 Encrypted Salt-Sector IV generator
831 This IV generator is used in some cases by fscrypt and/or
832 dm-crypt. It uses the hash of the block encryption key as the
833 symmetric key for a block encryption pass applied to the input
834 IV, making low entropy IV sources more suitable for block
835 encryption.
837 This driver implements a crypto API template that can be
838 instantiated either as an skcipher or as an AEAD (depending on the
839 type of the first template argument), and which defers encryption
840 and decryption requests to the encapsulated cipher after applying
841 ESSIV to the input IV. Note that in the AEAD case, it is assumed
842 that the keys are presented in the same format used by the authenc
843 template, and that the IV appears at the end of the authenticated
844 associated data (AAD) region (which is how dm-crypt uses it.)
846 Note that the use of ESSIV is not recommended for new deployments,
847 and so this only needs to be enabled when interoperability with
848 existing encrypted volumes of filesystems is required, or when
849 building for a particular system that requires it (e.g., when
850 the SoC in question has accelerated CBC but not XTS, making CBC
851 combined with ESSIV the only feasible mode for h/w accelerated
852 block encryption)
854 endmenu
856 menu "Hashes, digests, and MACs"
858 config CRYPTO_BLAKE2B
859 tristate "BLAKE2b"
860 select CRYPTO_HASH
861 help
862 BLAKE2b cryptographic hash function (RFC 7693)
864 BLAKE2b is optimized for 64-bit platforms and can produce digests
865 of any size between 1 and 64 bytes. The keyed hash is also implemented.
867 This module provides the following algorithms:
868 - blake2b-160
869 - blake2b-256
870 - blake2b-384
871 - blake2b-512
873 Used by the btrfs filesystem.
875 See https://blake2.net for further information.
877 config CRYPTO_CMAC
878 tristate "CMAC (Cipher-based MAC)"
879 select CRYPTO_HASH
880 select CRYPTO_MANAGER
881 help
882 CMAC (Cipher-based Message Authentication Code) authentication
883 mode (NIST SP800-38B and IETF RFC4493)
885 config CRYPTO_GHASH
886 tristate "GHASH"
887 select CRYPTO_HASH
888 select CRYPTO_LIB_GF128MUL
889 help
890 GCM GHASH function (NIST SP800-38D)
892 config CRYPTO_HMAC
893 tristate "HMAC (Keyed-Hash MAC)"
894 select CRYPTO_HASH
895 select CRYPTO_MANAGER
896 help
897 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
898 RFC2104)
900 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
902 config CRYPTO_MD4
903 tristate "MD4"
904 select CRYPTO_HASH
905 help
906 MD4 message digest algorithm (RFC1320)
908 config CRYPTO_MD5
909 tristate "MD5"
910 select CRYPTO_HASH
911 help
912 MD5 message digest algorithm (RFC1321)
914 config CRYPTO_MICHAEL_MIC
915 tristate "Michael MIC"
916 select CRYPTO_HASH
917 help
918 Michael MIC (Message Integrity Code) (IEEE 802.11i)
920 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
921 known as WPA (Wif-Fi Protected Access).
923 This algorithm is required for TKIP, but it should not be used for
924 other purposes because of the weakness of the algorithm.
926 config CRYPTO_POLYVAL
927 tristate
928 select CRYPTO_HASH
929 select CRYPTO_LIB_GF128MUL
930 help
931 POLYVAL hash function for HCTR2
933 This is used in HCTR2. It is not a general-purpose
934 cryptographic hash function.
936 config CRYPTO_POLY1305
937 tristate "Poly1305"
938 select CRYPTO_HASH
939 select CRYPTO_LIB_POLY1305_GENERIC
940 help
941 Poly1305 authenticator algorithm (RFC7539)
943 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
944 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
945 in IETF protocols. This is the portable C implementation of Poly1305.
947 config CRYPTO_RMD160
948 tristate "RIPEMD-160"
949 select CRYPTO_HASH
950 help
951 RIPEMD-160 hash function (ISO/IEC 10118-3)
953 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
954 to be used as a secure replacement for the 128-bit hash functions
955 MD4, MD5 and its predecessor RIPEMD
956 (not to be confused with RIPEMD-128).
958 Its speed is comparable to SHA-1 and there are no known attacks
959 against RIPEMD-160.
961 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
962 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
963 for further information.
965 config CRYPTO_SHA1
966 tristate "SHA-1"
967 select CRYPTO_HASH
968 select CRYPTO_LIB_SHA1
969 help
970 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
972 config CRYPTO_SHA256
973 tristate "SHA-224 and SHA-256"
974 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA256
976 help
977 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
979 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
980 Used by the btrfs filesystem, Ceph, NFS, and SMB.
982 config CRYPTO_SHA512
983 tristate "SHA-384 and SHA-512"
984 select CRYPTO_HASH
985 help
986 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
988 config CRYPTO_SHA3
989 tristate "SHA-3"
990 select CRYPTO_HASH
991 help
992 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
994 config CRYPTO_SM3
995 tristate
997 config CRYPTO_SM3_GENERIC
998 tristate "SM3 (ShangMi 3)"
999 select CRYPTO_HASH
1000 select CRYPTO_SM3
1001 help
1002 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1004 This is part of the Chinese Commercial Cryptography suite.
1006 References:
1007 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1008 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1010 config CRYPTO_STREEBOG
1011 tristate "Streebog"
1012 select CRYPTO_HASH
1013 help
1014 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1016 This is one of the Russian cryptographic standard algorithms (called
1017 GOST algorithms). This setting enables two hash algorithms with
1018 256 and 512 bits output.
1020 References:
1021 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1022 https://tools.ietf.org/html/rfc6986
1024 config CRYPTO_WP512
1025 tristate "Whirlpool"
1026 select CRYPTO_HASH
1027 help
1028 Whirlpool hash function (ISO/IEC 10118-3)
1030 512, 384 and 256-bit hashes.
1032 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1034 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
1035 for further information.
1037 config CRYPTO_XCBC
1038 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1039 select CRYPTO_HASH
1040 select CRYPTO_MANAGER
1041 help
1042 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1043 Code) (RFC3566)
1045 config CRYPTO_XXHASH
1046 tristate "xxHash"
1047 select CRYPTO_HASH
1048 select XXHASH
1049 help
1050 xxHash non-cryptographic hash algorithm
1052 Extremely fast, working at speeds close to RAM limits.
1054 Used by the btrfs filesystem.
1056 endmenu
1058 menu "CRCs (cyclic redundancy checks)"
1060 config CRYPTO_CRC32C
1061 tristate "CRC32c"
1062 select CRYPTO_HASH
1063 select CRC32
1064 help
1065 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
1067 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1068 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
1069 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1070 on Communications, Vol. 41, No. 6, June 1993, selected for use with
1071 iSCSI.
1073 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
1075 config CRYPTO_CRC32
1076 tristate "CRC32"
1077 select CRYPTO_HASH
1078 select CRC32
1079 help
1080 CRC32 CRC algorithm (IEEE 802.3)
1082 Used by RoCEv2 and f2fs.
1084 config CRYPTO_CRCT10DIF
1085 tristate "CRCT10DIF"
1086 select CRYPTO_HASH
1087 select CRC_T10DIF
1088 help
1089 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
1091 CRC algorithm used by the SCSI Block Commands standard.
1093 config CRYPTO_CRC64_ROCKSOFT
1094 tristate "CRC64 based on Rocksoft Model algorithm"
1095 depends on CRC64
1096 select CRYPTO_HASH
1097 help
1098 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
1100 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
1102 See https://zlib.net/crc_v3.txt
1104 endmenu
1106 menu "Compression"
1108 config CRYPTO_DEFLATE
1109 tristate "Deflate"
1110 select CRYPTO_ALGAPI
1111 select CRYPTO_ACOMP2
1112 select ZLIB_INFLATE
1113 select ZLIB_DEFLATE
1114 help
1115 Deflate compression algorithm (RFC1951)
1117 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
1119 config CRYPTO_LZO
1120 tristate "LZO"
1121 select CRYPTO_ALGAPI
1122 select CRYPTO_ACOMP2
1123 select LZO_COMPRESS
1124 select LZO_DECOMPRESS
1125 help
1126 LZO compression algorithm
1128 See https://www.oberhumer.com/opensource/lzo/ for further information.
1130 config CRYPTO_842
1131 tristate "842"
1132 select CRYPTO_ALGAPI
1133 select CRYPTO_ACOMP2
1134 select 842_COMPRESS
1135 select 842_DECOMPRESS
1136 help
1137 842 compression algorithm by IBM
1139 See https://github.com/plauth/lib842 for further information.
1141 config CRYPTO_LZ4
1142 tristate "LZ4"
1143 select CRYPTO_ALGAPI
1144 select CRYPTO_ACOMP2
1145 select LZ4_COMPRESS
1146 select LZ4_DECOMPRESS
1147 help
1148 LZ4 compression algorithm
1150 See https://github.com/lz4/lz4 for further information.
1152 config CRYPTO_LZ4HC
1153 tristate "LZ4HC"
1154 select CRYPTO_ALGAPI
1155 select CRYPTO_ACOMP2
1156 select LZ4HC_COMPRESS
1157 select LZ4_DECOMPRESS
1158 help
1159 LZ4 high compression mode algorithm
1161 See https://github.com/lz4/lz4 for further information.
1163 config CRYPTO_ZSTD
1164 tristate "Zstd"
1165 select CRYPTO_ALGAPI
1166 select CRYPTO_ACOMP2
1167 select ZSTD_COMPRESS
1168 select ZSTD_DECOMPRESS
1169 help
1170 zstd compression algorithm
1172 See https://github.com/facebook/zstd for further information.
1174 endmenu
1176 menu "Random number generation"
1178 config CRYPTO_ANSI_CPRNG
1179 tristate "ANSI PRNG (Pseudo Random Number Generator)"
1180 select CRYPTO_AES
1181 select CRYPTO_RNG
1182 help
1183 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1185 This uses the AES cipher algorithm.
1187 Note that this option must be enabled if CRYPTO_FIPS is selected
1189 menuconfig CRYPTO_DRBG_MENU
1190 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1191 help
1192 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1194 In the following submenu, one or more of the DRBG types must be selected.
1196 if CRYPTO_DRBG_MENU
1198 config CRYPTO_DRBG_HMAC
1199 bool
1200 default y
1201 select CRYPTO_HMAC
1202 select CRYPTO_SHA512
1204 config CRYPTO_DRBG_HASH
1205 bool "Hash_DRBG"
1206 select CRYPTO_SHA256
1207 help
1208 Hash_DRBG variant as defined in NIST SP800-90A.
1210 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1212 config CRYPTO_DRBG_CTR
1213 bool "CTR_DRBG"
1214 select CRYPTO_AES
1215 select CRYPTO_CTR
1216 help
1217 CTR_DRBG variant as defined in NIST SP800-90A.
1219 This uses the AES cipher algorithm with the counter block mode.
1221 config CRYPTO_DRBG
1222 tristate
1223 default CRYPTO_DRBG_MENU
1224 select CRYPTO_RNG
1225 select CRYPTO_JITTERENTROPY
1227 endif # if CRYPTO_DRBG_MENU
1229 config CRYPTO_JITTERENTROPY
1230 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1231 select CRYPTO_RNG
1232 select CRYPTO_SHA3
1233 help
1234 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1236 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1237 compliant with NIST SP800-90B) intended to provide a seed to a
1238 deterministic RNG (e.g., per NIST SP800-90C).
1239 This RNG does not perform any cryptographic whitening of the generated
1240 random numbers.
1242 See https://www.chronox.de/jent/
1244 if CRYPTO_JITTERENTROPY
1245 if CRYPTO_FIPS && EXPERT
1247 choice
1248 prompt "CPU Jitter RNG Memory Size"
1249 default CRYPTO_JITTERENTROPY_MEMSIZE_2
1250 help
1251 The Jitter RNG measures the execution time of memory accesses.
1252 Multiple consecutive memory accesses are performed. If the memory
1253 size fits into a cache (e.g. L1), only the memory access timing
1254 to that cache is measured. The closer the cache is to the CPU
1255 the less variations are measured and thus the less entropy is
1256 obtained. Thus, if the memory size fits into the L1 cache, the
1257 obtained entropy is less than if the memory size fits within
1258 L1 + L2, which in turn is less if the memory fits into
1259 L1 + L2 + L3. Thus, by selecting a different memory size,
1260 the entropy rate produced by the Jitter RNG can be modified.
1262 config CRYPTO_JITTERENTROPY_MEMSIZE_2
1263 bool "2048 Bytes (default)"
1265 config CRYPTO_JITTERENTROPY_MEMSIZE_128
1266 bool "128 kBytes"
1268 config CRYPTO_JITTERENTROPY_MEMSIZE_1024
1269 bool "1024 kBytes"
1271 config CRYPTO_JITTERENTROPY_MEMSIZE_8192
1272 bool "8192 kBytes"
1273 endchoice
1275 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1276 int
1277 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1278 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1279 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1280 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1282 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1283 int
1284 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1285 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1286 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1287 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1289 config CRYPTO_JITTERENTROPY_OSR
1290 int "CPU Jitter RNG Oversampling Rate"
1291 range 1 15
1292 default 3
1293 help
1294 The Jitter RNG allows the specification of an oversampling rate (OSR).
1295 The Jitter RNG operation requires a fixed amount of timing
1296 measurements to produce one output block of random numbers. The
1297 OSR value is multiplied with the amount of timing measurements to
1298 generate one output block. Thus, the timing measurement is oversampled
1299 by the OSR factor. The oversampling allows the Jitter RNG to operate
1300 on hardware whose timers deliver limited amount of entropy (e.g.
1301 the timer is coarse) by setting the OSR to a higher value. The
1302 trade-off, however, is that the Jitter RNG now requires more time
1303 to generate random numbers.
1305 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1306 bool "CPU Jitter RNG Test Interface"
1307 help
1308 The test interface allows a privileged process to capture
1309 the raw unconditioned high resolution time stamp noise that
1310 is collected by the Jitter RNG for statistical analysis. As
1311 this data is used at the same time to generate random bits,
1312 the Jitter RNG operates in an insecure mode as long as the
1313 recording is enabled. This interface therefore is only
1314 intended for testing purposes and is not suitable for
1315 production systems.
1317 The raw noise data can be obtained using the jent_raw_hires
1318 debugfs file. Using the option
1319 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of
1320 the first 1000 entropy events since boot can be sampled.
1322 If unsure, select N.
1324 endif # if CRYPTO_FIPS && EXPERT
1326 if !(CRYPTO_FIPS && EXPERT)
1328 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1329 int
1330 default 64
1332 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1333 int
1334 default 32
1336 config CRYPTO_JITTERENTROPY_OSR
1337 int
1338 default 1
1340 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1341 bool
1343 endif # if !(CRYPTO_FIPS && EXPERT)
1344 endif # if CRYPTO_JITTERENTROPY
1346 config CRYPTO_KDF800108_CTR
1347 tristate
1348 select CRYPTO_HMAC
1349 select CRYPTO_SHA256
1351 endmenu
1352 menu "Userspace interface"
1354 config CRYPTO_USER_API
1355 tristate
1357 config CRYPTO_USER_API_HASH
1358 tristate "Hash algorithms"
1359 depends on NET
1360 select CRYPTO_HASH
1361 select CRYPTO_USER_API
1362 help
1363 Enable the userspace interface for hash algorithms.
1365 See Documentation/crypto/userspace-if.rst and
1366 https://www.chronox.de/libkcapi/html/index.html
1368 config CRYPTO_USER_API_SKCIPHER
1369 tristate "Symmetric key cipher algorithms"
1370 depends on NET
1371 select CRYPTO_SKCIPHER
1372 select CRYPTO_USER_API
1373 help
1374 Enable the userspace interface for symmetric key cipher algorithms.
1376 See Documentation/crypto/userspace-if.rst and
1377 https://www.chronox.de/libkcapi/html/index.html
1379 config CRYPTO_USER_API_RNG
1380 tristate "RNG (random number generator) algorithms"
1381 depends on NET
1382 select CRYPTO_RNG
1383 select CRYPTO_USER_API
1384 help
1385 Enable the userspace interface for RNG (random number generator)
1386 algorithms.
1388 See Documentation/crypto/userspace-if.rst and
1389 https://www.chronox.de/libkcapi/html/index.html
1391 config CRYPTO_USER_API_RNG_CAVP
1392 bool "Enable CAVP testing of DRBG"
1393 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1394 help
1395 Enable extra APIs in the userspace interface for NIST CAVP
1396 (Cryptographic Algorithm Validation Program) testing:
1397 - resetting DRBG entropy
1398 - providing Additional Data
1400 This should only be enabled for CAVP testing. You should say
1401 no unless you know what this is.
1403 config CRYPTO_USER_API_AEAD
1404 tristate "AEAD cipher algorithms"
1405 depends on NET
1406 select CRYPTO_AEAD
1407 select CRYPTO_SKCIPHER
1408 select CRYPTO_NULL
1409 select CRYPTO_USER_API
1410 help
1411 Enable the userspace interface for AEAD cipher algorithms.
1413 See Documentation/crypto/userspace-if.rst and
1414 https://www.chronox.de/libkcapi/html/index.html
1416 config CRYPTO_USER_API_ENABLE_OBSOLETE
1417 bool "Obsolete cryptographic algorithms"
1418 depends on CRYPTO_USER_API
1419 default y
1420 help
1421 Allow obsolete cryptographic algorithms to be selected that have
1422 already been phased out from internal use by the kernel, and are
1423 only useful for userspace clients that still rely on them.
1425 endmenu
1427 config CRYPTO_HASH_INFO
1428 bool
1430 if !KMSAN # avoid false positives from assembly
1431 if ARM
1432 source "arch/arm/crypto/Kconfig"
1433 endif
1434 if ARM64
1435 source "arch/arm64/crypto/Kconfig"
1436 endif
1437 if LOONGARCH
1438 source "arch/loongarch/crypto/Kconfig"
1439 endif
1440 if MIPS
1441 source "arch/mips/crypto/Kconfig"
1442 endif
1443 if PPC
1444 source "arch/powerpc/crypto/Kconfig"
1445 endif
1446 if RISCV
1447 source "arch/riscv/crypto/Kconfig"
1448 endif
1449 if S390
1450 source "arch/s390/crypto/Kconfig"
1451 endif
1452 if SPARC
1453 source "arch/sparc/crypto/Kconfig"
1454 endif
1455 if X86
1456 source "arch/x86/crypto/Kconfig"
1457 endif
1458 endif
1460 source "drivers/crypto/Kconfig"
1461 source "crypto/asymmetric_keys/Kconfig"
1462 source "certs/Kconfig"
1464 endif # if CRYPTO