brintos

brintos / linux-shallow public Read only

0
0
Text · 38.8 KiB · a779cab Raw
1481 lines · plain
1# SPDX-License-Identifier: GPL-2.02#3# Generic algorithms support4#5config XOR_BLOCKS6	tristate7 8#9# async_tx api: hardware offloaded memory transfer/transform support10#11source "crypto/async_tx/Kconfig"12 13#14# Cryptographic API Configuration15#16menuconfig CRYPTO17	tristate "Cryptographic API"18	select CRYPTO_LIB_UTILS19	help20	  This option provides the core Cryptographic API.21 22if CRYPTO23 24menu "Crypto core or helper"25 26config CRYPTO_FIPS27	bool "FIPS 200 compliance"28	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS29	depends on (MODULE_SIG || !MODULES)30	help31	  This option enables the fips boot option which is32	  required if you want the system to operate in a FIPS 20033	  certification.  You should say no unless you know what34	  this is.35 36config CRYPTO_FIPS_NAME37	string "FIPS Module Name"38	default "Linux Kernel Cryptographic API"39	depends on CRYPTO_FIPS40	help41	  This option sets the FIPS Module name reported by the Crypto API via42	  the /proc/sys/crypto/fips_name file.43 44config CRYPTO_FIPS_CUSTOM_VERSION45	bool "Use Custom FIPS Module Version"46	depends on CRYPTO_FIPS47	default n48 49config CRYPTO_FIPS_VERSION50	string "FIPS Module Version"51	default "(none)"52	depends on CRYPTO_FIPS_CUSTOM_VERSION53	help54	  This option provides the ability to override the FIPS Module Version.55	  By default the KERNELRELEASE value is used.56 57config CRYPTO_ALGAPI58	tristate59	select CRYPTO_ALGAPI260	help61	  This option provides the API for cryptographic algorithms.62 63config CRYPTO_ALGAPI264	tristate65 66config CRYPTO_AEAD67	tristate68	select CRYPTO_AEAD269	select CRYPTO_ALGAPI70 71config CRYPTO_AEAD272	tristate73	select CRYPTO_ALGAPI274 75config CRYPTO_SIG76	tristate77	select CRYPTO_SIG278	select CRYPTO_ALGAPI79 80config CRYPTO_SIG281	tristate82	select CRYPTO_ALGAPI283 84config CRYPTO_SKCIPHER85	tristate86	select CRYPTO_SKCIPHER287	select CRYPTO_ALGAPI88	select CRYPTO_ECB89 90config CRYPTO_SKCIPHER291	tristate92	select CRYPTO_ALGAPI293 94config CRYPTO_HASH95	tristate96	select CRYPTO_HASH297	select CRYPTO_ALGAPI98 99config CRYPTO_HASH2100	tristate101	select CRYPTO_ALGAPI2102 103config CRYPTO_RNG104	tristate105	select CRYPTO_RNG2106	select CRYPTO_ALGAPI107 108config CRYPTO_RNG2109	tristate110	select CRYPTO_ALGAPI2111 112config CRYPTO_RNG_DEFAULT113	tristate114	select CRYPTO_DRBG_MENU115 116config CRYPTO_AKCIPHER2117	tristate118	select CRYPTO_ALGAPI2119 120config CRYPTO_AKCIPHER121	tristate122	select CRYPTO_AKCIPHER2123	select CRYPTO_ALGAPI124 125config CRYPTO_KPP2126	tristate127	select CRYPTO_ALGAPI2128 129config CRYPTO_KPP130	tristate131	select CRYPTO_ALGAPI132	select CRYPTO_KPP2133 134config CRYPTO_ACOMP2135	tristate136	select CRYPTO_ALGAPI2137	select SGL_ALLOC138 139config CRYPTO_ACOMP140	tristate141	select CRYPTO_ALGAPI142	select CRYPTO_ACOMP2143 144config CRYPTO_MANAGER145	tristate "Cryptographic algorithm manager"146	select CRYPTO_MANAGER2147	help148	  Create default cryptographic template instantiations such as149	  cbc(aes).150 151config CRYPTO_MANAGER2152	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)153	select CRYPTO_ACOMP2154	select CRYPTO_AEAD2155	select CRYPTO_AKCIPHER2156	select CRYPTO_SIG2157	select CRYPTO_HASH2158	select CRYPTO_KPP2159	select CRYPTO_RNG2160	select CRYPTO_SKCIPHER2161 162config CRYPTO_USER163	tristate "Userspace cryptographic algorithm configuration"164	depends on NET165	select CRYPTO_MANAGER166	help167	  Userspace configuration for cryptographic instantiations such as168	  cbc(aes).169 170config CRYPTO_MANAGER_DISABLE_TESTS171	bool "Disable run-time self tests"172	default y173	help174	  Disable run-time self tests that normally take place at175	  algorithm registration.176 177config CRYPTO_MANAGER_EXTRA_TESTS178	bool "Enable extra run-time crypto self tests"179	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER180	help181	  Enable extra run-time self tests of registered crypto algorithms,182	  including randomized fuzz tests.183 184	  This is intended for developer use only, as these tests take much185	  longer to run than the normal self tests.186 187config CRYPTO_NULL188	tristate "Null algorithms"189	select CRYPTO_NULL2190	help191	  These are 'Null' algorithms, used by IPsec, which do nothing.192 193config CRYPTO_NULL2194	tristate195	select CRYPTO_ALGAPI2196	select CRYPTO_SKCIPHER2197	select CRYPTO_HASH2198 199config CRYPTO_PCRYPT200	tristate "Parallel crypto engine"201	depends on SMP202	select PADATA203	select CRYPTO_MANAGER204	select CRYPTO_AEAD205	help206	  This converts an arbitrary crypto algorithm into a parallel207	  algorithm that executes in kernel threads.208 209config CRYPTO_CRYPTD210	tristate "Software async crypto daemon"211	select CRYPTO_SKCIPHER212	select CRYPTO_HASH213	select CRYPTO_MANAGER214	help215	  This is a generic software asynchronous crypto daemon that216	  converts an arbitrary synchronous software crypto algorithm217	  into an asynchronous algorithm that executes in a kernel thread.218 219config CRYPTO_AUTHENC220	tristate "Authenc support"221	select CRYPTO_AEAD222	select CRYPTO_SKCIPHER223	select CRYPTO_MANAGER224	select CRYPTO_HASH225	select CRYPTO_NULL226	help227	  Authenc: Combined mode wrapper for IPsec.228 229	  This is required for IPSec ESP (XFRM_ESP).230 231config CRYPTO_TEST232	tristate "Testing module"233	depends on m || EXPERT234	select CRYPTO_MANAGER235	help236	  Quick & dirty crypto test module.237 238config CRYPTO_SIMD239	tristate240	select CRYPTO_CRYPTD241 242config CRYPTO_ENGINE243	tristate244 245endmenu246 247menu "Public-key cryptography"248 249config CRYPTO_RSA250	tristate "RSA (Rivest-Shamir-Adleman)"251	select CRYPTO_AKCIPHER252	select CRYPTO_MANAGER253	select MPILIB254	select ASN1255	help256	  RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)257 258config CRYPTO_DH259	tristate "DH (Diffie-Hellman)"260	select CRYPTO_KPP261	select MPILIB262	help263	  DH (Diffie-Hellman) key exchange algorithm264 265config CRYPTO_DH_RFC7919_GROUPS266	bool "RFC 7919 FFDHE groups"267	depends on CRYPTO_DH268	select CRYPTO_RNG_DEFAULT269	help270	  FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups271	  defined in RFC7919.272 273	  Support these finite-field groups in DH key exchanges:274	  - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192275 276	  If unsure, say N.277 278config CRYPTO_ECC279	tristate280	select CRYPTO_RNG_DEFAULT281 282config CRYPTO_ECDH283	tristate "ECDH (Elliptic Curve Diffie-Hellman)"284	select CRYPTO_ECC285	select CRYPTO_KPP286	help287	  ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm288	  using curves P-192, P-256, and P-384 (FIPS 186)289 290config CRYPTO_ECDSA291	tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"292	select CRYPTO_ECC293	select CRYPTO_AKCIPHER294	select ASN1295	help296	  ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,297	  ISO/IEC 14888-3)298	  using curves P-192, P-256, and P-384299 300	  Only signature verification is implemented.301 302config CRYPTO_ECRDSA303	tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"304	select CRYPTO_ECC305	select CRYPTO_AKCIPHER306	select CRYPTO_STREEBOG307	select OID_REGISTRY308	select ASN1309	help310	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,311	  RFC 7091, ISO/IEC 14888-3)312 313	  One of the Russian cryptographic standard algorithms (called GOST314	  algorithms). Only signature verification is implemented.315 316config CRYPTO_CURVE25519317	tristate "Curve25519"318	select CRYPTO_KPP319	select CRYPTO_LIB_CURVE25519_GENERIC320	help321	  Curve25519 elliptic curve (RFC7748)322 323endmenu324 325menu "Block ciphers"326 327config CRYPTO_AES328	tristate "AES (Advanced Encryption Standard)"329	select CRYPTO_ALGAPI330	select CRYPTO_LIB_AES331	help332	  AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)333 334	  Rijndael appears to be consistently a very good performer in335	  both hardware and software across a wide range of computing336	  environments regardless of its use in feedback or non-feedback337	  modes. Its key setup time is excellent, and its key agility is338	  good. Rijndael's very low memory requirements make it very well339	  suited for restricted-space environments, in which it also340	  demonstrates excellent performance. Rijndael's operations are341	  among the easiest to defend against power and timing attacks.342 343	  The AES specifies three key sizes: 128, 192 and 256 bits344 345config CRYPTO_AES_TI346	tristate "AES (Advanced Encryption Standard) (fixed time)"347	select CRYPTO_ALGAPI348	select CRYPTO_LIB_AES349	help350	  AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)351 352	  This is a generic implementation of AES that attempts to eliminate353	  data dependent latencies as much as possible without affecting354	  performance too much. It is intended for use by the generic CCM355	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely356	  solely on encryption (although decryption is supported as well, but357	  with a more dramatic performance hit)358 359	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and360	  8 for decryption), this implementation only uses just two S-boxes of361	  256 bytes each, and attempts to eliminate data dependent latencies by362	  prefetching the entire table into the cache at the start of each363	  block. Interrupts are also disabled to avoid races where cachelines364	  are evicted when the CPU is interrupted to do something else.365 366config CRYPTO_ANUBIS367	tristate "Anubis"368	depends on CRYPTO_USER_API_ENABLE_OBSOLETE369	select CRYPTO_ALGAPI370	help371	  Anubis cipher algorithm372 373	  Anubis is a variable key length cipher which can use keys from374	  128 bits to 320 bits in length.  It was evaluated as a entrant375	  in the NESSIE competition.376 377	  See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html378	  for further information.379 380config CRYPTO_ARIA381	tristate "ARIA"382	select CRYPTO_ALGAPI383	help384	  ARIA cipher algorithm (RFC5794)385 386	  ARIA is a standard encryption algorithm of the Republic of Korea.387	  The ARIA specifies three key sizes and rounds.388	  128-bit: 12 rounds.389	  192-bit: 14 rounds.390	  256-bit: 16 rounds.391 392	  See:393	  https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do394 395config CRYPTO_BLOWFISH396	tristate "Blowfish"397	select CRYPTO_ALGAPI398	select CRYPTO_BLOWFISH_COMMON399	help400	  Blowfish cipher algorithm, by Bruce Schneier401 402	  This is a variable key length cipher which can use keys from 32403	  bits to 448 bits in length.  It's fast, simple and specifically404	  designed for use on "large microprocessors".405 406	  See https://www.schneier.com/blowfish.html for further information.407 408config CRYPTO_BLOWFISH_COMMON409	tristate410	help411	  Common parts of the Blowfish cipher algorithm shared by the412	  generic c and the assembler implementations.413 414config CRYPTO_CAMELLIA415	tristate "Camellia"416	select CRYPTO_ALGAPI417	help418	  Camellia cipher algorithms (ISO/IEC 18033-3)419 420	  Camellia is a symmetric key block cipher developed jointly421	  at NTT and Mitsubishi Electric Corporation.422 423	  The Camellia specifies three key sizes: 128, 192 and 256 bits.424 425	  See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.426 427config CRYPTO_CAST_COMMON428	tristate429	help430	  Common parts of the CAST cipher algorithms shared by the431	  generic c and the assembler implementations.432 433config CRYPTO_CAST5434	tristate "CAST5 (CAST-128)"435	select CRYPTO_ALGAPI436	select CRYPTO_CAST_COMMON437	help438	  CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)439 440config CRYPTO_CAST6441	tristate "CAST6 (CAST-256)"442	select CRYPTO_ALGAPI443	select CRYPTO_CAST_COMMON444	help445	  CAST6 (CAST-256) encryption algorithm (RFC2612)446 447config CRYPTO_DES448	tristate "DES and Triple DES EDE"449	select CRYPTO_ALGAPI450	select CRYPTO_LIB_DES451	help452	  DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and453	  Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)454	  cipher algorithms455 456config CRYPTO_FCRYPT457	tristate "FCrypt"458	select CRYPTO_ALGAPI459	select CRYPTO_SKCIPHER460	help461	  FCrypt algorithm used by RxRPC462 463	  See https://ota.polyonymo.us/fcrypt-paper.txt464 465config CRYPTO_KHAZAD466	tristate "Khazad"467	depends on CRYPTO_USER_API_ENABLE_OBSOLETE468	select CRYPTO_ALGAPI469	help470	  Khazad cipher algorithm471 472	  Khazad was a finalist in the initial NESSIE competition.  It is473	  an algorithm optimized for 64-bit processors with good performance474	  on 32-bit processors.  Khazad uses an 128 bit key size.475 476	  See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html477	  for further information.478 479config CRYPTO_SEED480	tristate "SEED"481	depends on CRYPTO_USER_API_ENABLE_OBSOLETE482	select CRYPTO_ALGAPI483	help484	  SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)485 486	  SEED is a 128-bit symmetric key block cipher that has been487	  developed by KISA (Korea Information Security Agency) as a488	  national standard encryption algorithm of the Republic of Korea.489	  It is a 16 round block cipher with the key size of 128 bit.490 491	  See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do492	  for further information.493 494config CRYPTO_SERPENT495	tristate "Serpent"496	select CRYPTO_ALGAPI497	help498	  Serpent cipher algorithm, by Anderson, Biham & Knudsen499 500	  Keys are allowed to be from 0 to 256 bits in length, in steps501	  of 8 bits.502 503	  See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.504 505config CRYPTO_SM4506	tristate507 508config CRYPTO_SM4_GENERIC509	tristate "SM4 (ShangMi 4)"510	select CRYPTO_ALGAPI511	select CRYPTO_SM4512	help513	  SM4 cipher algorithms (OSCCA GB/T 32907-2016,514	  ISO/IEC 18033-3:2010/Amd 1:2021)515 516	  SM4 (GBT.32907-2016) is a cryptographic standard issued by the517	  Organization of State Commercial Administration of China (OSCCA)518	  as an authorized cryptographic algorithms for the use within China.519 520	  SMS4 was originally created for use in protecting wireless521	  networks, and is mandated in the Chinese National Standard for522	  Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)523	  (GB.15629.11-2003).524 525	  The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and526	  standardized through TC 260 of the Standardization Administration527	  of the People's Republic of China (SAC).528 529	  The input, output, and key of SMS4 are each 128 bits.530 531	  See https://eprint.iacr.org/2008/329.pdf for further information.532 533	  If unsure, say N.534 535config CRYPTO_TEA536	tristate "TEA, XTEA and XETA"537	depends on CRYPTO_USER_API_ENABLE_OBSOLETE538	select CRYPTO_ALGAPI539	help540	  TEA (Tiny Encryption Algorithm) cipher algorithms541 542	  Tiny Encryption Algorithm is a simple cipher that uses543	  many rounds for security.  It is very fast and uses544	  little memory.545 546	  Xtendend Tiny Encryption Algorithm is a modification to547	  the TEA algorithm to address a potential key weakness548	  in the TEA algorithm.549 550	  Xtendend Encryption Tiny Algorithm is a mis-implementation551	  of the XTEA algorithm for compatibility purposes.552 553config CRYPTO_TWOFISH554	tristate "Twofish"555	select CRYPTO_ALGAPI556	select CRYPTO_TWOFISH_COMMON557	help558	  Twofish cipher algorithm559 560	  Twofish was submitted as an AES (Advanced Encryption Standard)561	  candidate cipher by researchers at CounterPane Systems.  It is a562	  16 round block cipher supporting key sizes of 128, 192, and 256563	  bits.564 565	  See https://www.schneier.com/twofish.html for further information.566 567config CRYPTO_TWOFISH_COMMON568	tristate569	help570	  Common parts of the Twofish cipher algorithm shared by the571	  generic c and the assembler implementations.572 573endmenu574 575menu "Length-preserving ciphers and modes"576 577config CRYPTO_ADIANTUM578	tristate "Adiantum"579	select CRYPTO_CHACHA20580	select CRYPTO_LIB_POLY1305_GENERIC581	select CRYPTO_NHPOLY1305582	select CRYPTO_MANAGER583	help584	  Adiantum tweakable, length-preserving encryption mode585 586	  Designed for fast and secure disk encryption, especially on587	  CPUs without dedicated crypto instructions.  It encrypts588	  each sector using the XChaCha12 stream cipher, two passes of589	  an ε-almost-∆-universal hash function, and an invocation of590	  the AES-256 block cipher on a single 16-byte block.  On CPUs591	  without AES instructions, Adiantum is much faster than592	  AES-XTS.593 594	  Adiantum's security is provably reducible to that of its595	  underlying stream and block ciphers, subject to a security596	  bound.  Unlike XTS, Adiantum is a true wide-block encryption597	  mode, so it actually provides an even stronger notion of598	  security than XTS, subject to the security bound.599 600	  If unsure, say N.601 602config CRYPTO_ARC4603	tristate "ARC4 (Alleged Rivest Cipher 4)"604	depends on CRYPTO_USER_API_ENABLE_OBSOLETE605	select CRYPTO_SKCIPHER606	select CRYPTO_LIB_ARC4607	help608	  ARC4 cipher algorithm609 610	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048611	  bits in length.  This algorithm is required for driver-based612	  WEP, but it should not be for other purposes because of the613	  weakness of the algorithm.614 615config CRYPTO_CHACHA20616	tristate "ChaCha"617	select CRYPTO_LIB_CHACHA_GENERIC618	select CRYPTO_SKCIPHER619	help620	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms621 622	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.623	  Bernstein and further specified in RFC7539 for use in IETF protocols.624	  This is the portable C implementation of ChaCha20.  See625	  https://cr.yp.to/chacha/chacha-20080128.pdf for further information.626 627	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20628	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length629	  from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,630	  while provably retaining ChaCha20's security.  See631	  https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.632 633	  XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly634	  reduced security margin but increased performance.  It can be needed635	  in some performance-sensitive scenarios.636 637config CRYPTO_CBC638	tristate "CBC (Cipher Block Chaining)"639	select CRYPTO_SKCIPHER640	select CRYPTO_MANAGER641	help642	  CBC (Cipher Block Chaining) mode (NIST SP800-38A)643 644	  This block cipher mode is required for IPSec ESP (XFRM_ESP).645 646config CRYPTO_CTR647	tristate "CTR (Counter)"648	select CRYPTO_SKCIPHER649	select CRYPTO_MANAGER650	help651	  CTR (Counter) mode (NIST SP800-38A)652 653config CRYPTO_CTS654	tristate "CTS (Cipher Text Stealing)"655	select CRYPTO_SKCIPHER656	select CRYPTO_MANAGER657	help658	  CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST659	  Addendum to SP800-38A (October 2010))660 661	  This mode is required for Kerberos gss mechanism support662	  for AES encryption.663 664config CRYPTO_ECB665	tristate "ECB (Electronic Codebook)"666	select CRYPTO_SKCIPHER2667	select CRYPTO_MANAGER668	help669	  ECB (Electronic Codebook) mode (NIST SP800-38A)670 671config CRYPTO_HCTR2672	tristate "HCTR2"673	select CRYPTO_XCTR674	select CRYPTO_POLYVAL675	select CRYPTO_MANAGER676	help677	  HCTR2 length-preserving encryption mode678 679	  A mode for storage encryption that is efficient on processors with680	  instructions to accelerate AES and carryless multiplication, e.g.681	  x86 processors with AES-NI and CLMUL, and ARM processors with the682	  ARMv8 crypto extensions.683 684	  See https://eprint.iacr.org/2021/1441685 686config CRYPTO_KEYWRAP687	tristate "KW (AES Key Wrap)"688	select CRYPTO_SKCIPHER689	select CRYPTO_MANAGER690	help691	  KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F692	  and RFC3394) without padding.693 694config CRYPTO_LRW695	tristate "LRW (Liskov Rivest Wagner)"696	select CRYPTO_LIB_GF128MUL697	select CRYPTO_SKCIPHER698	select CRYPTO_MANAGER699	select CRYPTO_ECB700	help701	  LRW (Liskov Rivest Wagner) mode702 703	  A tweakable, non malleable, non movable704	  narrow block cipher mode for dm-crypt.  Use it with cipher705	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.706	  The first 128, 192 or 256 bits in the key are used for AES and the707	  rest is used to tie each cipher block to its logical position.708 709	  See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf710 711config CRYPTO_PCBC712	tristate "PCBC (Propagating Cipher Block Chaining)"713	select CRYPTO_SKCIPHER714	select CRYPTO_MANAGER715	help716	  PCBC (Propagating Cipher Block Chaining) mode717 718	  This block cipher mode is required for RxRPC.719 720config CRYPTO_XCTR721	tristate722	select CRYPTO_SKCIPHER723	select CRYPTO_MANAGER724	help725	  XCTR (XOR Counter) mode for HCTR2726 727	  This blockcipher mode is a variant of CTR mode using XORs and little-endian728	  addition rather than big-endian arithmetic.729 730	  XCTR mode is used to implement HCTR2.731 732config CRYPTO_XTS733	tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"734	select CRYPTO_SKCIPHER735	select CRYPTO_MANAGER736	select CRYPTO_ECB737	help738	  XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E739	  and IEEE 1619)740 741	  Use with aes-xts-plain, key size 256, 384 or 512 bits. This742	  implementation currently can't handle a sectorsize which is not a743	  multiple of 16 bytes.744 745config CRYPTO_NHPOLY1305746	tristate747	select CRYPTO_HASH748	select CRYPTO_LIB_POLY1305_GENERIC749 750endmenu751 752menu "AEAD (authenticated encryption with associated data) ciphers"753 754config CRYPTO_AEGIS128755	tristate "AEGIS-128"756	select CRYPTO_AEAD757	select CRYPTO_AES  # for AES S-box tables758	help759	  AEGIS-128 AEAD algorithm760 761config CRYPTO_AEGIS128_SIMD762	bool "AEGIS-128 (arm NEON, arm64 NEON)"763	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)764	default y765	help766	  AEGIS-128 AEAD algorithm767 768	  Architecture: arm or arm64 using:769	  - NEON (Advanced SIMD) extension770 771config CRYPTO_CHACHA20POLY1305772	tristate "ChaCha20-Poly1305"773	select CRYPTO_CHACHA20774	select CRYPTO_POLY1305775	select CRYPTO_AEAD776	select CRYPTO_MANAGER777	help778	  ChaCha20 stream cipher and Poly1305 authenticator combined779	  mode (RFC8439)780 781config CRYPTO_CCM782	tristate "CCM (Counter with Cipher Block Chaining-MAC)"783	select CRYPTO_CTR784	select CRYPTO_HASH785	select CRYPTO_AEAD786	select CRYPTO_MANAGER787	help788	  CCM (Counter with Cipher Block Chaining-Message Authentication Code)789	  authenticated encryption mode (NIST SP800-38C)790 791config CRYPTO_GCM792	tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"793	select CRYPTO_CTR794	select CRYPTO_AEAD795	select CRYPTO_GHASH796	select CRYPTO_NULL797	select CRYPTO_MANAGER798	help799	  GCM (Galois/Counter Mode) authenticated encryption mode and GMAC800	  (GCM Message Authentication Code) (NIST SP800-38D)801 802	  This is required for IPSec ESP (XFRM_ESP).803 804config CRYPTO_GENIV805	tristate806	select CRYPTO_AEAD807	select CRYPTO_NULL808	select CRYPTO_MANAGER809	select CRYPTO_RNG_DEFAULT810 811config CRYPTO_SEQIV812	tristate "Sequence Number IV Generator"813	select CRYPTO_GENIV814	help815	  Sequence Number IV generator816 817	  This IV generator generates an IV based on a sequence number by818	  xoring it with a salt.  This algorithm is mainly useful for CTR.819 820	  This is required for IPsec ESP (XFRM_ESP).821 822config CRYPTO_ECHAINIV823	tristate "Encrypted Chain IV Generator"824	select CRYPTO_GENIV825	help826	  Encrypted Chain IV generator827 828	  This IV generator generates an IV based on the encryption of829	  a sequence number xored with a salt.  This is the default830	  algorithm for CBC.831 832config CRYPTO_ESSIV833	tristate "Encrypted Salt-Sector IV Generator"834	select CRYPTO_AUTHENC835	help836	  Encrypted Salt-Sector IV generator837 838	  This IV generator is used in some cases by fscrypt and/or839	  dm-crypt. It uses the hash of the block encryption key as the840	  symmetric key for a block encryption pass applied to the input841	  IV, making low entropy IV sources more suitable for block842	  encryption.843 844	  This driver implements a crypto API template that can be845	  instantiated either as an skcipher or as an AEAD (depending on the846	  type of the first template argument), and which defers encryption847	  and decryption requests to the encapsulated cipher after applying848	  ESSIV to the input IV. Note that in the AEAD case, it is assumed849	  that the keys are presented in the same format used by the authenc850	  template, and that the IV appears at the end of the authenticated851	  associated data (AAD) region (which is how dm-crypt uses it.)852 853	  Note that the use of ESSIV is not recommended for new deployments,854	  and so this only needs to be enabled when interoperability with855	  existing encrypted volumes of filesystems is required, or when856	  building for a particular system that requires it (e.g., when857	  the SoC in question has accelerated CBC but not XTS, making CBC858	  combined with ESSIV the only feasible mode for h/w accelerated859	  block encryption)860 861endmenu862 863menu "Hashes, digests, and MACs"864 865config CRYPTO_BLAKE2B866	tristate "BLAKE2b"867	select CRYPTO_HASH868	help869	  BLAKE2b cryptographic hash function (RFC 7693)870 871	  BLAKE2b is optimized for 64-bit platforms and can produce digests872	  of any size between 1 and 64 bytes. The keyed hash is also implemented.873 874	  This module provides the following algorithms:875	  - blake2b-160876	  - blake2b-256877	  - blake2b-384878	  - blake2b-512879 880	  Used by the btrfs filesystem.881 882	  See https://blake2.net for further information.883 884config CRYPTO_CMAC885	tristate "CMAC (Cipher-based MAC)"886	select CRYPTO_HASH887	select CRYPTO_MANAGER888	help889	  CMAC (Cipher-based Message Authentication Code) authentication890	  mode (NIST SP800-38B and IETF RFC4493)891 892config CRYPTO_GHASH893	tristate "GHASH"894	select CRYPTO_HASH895	select CRYPTO_LIB_GF128MUL896	help897	  GCM GHASH function (NIST SP800-38D)898 899config CRYPTO_HMAC900	tristate "HMAC (Keyed-Hash MAC)"901	select CRYPTO_HASH902	select CRYPTO_MANAGER903	help904	  HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and905	  RFC2104)906 907	  This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).908 909config CRYPTO_MD4910	tristate "MD4"911	select CRYPTO_HASH912	help913	  MD4 message digest algorithm (RFC1320)914 915config CRYPTO_MD5916	tristate "MD5"917	select CRYPTO_HASH918	help919	  MD5 message digest algorithm (RFC1321)920 921config CRYPTO_MICHAEL_MIC922	tristate "Michael MIC"923	select CRYPTO_HASH924	help925	  Michael MIC (Message Integrity Code) (IEEE 802.11i)926 927	  Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),928	  known as WPA (Wif-Fi Protected Access).929 930	  This algorithm is required for TKIP, but it should not be used for931	  other purposes because of the weakness of the algorithm.932 933config CRYPTO_POLYVAL934	tristate935	select CRYPTO_HASH936	select CRYPTO_LIB_GF128MUL937	help938	  POLYVAL hash function for HCTR2939 940	  This is used in HCTR2.  It is not a general-purpose941	  cryptographic hash function.942 943config CRYPTO_POLY1305944	tristate "Poly1305"945	select CRYPTO_HASH946	select CRYPTO_LIB_POLY1305_GENERIC947	help948	  Poly1305 authenticator algorithm (RFC7539)949 950	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.951	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use952	  in IETF protocols. This is the portable C implementation of Poly1305.953 954config CRYPTO_RMD160955	tristate "RIPEMD-160"956	select CRYPTO_HASH957	help958	  RIPEMD-160 hash function (ISO/IEC 10118-3)959 960	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended961	  to be used as a secure replacement for the 128-bit hash functions962	  MD4, MD5 and its predecessor RIPEMD963	  (not to be confused with RIPEMD-128).964 965	  Its speed is comparable to SHA-1 and there are no known attacks966	  against RIPEMD-160.967 968	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.969	  See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html970	  for further information.971 972config CRYPTO_SHA1973	tristate "SHA-1"974	select CRYPTO_HASH975	select CRYPTO_LIB_SHA1976	help977	  SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)978 979config CRYPTO_SHA256980	tristate "SHA-224 and SHA-256"981	select CRYPTO_HASH982	select CRYPTO_LIB_SHA256983	help984	  SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)985 986	  This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).987	  Used by the btrfs filesystem, Ceph, NFS, and SMB.988 989config CRYPTO_SHA512990	tristate "SHA-384 and SHA-512"991	select CRYPTO_HASH992	help993	  SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)994 995config CRYPTO_SHA3996	tristate "SHA-3"997	select CRYPTO_HASH998	help999	  SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)1000 1001config CRYPTO_SM31002	tristate1003 1004config CRYPTO_SM3_GENERIC1005	tristate "SM3 (ShangMi 3)"1006	select CRYPTO_HASH1007	select CRYPTO_SM31008	help1009	  SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)1010 1011	  This is part of the Chinese Commercial Cryptography suite.1012 1013	  References:1014	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf1015	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash1016 1017config CRYPTO_STREEBOG1018	tristate "Streebog"1019	select CRYPTO_HASH1020	help1021	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)1022 1023	  This is one of the Russian cryptographic standard algorithms (called1024	  GOST algorithms). This setting enables two hash algorithms with1025	  256 and 512 bits output.1026 1027	  References:1028	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf1029	  https://tools.ietf.org/html/rfc69861030 1031config CRYPTO_VMAC1032	tristate "VMAC"1033	select CRYPTO_HASH1034	select CRYPTO_MANAGER1035	help1036	  VMAC is a message authentication algorithm designed for1037	  very high speed on 64-bit architectures.1038 1039	  See https://fastcrypto.org/vmac for further information.1040 1041config CRYPTO_WP5121042	tristate "Whirlpool"1043	select CRYPTO_HASH1044	help1045	  Whirlpool hash function (ISO/IEC 10118-3)1046 1047	  512, 384 and 256-bit hashes.1048 1049	  Whirlpool-512 is part of the NESSIE cryptographic primitives.1050 1051	  See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html1052	  for further information.1053 1054config CRYPTO_XCBC1055	tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"1056	select CRYPTO_HASH1057	select CRYPTO_MANAGER1058	help1059	  XCBC-MAC (Extended Cipher Block Chaining Message Authentication1060	  Code) (RFC3566)1061 1062config CRYPTO_XXHASH1063	tristate "xxHash"1064	select CRYPTO_HASH1065	select XXHASH1066	help1067	  xxHash non-cryptographic hash algorithm1068 1069	  Extremely fast, working at speeds close to RAM limits.1070 1071	  Used by the btrfs filesystem.1072 1073endmenu1074 1075menu "CRCs (cyclic redundancy checks)"1076 1077config CRYPTO_CRC32C1078	tristate "CRC32c"1079	select CRYPTO_HASH1080	select CRC321081	help1082	  CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)1083 1084	  A 32-bit CRC (cyclic redundancy check) with a polynomial defined1085	  by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic1086	  Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions1087	  on Communications, Vol. 41, No. 6, June 1993, selected for use with1088	  iSCSI.1089 1090	  Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.1091 1092config CRYPTO_CRC321093	tristate "CRC32"1094	select CRYPTO_HASH1095	select CRC321096	help1097	  CRC32 CRC algorithm (IEEE 802.3)1098 1099	  Used by RoCEv2 and f2fs.1100 1101config CRYPTO_CRCT10DIF1102	tristate "CRCT10DIF"1103	select CRYPTO_HASH1104	help1105	  CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)1106 1107	  CRC algorithm used by the SCSI Block Commands standard.1108 1109config CRYPTO_CRC64_ROCKSOFT1110	tristate "CRC64 based on Rocksoft Model algorithm"1111	depends on CRC641112	select CRYPTO_HASH1113	help1114	  CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm1115 1116	  Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)1117 1118	  See https://zlib.net/crc_v3.txt1119 1120endmenu1121 1122menu "Compression"1123 1124config CRYPTO_DEFLATE1125	tristate "Deflate"1126	select CRYPTO_ALGAPI1127	select CRYPTO_ACOMP21128	select ZLIB_INFLATE1129	select ZLIB_DEFLATE1130	help1131	  Deflate compression algorithm (RFC1951)1132 1133	  Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)1134 1135config CRYPTO_LZO1136	tristate "LZO"1137	select CRYPTO_ALGAPI1138	select CRYPTO_ACOMP21139	select LZO_COMPRESS1140	select LZO_DECOMPRESS1141	help1142	  LZO compression algorithm1143 1144	  See https://www.oberhumer.com/opensource/lzo/ for further information.1145 1146config CRYPTO_8421147	tristate "842"1148	select CRYPTO_ALGAPI1149	select CRYPTO_ACOMP21150	select 842_COMPRESS1151	select 842_DECOMPRESS1152	help1153	  842 compression algorithm by IBM1154 1155	  See https://github.com/plauth/lib842 for further information.1156 1157config CRYPTO_LZ41158	tristate "LZ4"1159	select CRYPTO_ALGAPI1160	select CRYPTO_ACOMP21161	select LZ4_COMPRESS1162	select LZ4_DECOMPRESS1163	help1164	  LZ4 compression algorithm1165 1166	  See https://github.com/lz4/lz4 for further information.1167 1168config CRYPTO_LZ4HC1169	tristate "LZ4HC"1170	select CRYPTO_ALGAPI1171	select CRYPTO_ACOMP21172	select LZ4HC_COMPRESS1173	select LZ4_DECOMPRESS1174	help1175	  LZ4 high compression mode algorithm1176 1177	  See https://github.com/lz4/lz4 for further information.1178 1179config CRYPTO_ZSTD1180	tristate "Zstd"1181	select CRYPTO_ALGAPI1182	select CRYPTO_ACOMP21183	select ZSTD_COMPRESS1184	select ZSTD_DECOMPRESS1185	help1186	  zstd compression algorithm1187 1188	  See https://github.com/facebook/zstd for further information.1189 1190endmenu1191 1192menu "Random number generation"1193 1194config CRYPTO_ANSI_CPRNG1195	tristate "ANSI PRNG (Pseudo Random Number Generator)"1196	select CRYPTO_AES1197	select CRYPTO_RNG1198	help1199	  Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)1200 1201	  This uses the AES cipher algorithm.1202 1203	  Note that this option must be enabled if CRYPTO_FIPS is selected1204 1205menuconfig CRYPTO_DRBG_MENU1206	tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"1207	help1208	  DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)1209 1210	  In the following submenu, one or more of the DRBG types must be selected.1211 1212if CRYPTO_DRBG_MENU1213 1214config CRYPTO_DRBG_HMAC1215	bool1216	default y1217	select CRYPTO_HMAC1218	select CRYPTO_SHA5121219 1220config CRYPTO_DRBG_HASH1221	bool "Hash_DRBG"1222	select CRYPTO_SHA2561223	help1224	  Hash_DRBG variant as defined in NIST SP800-90A.1225 1226	  This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.1227 1228config CRYPTO_DRBG_CTR1229	bool "CTR_DRBG"1230	select CRYPTO_AES1231	select CRYPTO_CTR1232	help1233	  CTR_DRBG variant as defined in NIST SP800-90A.1234 1235	  This uses the AES cipher algorithm with the counter block mode.1236 1237config CRYPTO_DRBG1238	tristate1239	default CRYPTO_DRBG_MENU1240	select CRYPTO_RNG1241	select CRYPTO_JITTERENTROPY1242 1243endif	# if CRYPTO_DRBG_MENU1244 1245config CRYPTO_JITTERENTROPY1246	tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"1247	select CRYPTO_RNG1248	select CRYPTO_SHA31249	help1250	  CPU Jitter RNG (Random Number Generator) from the Jitterentropy library1251 1252	  A non-physical non-deterministic ("true") RNG (e.g., an entropy source1253	  compliant with NIST SP800-90B) intended to provide a seed to a1254	  deterministic RNG (e.g., per NIST SP800-90C).1255	  This RNG does not perform any cryptographic whitening of the generated1256	  random numbers.1257 1258	  See https://www.chronox.de/jent/1259 1260if CRYPTO_JITTERENTROPY1261if CRYPTO_FIPS && EXPERT1262 1263choice1264	prompt "CPU Jitter RNG Memory Size"1265	default CRYPTO_JITTERENTROPY_MEMSIZE_21266	help1267	  The Jitter RNG measures the execution time of memory accesses.1268	  Multiple consecutive memory accesses are performed. If the memory1269	  size fits into a cache (e.g. L1), only the memory access timing1270	  to that cache is measured. The closer the cache is to the CPU1271	  the less variations are measured and thus the less entropy is1272	  obtained. Thus, if the memory size fits into the L1 cache, the1273	  obtained entropy is less than if the memory size fits within1274	  L1 + L2, which in turn is less if the memory fits into1275	  L1 + L2 + L3. Thus, by selecting a different memory size,1276	  the entropy rate produced by the Jitter RNG can be modified.1277 1278	config CRYPTO_JITTERENTROPY_MEMSIZE_21279		bool "2048 Bytes (default)"1280 1281	config CRYPTO_JITTERENTROPY_MEMSIZE_1281282		bool "128 kBytes"1283 1284	config CRYPTO_JITTERENTROPY_MEMSIZE_10241285		bool "1024 kBytes"1286 1287	config CRYPTO_JITTERENTROPY_MEMSIZE_81921288		bool "8192 kBytes"1289endchoice1290 1291config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS1292	int1293	default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_21294	default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_1281295	default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_10241296	default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_81921297 1298config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE1299	int1300	default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_21301	default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_1281302	default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_10241303	default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_81921304 1305config CRYPTO_JITTERENTROPY_OSR1306	int "CPU Jitter RNG Oversampling Rate"1307	range 1 151308	default 31309	help1310	  The Jitter RNG allows the specification of an oversampling rate (OSR).1311	  The Jitter RNG operation requires a fixed amount of timing1312	  measurements to produce one output block of random numbers. The1313	  OSR value is multiplied with the amount of timing measurements to1314	  generate one output block. Thus, the timing measurement is oversampled1315	  by the OSR factor. The oversampling allows the Jitter RNG to operate1316	  on hardware whose timers deliver limited amount of entropy (e.g.1317	  the timer is coarse) by setting the OSR to a higher value. The1318	  trade-off, however, is that the Jitter RNG now requires more time1319	  to generate random numbers.1320 1321config CRYPTO_JITTERENTROPY_TESTINTERFACE1322	bool "CPU Jitter RNG Test Interface"1323	help1324	  The test interface allows a privileged process to capture1325	  the raw unconditioned high resolution time stamp noise that1326	  is collected by the Jitter RNG for statistical analysis. As1327	  this data is used at the same time to generate random bits,1328	  the Jitter RNG operates in an insecure mode as long as the1329	  recording is enabled. This interface therefore is only1330	  intended for testing purposes and is not suitable for1331	  production systems.1332 1333	  The raw noise data can be obtained using the jent_raw_hires1334	  debugfs file. Using the option1335	  jitterentropy_testing.boot_raw_hires_test=1 the raw noise of1336	  the first 1000 entropy events since boot can be sampled.1337 1338	  If unsure, select N.1339 1340endif	# if CRYPTO_FIPS && EXPERT1341 1342if !(CRYPTO_FIPS && EXPERT)1343 1344config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS1345	int1346	default 641347 1348config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE1349	int1350	default 321351 1352config CRYPTO_JITTERENTROPY_OSR1353	int1354	default 11355 1356config CRYPTO_JITTERENTROPY_TESTINTERFACE1357	bool1358 1359endif	# if !(CRYPTO_FIPS && EXPERT)1360endif	# if CRYPTO_JITTERENTROPY1361 1362config CRYPTO_KDF800108_CTR1363	tristate1364	select CRYPTO_HMAC1365	select CRYPTO_SHA2561366 1367endmenu1368menu "Userspace interface"1369 1370config CRYPTO_USER_API1371	tristate1372 1373config CRYPTO_USER_API_HASH1374	tristate "Hash algorithms"1375	depends on NET1376	select CRYPTO_HASH1377	select CRYPTO_USER_API1378	help1379	  Enable the userspace interface for hash algorithms.1380 1381	  See Documentation/crypto/userspace-if.rst and1382	  https://www.chronox.de/libkcapi/html/index.html1383 1384config CRYPTO_USER_API_SKCIPHER1385	tristate "Symmetric key cipher algorithms"1386	depends on NET1387	select CRYPTO_SKCIPHER1388	select CRYPTO_USER_API1389	help1390	  Enable the userspace interface for symmetric key cipher algorithms.1391 1392	  See Documentation/crypto/userspace-if.rst and1393	  https://www.chronox.de/libkcapi/html/index.html1394 1395config CRYPTO_USER_API_RNG1396	tristate "RNG (random number generator) algorithms"1397	depends on NET1398	select CRYPTO_RNG1399	select CRYPTO_USER_API1400	help1401	  Enable the userspace interface for RNG (random number generator)1402	  algorithms.1403 1404	  See Documentation/crypto/userspace-if.rst and1405	  https://www.chronox.de/libkcapi/html/index.html1406 1407config CRYPTO_USER_API_RNG_CAVP1408	bool "Enable CAVP testing of DRBG"1409	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG1410	help1411	  Enable extra APIs in the userspace interface for NIST CAVP1412	  (Cryptographic Algorithm Validation Program) testing:1413	  - resetting DRBG entropy1414	  - providing Additional Data1415 1416	  This should only be enabled for CAVP testing. You should say1417	  no unless you know what this is.1418 1419config CRYPTO_USER_API_AEAD1420	tristate "AEAD cipher algorithms"1421	depends on NET1422	select CRYPTO_AEAD1423	select CRYPTO_SKCIPHER1424	select CRYPTO_NULL1425	select CRYPTO_USER_API1426	help1427	  Enable the userspace interface for AEAD cipher algorithms.1428 1429	  See Documentation/crypto/userspace-if.rst and1430	  https://www.chronox.de/libkcapi/html/index.html1431 1432config CRYPTO_USER_API_ENABLE_OBSOLETE1433	bool "Obsolete cryptographic algorithms"1434	depends on CRYPTO_USER_API1435	default y1436	help1437	  Allow obsolete cryptographic algorithms to be selected that have1438	  already been phased out from internal use by the kernel, and are1439	  only useful for userspace clients that still rely on them.1440 1441endmenu1442 1443config CRYPTO_HASH_INFO1444	bool1445 1446if !KMSAN # avoid false positives from assembly1447if ARM1448source "arch/arm/crypto/Kconfig"1449endif1450if ARM641451source "arch/arm64/crypto/Kconfig"1452endif1453if LOONGARCH1454source "arch/loongarch/crypto/Kconfig"1455endif1456if MIPS1457source "arch/mips/crypto/Kconfig"1458endif1459if PPC1460source "arch/powerpc/crypto/Kconfig"1461endif1462if RISCV1463source "arch/riscv/crypto/Kconfig"1464endif1465if S3901466source "arch/s390/crypto/Kconfig"1467endif1468if SPARC1469source "arch/sparc/crypto/Kconfig"1470endif1471if X861472source "arch/x86/crypto/Kconfig"1473endif1474endif1475 1476source "drivers/crypto/Kconfig"1477source "crypto/asymmetric_keys/Kconfig"1478source "certs/Kconfig"1479 1480endif	# if CRYPTO1481