1481 lines · plain
1# SPDX-License-Identifier: GPL-2.02#3# Generic algorithms support4#5config XOR_BLOCKS6 tristate7 8#9# async_tx api: hardware offloaded memory transfer/transform support10#11source "crypto/async_tx/Kconfig"12 13#14# Cryptographic API Configuration15#16menuconfig CRYPTO17 tristate "Cryptographic API"18 select CRYPTO_LIB_UTILS19 help20 This option provides the core Cryptographic API.21 22if CRYPTO23 24menu "Crypto core or helper"25 26config CRYPTO_FIPS27 bool "FIPS 200 compliance"28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS29 depends on (MODULE_SIG || !MODULES)30 help31 This option enables the fips boot option which is32 required if you want the system to operate in a FIPS 20033 certification. You should say no unless you know what34 this is.35 36config CRYPTO_FIPS_NAME37 string "FIPS Module Name"38 default "Linux Kernel Cryptographic API"39 depends on CRYPTO_FIPS40 help41 This option sets the FIPS Module name reported by the Crypto API via42 the /proc/sys/crypto/fips_name file.43 44config CRYPTO_FIPS_CUSTOM_VERSION45 bool "Use Custom FIPS Module Version"46 depends on CRYPTO_FIPS47 default n48 49config CRYPTO_FIPS_VERSION50 string "FIPS Module Version"51 default "(none)"52 depends on CRYPTO_FIPS_CUSTOM_VERSION53 help54 This option provides the ability to override the FIPS Module Version.55 By default the KERNELRELEASE value is used.56 57config CRYPTO_ALGAPI58 tristate59 select CRYPTO_ALGAPI260 help61 This option provides the API for cryptographic algorithms.62 63config CRYPTO_ALGAPI264 tristate65 66config CRYPTO_AEAD67 tristate68 select CRYPTO_AEAD269 select CRYPTO_ALGAPI70 71config CRYPTO_AEAD272 tristate73 select CRYPTO_ALGAPI274 75config CRYPTO_SIG76 tristate77 select CRYPTO_SIG278 select CRYPTO_ALGAPI79 80config CRYPTO_SIG281 tristate82 select CRYPTO_ALGAPI283 84config CRYPTO_SKCIPHER85 tristate86 select CRYPTO_SKCIPHER287 select CRYPTO_ALGAPI88 select CRYPTO_ECB89 90config CRYPTO_SKCIPHER291 tristate92 select CRYPTO_ALGAPI293 94config CRYPTO_HASH95 tristate96 select CRYPTO_HASH297 select CRYPTO_ALGAPI98 99config CRYPTO_HASH2100 tristate101 select CRYPTO_ALGAPI2102 103config CRYPTO_RNG104 tristate105 select CRYPTO_RNG2106 select CRYPTO_ALGAPI107 108config CRYPTO_RNG2109 tristate110 select CRYPTO_ALGAPI2111 112config CRYPTO_RNG_DEFAULT113 tristate114 select CRYPTO_DRBG_MENU115 116config CRYPTO_AKCIPHER2117 tristate118 select CRYPTO_ALGAPI2119 120config CRYPTO_AKCIPHER121 tristate122 select CRYPTO_AKCIPHER2123 select CRYPTO_ALGAPI124 125config CRYPTO_KPP2126 tristate127 select CRYPTO_ALGAPI2128 129config CRYPTO_KPP130 tristate131 select CRYPTO_ALGAPI132 select CRYPTO_KPP2133 134config CRYPTO_ACOMP2135 tristate136 select CRYPTO_ALGAPI2137 select SGL_ALLOC138 139config CRYPTO_ACOMP140 tristate141 select CRYPTO_ALGAPI142 select CRYPTO_ACOMP2143 144config CRYPTO_MANAGER145 tristate "Cryptographic algorithm manager"146 select CRYPTO_MANAGER2147 help148 Create default cryptographic template instantiations such as149 cbc(aes).150 151config CRYPTO_MANAGER2152 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)153 select CRYPTO_ACOMP2154 select CRYPTO_AEAD2155 select CRYPTO_AKCIPHER2156 select CRYPTO_SIG2157 select CRYPTO_HASH2158 select CRYPTO_KPP2159 select CRYPTO_RNG2160 select CRYPTO_SKCIPHER2161 162config CRYPTO_USER163 tristate "Userspace cryptographic algorithm configuration"164 depends on NET165 select CRYPTO_MANAGER166 help167 Userspace configuration for cryptographic instantiations such as168 cbc(aes).169 170config CRYPTO_MANAGER_DISABLE_TESTS171 bool "Disable run-time self tests"172 default y173 help174 Disable run-time self tests that normally take place at175 algorithm registration.176 177config CRYPTO_MANAGER_EXTRA_TESTS178 bool "Enable extra run-time crypto self tests"179 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER180 help181 Enable extra run-time self tests of registered crypto algorithms,182 including randomized fuzz tests.183 184 This is intended for developer use only, as these tests take much185 longer to run than the normal self tests.186 187config CRYPTO_NULL188 tristate "Null algorithms"189 select CRYPTO_NULL2190 help191 These are 'Null' algorithms, used by IPsec, which do nothing.192 193config CRYPTO_NULL2194 tristate195 select CRYPTO_ALGAPI2196 select CRYPTO_SKCIPHER2197 select CRYPTO_HASH2198 199config CRYPTO_PCRYPT200 tristate "Parallel crypto engine"201 depends on SMP202 select PADATA203 select CRYPTO_MANAGER204 select CRYPTO_AEAD205 help206 This converts an arbitrary crypto algorithm into a parallel207 algorithm that executes in kernel threads.208 209config CRYPTO_CRYPTD210 tristate "Software async crypto daemon"211 select CRYPTO_SKCIPHER212 select CRYPTO_HASH213 select CRYPTO_MANAGER214 help215 This is a generic software asynchronous crypto daemon that216 converts an arbitrary synchronous software crypto algorithm217 into an asynchronous algorithm that executes in a kernel thread.218 219config CRYPTO_AUTHENC220 tristate "Authenc support"221 select CRYPTO_AEAD222 select CRYPTO_SKCIPHER223 select CRYPTO_MANAGER224 select CRYPTO_HASH225 select CRYPTO_NULL226 help227 Authenc: Combined mode wrapper for IPsec.228 229 This is required for IPSec ESP (XFRM_ESP).230 231config CRYPTO_TEST232 tristate "Testing module"233 depends on m || EXPERT234 select CRYPTO_MANAGER235 help236 Quick & dirty crypto test module.237 238config CRYPTO_SIMD239 tristate240 select CRYPTO_CRYPTD241 242config CRYPTO_ENGINE243 tristate244 245endmenu246 247menu "Public-key cryptography"248 249config CRYPTO_RSA250 tristate "RSA (Rivest-Shamir-Adleman)"251 select CRYPTO_AKCIPHER252 select CRYPTO_MANAGER253 select MPILIB254 select ASN1255 help256 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)257 258config CRYPTO_DH259 tristate "DH (Diffie-Hellman)"260 select CRYPTO_KPP261 select MPILIB262 help263 DH (Diffie-Hellman) key exchange algorithm264 265config CRYPTO_DH_RFC7919_GROUPS266 bool "RFC 7919 FFDHE groups"267 depends on CRYPTO_DH268 select CRYPTO_RNG_DEFAULT269 help270 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups271 defined in RFC7919.272 273 Support these finite-field groups in DH key exchanges:274 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192275 276 If unsure, say N.277 278config CRYPTO_ECC279 tristate280 select CRYPTO_RNG_DEFAULT281 282config CRYPTO_ECDH283 tristate "ECDH (Elliptic Curve Diffie-Hellman)"284 select CRYPTO_ECC285 select CRYPTO_KPP286 help287 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm288 using curves P-192, P-256, and P-384 (FIPS 186)289 290config CRYPTO_ECDSA291 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"292 select CRYPTO_ECC293 select CRYPTO_AKCIPHER294 select ASN1295 help296 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,297 ISO/IEC 14888-3)298 using curves P-192, P-256, and P-384299 300 Only signature verification is implemented.301 302config CRYPTO_ECRDSA303 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"304 select CRYPTO_ECC305 select CRYPTO_AKCIPHER306 select CRYPTO_STREEBOG307 select OID_REGISTRY308 select ASN1309 help310 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,311 RFC 7091, ISO/IEC 14888-3)312 313 One of the Russian cryptographic standard algorithms (called GOST314 algorithms). Only signature verification is implemented.315 316config CRYPTO_CURVE25519317 tristate "Curve25519"318 select CRYPTO_KPP319 select CRYPTO_LIB_CURVE25519_GENERIC320 help321 Curve25519 elliptic curve (RFC7748)322 323endmenu324 325menu "Block ciphers"326 327config CRYPTO_AES328 tristate "AES (Advanced Encryption Standard)"329 select CRYPTO_ALGAPI330 select CRYPTO_LIB_AES331 help332 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)333 334 Rijndael appears to be consistently a very good performer in335 both hardware and software across a wide range of computing336 environments regardless of its use in feedback or non-feedback337 modes. Its key setup time is excellent, and its key agility is338 good. Rijndael's very low memory requirements make it very well339 suited for restricted-space environments, in which it also340 demonstrates excellent performance. Rijndael's operations are341 among the easiest to defend against power and timing attacks.342 343 The AES specifies three key sizes: 128, 192 and 256 bits344 345config CRYPTO_AES_TI346 tristate "AES (Advanced Encryption Standard) (fixed time)"347 select CRYPTO_ALGAPI348 select CRYPTO_LIB_AES349 help350 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)351 352 This is a generic implementation of AES that attempts to eliminate353 data dependent latencies as much as possible without affecting354 performance too much. It is intended for use by the generic CCM355 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely356 solely on encryption (although decryption is supported as well, but357 with a more dramatic performance hit)358 359 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and360 8 for decryption), this implementation only uses just two S-boxes of361 256 bytes each, and attempts to eliminate data dependent latencies by362 prefetching the entire table into the cache at the start of each363 block. Interrupts are also disabled to avoid races where cachelines364 are evicted when the CPU is interrupted to do something else.365 366config CRYPTO_ANUBIS367 tristate "Anubis"368 depends on CRYPTO_USER_API_ENABLE_OBSOLETE369 select CRYPTO_ALGAPI370 help371 Anubis cipher algorithm372 373 Anubis is a variable key length cipher which can use keys from374 128 bits to 320 bits in length. It was evaluated as a entrant375 in the NESSIE competition.376 377 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html378 for further information.379 380config CRYPTO_ARIA381 tristate "ARIA"382 select CRYPTO_ALGAPI383 help384 ARIA cipher algorithm (RFC5794)385 386 ARIA is a standard encryption algorithm of the Republic of Korea.387 The ARIA specifies three key sizes and rounds.388 128-bit: 12 rounds.389 192-bit: 14 rounds.390 256-bit: 16 rounds.391 392 See:393 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do394 395config CRYPTO_BLOWFISH396 tristate "Blowfish"397 select CRYPTO_ALGAPI398 select CRYPTO_BLOWFISH_COMMON399 help400 Blowfish cipher algorithm, by Bruce Schneier401 402 This is a variable key length cipher which can use keys from 32403 bits to 448 bits in length. It's fast, simple and specifically404 designed for use on "large microprocessors".405 406 See https://www.schneier.com/blowfish.html for further information.407 408config CRYPTO_BLOWFISH_COMMON409 tristate410 help411 Common parts of the Blowfish cipher algorithm shared by the412 generic c and the assembler implementations.413 414config CRYPTO_CAMELLIA415 tristate "Camellia"416 select CRYPTO_ALGAPI417 help418 Camellia cipher algorithms (ISO/IEC 18033-3)419 420 Camellia is a symmetric key block cipher developed jointly421 at NTT and Mitsubishi Electric Corporation.422 423 The Camellia specifies three key sizes: 128, 192 and 256 bits.424 425 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.426 427config CRYPTO_CAST_COMMON428 tristate429 help430 Common parts of the CAST cipher algorithms shared by the431 generic c and the assembler implementations.432 433config CRYPTO_CAST5434 tristate "CAST5 (CAST-128)"435 select CRYPTO_ALGAPI436 select CRYPTO_CAST_COMMON437 help438 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)439 440config CRYPTO_CAST6441 tristate "CAST6 (CAST-256)"442 select CRYPTO_ALGAPI443 select CRYPTO_CAST_COMMON444 help445 CAST6 (CAST-256) encryption algorithm (RFC2612)446 447config CRYPTO_DES448 tristate "DES and Triple DES EDE"449 select CRYPTO_ALGAPI450 select CRYPTO_LIB_DES451 help452 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and453 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)454 cipher algorithms455 456config CRYPTO_FCRYPT457 tristate "FCrypt"458 select CRYPTO_ALGAPI459 select CRYPTO_SKCIPHER460 help461 FCrypt algorithm used by RxRPC462 463 See https://ota.polyonymo.us/fcrypt-paper.txt464 465config CRYPTO_KHAZAD466 tristate "Khazad"467 depends on CRYPTO_USER_API_ENABLE_OBSOLETE468 select CRYPTO_ALGAPI469 help470 Khazad cipher algorithm471 472 Khazad was a finalist in the initial NESSIE competition. It is473 an algorithm optimized for 64-bit processors with good performance474 on 32-bit processors. Khazad uses an 128 bit key size.475 476 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html477 for further information.478 479config CRYPTO_SEED480 tristate "SEED"481 depends on CRYPTO_USER_API_ENABLE_OBSOLETE482 select CRYPTO_ALGAPI483 help484 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)485 486 SEED is a 128-bit symmetric key block cipher that has been487 developed by KISA (Korea Information Security Agency) as a488 national standard encryption algorithm of the Republic of Korea.489 It is a 16 round block cipher with the key size of 128 bit.490 491 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do492 for further information.493 494config CRYPTO_SERPENT495 tristate "Serpent"496 select CRYPTO_ALGAPI497 help498 Serpent cipher algorithm, by Anderson, Biham & Knudsen499 500 Keys are allowed to be from 0 to 256 bits in length, in steps501 of 8 bits.502 503 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.504 505config CRYPTO_SM4506 tristate507 508config CRYPTO_SM4_GENERIC509 tristate "SM4 (ShangMi 4)"510 select CRYPTO_ALGAPI511 select CRYPTO_SM4512 help513 SM4 cipher algorithms (OSCCA GB/T 32907-2016,514 ISO/IEC 18033-3:2010/Amd 1:2021)515 516 SM4 (GBT.32907-2016) is a cryptographic standard issued by the517 Organization of State Commercial Administration of China (OSCCA)518 as an authorized cryptographic algorithms for the use within China.519 520 SMS4 was originally created for use in protecting wireless521 networks, and is mandated in the Chinese National Standard for522 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)523 (GB.15629.11-2003).524 525 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and526 standardized through TC 260 of the Standardization Administration527 of the People's Republic of China (SAC).528 529 The input, output, and key of SMS4 are each 128 bits.530 531 See https://eprint.iacr.org/2008/329.pdf for further information.532 533 If unsure, say N.534 535config CRYPTO_TEA536 tristate "TEA, XTEA and XETA"537 depends on CRYPTO_USER_API_ENABLE_OBSOLETE538 select CRYPTO_ALGAPI539 help540 TEA (Tiny Encryption Algorithm) cipher algorithms541 542 Tiny Encryption Algorithm is a simple cipher that uses543 many rounds for security. It is very fast and uses544 little memory.545 546 Xtendend Tiny Encryption Algorithm is a modification to547 the TEA algorithm to address a potential key weakness548 in the TEA algorithm.549 550 Xtendend Encryption Tiny Algorithm is a mis-implementation551 of the XTEA algorithm for compatibility purposes.552 553config CRYPTO_TWOFISH554 tristate "Twofish"555 select CRYPTO_ALGAPI556 select CRYPTO_TWOFISH_COMMON557 help558 Twofish cipher algorithm559 560 Twofish was submitted as an AES (Advanced Encryption Standard)561 candidate cipher by researchers at CounterPane Systems. It is a562 16 round block cipher supporting key sizes of 128, 192, and 256563 bits.564 565 See https://www.schneier.com/twofish.html for further information.566 567config CRYPTO_TWOFISH_COMMON568 tristate569 help570 Common parts of the Twofish cipher algorithm shared by the571 generic c and the assembler implementations.572 573endmenu574 575menu "Length-preserving ciphers and modes"576 577config CRYPTO_ADIANTUM578 tristate "Adiantum"579 select CRYPTO_CHACHA20580 select CRYPTO_LIB_POLY1305_GENERIC581 select CRYPTO_NHPOLY1305582 select CRYPTO_MANAGER583 help584 Adiantum tweakable, length-preserving encryption mode585 586 Designed for fast and secure disk encryption, especially on587 CPUs without dedicated crypto instructions. It encrypts588 each sector using the XChaCha12 stream cipher, two passes of589 an ε-almost-∆-universal hash function, and an invocation of590 the AES-256 block cipher on a single 16-byte block. On CPUs591 without AES instructions, Adiantum is much faster than592 AES-XTS.593 594 Adiantum's security is provably reducible to that of its595 underlying stream and block ciphers, subject to a security596 bound. Unlike XTS, Adiantum is a true wide-block encryption597 mode, so it actually provides an even stronger notion of598 security than XTS, subject to the security bound.599 600 If unsure, say N.601 602config CRYPTO_ARC4603 tristate "ARC4 (Alleged Rivest Cipher 4)"604 depends on CRYPTO_USER_API_ENABLE_OBSOLETE605 select CRYPTO_SKCIPHER606 select CRYPTO_LIB_ARC4607 help608 ARC4 cipher algorithm609 610 ARC4 is a stream cipher using keys ranging from 8 bits to 2048611 bits in length. This algorithm is required for driver-based612 WEP, but it should not be for other purposes because of the613 weakness of the algorithm.614 615config CRYPTO_CHACHA20616 tristate "ChaCha"617 select CRYPTO_LIB_CHACHA_GENERIC618 select CRYPTO_SKCIPHER619 help620 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms621 622 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.623 Bernstein and further specified in RFC7539 for use in IETF protocols.624 This is the portable C implementation of ChaCha20. See625 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.626 627 XChaCha20 is the application of the XSalsa20 construction to ChaCha20628 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length629 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,630 while provably retaining ChaCha20's security. See631 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.632 633 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly634 reduced security margin but increased performance. It can be needed635 in some performance-sensitive scenarios.636 637config CRYPTO_CBC638 tristate "CBC (Cipher Block Chaining)"639 select CRYPTO_SKCIPHER640 select CRYPTO_MANAGER641 help642 CBC (Cipher Block Chaining) mode (NIST SP800-38A)643 644 This block cipher mode is required for IPSec ESP (XFRM_ESP).645 646config CRYPTO_CTR647 tristate "CTR (Counter)"648 select CRYPTO_SKCIPHER649 select CRYPTO_MANAGER650 help651 CTR (Counter) mode (NIST SP800-38A)652 653config CRYPTO_CTS654 tristate "CTS (Cipher Text Stealing)"655 select CRYPTO_SKCIPHER656 select CRYPTO_MANAGER657 help658 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST659 Addendum to SP800-38A (October 2010))660 661 This mode is required for Kerberos gss mechanism support662 for AES encryption.663 664config CRYPTO_ECB665 tristate "ECB (Electronic Codebook)"666 select CRYPTO_SKCIPHER2667 select CRYPTO_MANAGER668 help669 ECB (Electronic Codebook) mode (NIST SP800-38A)670 671config CRYPTO_HCTR2672 tristate "HCTR2"673 select CRYPTO_XCTR674 select CRYPTO_POLYVAL675 select CRYPTO_MANAGER676 help677 HCTR2 length-preserving encryption mode678 679 A mode for storage encryption that is efficient on processors with680 instructions to accelerate AES and carryless multiplication, e.g.681 x86 processors with AES-NI and CLMUL, and ARM processors with the682 ARMv8 crypto extensions.683 684 See https://eprint.iacr.org/2021/1441685 686config CRYPTO_KEYWRAP687 tristate "KW (AES Key Wrap)"688 select CRYPTO_SKCIPHER689 select CRYPTO_MANAGER690 help691 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F692 and RFC3394) without padding.693 694config CRYPTO_LRW695 tristate "LRW (Liskov Rivest Wagner)"696 select CRYPTO_LIB_GF128MUL697 select CRYPTO_SKCIPHER698 select CRYPTO_MANAGER699 select CRYPTO_ECB700 help701 LRW (Liskov Rivest Wagner) mode702 703 A tweakable, non malleable, non movable704 narrow block cipher mode for dm-crypt. Use it with cipher705 specification string aes-lrw-benbi, the key must be 256, 320 or 384.706 The first 128, 192 or 256 bits in the key are used for AES and the707 rest is used to tie each cipher block to its logical position.708 709 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf710 711config CRYPTO_PCBC712 tristate "PCBC (Propagating Cipher Block Chaining)"713 select CRYPTO_SKCIPHER714 select CRYPTO_MANAGER715 help716 PCBC (Propagating Cipher Block Chaining) mode717 718 This block cipher mode is required for RxRPC.719 720config CRYPTO_XCTR721 tristate722 select CRYPTO_SKCIPHER723 select CRYPTO_MANAGER724 help725 XCTR (XOR Counter) mode for HCTR2726 727 This blockcipher mode is a variant of CTR mode using XORs and little-endian728 addition rather than big-endian arithmetic.729 730 XCTR mode is used to implement HCTR2.731 732config CRYPTO_XTS733 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"734 select CRYPTO_SKCIPHER735 select CRYPTO_MANAGER736 select CRYPTO_ECB737 help738 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E739 and IEEE 1619)740 741 Use with aes-xts-plain, key size 256, 384 or 512 bits. This742 implementation currently can't handle a sectorsize which is not a743 multiple of 16 bytes.744 745config CRYPTO_NHPOLY1305746 tristate747 select CRYPTO_HASH748 select CRYPTO_LIB_POLY1305_GENERIC749 750endmenu751 752menu "AEAD (authenticated encryption with associated data) ciphers"753 754config CRYPTO_AEGIS128755 tristate "AEGIS-128"756 select CRYPTO_AEAD757 select CRYPTO_AES # for AES S-box tables758 help759 AEGIS-128 AEAD algorithm760 761config CRYPTO_AEGIS128_SIMD762 bool "AEGIS-128 (arm NEON, arm64 NEON)"763 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)764 default y765 help766 AEGIS-128 AEAD algorithm767 768 Architecture: arm or arm64 using:769 - NEON (Advanced SIMD) extension770 771config CRYPTO_CHACHA20POLY1305772 tristate "ChaCha20-Poly1305"773 select CRYPTO_CHACHA20774 select CRYPTO_POLY1305775 select CRYPTO_AEAD776 select CRYPTO_MANAGER777 help778 ChaCha20 stream cipher and Poly1305 authenticator combined779 mode (RFC8439)780 781config CRYPTO_CCM782 tristate "CCM (Counter with Cipher Block Chaining-MAC)"783 select CRYPTO_CTR784 select CRYPTO_HASH785 select CRYPTO_AEAD786 select CRYPTO_MANAGER787 help788 CCM (Counter with Cipher Block Chaining-Message Authentication Code)789 authenticated encryption mode (NIST SP800-38C)790 791config CRYPTO_GCM792 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"793 select CRYPTO_CTR794 select CRYPTO_AEAD795 select CRYPTO_GHASH796 select CRYPTO_NULL797 select CRYPTO_MANAGER798 help799 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC800 (GCM Message Authentication Code) (NIST SP800-38D)801 802 This is required for IPSec ESP (XFRM_ESP).803 804config CRYPTO_GENIV805 tristate806 select CRYPTO_AEAD807 select CRYPTO_NULL808 select CRYPTO_MANAGER809 select CRYPTO_RNG_DEFAULT810 811config CRYPTO_SEQIV812 tristate "Sequence Number IV Generator"813 select CRYPTO_GENIV814 help815 Sequence Number IV generator816 817 This IV generator generates an IV based on a sequence number by818 xoring it with a salt. This algorithm is mainly useful for CTR.819 820 This is required for IPsec ESP (XFRM_ESP).821 822config CRYPTO_ECHAINIV823 tristate "Encrypted Chain IV Generator"824 select CRYPTO_GENIV825 help826 Encrypted Chain IV generator827 828 This IV generator generates an IV based on the encryption of829 a sequence number xored with a salt. This is the default830 algorithm for CBC.831 832config CRYPTO_ESSIV833 tristate "Encrypted Salt-Sector IV Generator"834 select CRYPTO_AUTHENC835 help836 Encrypted Salt-Sector IV generator837 838 This IV generator is used in some cases by fscrypt and/or839 dm-crypt. It uses the hash of the block encryption key as the840 symmetric key for a block encryption pass applied to the input841 IV, making low entropy IV sources more suitable for block842 encryption.843 844 This driver implements a crypto API template that can be845 instantiated either as an skcipher or as an AEAD (depending on the846 type of the first template argument), and which defers encryption847 and decryption requests to the encapsulated cipher after applying848 ESSIV to the input IV. Note that in the AEAD case, it is assumed849 that the keys are presented in the same format used by the authenc850 template, and that the IV appears at the end of the authenticated851 associated data (AAD) region (which is how dm-crypt uses it.)852 853 Note that the use of ESSIV is not recommended for new deployments,854 and so this only needs to be enabled when interoperability with855 existing encrypted volumes of filesystems is required, or when856 building for a particular system that requires it (e.g., when857 the SoC in question has accelerated CBC but not XTS, making CBC858 combined with ESSIV the only feasible mode for h/w accelerated859 block encryption)860 861endmenu862 863menu "Hashes, digests, and MACs"864 865config CRYPTO_BLAKE2B866 tristate "BLAKE2b"867 select CRYPTO_HASH868 help869 BLAKE2b cryptographic hash function (RFC 7693)870 871 BLAKE2b is optimized for 64-bit platforms and can produce digests872 of any size between 1 and 64 bytes. The keyed hash is also implemented.873 874 This module provides the following algorithms:875 - blake2b-160876 - blake2b-256877 - blake2b-384878 - blake2b-512879 880 Used by the btrfs filesystem.881 882 See https://blake2.net for further information.883 884config CRYPTO_CMAC885 tristate "CMAC (Cipher-based MAC)"886 select CRYPTO_HASH887 select CRYPTO_MANAGER888 help889 CMAC (Cipher-based Message Authentication Code) authentication890 mode (NIST SP800-38B and IETF RFC4493)891 892config CRYPTO_GHASH893 tristate "GHASH"894 select CRYPTO_HASH895 select CRYPTO_LIB_GF128MUL896 help897 GCM GHASH function (NIST SP800-38D)898 899config CRYPTO_HMAC900 tristate "HMAC (Keyed-Hash MAC)"901 select CRYPTO_HASH902 select CRYPTO_MANAGER903 help904 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and905 RFC2104)906 907 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).908 909config CRYPTO_MD4910 tristate "MD4"911 select CRYPTO_HASH912 help913 MD4 message digest algorithm (RFC1320)914 915config CRYPTO_MD5916 tristate "MD5"917 select CRYPTO_HASH918 help919 MD5 message digest algorithm (RFC1321)920 921config CRYPTO_MICHAEL_MIC922 tristate "Michael MIC"923 select CRYPTO_HASH924 help925 Michael MIC (Message Integrity Code) (IEEE 802.11i)926 927 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),928 known as WPA (Wif-Fi Protected Access).929 930 This algorithm is required for TKIP, but it should not be used for931 other purposes because of the weakness of the algorithm.932 933config CRYPTO_POLYVAL934 tristate935 select CRYPTO_HASH936 select CRYPTO_LIB_GF128MUL937 help938 POLYVAL hash function for HCTR2939 940 This is used in HCTR2. It is not a general-purpose941 cryptographic hash function.942 943config CRYPTO_POLY1305944 tristate "Poly1305"945 select CRYPTO_HASH946 select CRYPTO_LIB_POLY1305_GENERIC947 help948 Poly1305 authenticator algorithm (RFC7539)949 950 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.951 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use952 in IETF protocols. This is the portable C implementation of Poly1305.953 954config CRYPTO_RMD160955 tristate "RIPEMD-160"956 select CRYPTO_HASH957 help958 RIPEMD-160 hash function (ISO/IEC 10118-3)959 960 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended961 to be used as a secure replacement for the 128-bit hash functions962 MD4, MD5 and its predecessor RIPEMD963 (not to be confused with RIPEMD-128).964 965 Its speed is comparable to SHA-1 and there are no known attacks966 against RIPEMD-160.967 968 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.969 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html970 for further information.971 972config CRYPTO_SHA1973 tristate "SHA-1"974 select CRYPTO_HASH975 select CRYPTO_LIB_SHA1976 help977 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)978 979config CRYPTO_SHA256980 tristate "SHA-224 and SHA-256"981 select CRYPTO_HASH982 select CRYPTO_LIB_SHA256983 help984 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)985 986 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).987 Used by the btrfs filesystem, Ceph, NFS, and SMB.988 989config CRYPTO_SHA512990 tristate "SHA-384 and SHA-512"991 select CRYPTO_HASH992 help993 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)994 995config CRYPTO_SHA3996 tristate "SHA-3"997 select CRYPTO_HASH998 help999 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)1000 1001config CRYPTO_SM31002 tristate1003 1004config CRYPTO_SM3_GENERIC1005 tristate "SM3 (ShangMi 3)"1006 select CRYPTO_HASH1007 select CRYPTO_SM31008 help1009 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)1010 1011 This is part of the Chinese Commercial Cryptography suite.1012 1013 References:1014 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf1015 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash1016 1017config CRYPTO_STREEBOG1018 tristate "Streebog"1019 select CRYPTO_HASH1020 help1021 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)1022 1023 This is one of the Russian cryptographic standard algorithms (called1024 GOST algorithms). This setting enables two hash algorithms with1025 256 and 512 bits output.1026 1027 References:1028 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf1029 https://tools.ietf.org/html/rfc69861030 1031config CRYPTO_VMAC1032 tristate "VMAC"1033 select CRYPTO_HASH1034 select CRYPTO_MANAGER1035 help1036 VMAC is a message authentication algorithm designed for1037 very high speed on 64-bit architectures.1038 1039 See https://fastcrypto.org/vmac for further information.1040 1041config CRYPTO_WP5121042 tristate "Whirlpool"1043 select CRYPTO_HASH1044 help1045 Whirlpool hash function (ISO/IEC 10118-3)1046 1047 512, 384 and 256-bit hashes.1048 1049 Whirlpool-512 is part of the NESSIE cryptographic primitives.1050 1051 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html1052 for further information.1053 1054config CRYPTO_XCBC1055 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"1056 select CRYPTO_HASH1057 select CRYPTO_MANAGER1058 help1059 XCBC-MAC (Extended Cipher Block Chaining Message Authentication1060 Code) (RFC3566)1061 1062config CRYPTO_XXHASH1063 tristate "xxHash"1064 select CRYPTO_HASH1065 select XXHASH1066 help1067 xxHash non-cryptographic hash algorithm1068 1069 Extremely fast, working at speeds close to RAM limits.1070 1071 Used by the btrfs filesystem.1072 1073endmenu1074 1075menu "CRCs (cyclic redundancy checks)"1076 1077config CRYPTO_CRC32C1078 tristate "CRC32c"1079 select CRYPTO_HASH1080 select CRC321081 help1082 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)1083 1084 A 32-bit CRC (cyclic redundancy check) with a polynomial defined1085 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic1086 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions1087 on Communications, Vol. 41, No. 6, June 1993, selected for use with1088 iSCSI.1089 1090 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.1091 1092config CRYPTO_CRC321093 tristate "CRC32"1094 select CRYPTO_HASH1095 select CRC321096 help1097 CRC32 CRC algorithm (IEEE 802.3)1098 1099 Used by RoCEv2 and f2fs.1100 1101config CRYPTO_CRCT10DIF1102 tristate "CRCT10DIF"1103 select CRYPTO_HASH1104 help1105 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)1106 1107 CRC algorithm used by the SCSI Block Commands standard.1108 1109config CRYPTO_CRC64_ROCKSOFT1110 tristate "CRC64 based on Rocksoft Model algorithm"1111 depends on CRC641112 select CRYPTO_HASH1113 help1114 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm1115 1116 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)1117 1118 See https://zlib.net/crc_v3.txt1119 1120endmenu1121 1122menu "Compression"1123 1124config CRYPTO_DEFLATE1125 tristate "Deflate"1126 select CRYPTO_ALGAPI1127 select CRYPTO_ACOMP21128 select ZLIB_INFLATE1129 select ZLIB_DEFLATE1130 help1131 Deflate compression algorithm (RFC1951)1132 1133 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)1134 1135config CRYPTO_LZO1136 tristate "LZO"1137 select CRYPTO_ALGAPI1138 select CRYPTO_ACOMP21139 select LZO_COMPRESS1140 select LZO_DECOMPRESS1141 help1142 LZO compression algorithm1143 1144 See https://www.oberhumer.com/opensource/lzo/ for further information.1145 1146config CRYPTO_8421147 tristate "842"1148 select CRYPTO_ALGAPI1149 select CRYPTO_ACOMP21150 select 842_COMPRESS1151 select 842_DECOMPRESS1152 help1153 842 compression algorithm by IBM1154 1155 See https://github.com/plauth/lib842 for further information.1156 1157config CRYPTO_LZ41158 tristate "LZ4"1159 select CRYPTO_ALGAPI1160 select CRYPTO_ACOMP21161 select LZ4_COMPRESS1162 select LZ4_DECOMPRESS1163 help1164 LZ4 compression algorithm1165 1166 See https://github.com/lz4/lz4 for further information.1167 1168config CRYPTO_LZ4HC1169 tristate "LZ4HC"1170 select CRYPTO_ALGAPI1171 select CRYPTO_ACOMP21172 select LZ4HC_COMPRESS1173 select LZ4_DECOMPRESS1174 help1175 LZ4 high compression mode algorithm1176 1177 See https://github.com/lz4/lz4 for further information.1178 1179config CRYPTO_ZSTD1180 tristate "Zstd"1181 select CRYPTO_ALGAPI1182 select CRYPTO_ACOMP21183 select ZSTD_COMPRESS1184 select ZSTD_DECOMPRESS1185 help1186 zstd compression algorithm1187 1188 See https://github.com/facebook/zstd for further information.1189 1190endmenu1191 1192menu "Random number generation"1193 1194config CRYPTO_ANSI_CPRNG1195 tristate "ANSI PRNG (Pseudo Random Number Generator)"1196 select CRYPTO_AES1197 select CRYPTO_RNG1198 help1199 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)1200 1201 This uses the AES cipher algorithm.1202 1203 Note that this option must be enabled if CRYPTO_FIPS is selected1204 1205menuconfig CRYPTO_DRBG_MENU1206 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"1207 help1208 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)1209 1210 In the following submenu, one or more of the DRBG types must be selected.1211 1212if CRYPTO_DRBG_MENU1213 1214config CRYPTO_DRBG_HMAC1215 bool1216 default y1217 select CRYPTO_HMAC1218 select CRYPTO_SHA5121219 1220config CRYPTO_DRBG_HASH1221 bool "Hash_DRBG"1222 select CRYPTO_SHA2561223 help1224 Hash_DRBG variant as defined in NIST SP800-90A.1225 1226 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.1227 1228config CRYPTO_DRBG_CTR1229 bool "CTR_DRBG"1230 select CRYPTO_AES1231 select CRYPTO_CTR1232 help1233 CTR_DRBG variant as defined in NIST SP800-90A.1234 1235 This uses the AES cipher algorithm with the counter block mode.1236 1237config CRYPTO_DRBG1238 tristate1239 default CRYPTO_DRBG_MENU1240 select CRYPTO_RNG1241 select CRYPTO_JITTERENTROPY1242 1243endif # if CRYPTO_DRBG_MENU1244 1245config CRYPTO_JITTERENTROPY1246 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"1247 select CRYPTO_RNG1248 select CRYPTO_SHA31249 help1250 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library1251 1252 A non-physical non-deterministic ("true") RNG (e.g., an entropy source1253 compliant with NIST SP800-90B) intended to provide a seed to a1254 deterministic RNG (e.g., per NIST SP800-90C).1255 This RNG does not perform any cryptographic whitening of the generated1256 random numbers.1257 1258 See https://www.chronox.de/jent/1259 1260if CRYPTO_JITTERENTROPY1261if CRYPTO_FIPS && EXPERT1262 1263choice1264 prompt "CPU Jitter RNG Memory Size"1265 default CRYPTO_JITTERENTROPY_MEMSIZE_21266 help1267 The Jitter RNG measures the execution time of memory accesses.1268 Multiple consecutive memory accesses are performed. If the memory1269 size fits into a cache (e.g. L1), only the memory access timing1270 to that cache is measured. The closer the cache is to the CPU1271 the less variations are measured and thus the less entropy is1272 obtained. Thus, if the memory size fits into the L1 cache, the1273 obtained entropy is less than if the memory size fits within1274 L1 + L2, which in turn is less if the memory fits into1275 L1 + L2 + L3. Thus, by selecting a different memory size,1276 the entropy rate produced by the Jitter RNG can be modified.1277 1278 config CRYPTO_JITTERENTROPY_MEMSIZE_21279 bool "2048 Bytes (default)"1280 1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1281282 bool "128 kBytes"1283 1284 config CRYPTO_JITTERENTROPY_MEMSIZE_10241285 bool "1024 kBytes"1286 1287 config CRYPTO_JITTERENTROPY_MEMSIZE_81921288 bool "8192 kBytes"1289endchoice1290 1291config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS1292 int1293 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_21294 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_1281295 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_10241296 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_81921297 1298config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE1299 int1300 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_21301 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_1281302 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_10241303 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_81921304 1305config CRYPTO_JITTERENTROPY_OSR1306 int "CPU Jitter RNG Oversampling Rate"1307 range 1 151308 default 31309 help1310 The Jitter RNG allows the specification of an oversampling rate (OSR).1311 The Jitter RNG operation requires a fixed amount of timing1312 measurements to produce one output block of random numbers. The1313 OSR value is multiplied with the amount of timing measurements to1314 generate one output block. Thus, the timing measurement is oversampled1315 by the OSR factor. The oversampling allows the Jitter RNG to operate1316 on hardware whose timers deliver limited amount of entropy (e.g.1317 the timer is coarse) by setting the OSR to a higher value. The1318 trade-off, however, is that the Jitter RNG now requires more time1319 to generate random numbers.1320 1321config CRYPTO_JITTERENTROPY_TESTINTERFACE1322 bool "CPU Jitter RNG Test Interface"1323 help1324 The test interface allows a privileged process to capture1325 the raw unconditioned high resolution time stamp noise that1326 is collected by the Jitter RNG for statistical analysis. As1327 this data is used at the same time to generate random bits,1328 the Jitter RNG operates in an insecure mode as long as the1329 recording is enabled. This interface therefore is only1330 intended for testing purposes and is not suitable for1331 production systems.1332 1333 The raw noise data can be obtained using the jent_raw_hires1334 debugfs file. Using the option1335 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of1336 the first 1000 entropy events since boot can be sampled.1337 1338 If unsure, select N.1339 1340endif # if CRYPTO_FIPS && EXPERT1341 1342if !(CRYPTO_FIPS && EXPERT)1343 1344config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS1345 int1346 default 641347 1348config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE1349 int1350 default 321351 1352config CRYPTO_JITTERENTROPY_OSR1353 int1354 default 11355 1356config CRYPTO_JITTERENTROPY_TESTINTERFACE1357 bool1358 1359endif # if !(CRYPTO_FIPS && EXPERT)1360endif # if CRYPTO_JITTERENTROPY1361 1362config CRYPTO_KDF800108_CTR1363 tristate1364 select CRYPTO_HMAC1365 select CRYPTO_SHA2561366 1367endmenu1368menu "Userspace interface"1369 1370config CRYPTO_USER_API1371 tristate1372 1373config CRYPTO_USER_API_HASH1374 tristate "Hash algorithms"1375 depends on NET1376 select CRYPTO_HASH1377 select CRYPTO_USER_API1378 help1379 Enable the userspace interface for hash algorithms.1380 1381 See Documentation/crypto/userspace-if.rst and1382 https://www.chronox.de/libkcapi/html/index.html1383 1384config CRYPTO_USER_API_SKCIPHER1385 tristate "Symmetric key cipher algorithms"1386 depends on NET1387 select CRYPTO_SKCIPHER1388 select CRYPTO_USER_API1389 help1390 Enable the userspace interface for symmetric key cipher algorithms.1391 1392 See Documentation/crypto/userspace-if.rst and1393 https://www.chronox.de/libkcapi/html/index.html1394 1395config CRYPTO_USER_API_RNG1396 tristate "RNG (random number generator) algorithms"1397 depends on NET1398 select CRYPTO_RNG1399 select CRYPTO_USER_API1400 help1401 Enable the userspace interface for RNG (random number generator)1402 algorithms.1403 1404 See Documentation/crypto/userspace-if.rst and1405 https://www.chronox.de/libkcapi/html/index.html1406 1407config CRYPTO_USER_API_RNG_CAVP1408 bool "Enable CAVP testing of DRBG"1409 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG1410 help1411 Enable extra APIs in the userspace interface for NIST CAVP1412 (Cryptographic Algorithm Validation Program) testing:1413 - resetting DRBG entropy1414 - providing Additional Data1415 1416 This should only be enabled for CAVP testing. You should say1417 no unless you know what this is.1418 1419config CRYPTO_USER_API_AEAD1420 tristate "AEAD cipher algorithms"1421 depends on NET1422 select CRYPTO_AEAD1423 select CRYPTO_SKCIPHER1424 select CRYPTO_NULL1425 select CRYPTO_USER_API1426 help1427 Enable the userspace interface for AEAD cipher algorithms.1428 1429 See Documentation/crypto/userspace-if.rst and1430 https://www.chronox.de/libkcapi/html/index.html1431 1432config CRYPTO_USER_API_ENABLE_OBSOLETE1433 bool "Obsolete cryptographic algorithms"1434 depends on CRYPTO_USER_API1435 default y1436 help1437 Allow obsolete cryptographic algorithms to be selected that have1438 already been phased out from internal use by the kernel, and are1439 only useful for userspace clients that still rely on them.1440 1441endmenu1442 1443config CRYPTO_HASH_INFO1444 bool1445 1446if !KMSAN # avoid false positives from assembly1447if ARM1448source "arch/arm/crypto/Kconfig"1449endif1450if ARM641451source "arch/arm64/crypto/Kconfig"1452endif1453if LOONGARCH1454source "arch/loongarch/crypto/Kconfig"1455endif1456if MIPS1457source "arch/mips/crypto/Kconfig"1458endif1459if PPC1460source "arch/powerpc/crypto/Kconfig"1461endif1462if RISCV1463source "arch/riscv/crypto/Kconfig"1464endif1465if S3901466source "arch/s390/crypto/Kconfig"1467endif1468if SPARC1469source "arch/sparc/crypto/Kconfig"1470endif1471if X861472source "arch/x86/crypto/Kconfig"1473endif1474endif1475 1476source "drivers/crypto/Kconfig"1477source "crypto/asymmetric_keys/Kconfig"1478source "certs/Kconfig"1479 1480endif # if CRYPTO1481