Commit | Line | Data |
---|---|---|
b2441318 | 1 | # SPDX-License-Identifier: GPL-2.0 |
685784aa DW |
2 | # |
3 | # Generic algorithms support | |
4 | # | |
5 | config XOR_BLOCKS | |
6 | tristate | |
7 | ||
1da177e4 | 8 | # |
9bc89cd8 | 9 | # async_tx api: hardware offloaded memory transfer/transform support |
1da177e4 | 10 | # |
9bc89cd8 | 11 | source "crypto/async_tx/Kconfig" |
1da177e4 | 12 | |
9bc89cd8 DW |
13 | # |
14 | # Cryptographic API Configuration | |
15 | # | |
2e290f43 | 16 | menuconfig CRYPTO |
c3715cb9 | 17 | tristate "Cryptographic API" |
7033b937 | 18 | select CRYPTO_LIB_UTILS |
1da177e4 LT |
19 | help |
20 | This option provides the core Cryptographic API. | |
21 | ||
cce9e06d HX |
22 | if CRYPTO |
23 | ||
f1f142ad | 24 | menu "Crypto core or helper" |
584fffc8 | 25 | |
ccb778e1 NH |
26 | config CRYPTO_FIPS |
27 | bool "FIPS 200 compliance" | |
f2c89a10 | 28 | depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS |
1f696097 | 29 | depends on (MODULE_SIG || !MODULES) |
ccb778e1 | 30 | help |
d99324c2 GU |
31 | This option enables the fips boot option which is |
32 | required if you want the system to operate in a FIPS 200 | |
ccb778e1 | 33 | certification. You should say no unless you know what |
e84c5480 | 34 | this is. |
ccb778e1 | 35 | |
5a44749f VD |
36 | config CRYPTO_FIPS_NAME |
37 | string "FIPS Module Name" | |
38 | default "Linux Kernel Cryptographic API" | |
39 | depends on CRYPTO_FIPS | |
40 | help | |
41 | This option sets the FIPS Module name reported by the Crypto API via | |
42 | the /proc/sys/crypto/fips_name file. | |
43 | ||
44 | config CRYPTO_FIPS_CUSTOM_VERSION | |
45 | bool "Use Custom FIPS Module Version" | |
46 | depends on CRYPTO_FIPS | |
47 | default n | |
48 | ||
49 | config CRYPTO_FIPS_VERSION | |
50 | string "FIPS Module Version" | |
51 | default "(none)" | |
52 | depends on CRYPTO_FIPS_CUSTOM_VERSION | |
53 | help | |
54 | This option provides the ability to override the FIPS Module Version. | |
55 | By default the KERNELRELEASE value is used. | |
56 | ||
cce9e06d HX |
57 | config CRYPTO_ALGAPI |
58 | tristate | |
6a0fcbb4 | 59 | select CRYPTO_ALGAPI2 |
cce9e06d HX |
60 | help |
61 | This option provides the API for cryptographic algorithms. | |
62 | ||
6a0fcbb4 HX |
63 | config CRYPTO_ALGAPI2 |
64 | tristate | |
65 | ||
1ae97820 HX |
66 | config CRYPTO_AEAD |
67 | tristate | |
6a0fcbb4 | 68 | select CRYPTO_AEAD2 |
1ae97820 HX |
69 | select CRYPTO_ALGAPI |
70 | ||
6a0fcbb4 HX |
71 | config CRYPTO_AEAD2 |
72 | tristate | |
73 | select CRYPTO_ALGAPI2 | |
149a3971 HX |
74 | select CRYPTO_NULL2 |
75 | select CRYPTO_RNG2 | |
6a0fcbb4 | 76 | |
b95bba5d | 77 | config CRYPTO_SKCIPHER |
5cde0af2 | 78 | tristate |
b95bba5d | 79 | select CRYPTO_SKCIPHER2 |
5cde0af2 | 80 | select CRYPTO_ALGAPI |
6a0fcbb4 | 81 | |
b95bba5d | 82 | config CRYPTO_SKCIPHER2 |
6a0fcbb4 HX |
83 | tristate |
84 | select CRYPTO_ALGAPI2 | |
85 | select CRYPTO_RNG2 | |
5cde0af2 | 86 | |
055bcee3 HX |
87 | config CRYPTO_HASH |
88 | tristate | |
6a0fcbb4 | 89 | select CRYPTO_HASH2 |
055bcee3 HX |
90 | select CRYPTO_ALGAPI |
91 | ||
6a0fcbb4 HX |
92 | config CRYPTO_HASH2 |
93 | tristate | |
94 | select CRYPTO_ALGAPI2 | |
95 | ||
17f0f4a4 NH |
96 | config CRYPTO_RNG |
97 | tristate | |
6a0fcbb4 | 98 | select CRYPTO_RNG2 |
17f0f4a4 NH |
99 | select CRYPTO_ALGAPI |
100 | ||
6a0fcbb4 HX |
101 | config CRYPTO_RNG2 |
102 | tristate | |
103 | select CRYPTO_ALGAPI2 | |
104 | ||
401e4238 HX |
105 | config CRYPTO_RNG_DEFAULT |
106 | tristate | |
107 | select CRYPTO_DRBG_MENU | |
108 | ||
3c339ab8 TS |
109 | config CRYPTO_AKCIPHER2 |
110 | tristate | |
111 | select CRYPTO_ALGAPI2 | |
112 | ||
113 | config CRYPTO_AKCIPHER | |
114 | tristate | |
115 | select CRYPTO_AKCIPHER2 | |
116 | select CRYPTO_ALGAPI | |
117 | ||
4e5f2c40 SB |
118 | config CRYPTO_KPP2 |
119 | tristate | |
120 | select CRYPTO_ALGAPI2 | |
121 | ||
122 | config CRYPTO_KPP | |
123 | tristate | |
124 | select CRYPTO_ALGAPI | |
125 | select CRYPTO_KPP2 | |
126 | ||
2ebda74f GC |
127 | config CRYPTO_ACOMP2 |
128 | tristate | |
129 | select CRYPTO_ALGAPI2 | |
8cd579d2 | 130 | select SGL_ALLOC |
2ebda74f GC |
131 | |
132 | config CRYPTO_ACOMP | |
133 | tristate | |
134 | select CRYPTO_ALGAPI | |
135 | select CRYPTO_ACOMP2 | |
136 | ||
2b8c19db HX |
137 | config CRYPTO_MANAGER |
138 | tristate "Cryptographic algorithm manager" | |
6a0fcbb4 | 139 | select CRYPTO_MANAGER2 |
2b8c19db HX |
140 | help |
141 | Create default cryptographic template instantiations such as | |
142 | cbc(aes). | |
143 | ||
6a0fcbb4 HX |
144 | config CRYPTO_MANAGER2 |
145 | def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) | |
146 | select CRYPTO_AEAD2 | |
147 | select CRYPTO_HASH2 | |
b95bba5d | 148 | select CRYPTO_SKCIPHER2 |
946cc463 | 149 | select CRYPTO_AKCIPHER2 |
4e5f2c40 | 150 | select CRYPTO_KPP2 |
2ebda74f | 151 | select CRYPTO_ACOMP2 |
6a0fcbb4 | 152 | |
a38f7907 SK |
153 | config CRYPTO_USER |
154 | tristate "Userspace cryptographic algorithm configuration" | |
5db017aa | 155 | depends on NET |
a38f7907 SK |
156 | select CRYPTO_MANAGER |
157 | help | |
d19978f5 | 158 | Userspace configuration for cryptographic instantiations such as |
a38f7907 SK |
159 | cbc(aes). |
160 | ||
326a6346 HX |
161 | config CRYPTO_MANAGER_DISABLE_TESTS |
162 | bool "Disable run-time self tests" | |
00ca28a5 | 163 | default y |
0b767f96 | 164 | help |
326a6346 HX |
165 | Disable run-time self tests that normally take place at |
166 | algorithm registration. | |
0b767f96 | 167 | |
5b2706a4 EB |
168 | config CRYPTO_MANAGER_EXTRA_TESTS |
169 | bool "Enable extra run-time crypto self tests" | |
6569e309 | 170 | depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER |
5b2706a4 EB |
171 | help |
172 | Enable extra run-time self tests of registered crypto algorithms, | |
173 | including randomized fuzz tests. | |
174 | ||
175 | This is intended for developer use only, as these tests take much | |
176 | longer to run than the normal self tests. | |
177 | ||
584fffc8 | 178 | config CRYPTO_GF128MUL |
e590e132 | 179 | tristate |
333b0d7e | 180 | |
1da177e4 LT |
181 | config CRYPTO_NULL |
182 | tristate "Null algorithms" | |
149a3971 | 183 | select CRYPTO_NULL2 |
1da177e4 LT |
184 | help |
185 | These are 'Null' algorithms, used by IPsec, which do nothing. | |
186 | ||
149a3971 | 187 | config CRYPTO_NULL2 |
dd43c4e9 | 188 | tristate |
149a3971 | 189 | select CRYPTO_ALGAPI2 |
b95bba5d | 190 | select CRYPTO_SKCIPHER2 |
149a3971 HX |
191 | select CRYPTO_HASH2 |
192 | ||
5068c7a8 | 193 | config CRYPTO_PCRYPT |
3b4afaf2 KC |
194 | tristate "Parallel crypto engine" |
195 | depends on SMP | |
5068c7a8 SK |
196 | select PADATA |
197 | select CRYPTO_MANAGER | |
198 | select CRYPTO_AEAD | |
199 | help | |
200 | This converts an arbitrary crypto algorithm into a parallel | |
201 | algorithm that executes in kernel threads. | |
202 | ||
584fffc8 SS |
203 | config CRYPTO_CRYPTD |
204 | tristate "Software async crypto daemon" | |
b95bba5d | 205 | select CRYPTO_SKCIPHER |
b8a28251 | 206 | select CRYPTO_HASH |
584fffc8 | 207 | select CRYPTO_MANAGER |
1da177e4 | 208 | help |
584fffc8 SS |
209 | This is a generic software asynchronous crypto daemon that |
210 | converts an arbitrary synchronous software crypto algorithm | |
211 | into an asynchronous algorithm that executes in a kernel thread. | |
1da177e4 | 212 | |
584fffc8 SS |
213 | config CRYPTO_AUTHENC |
214 | tristate "Authenc support" | |
215 | select CRYPTO_AEAD | |
b95bba5d | 216 | select CRYPTO_SKCIPHER |
584fffc8 SS |
217 | select CRYPTO_MANAGER |
218 | select CRYPTO_HASH | |
e94c6a7a | 219 | select CRYPTO_NULL |
1da177e4 | 220 | help |
584fffc8 SS |
221 | Authenc: Combined mode wrapper for IPsec. |
222 | This is required for IPSec. | |
1da177e4 | 223 | |
584fffc8 SS |
224 | config CRYPTO_TEST |
225 | tristate "Testing module" | |
00ea27f1 | 226 | depends on m || EXPERT |
da7f033d | 227 | select CRYPTO_MANAGER |
1da177e4 | 228 | help |
584fffc8 | 229 | Quick & dirty crypto test module. |
1da177e4 | 230 | |
266d0516 HX |
231 | config CRYPTO_SIMD |
232 | tristate | |
ffaf9156 JK |
233 | select CRYPTO_CRYPTD |
234 | ||
735d37b5 BW |
235 | config CRYPTO_ENGINE |
236 | tristate | |
237 | ||
f1f142ad RE |
238 | endmenu |
239 | ||
240 | menu "Public-key cryptography" | |
3d6228a5 VC |
241 | |
242 | config CRYPTO_RSA | |
05b37465 | 243 | tristate "RSA (Rivest-Shamir-Adleman)" |
3d6228a5 VC |
244 | select CRYPTO_AKCIPHER |
245 | select CRYPTO_MANAGER | |
246 | select MPILIB | |
247 | select ASN1 | |
248 | help | |
05b37465 | 249 | RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) |
3d6228a5 VC |
250 | |
251 | config CRYPTO_DH | |
05b37465 | 252 | tristate "DH (Diffie-Hellman)" |
3d6228a5 VC |
253 | select CRYPTO_KPP |
254 | select MPILIB | |
255 | help | |
05b37465 | 256 | DH (Diffie-Hellman) key exchange algorithm |
3d6228a5 | 257 | |
7dce5981 | 258 | config CRYPTO_DH_RFC7919_GROUPS |
05b37465 | 259 | bool "RFC 7919 FFDHE groups" |
7dce5981 | 260 | depends on CRYPTO_DH |
1e207964 | 261 | select CRYPTO_RNG_DEFAULT |
7dce5981 | 262 | help |
05b37465 RE |
263 | FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups |
264 | defined in RFC7919. | |
265 | ||
266 | Support these finite-field groups in DH key exchanges: | |
267 | - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | |
268 | ||
269 | If unsure, say N. | |
7dce5981 | 270 | |
4a2289da VC |
271 | config CRYPTO_ECC |
272 | tristate | |
38aa192a | 273 | select CRYPTO_RNG_DEFAULT |
4a2289da | 274 | |
3d6228a5 | 275 | config CRYPTO_ECDH |
05b37465 | 276 | tristate "ECDH (Elliptic Curve Diffie-Hellman)" |
4a2289da | 277 | select CRYPTO_ECC |
3d6228a5 | 278 | select CRYPTO_KPP |
3d6228a5 | 279 | help |
05b37465 RE |
280 | ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm |
281 | using curves P-192, P-256, and P-384 (FIPS 186) | |
3d6228a5 | 282 | |
4e660291 | 283 | config CRYPTO_ECDSA |
05b37465 | 284 | tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" |
4e660291 SB |
285 | select CRYPTO_ECC |
286 | select CRYPTO_AKCIPHER | |
287 | select ASN1 | |
288 | help | |
05b37465 RE |
289 | ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, |
290 | ISO/IEC 14888-3) | |
291 | using curves P-192, P-256, and P-384 | |
292 | ||
293 | Only signature verification is implemented. | |
4e660291 | 294 | |
0d7a7864 | 295 | config CRYPTO_ECRDSA |
05b37465 | 296 | tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" |
0d7a7864 VC |
297 | select CRYPTO_ECC |
298 | select CRYPTO_AKCIPHER | |
299 | select CRYPTO_STREEBOG | |
1036633e VC |
300 | select OID_REGISTRY |
301 | select ASN1 | |
0d7a7864 VC |
302 | help |
303 | Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, | |
05b37465 RE |
304 | RFC 7091, ISO/IEC 14888-3) |
305 | ||
306 | One of the Russian cryptographic standard algorithms (called GOST | |
307 | algorithms). Only signature verification is implemented. | |
0d7a7864 | 308 | |
ea7ecb66 | 309 | config CRYPTO_SM2 |
05b37465 | 310 | tristate "SM2 (ShangMi 2)" |
d2825fa9 | 311 | select CRYPTO_SM3 |
ea7ecb66 TZ |
312 | select CRYPTO_AKCIPHER |
313 | select CRYPTO_MANAGER | |
314 | select MPILIB | |
315 | select ASN1 | |
316 | help | |
05b37465 RE |
317 | SM2 (ShangMi 2) public key algorithm |
318 | ||
319 | Published by State Encryption Management Bureau, China, | |
ea7ecb66 TZ |
320 | as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. |
321 | ||
322 | References: | |
05b37465 | 323 | https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/ |
ea7ecb66 TZ |
324 | http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml |
325 | http://www.gmbz.org.cn/main/bzlb.html | |
326 | ||
ee772cb6 | 327 | config CRYPTO_CURVE25519 |
05b37465 | 328 | tristate "Curve25519" |
ee772cb6 AB |
329 | select CRYPTO_KPP |
330 | select CRYPTO_LIB_CURVE25519_GENERIC | |
05b37465 RE |
331 | help |
332 | Curve25519 elliptic curve (RFC7748) | |
ee772cb6 | 333 | |
f1f142ad | 334 | endmenu |
cd12fb90 | 335 | |
f1f142ad | 336 | menu "Block ciphers" |
1da177e4 | 337 | |
f1f142ad RE |
338 | config CRYPTO_AES |
339 | tristate "AES cipher algorithms" | |
340 | select CRYPTO_ALGAPI | |
341 | select CRYPTO_LIB_AES | |
1da177e4 | 342 | help |
f1f142ad RE |
343 | AES cipher algorithms (FIPS-197). AES uses the Rijndael |
344 | algorithm. | |
1da177e4 | 345 | |
f1f142ad RE |
346 | Rijndael appears to be consistently a very good performer in |
347 | both hardware and software across a wide range of computing | |
348 | environments regardless of its use in feedback or non-feedback | |
349 | modes. Its key setup time is excellent, and its key agility is | |
350 | good. Rijndael's very low memory requirements make it very well | |
351 | suited for restricted-space environments, in which it also | |
352 | demonstrates excellent performance. Rijndael's operations are | |
353 | among the easiest to defend against power and timing attacks. | |
71ebc4d1 | 354 | |
f1f142ad | 355 | The AES specifies three key sizes: 128, 192 and 256 bits |
71ebc4d1 | 356 | |
f1f142ad RE |
357 | See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. |
358 | ||
359 | config CRYPTO_AES_TI | |
360 | tristate "Fixed time AES cipher" | |
361 | select CRYPTO_ALGAPI | |
362 | select CRYPTO_LIB_AES | |
f606a88e | 363 | help |
f1f142ad RE |
364 | This is a generic implementation of AES that attempts to eliminate |
365 | data dependent latencies as much as possible without affecting | |
366 | performance too much. It is intended for use by the generic CCM | |
367 | and GCM drivers, and other CTR or CMAC/XCBC based modes that rely | |
368 | solely on encryption (although decryption is supported as well, but | |
369 | with a more dramatic performance hit) | |
f606a88e | 370 | |
f1f142ad RE |
371 | Instead of using 16 lookup tables of 1 KB each, (8 for encryption and |
372 | 8 for decryption), this implementation only uses just two S-boxes of | |
373 | 256 bytes each, and attempts to eliminate data dependent latencies by | |
374 | prefetching the entire table into the cache at the start of each | |
375 | block. Interrupts are also disabled to avoid races where cachelines | |
376 | are evicted when the CPU is interrupted to do something else. | |
a4397635 | 377 | |
f1f142ad RE |
378 | config CRYPTO_ANUBIS |
379 | tristate "Anubis cipher algorithm" | |
380 | depends on CRYPTO_USER_API_ENABLE_OBSOLETE | |
381 | select CRYPTO_ALGAPI | |
1da177e4 | 382 | help |
f1f142ad | 383 | Anubis cipher algorithm. |
1da177e4 | 384 | |
f1f142ad RE |
385 | Anubis is a variable key length cipher which can use keys from |
386 | 128 bits to 320 bits in length. It was evaluated as a entrant | |
387 | in the NESSIE competition. | |
a10f554f | 388 | |
f1f142ad RE |
389 | See also: |
390 | <https://www.cosic.esat.kuleuven.be/nessie/reports/> | |
391 | <http://www.larc.usp.br/~pbarreto/AnubisPage.html> | |
c494e070 | 392 | |
f1f142ad RE |
393 | config CRYPTO_ARIA |
394 | tristate "ARIA cipher algorithm" | |
395 | select CRYPTO_ALGAPI | |
db131ef9 | 396 | help |
f1f142ad | 397 | ARIA cipher algorithm (RFC5794). |
db131ef9 | 398 | |
f1f142ad RE |
399 | ARIA is a standard encryption algorithm of the Republic of Korea. |
400 | The ARIA specifies three key sizes and rounds. | |
401 | 128-bit: 12 rounds. | |
402 | 192-bit: 14 rounds. | |
403 | 256-bit: 16 rounds. | |
a7d85e06 | 404 | |
f1f142ad RE |
405 | See also: |
406 | <https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do> | |
db131ef9 | 407 | |
f1f142ad RE |
408 | config CRYPTO_BLOWFISH |
409 | tristate "Blowfish cipher algorithm" | |
410 | select CRYPTO_ALGAPI | |
411 | select CRYPTO_BLOWFISH_COMMON | |
584fffc8 | 412 | help |
f1f142ad | 413 | Blowfish cipher algorithm, by Bruce Schneier. |
584fffc8 | 414 | |
f1f142ad RE |
415 | This is a variable key length cipher which can use keys from 32 |
416 | bits to 448 bits in length. It's fast, simple and specifically | |
417 | designed for use on "large microprocessors". | |
ecd6d5c9 | 418 | |
f1f142ad RE |
419 | See also: |
420 | <https://www.schneier.com/blowfish.html> | |
421 | ||
422 | config CRYPTO_BLOWFISH_COMMON | |
423 | tristate | |
91652be5 | 424 | help |
f1f142ad RE |
425 | Common parts of the Blowfish cipher algorithm shared by the |
426 | generic c and the assembler implementations. | |
91652be5 | 427 | |
f1f142ad RE |
428 | See also: |
429 | <https://www.schneier.com/blowfish.html> | |
430 | ||
431 | config CRYPTO_CAMELLIA | |
432 | tristate "Camellia cipher algorithms" | |
433 | select CRYPTO_ALGAPI | |
64470f1b | 434 | help |
f1f142ad | 435 | Camellia cipher algorithms module. |
64470f1b | 436 | |
f1f142ad RE |
437 | Camellia is a symmetric key block cipher developed jointly |
438 | at NTT and Mitsubishi Electric Corporation. | |
439 | ||
440 | The Camellia specifies three key sizes: 128, 192 and 256 bits. | |
441 | ||
442 | See also: | |
443 | <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> | |
444 | ||
445 | config CRYPTO_CAST_COMMON | |
446 | tristate | |
e497c518 | 447 | help |
f1f142ad RE |
448 | Common parts of the CAST cipher algorithms shared by the |
449 | generic c and the assembler implementations. | |
e497c518 | 450 | |
f1f142ad RE |
451 | config CRYPTO_CAST5 |
452 | tristate "CAST5 (CAST-128) cipher algorithm" | |
453 | select CRYPTO_ALGAPI | |
454 | select CRYPTO_CAST_COMMON | |
584fffc8 | 455 | help |
f1f142ad RE |
456 | The CAST5 encryption algorithm (synonymous with CAST-128) is |
457 | described in RFC2144. | |
584fffc8 | 458 | |
f1f142ad RE |
459 | config CRYPTO_CAST6 |
460 | tristate "CAST6 (CAST-256) cipher algorithm" | |
461 | select CRYPTO_ALGAPI | |
462 | select CRYPTO_CAST_COMMON | |
17fee07a | 463 | help |
f1f142ad RE |
464 | The CAST6 encryption algorithm (synonymous with CAST-256) is |
465 | described in RFC2612. | |
17fee07a | 466 | |
f1f142ad RE |
467 | config CRYPTO_DES |
468 | tristate "DES and Triple DES EDE cipher algorithms" | |
469 | select CRYPTO_ALGAPI | |
470 | select CRYPTO_LIB_DES | |
f19f5111 | 471 | help |
f1f142ad | 472 | DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). |
f19f5111 | 473 | |
f1f142ad RE |
474 | config CRYPTO_FCRYPT |
475 | tristate "FCrypt cipher algorithm" | |
476 | select CRYPTO_ALGAPI | |
b95bba5d | 477 | select CRYPTO_SKCIPHER |
1c49678e | 478 | help |
f1f142ad | 479 | FCrypt algorithm used by RxRPC. |
1c49678e | 480 | |
f1f142ad RE |
481 | config CRYPTO_KHAZAD |
482 | tristate "Khazad cipher algorithm" | |
483 | depends on CRYPTO_USER_API_ENABLE_OBSOLETE | |
484 | select CRYPTO_ALGAPI | |
485 | help | |
486 | Khazad cipher algorithm. | |
487 | ||
488 | Khazad was a finalist in the initial NESSIE competition. It is | |
489 | an algorithm optimized for 64-bit processors with good performance | |
490 | on 32-bit processors. Khazad uses an 128 bit key size. | |
491 | ||
492 | See also: | |
493 | <http://www.larc.usp.br/~pbarreto/KhazadPage.html> | |
494 | ||
495 | config CRYPTO_SEED | |
496 | tristate "SEED cipher algorithm" | |
497 | depends on CRYPTO_USER_API_ENABLE_OBSOLETE | |
498 | select CRYPTO_ALGAPI | |
499 | help | |
500 | SEED cipher algorithm (RFC4269). | |
501 | ||
502 | SEED is a 128-bit symmetric key block cipher that has been | |
503 | developed by KISA (Korea Information Security Agency) as a | |
504 | national standard encryption algorithm of the Republic of Korea. | |
505 | It is a 16 round block cipher with the key size of 128 bit. | |
506 | ||
507 | See also: | |
508 | <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> | |
509 | ||
510 | config CRYPTO_SERPENT | |
511 | tristate "Serpent cipher algorithm" | |
512 | select CRYPTO_ALGAPI | |
513 | help | |
514 | Serpent cipher algorithm, by Anderson, Biham & Knudsen. | |
515 | ||
516 | Keys are allowed to be from 0 to 256 bits in length, in steps | |
517 | of 8 bits. | |
518 | ||
519 | See also: | |
520 | <https://www.cl.cam.ac.uk/~rja14/serpent.html> | |
521 | ||
522 | config CRYPTO_SM4 | |
523 | tristate | |
524 | ||
525 | config CRYPTO_SM4_GENERIC | |
526 | tristate "SM4 cipher algorithm" | |
527 | select CRYPTO_ALGAPI | |
528 | select CRYPTO_SM4 | |
529 | help | |
530 | SM4 cipher algorithms (OSCCA GB/T 32907-2016). | |
531 | ||
532 | SM4 (GBT.32907-2016) is a cryptographic standard issued by the | |
533 | Organization of State Commercial Administration of China (OSCCA) | |
534 | as an authorized cryptographic algorithms for the use within China. | |
535 | ||
536 | SMS4 was originally created for use in protecting wireless | |
537 | networks, and is mandated in the Chinese National Standard for | |
538 | Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) | |
539 | (GB.15629.11-2003). | |
540 | ||
541 | The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and | |
542 | standardized through TC 260 of the Standardization Administration | |
543 | of the People's Republic of China (SAC). | |
544 | ||
545 | The input, output, and key of SMS4 are each 128 bits. | |
546 | ||
547 | See also: <https://eprint.iacr.org/2008/329.pdf> | |
548 | ||
549 | If unsure, say N. | |
550 | ||
551 | config CRYPTO_TEA | |
552 | tristate "TEA, XTEA and XETA cipher algorithms" | |
553 | depends on CRYPTO_USER_API_ENABLE_OBSOLETE | |
554 | select CRYPTO_ALGAPI | |
555 | help | |
556 | TEA cipher algorithm. | |
557 | ||
558 | Tiny Encryption Algorithm is a simple cipher that uses | |
559 | many rounds for security. It is very fast and uses | |
560 | little memory. | |
561 | ||
562 | Xtendend Tiny Encryption Algorithm is a modification to | |
563 | the TEA algorithm to address a potential key weakness | |
564 | in the TEA algorithm. | |
565 | ||
566 | Xtendend Encryption Tiny Algorithm is a mis-implementation | |
567 | of the XTEA algorithm for compatibility purposes. | |
568 | ||
569 | config CRYPTO_TWOFISH | |
570 | tristate "Twofish cipher algorithm" | |
571 | select CRYPTO_ALGAPI | |
572 | select CRYPTO_TWOFISH_COMMON | |
573 | help | |
574 | Twofish cipher algorithm. | |
575 | ||
576 | Twofish was submitted as an AES (Advanced Encryption Standard) | |
577 | candidate cipher by researchers at CounterPane Systems. It is a | |
578 | 16 round block cipher supporting key sizes of 128, 192, and 256 | |
579 | bits. | |
580 | ||
581 | See also: | |
582 | <https://www.schneier.com/twofish.html> | |
583 | ||
584 | config CRYPTO_TWOFISH_COMMON | |
585 | tristate | |
586 | help | |
587 | Common parts of the Twofish cipher algorithm shared by the | |
588 | generic c and the assembler implementations. | |
589 | ||
590 | endmenu | |
591 | ||
592 | menu "Length-preserving ciphers and modes" | |
26609a21 | 593 | |
059c2a4d EB |
594 | config CRYPTO_ADIANTUM |
595 | tristate "Adiantum support" | |
596 | select CRYPTO_CHACHA20 | |
48ea8c6e | 597 | select CRYPTO_LIB_POLY1305_GENERIC |
059c2a4d | 598 | select CRYPTO_NHPOLY1305 |
c8a3315a | 599 | select CRYPTO_MANAGER |
059c2a4d EB |
600 | help |
601 | Adiantum is a tweakable, length-preserving encryption mode | |
602 | designed for fast and secure disk encryption, especially on | |
603 | CPUs without dedicated crypto instructions. It encrypts | |
604 | each sector using the XChaCha12 stream cipher, two passes of | |
605 | an ε-almost-∆-universal hash function, and an invocation of | |
606 | the AES-256 block cipher on a single 16-byte block. On CPUs | |
607 | without AES instructions, Adiantum is much faster than | |
608 | AES-XTS. | |
609 | ||
610 | Adiantum's security is provably reducible to that of its | |
611 | underlying stream and block ciphers, subject to a security | |
612 | bound. Unlike XTS, Adiantum is a true wide-block encryption | |
613 | mode, so it actually provides an even stronger notion of | |
614 | security than XTS, subject to the security bound. | |
615 | ||
616 | If unsure, say N. | |
617 | ||
f1f142ad RE |
618 | config CRYPTO_ARC4 |
619 | tristate "ARC4 cipher algorithm" | |
620 | depends on CRYPTO_USER_API_ENABLE_OBSOLETE | |
621 | select CRYPTO_SKCIPHER | |
622 | select CRYPTO_LIB_ARC4 | |
7ff554ce | 623 | help |
f1f142ad | 624 | ARC4 cipher algorithm. |
7ff554ce | 625 | |
f1f142ad RE |
626 | ARC4 is a stream cipher using keys ranging from 8 bits to 2048 |
627 | bits in length. This algorithm is required for driver-based | |
628 | WEP, but it should not be for other purposes because of the | |
629 | weakness of the algorithm. | |
630 | ||
631 | config CRYPTO_CHACHA20 | |
632 | tristate "ChaCha stream cipher algorithms" | |
633 | select CRYPTO_LIB_CHACHA_GENERIC | |
634 | select CRYPTO_SKCIPHER | |
be1eb7f7 | 635 | help |
f1f142ad | 636 | The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. |
be1eb7f7 | 637 | |
f1f142ad RE |
638 | ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. |
639 | Bernstein and further specified in RFC7539 for use in IETF protocols. | |
640 | This is the portable C implementation of ChaCha20. See also: | |
641 | <https://cr.yp.to/chacha/chacha-20080128.pdf> | |
be1eb7f7 | 642 | |
f1f142ad RE |
643 | XChaCha20 is the application of the XSalsa20 construction to ChaCha20 |
644 | rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length | |
645 | from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, | |
646 | while provably retaining ChaCha20's security. See also: | |
647 | <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> | |
be1eb7f7 | 648 | |
f1f142ad RE |
649 | XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly |
650 | reduced security margin but increased performance. It can be needed | |
651 | in some performance-sensitive scenarios. | |
584fffc8 | 652 | |
f1f142ad RE |
653 | config CRYPTO_CBC |
654 | tristate "CBC support" | |
655 | select CRYPTO_SKCIPHER | |
93b5e86a JK |
656 | select CRYPTO_MANAGER |
657 | help | |
f1f142ad RE |
658 | CBC: Cipher Block Chaining mode |
659 | This block cipher algorithm is required for IPSec. | |
93b5e86a | 660 | |
f1f142ad RE |
661 | config CRYPTO_CFB |
662 | tristate "CFB support" | |
663 | select CRYPTO_SKCIPHER | |
23e353c8 | 664 | select CRYPTO_MANAGER |
23e353c8 | 665 | help |
f1f142ad RE |
666 | CFB: Cipher FeedBack mode |
667 | This block cipher algorithm is required for TPM2 Cryptography. | |
23e353c8 | 668 | |
f1f142ad RE |
669 | config CRYPTO_CTR |
670 | tristate "CTR support" | |
671 | select CRYPTO_SKCIPHER | |
584fffc8 | 672 | select CRYPTO_MANAGER |
76cb9521 | 673 | help |
f1f142ad RE |
674 | CTR: Counter mode |
675 | This block cipher algorithm is required for IPSec. | |
76cb9521 | 676 | |
f1f142ad RE |
677 | config CRYPTO_CTS |
678 | tristate "CTS support" | |
679 | select CRYPTO_SKCIPHER | |
f1939f7c SW |
680 | select CRYPTO_MANAGER |
681 | help | |
f1f142ad RE |
682 | CTS: Cipher Text Stealing |
683 | This is the Cipher Text Stealing mode as described by | |
684 | Section 8 of rfc2040 and referenced by rfc3962 | |
685 | (rfc3962 includes errata information in its Appendix A) or | |
686 | CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. | |
687 | This mode is required for Kerberos gss mechanism support | |
688 | for AES encryption. | |
f1939f7c | 689 | |
f1f142ad | 690 | See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final |
28db8e3e | 691 | |
f1f142ad RE |
692 | config CRYPTO_ECB |
693 | tristate "ECB support" | |
694 | select CRYPTO_SKCIPHER | |
695 | select CRYPTO_MANAGER | |
4a49b499 | 696 | help |
f1f142ad RE |
697 | ECB: Electronic CodeBook mode |
698 | This is the simplest block cipher algorithm. It simply encrypts | |
699 | the input block by block. | |
4a49b499 | 700 | |
f1f142ad RE |
701 | config CRYPTO_HCTR2 |
702 | tristate "HCTR2 support" | |
703 | select CRYPTO_XCTR | |
704 | select CRYPTO_POLYVAL | |
705 | select CRYPTO_MANAGER | |
78c37d19 | 706 | help |
f1f142ad RE |
707 | HCTR2 is a length-preserving encryption mode for storage encryption that |
708 | is efficient on processors with instructions to accelerate AES and | |
709 | carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and | |
710 | ARM processors with the ARMv8 crypto extensions. | |
78c37d19 | 711 | |
f1f142ad RE |
712 | config CRYPTO_KEYWRAP |
713 | tristate "Key wrapping support" | |
714 | select CRYPTO_SKCIPHER | |
715 | select CRYPTO_MANAGER | |
2cdc6899 | 716 | help |
f1f142ad RE |
717 | Support for key wrapping (NIST SP800-38F / RFC3394) without |
718 | padding. | |
2cdc6899 | 719 | |
f1f142ad RE |
720 | config CRYPTO_LRW |
721 | tristate "LRW support" | |
722 | select CRYPTO_SKCIPHER | |
723 | select CRYPTO_MANAGER | |
f3c923a0 | 724 | select CRYPTO_GF128MUL |
f1f142ad | 725 | select CRYPTO_ECB |
f3c923a0 | 726 | help |
f1f142ad RE |
727 | LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable |
728 | narrow block cipher mode for dm-crypt. Use it with cipher | |
729 | specification string aes-lrw-benbi, the key must be 256, 320 or 384. | |
730 | The first 128, 192 or 256 bits in the key are used for AES and the | |
731 | rest is used to tie each cipher block to its logical position. | |
f3c923a0 | 732 | |
f1f142ad RE |
733 | config CRYPTO_OFB |
734 | tristate "OFB support" | |
735 | select CRYPTO_SKCIPHER | |
736 | select CRYPTO_MANAGER | |
f979e014 | 737 | help |
f1f142ad RE |
738 | OFB: the Output Feedback mode makes a block cipher into a synchronous |
739 | stream cipher. It generates keystream blocks, which are then XORed | |
740 | with the plaintext blocks to get the ciphertext. Flipping a bit in the | |
741 | ciphertext produces a flipped bit in the plaintext at the same | |
742 | location. This property allows many error correcting codes to function | |
743 | normally even when applied before encryption. | |
f979e014 | 744 | |
f1f142ad RE |
745 | config CRYPTO_PCBC |
746 | tristate "PCBC support" | |
747 | select CRYPTO_SKCIPHER | |
748 | select CRYPTO_MANAGER | |
124b53d0 | 749 | help |
f1f142ad RE |
750 | PCBC: Propagating Cipher Block Chaining mode |
751 | This block cipher algorithm is required for RxRPC. | |
124b53d0 | 752 | |
f1f142ad RE |
753 | config CRYPTO_XCTR |
754 | tristate | |
755 | select CRYPTO_SKCIPHER | |
756 | select CRYPTO_MANAGER | |
1da177e4 | 757 | help |
f1f142ad RE |
758 | XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode |
759 | using XORs and little-endian addition rather than big-endian arithmetic. | |
760 | XCTR mode is used to implement HCTR2. | |
1da177e4 | 761 | |
f1f142ad RE |
762 | config CRYPTO_XTS |
763 | tristate "XTS support" | |
764 | select CRYPTO_SKCIPHER | |
765 | select CRYPTO_MANAGER | |
766 | select CRYPTO_ECB | |
90831639 | 767 | help |
f1f142ad RE |
768 | XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, |
769 | key size 256, 384 or 512 bits. This implementation currently | |
770 | can't handle a sectorsize which is not a multiple of 16 bytes. | |
90831639 | 771 | |
f1f142ad RE |
772 | config CRYPTO_NHPOLY1305 |
773 | tristate | |
e5835fba | 774 | select CRYPTO_HASH |
f1f142ad | 775 | select CRYPTO_LIB_POLY1305_GENERIC |
534fe2c1 | 776 | |
f1f142ad | 777 | endmenu |
534fe2c1 | 778 | |
f1f142ad | 779 | menu "AEAD (authenticated encryption with associated data) ciphers" |
1da177e4 | 780 | |
f1f142ad | 781 | config CRYPTO_AEGIS128 |
e3d2eadd | 782 | tristate "AEGIS-128" |
f1f142ad RE |
783 | select CRYPTO_AEAD |
784 | select CRYPTO_AES # for AES S-box tables | |
1da177e4 | 785 | help |
e3d2eadd | 786 | AEGIS-128 AEAD algorithm |
2729bb42 | 787 | |
f1f142ad | 788 | config CRYPTO_AEGIS128_SIMD |
e3d2eadd | 789 | bool "AEGIS-128 (arm NEON, arm64 NEON)" |
f1f142ad RE |
790 | depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) |
791 | default y | |
e3d2eadd RE |
792 | help |
793 | AEGIS-128 AEAD algorithm | |
794 | ||
795 | Architecture: arm or arm64 using: | |
796 | - NEON (Advanced SIMD) extension | |
584fffc8 | 797 | |
f1f142ad | 798 | config CRYPTO_CHACHA20POLY1305 |
e3d2eadd | 799 | tristate "ChaCha20-Poly1305" |
f1f142ad RE |
800 | select CRYPTO_CHACHA20 |
801 | select CRYPTO_POLY1305 | |
802 | select CRYPTO_AEAD | |
803 | select CRYPTO_MANAGER | |
b9f535ff | 804 | help |
e3d2eadd RE |
805 | ChaCha20 stream cipher and Poly1305 authenticator combined |
806 | mode (RFC8439) | |
b9f535ff | 807 | |
f1f142ad | 808 | config CRYPTO_CCM |
e3d2eadd | 809 | tristate "CCM (Counter with Cipher Block Chaining-Message Authentication Code)" |
f1f142ad | 810 | select CRYPTO_CTR |
53964b9e | 811 | select CRYPTO_HASH |
f1f142ad RE |
812 | select CRYPTO_AEAD |
813 | select CRYPTO_MANAGER | |
53964b9e | 814 | help |
e3d2eadd RE |
815 | CCM (Counter with Cipher Block Chaining-Message Authentication Code) |
816 | authenticated encryption mode (NIST SP800-38C) | |
d2825fa9 | 817 | |
f1f142ad | 818 | config CRYPTO_GCM |
e3d2eadd | 819 | tristate "GCM (Galois/Counter Mode) and GMAC (GCM Message Authentication Code)" |
f1f142ad RE |
820 | select CRYPTO_CTR |
821 | select CRYPTO_AEAD | |
822 | select CRYPTO_GHASH | |
823 | select CRYPTO_NULL | |
824 | select CRYPTO_MANAGER | |
4f0fc160 | 825 | help |
e3d2eadd RE |
826 | GCM (Galois/Counter Mode) authenticated encryption mode and GMAC |
827 | (GCM Message Authentication Code) (NIST SP800-38D) | |
828 | ||
829 | This is required for IPSec ESP (XFRM_ESP). | |
4f0fc160 | 830 | |
f1f142ad RE |
831 | config CRYPTO_SEQIV |
832 | tristate "Sequence Number IV Generator" | |
833 | select CRYPTO_AEAD | |
834 | select CRYPTO_SKCIPHER | |
835 | select CRYPTO_NULL | |
836 | select CRYPTO_RNG_DEFAULT | |
837 | select CRYPTO_MANAGER | |
fe18957e | 838 | help |
e3d2eadd RE |
839 | Sequence Number IV generator |
840 | ||
f1f142ad | 841 | This IV generator generates an IV based on a sequence number by |
e3d2eadd RE |
842 | xoring it with a salt. This algorithm is mainly useful for CTR. |
843 | ||
844 | This is required for IPsec ESP (XFRM_ESP). | |
fe18957e | 845 | |
f1f142ad RE |
846 | config CRYPTO_ECHAINIV |
847 | tristate "Encrypted Chain IV Generator" | |
848 | select CRYPTO_AEAD | |
849 | select CRYPTO_NULL | |
850 | select CRYPTO_RNG_DEFAULT | |
851 | select CRYPTO_MANAGER | |
1da177e4 | 852 | help |
e3d2eadd RE |
853 | Encrypted Chain IV generator |
854 | ||
f1f142ad RE |
855 | This IV generator generates an IV based on the encryption of |
856 | a sequence number xored with a salt. This is the default | |
857 | algorithm for CBC. | |
1da177e4 | 858 | |
f1f142ad | 859 | config CRYPTO_ESSIV |
e3d2eadd | 860 | tristate "Encrypted Salt-Sector IV Generator" |
f1f142ad | 861 | select CRYPTO_AUTHENC |
1da177e4 | 862 | help |
e3d2eadd RE |
863 | Encrypted Salt-Sector IV generator |
864 | ||
865 | This IV generator is used in some cases by fscrypt and/or | |
f1f142ad RE |
866 | dm-crypt. It uses the hash of the block encryption key as the |
867 | symmetric key for a block encryption pass applied to the input | |
868 | IV, making low entropy IV sources more suitable for block | |
869 | encryption. | |
1da177e4 | 870 | |
f1f142ad RE |
871 | This driver implements a crypto API template that can be |
872 | instantiated either as an skcipher or as an AEAD (depending on the | |
873 | type of the first template argument), and which defers encryption | |
874 | and decryption requests to the encapsulated cipher after applying | |
875 | ESSIV to the input IV. Note that in the AEAD case, it is assumed | |
876 | that the keys are presented in the same format used by the authenc | |
877 | template, and that the IV appears at the end of the authenticated | |
878 | associated data (AAD) region (which is how dm-crypt uses it.) | |
1da177e4 | 879 | |
f1f142ad RE |
880 | Note that the use of ESSIV is not recommended for new deployments, |
881 | and so this only needs to be enabled when interoperability with | |
882 | existing encrypted volumes of filesystems is required, or when | |
883 | building for a particular system that requires it (e.g., when | |
884 | the SoC in question has accelerated CBC but not XTS, making CBC | |
885 | combined with ESSIV the only feasible mode for h/w accelerated | |
886 | block encryption) | |
1da177e4 | 887 | |
f1f142ad | 888 | endmenu |
b5e0b032 | 889 | |
f1f142ad | 890 | menu "Hashes, digests, and MACs" |
b5e0b032 | 891 | |
f1f142ad | 892 | config CRYPTO_BLAKE2B |
3f342a23 | 893 | tristate "BLAKE2b" |
f1f142ad | 894 | select CRYPTO_HASH |
584fffc8 | 895 | help |
3f342a23 | 896 | BLAKE2b cryptographic hash function (RFC 7693) |
584fffc8 | 897 | |
3f342a23 RE |
898 | BLAKE2b is optimized for 64-bit platforms and can produce digests |
899 | of any size between 1 and 64 bytes. The keyed hash is also implemented. | |
584fffc8 | 900 | |
3f342a23 | 901 | This module provides the following algorithms: |
f1f142ad RE |
902 | - blake2b-160 |
903 | - blake2b-256 | |
904 | - blake2b-384 | |
905 | - blake2b-512 | |
584fffc8 | 906 | |
3f342a23 RE |
907 | Used by the btrfs filesystem. |
908 | ||
f1f142ad | 909 | See https://blake2.net for further information. |
584fffc8 | 910 | |
3f342a23 RE |
911 | config CRYPTO_BLAKE2S |
912 | tristate "BLAKE2s" | |
913 | select CRYPTO_LIB_BLAKE2S_GENERIC | |
914 | select CRYPTO_HASH | |
915 | help | |
916 | BLAKE2s cryptographic hash function (RFC 7693) | |
917 | ||
918 | BLAKE2s is optimized for 8 to 32-bit platforms and can produce | |
919 | digests of any size between 1 and 32 bytes. The keyed hash is | |
920 | also implemented. | |
921 | ||
922 | This module provides the following algorithms: | |
923 | - blake2s-128 | |
924 | - blake2s-160 | |
925 | - blake2s-224 | |
926 | - blake2s-256 | |
927 | ||
928 | Used by Wireguard. | |
929 | ||
930 | See https://blake2.net for further information. | |
931 | ||
f1f142ad | 932 | config CRYPTO_CMAC |
3f342a23 | 933 | tristate "CMAC (Cipher-based MAC)" |
f1f142ad RE |
934 | select CRYPTO_HASH |
935 | select CRYPTO_MANAGER | |
584fffc8 | 936 | help |
3f342a23 RE |
937 | CMAC (Cipher-based Message Authentication Code) authentication |
938 | mode (NIST SP800-38B and IETF RFC4493) | |
584fffc8 | 939 | |
f1f142ad | 940 | config CRYPTO_GHASH |
3f342a23 | 941 | tristate "GHASH" |
f1f142ad RE |
942 | select CRYPTO_GF128MUL |
943 | select CRYPTO_HASH | |
52ba867c | 944 | help |
3f342a23 | 945 | GCM GHASH function (NIST SP800-38D) |
52ba867c | 946 | |
f1f142ad | 947 | config CRYPTO_HMAC |
3f342a23 | 948 | tristate "HMAC (Keyed-Hash MAC)" |
f1f142ad RE |
949 | select CRYPTO_HASH |
950 | select CRYPTO_MANAGER | |
584fffc8 | 951 | help |
3f342a23 RE |
952 | HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and |
953 | RFC2104) | |
954 | ||
955 | This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). | |
584fffc8 | 956 | |
f1f142ad | 957 | config CRYPTO_MD4 |
3f342a23 | 958 | tristate "MD4" |
f1f142ad | 959 | select CRYPTO_HASH |
044ab525 | 960 | help |
3f342a23 | 961 | MD4 message digest algorithm (RFC1320) |
044ab525 | 962 | |
f1f142ad | 963 | config CRYPTO_MD5 |
3f342a23 | 964 | tristate "MD5" |
f1f142ad | 965 | select CRYPTO_HASH |
1da177e4 | 966 | help |
3f342a23 | 967 | MD5 message digest algorithm (RFC1321) |
1da177e4 | 968 | |
f1f142ad | 969 | config CRYPTO_MICHAEL_MIC |
3f342a23 | 970 | tristate "Michael MIC" |
f1f142ad | 971 | select CRYPTO_HASH |
1da177e4 | 972 | help |
3f342a23 RE |
973 | Michael MIC (Message Integrity Code) (IEEE 802.11i) |
974 | ||
975 | Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), | |
976 | known as WPA (Wif-Fi Protected Access). | |
977 | ||
978 | This algorithm is required for TKIP, but it should not be used for | |
979 | other purposes because of the weakness of the algorithm. | |
1da177e4 | 980 | |
f1f142ad RE |
981 | config CRYPTO_POLYVAL |
982 | tristate | |
983 | select CRYPTO_GF128MUL | |
984 | select CRYPTO_HASH | |
1da177e4 | 985 | help |
3f342a23 RE |
986 | POLYVAL hash function for HCTR2 |
987 | ||
988 | This is used in HCTR2. It is not a general-purpose | |
f1f142ad | 989 | cryptographic hash function. |
fb4f10ed | 990 | |
f1f142ad | 991 | config CRYPTO_POLY1305 |
3f342a23 | 992 | tristate "Poly1305" |
f1f142ad RE |
993 | select CRYPTO_HASH |
994 | select CRYPTO_LIB_POLY1305_GENERIC | |
1da177e4 | 995 | help |
3f342a23 | 996 | Poly1305 authenticator algorithm (RFC7539) |
1da177e4 | 997 | |
f1f142ad RE |
998 | Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. |
999 | It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use | |
1000 | in IETF protocols. This is the portable C implementation of Poly1305. | |
1001 | ||
1002 | config CRYPTO_RMD160 | |
3f342a23 | 1003 | tristate "RIPEMD-160" |
f1f142ad | 1004 | select CRYPTO_HASH |
1da177e4 | 1005 | help |
3f342a23 | 1006 | RIPEMD-160 hash function (ISO/IEC 10118-3) |
1da177e4 | 1007 | |
f1f142ad RE |
1008 | RIPEMD-160 is a 160-bit cryptographic hash function. It is intended |
1009 | to be used as a secure replacement for the 128-bit hash functions | |
1010 | MD4, MD5 and its predecessor RIPEMD | |
1011 | (not to be confused with RIPEMD-128). | |
1da177e4 | 1012 | |
3f342a23 | 1013 | Its speed is comparable to SHA-1 and there are no known attacks |
f1f142ad | 1014 | against RIPEMD-160. |
1da177e4 | 1015 | |
f1f142ad | 1016 | Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. |
3f342a23 RE |
1017 | See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html |
1018 | for further information. | |
f1f142ad RE |
1019 | |
1020 | config CRYPTO_SHA1 | |
3f342a23 | 1021 | tristate "SHA-1" |
f1f142ad RE |
1022 | select CRYPTO_HASH |
1023 | select CRYPTO_LIB_SHA1 | |
c08d0e64 | 1024 | help |
3f342a23 | 1025 | SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3) |
c08d0e64 | 1026 | |
f1f142ad | 1027 | config CRYPTO_SHA256 |
3f342a23 | 1028 | tristate "SHA-224 and SHA-256" |
f1f142ad RE |
1029 | select CRYPTO_HASH |
1030 | select CRYPTO_LIB_SHA256 | |
1031 | help | |
3f342a23 | 1032 | SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) |
de61d7ae | 1033 | |
3f342a23 RE |
1034 | This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). |
1035 | Used by the btrfs filesystem, Ceph, NFS, and SMB. | |
aa762409 | 1036 | |
f1f142ad | 1037 | config CRYPTO_SHA512 |
3f342a23 | 1038 | tristate "SHA-384 and SHA-512" |
f1f142ad | 1039 | select CRYPTO_HASH |
1da177e4 | 1040 | help |
3f342a23 | 1041 | SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) |
584fffc8 | 1042 | |
f1f142ad | 1043 | config CRYPTO_SHA3 |
3f342a23 | 1044 | tristate "SHA-3" |
f1f142ad | 1045 | select CRYPTO_HASH |
e4e712bb | 1046 | help |
3f342a23 | 1047 | SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) |
e4e712bb | 1048 | |
f1f142ad RE |
1049 | config CRYPTO_SM3 |
1050 | tristate | |
e4e712bb | 1051 | |
f1f142ad | 1052 | config CRYPTO_SM3_GENERIC |
3f342a23 | 1053 | tristate "SM3 (ShangMi 3)" |
f1f142ad RE |
1054 | select CRYPTO_HASH |
1055 | select CRYPTO_SM3 | |
1da177e4 | 1056 | help |
3f342a23 RE |
1057 | SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) |
1058 | ||
1059 | This is part of the Chinese Commercial Cryptography suite. | |
1da177e4 | 1060 | |
f1f142ad RE |
1061 | References: |
1062 | http://www.oscca.gov.cn/UpFile/20101222141857786.pdf | |
1063 | https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash | |
584fffc8 | 1064 | |
f1f142ad | 1065 | config CRYPTO_STREEBOG |
3f342a23 | 1066 | tristate "Streebog" |
f1f142ad RE |
1067 | select CRYPTO_HASH |
1068 | help | |
3f342a23 RE |
1069 | Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) |
1070 | ||
1071 | This is one of the Russian cryptographic standard algorithms (called | |
1072 | GOST algorithms). This setting enables two hash algorithms with | |
1073 | 256 and 512 bits output. | |
584fffc8 | 1074 | |
f1f142ad RE |
1075 | References: |
1076 | https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf | |
1077 | https://tools.ietf.org/html/rfc6986 | |
d2825fa9 | 1078 | |
f1f142ad | 1079 | config CRYPTO_VMAC |
3f342a23 | 1080 | tristate "VMAC" |
f1f142ad RE |
1081 | select CRYPTO_HASH |
1082 | select CRYPTO_MANAGER | |
747c8ce4 | 1083 | help |
f1f142ad RE |
1084 | VMAC is a message authentication algorithm designed for |
1085 | very high speed on 64-bit architectures. | |
747c8ce4 | 1086 | |
3f342a23 | 1087 | See https://fastcrypto.org/vmac for further information. |
747c8ce4 | 1088 | |
f1f142ad | 1089 | config CRYPTO_WP512 |
3f342a23 | 1090 | tristate "Whirlpool" |
f1f142ad RE |
1091 | select CRYPTO_HASH |
1092 | help | |
3f342a23 RE |
1093 | Whirlpool hash function (ISO/IEC 10118-3) |
1094 | ||
1095 | 512, 384 and 256-bit hashes. | |
747c8ce4 | 1096 | |
f1f142ad | 1097 | Whirlpool-512 is part of the NESSIE cryptographic primitives. |
747c8ce4 | 1098 | |
3f342a23 RE |
1099 | See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html |
1100 | for further information. | |
747c8ce4 | 1101 | |
f1f142ad | 1102 | config CRYPTO_XCBC |
3f342a23 | 1103 | tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" |
f1f142ad RE |
1104 | select CRYPTO_HASH |
1105 | select CRYPTO_MANAGER | |
1106 | help | |
3f342a23 RE |
1107 | XCBC-MAC (Extended Cipher Block Chaining Message Authentication |
1108 | Code) (RFC3566) | |
747c8ce4 | 1109 | |
f1f142ad | 1110 | config CRYPTO_XXHASH |
3f342a23 | 1111 | tristate "xxHash" |
f1f142ad RE |
1112 | select CRYPTO_HASH |
1113 | select XXHASH | |
1da177e4 | 1114 | help |
3f342a23 RE |
1115 | xxHash non-cryptographic hash algorithm |
1116 | ||
1117 | Extremely fast, working at speeds close to RAM limits. | |
1118 | ||
1119 | Used by the btrfs filesystem. | |
1da177e4 | 1120 | |
f1f142ad | 1121 | endmenu |
584fffc8 | 1122 | |
f1f142ad | 1123 | menu "CRCs (cyclic redundancy checks)" |
584fffc8 | 1124 | |
f1f142ad | 1125 | config CRYPTO_CRC32C |
ec84348d | 1126 | tristate "CRC32c" |
f1f142ad RE |
1127 | select CRYPTO_HASH |
1128 | select CRC32 | |
1129 | help | |
ec84348d RE |
1130 | CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) |
1131 | ||
1132 | A 32-bit CRC (cyclic redundancy check) with a polynomial defined | |
1133 | by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic | |
1134 | Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions | |
1135 | on Communications, Vol. 41, No. 6, June 1993, selected for use with | |
1136 | iSCSI. | |
1137 | ||
1138 | Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. | |
584fffc8 | 1139 | |
f1f142ad | 1140 | config CRYPTO_CRC32 |
ec84348d | 1141 | tristate "CRC32" |
f1f142ad RE |
1142 | select CRYPTO_HASH |
1143 | select CRC32 | |
04ac7db3 | 1144 | help |
ec84348d RE |
1145 | CRC32 CRC algorithm (IEEE 802.3) |
1146 | ||
1147 | Used by RoCEv2 and f2fs. | |
04ac7db3 | 1148 | |
f1f142ad | 1149 | config CRYPTO_CRCT10DIF |
ec84348d | 1150 | tristate "CRCT10DIF" |
f1f142ad RE |
1151 | select CRYPTO_HASH |
1152 | help | |
ec84348d RE |
1153 | CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) |
1154 | ||
1155 | CRC algorithm used by the SCSI Block Commands standard. | |
04ac7db3 | 1156 | |
f1f142ad | 1157 | config CRYPTO_CRC64_ROCKSOFT |
ec84348d | 1158 | tristate "CRC64 based on Rocksoft Model algorithm" |
f1f142ad RE |
1159 | depends on CRC64 |
1160 | select CRYPTO_HASH | |
ec84348d RE |
1161 | help |
1162 | CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm | |
1163 | ||
1164 | Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY) | |
1165 | ||
1166 | See https://zlib.net/crc_v3.txt | |
584fffc8 | 1167 | |
f1f142ad | 1168 | endmenu |
584fffc8 | 1169 | |
f1f142ad | 1170 | menu "Compression" |
584fffc8 SS |
1171 | |
1172 | config CRYPTO_DEFLATE | |
1173 | tristate "Deflate compression algorithm" | |
1174 | select CRYPTO_ALGAPI | |
f6ded09d | 1175 | select CRYPTO_ACOMP2 |
584fffc8 SS |
1176 | select ZLIB_INFLATE |
1177 | select ZLIB_DEFLATE | |
3c09f17c | 1178 | help |
584fffc8 SS |
1179 | This is the Deflate algorithm (RFC1951), specified for use in |
1180 | IPSec with the IPCOMP protocol (RFC3173, RFC2394). | |
1181 | ||
1182 | You will most probably want this if using IPSec. | |
3c09f17c | 1183 | |
0b77abb3 ZS |
1184 | config CRYPTO_LZO |
1185 | tristate "LZO compression algorithm" | |
1186 | select CRYPTO_ALGAPI | |
ac9d2c4b | 1187 | select CRYPTO_ACOMP2 |
0b77abb3 ZS |
1188 | select LZO_COMPRESS |
1189 | select LZO_DECOMPRESS | |
1190 | help | |
1191 | This is the LZO algorithm. | |
1192 | ||
35a1fc18 SJ |
1193 | config CRYPTO_842 |
1194 | tristate "842 compression algorithm" | |
2062c5b6 | 1195 | select CRYPTO_ALGAPI |
6a8de3ae | 1196 | select CRYPTO_ACOMP2 |
2062c5b6 DS |
1197 | select 842_COMPRESS |
1198 | select 842_DECOMPRESS | |
35a1fc18 SJ |
1199 | help |
1200 | This is the 842 algorithm. | |
0ea8530d CM |
1201 | |
1202 | config CRYPTO_LZ4 | |
1203 | tristate "LZ4 compression algorithm" | |
1204 | select CRYPTO_ALGAPI | |
8cd9330e | 1205 | select CRYPTO_ACOMP2 |
0ea8530d CM |
1206 | select LZ4_COMPRESS |
1207 | select LZ4_DECOMPRESS | |
1208 | help | |
1209 | This is the LZ4 algorithm. | |
1210 | ||
1211 | config CRYPTO_LZ4HC | |
1212 | tristate "LZ4HC compression algorithm" | |
1213 | select CRYPTO_ALGAPI | |
91d53d96 | 1214 | select CRYPTO_ACOMP2 |
0ea8530d CM |
1215 | select LZ4HC_COMPRESS |
1216 | select LZ4_DECOMPRESS | |
1217 | help | |
1218 | This is the LZ4 high compression mode algorithm. | |
35a1fc18 | 1219 | |
d28fc3db NT |
1220 | config CRYPTO_ZSTD |
1221 | tristate "Zstd compression algorithm" | |
1222 | select CRYPTO_ALGAPI | |
1223 | select CRYPTO_ACOMP2 | |
1224 | select ZSTD_COMPRESS | |
1225 | select ZSTD_DECOMPRESS | |
1226 | help | |
1227 | This is the zstd algorithm. | |
1228 | ||
f1f142ad RE |
1229 | endmenu |
1230 | ||
1231 | menu "Random number generation" | |
17f0f4a4 NH |
1232 | |
1233 | config CRYPTO_ANSI_CPRNG | |
1234 | tristate "Pseudo Random Number Generation for Cryptographic modules" | |
1235 | select CRYPTO_AES | |
1236 | select CRYPTO_RNG | |
17f0f4a4 NH |
1237 | help |
1238 | This option enables the generic pseudo random number generator | |
1239 | for cryptographic modules. Uses the Algorithm specified in | |
7dd607e8 JK |
1240 | ANSI X9.31 A.2.4. Note that this option must be enabled if |
1241 | CRYPTO_FIPS is selected | |
17f0f4a4 | 1242 | |
f2c89a10 | 1243 | menuconfig CRYPTO_DRBG_MENU |
419090c6 | 1244 | tristate "NIST SP800-90A DRBG" |
419090c6 SM |
1245 | help |
1246 | NIST SP800-90A compliant DRBG. In the following submenu, one or | |
1247 | more of the DRBG types must be selected. | |
1248 | ||
f2c89a10 | 1249 | if CRYPTO_DRBG_MENU |
419090c6 SM |
1250 | |
1251 | config CRYPTO_DRBG_HMAC | |
401e4238 | 1252 | bool |
419090c6 | 1253 | default y |
419090c6 | 1254 | select CRYPTO_HMAC |
5261cdf4 | 1255 | select CRYPTO_SHA512 |
419090c6 SM |
1256 | |
1257 | config CRYPTO_DRBG_HASH | |
1258 | bool "Enable Hash DRBG" | |
826775bb | 1259 | select CRYPTO_SHA256 |
419090c6 SM |
1260 | help |
1261 | Enable the Hash DRBG variant as defined in NIST SP800-90A. | |
1262 | ||
1263 | config CRYPTO_DRBG_CTR | |
1264 | bool "Enable CTR DRBG" | |
419090c6 | 1265 | select CRYPTO_AES |
d6fc1a45 | 1266 | select CRYPTO_CTR |
419090c6 SM |
1267 | help |
1268 | Enable the CTR DRBG variant as defined in NIST SP800-90A. | |
1269 | ||
f2c89a10 HX |
1270 | config CRYPTO_DRBG |
1271 | tristate | |
401e4238 | 1272 | default CRYPTO_DRBG_MENU |
f2c89a10 | 1273 | select CRYPTO_RNG |
bb5530e4 | 1274 | select CRYPTO_JITTERENTROPY |
f2c89a10 HX |
1275 | |
1276 | endif # if CRYPTO_DRBG_MENU | |
419090c6 | 1277 | |
bb5530e4 SM |
1278 | config CRYPTO_JITTERENTROPY |
1279 | tristate "Jitterentropy Non-Deterministic Random Number Generator" | |
2f313e02 | 1280 | select CRYPTO_RNG |
bb5530e4 SM |
1281 | help |
1282 | The Jitterentropy RNG is a noise that is intended | |
1283 | to provide seed to another RNG. The RNG does not | |
1284 | perform any cryptographic whitening of the generated | |
1285 | random numbers. This Jitterentropy RNG registers with | |
1286 | the kernel crypto API and can be used by any caller. | |
1287 | ||
026a733e SM |
1288 | config CRYPTO_KDF800108_CTR |
1289 | tristate | |
a88592cc | 1290 | select CRYPTO_HMAC |
304b4ace | 1291 | select CRYPTO_SHA256 |
026a733e | 1292 | |
f1f142ad | 1293 | endmenu |
9bc51715 | 1294 | menu "Userspace interface" |
f1f142ad | 1295 | |
03c8efc1 HX |
1296 | config CRYPTO_USER_API |
1297 | tristate | |
1298 | ||
fe869cdb | 1299 | config CRYPTO_USER_API_HASH |
9bc51715 | 1300 | tristate "Hash algorithms" |
7451708f | 1301 | depends on NET |
fe869cdb HX |
1302 | select CRYPTO_HASH |
1303 | select CRYPTO_USER_API | |
1304 | help | |
9bc51715 RE |
1305 | Enable the userspace interface for hash algorithms. |
1306 | ||
1307 | See Documentation/crypto/userspace-if.rst and | |
1308 | https://www.chronox.de/libkcapi/html/index.html | |
fe869cdb | 1309 | |
8ff59090 | 1310 | config CRYPTO_USER_API_SKCIPHER |
9bc51715 | 1311 | tristate "Symmetric key cipher algorithms" |
7451708f | 1312 | depends on NET |
b95bba5d | 1313 | select CRYPTO_SKCIPHER |
8ff59090 HX |
1314 | select CRYPTO_USER_API |
1315 | help | |
9bc51715 RE |
1316 | Enable the userspace interface for symmetric key cipher algorithms. |
1317 | ||
1318 | See Documentation/crypto/userspace-if.rst and | |
1319 | https://www.chronox.de/libkcapi/html/index.html | |
8ff59090 | 1320 | |
2f375538 | 1321 | config CRYPTO_USER_API_RNG |
9bc51715 | 1322 | tristate "RNG (random number generator) algorithms" |
2f375538 SM |
1323 | depends on NET |
1324 | select CRYPTO_RNG | |
1325 | select CRYPTO_USER_API | |
1326 | help | |
9bc51715 RE |
1327 | Enable the userspace interface for RNG (random number generator) |
1328 | algorithms. | |
1329 | ||
1330 | See Documentation/crypto/userspace-if.rst and | |
1331 | https://www.chronox.de/libkcapi/html/index.html | |
2f375538 | 1332 | |
77ebdabe EP |
1333 | config CRYPTO_USER_API_RNG_CAVP |
1334 | bool "Enable CAVP testing of DRBG" | |
1335 | depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG | |
1336 | help | |
9bc51715 RE |
1337 | Enable extra APIs in the userspace interface for NIST CAVP |
1338 | (Cryptographic Algorithm Validation Program) testing: | |
1339 | - resetting DRBG entropy | |
1340 | - providing Additional Data | |
1341 | ||
77ebdabe EP |
1342 | This should only be enabled for CAVP testing. You should say |
1343 | no unless you know what this is. | |
1344 | ||
b64a2d95 | 1345 | config CRYPTO_USER_API_AEAD |
9bc51715 | 1346 | tristate "AEAD cipher algorithms" |
b64a2d95 HX |
1347 | depends on NET |
1348 | select CRYPTO_AEAD | |
b95bba5d | 1349 | select CRYPTO_SKCIPHER |
72548b09 | 1350 | select CRYPTO_NULL |
b64a2d95 HX |
1351 | select CRYPTO_USER_API |
1352 | help | |
9bc51715 RE |
1353 | Enable the userspace interface for AEAD cipher algorithms. |
1354 | ||
1355 | See Documentation/crypto/userspace-if.rst and | |
1356 | https://www.chronox.de/libkcapi/html/index.html | |
b64a2d95 | 1357 | |
9ace6771 | 1358 | config CRYPTO_USER_API_ENABLE_OBSOLETE |
9bc51715 | 1359 | bool "Obsolete cryptographic algorithms" |
9ace6771 AB |
1360 | depends on CRYPTO_USER_API |
1361 | default y | |
1362 | help | |
1363 | Allow obsolete cryptographic algorithms to be selected that have | |
1364 | already been phased out from internal use by the kernel, and are | |
1365 | only useful for userspace clients that still rely on them. | |
1366 | ||
cac5818c | 1367 | config CRYPTO_STATS |
9bc51715 | 1368 | bool "Crypto usage statistics" |
a6a31385 | 1369 | depends on CRYPTO_USER |
cac5818c | 1370 | help |
9bc51715 RE |
1371 | Enable the gathering of crypto stats. |
1372 | ||
1373 | This collects data sizes, numbers of requests, and numbers | |
1374 | of errors processed by: | |
1375 | - AEAD ciphers (encrypt, decrypt) | |
1376 | - asymmetric key ciphers (encrypt, decrypt, verify, sign) | |
1377 | - symmetric key ciphers (encrypt, decrypt) | |
1378 | - compression algorithms (compress, decompress) | |
1379 | - hash algorithms (hash) | |
1380 | - key-agreement protocol primitives (setsecret, generate | |
1381 | public key, compute shared secret) | |
1382 | - RNG (generate, seed) | |
cac5818c | 1383 | |
f1f142ad RE |
1384 | endmenu |
1385 | ||
ee08997f DK |
1386 | config CRYPTO_HASH_INFO |
1387 | bool | |
1388 | ||
4a329fec RE |
1389 | if ARM |
1390 | source "arch/arm/crypto/Kconfig" | |
1391 | endif | |
1392 | if ARM64 | |
1393 | source "arch/arm64/crypto/Kconfig" | |
1394 | endif | |
e45f710b RE |
1395 | if MIPS |
1396 | source "arch/mips/crypto/Kconfig" | |
1397 | endif | |
6a490a4e RE |
1398 | if PPC |
1399 | source "arch/powerpc/crypto/Kconfig" | |
1400 | endif | |
c9d24c97 RE |
1401 | if S390 |
1402 | source "arch/s390/crypto/Kconfig" | |
1403 | endif | |
0e9f9ea6 RE |
1404 | if SPARC |
1405 | source "arch/sparc/crypto/Kconfig" | |
1406 | endif | |
28a936ef RE |
1407 | if X86 |
1408 | source "arch/x86/crypto/Kconfig" | |
1409 | endif | |
e45f710b | 1410 | |
1da177e4 | 1411 | source "drivers/crypto/Kconfig" |
8636a1f9 MY |
1412 | source "crypto/asymmetric_keys/Kconfig" |
1413 | source "certs/Kconfig" | |
1da177e4 | 1414 | |
cce9e06d | 1415 | endif # if CRYPTO |