X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=crypto%2FKconfig;h=74d0e622a5153beb758ca95123da6c07628ebc23;hb=e4636d535e32768c8c500641ddb144f56e3dc5c0;hp=cfc521a0d55d59f46c7a2bba0b9073ce4bc3c792;hpb=82798f90fb13fd934a15ed56fee227fe808dcbe8;p=safe%2Fjmp%2Flinux-2.6 diff --git a/crypto/Kconfig b/crypto/Kconfig index cfc521a..74d0e62 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,30 +21,79 @@ if CRYPTO comment "Crypto core or helper" +config CRYPTO_FIPS + bool "FIPS 200 compliance" + help + This options enables the fips boot option which is + required if you want to system to operate in a FIPS 200 + certification. You should say no unless you know what + this is. + config CRYPTO_ALGAPI tristate + select CRYPTO_ALGAPI2 help This option provides the API for cryptographic algorithms. +config CRYPTO_ALGAPI2 + tristate + config CRYPTO_AEAD tristate + select CRYPTO_AEAD2 select CRYPTO_ALGAPI +config CRYPTO_AEAD2 + tristate + select CRYPTO_ALGAPI2 + config CRYPTO_BLKCIPHER tristate + select CRYPTO_BLKCIPHER2 select CRYPTO_ALGAPI +config CRYPTO_BLKCIPHER2 + tristate + select CRYPTO_ALGAPI2 + select CRYPTO_RNG2 + select CRYPTO_WORKQUEUE + config CRYPTO_HASH tristate + select CRYPTO_HASH2 select CRYPTO_ALGAPI +config CRYPTO_HASH2 + tristate + select CRYPTO_ALGAPI2 + +config CRYPTO_RNG + tristate + select CRYPTO_RNG2 + select CRYPTO_ALGAPI + +config CRYPTO_RNG2 + tristate + select CRYPTO_ALGAPI2 + +config CRYPTO_PCOMP + tristate + select CRYPTO_ALGAPI2 + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" - select CRYPTO_ALGAPI + select CRYPTO_MANAGER2 help Create default cryptographic template instantiations such as cbc(aes). +config CRYPTO_MANAGER2 + def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) + select CRYPTO_AEAD2 + select CRYPTO_HASH2 + select CRYPTO_BLKCIPHER2 + select CRYPTO_PCOMP + config CRYPTO_GF128MUL tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" depends on EXPERIMENTAL @@ -59,13 +108,19 @@ config CRYPTO_NULL tristate "Null algorithms" select CRYPTO_ALGAPI select CRYPTO_BLKCIPHER + select CRYPTO_HASH help These are 'Null' algorithms, used by IPsec, which do nothing. +config CRYPTO_WORKQUEUE + tristate + config CRYPTO_CRYPTD tristate "Software async crypto daemon" select CRYPTO_BLKCIPHER + select CRYPTO_HASH select CRYPTO_MANAGER + select CRYPTO_WORKQUEUE help This is a generic software asynchronous crypto daemon that converts an arbitrary synchronous software crypto algorithm @@ -84,9 +139,7 @@ config CRYPTO_AUTHENC config CRYPTO_TEST tristate "Testing module" depends on m - select CRYPTO_ALGAPI - select CRYPTO_AEAD - select CRYPTO_BLKCIPHER + select CRYPTO_MANAGER help Quick & dirty crypto test module. @@ -112,6 +165,7 @@ config CRYPTO_SEQIV tristate "Sequence Number IV Generator" select CRYPTO_AEAD select CRYPTO_BLKCIPHER + select CRYPTO_RNG help This IV generator generates an IV based on a sequence number by xoring it with a salt. This algorithm is mainly useful for CTR @@ -212,29 +266,39 @@ comment "Digest" config CRYPTO_CRC32C tristate "CRC32c CRC algorithm" - select CRYPTO_ALGAPI - select LIBCRC32C + select CRYPTO_HASH help Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used by iSCSI for header and data digests and by others. - See Castagnoli93. This implementation uses lib/libcrc32c. - Module will be crc32c. + See Castagnoli93. Module will be crc32c. + +config CRYPTO_CRC32C_INTEL + tristate "CRC32c INTEL hardware acceleration" + depends on X86 + select CRYPTO_HASH + help + In Intel processor with SSE4.2 supported, the processor will + support CRC32C implementation using hardware accelerated CRC32 + instruction. This option will create 'crc32c-intel' module, + which will enable any routine to use the CRC32 instruction to + gain performance compared with software implementation. + Module will be crc32c-intel. config CRYPTO_MD4 tristate "MD4 digest algorithm" - select CRYPTO_ALGAPI + select CRYPTO_HASH help MD4 message digest algorithm (RFC1320). config CRYPTO_MD5 tristate "MD5 digest algorithm" - select CRYPTO_ALGAPI + select CRYPTO_HASH help MD5 message digest algorithm (RFC1321). config CRYPTO_MICHAEL_MIC tristate "Michael MIC keyed digest algorithm" - select CRYPTO_ALGAPI + select CRYPTO_HASH help Michael MIC is used for message integrity protection in TKIP (IEEE 802.11i). This algorithm is required for TKIP, but it @@ -242,52 +306,80 @@ config CRYPTO_MICHAEL_MIC of the algorithm. config CRYPTO_RMD128 - tristate "RIPEMD-128 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-128 (ISO/IEC 10118-3:2004). + tristate "RIPEMD-128 digest algorithm" + select CRYPTO_HASH + help + RIPEMD-128 (ISO/IEC 10118-3:2004). - RIPEMD-128 is a 128-bit cryptographic hash function. It should only - to be used as a secure replacement for RIPEMD. For other use cases - RIPEMD-160 should be used. + RIPEMD-128 is a 128-bit cryptographic hash function. It should only + to be used as a secure replacement for RIPEMD. For other use cases + RIPEMD-160 should be used. - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_RMD160 - tristate "RIPEMD-160 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-160 (ISO/IEC 10118-3:2004). + tristate "RIPEMD-160 digest algorithm" + select CRYPTO_HASH + help + RIPEMD-160 (ISO/IEC 10118-3:2004). + + RIPEMD-160 is a 160-bit cryptographic hash function. It is intended + to be used as a secure replacement for the 128-bit hash functions + MD4, MD5 and it's predecessor RIPEMD + (not to be confused with RIPEMD-128). + + It's speed is comparable to SHA1 and there are no known attacks + against RIPEMD-160. - RIPEMD-160 is a 160-bit cryptographic hash function. It is intended - to be used as a secure replacement for the 128-bit hash functions - MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See +config CRYPTO_RMD256 + tristate "RIPEMD-256 digest algorithm" + select CRYPTO_HASH + help + RIPEMD-256 is an optional extension of RIPEMD-128 with a + 256 bit hash. It is intended for applications that require + longer hash-results, without needing a larger security level + (than RIPEMD-128). + + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See + +config CRYPTO_RMD320 + tristate "RIPEMD-320 digest algorithm" + select CRYPTO_HASH + help + RIPEMD-320 is an optional extension of RIPEMD-160 with a + 320 bit hash. It is intended for applications that require + longer hash-results, without needing a larger security level + (than RIPEMD-160). + + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_SHA1 tristate "SHA1 digest algorithm" - select CRYPTO_ALGAPI + select CRYPTO_HASH help SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). config CRYPTO_SHA256 tristate "SHA224 and SHA256 digest algorithm" - select CRYPTO_ALGAPI + select CRYPTO_HASH help SHA256 secure hash standard (DFIPS 180-2). This version of SHA implements a 256 bit hash with 128 bits of security against collision attacks. - This code also includes SHA-224, a 224 bit hash with 112 bits - of security against collision attacks. + This code also includes SHA-224, a 224 bit hash with 112 bits + of security against collision attacks. config CRYPTO_SHA512 tristate "SHA384 and SHA512 digest algorithms" - select CRYPTO_ALGAPI + select CRYPTO_HASH help SHA512 secure hash standard (DFIPS 180-2). @@ -299,7 +391,7 @@ config CRYPTO_SHA512 config CRYPTO_TGR192 tristate "Tiger digest algorithms" - select CRYPTO_ALGAPI + select CRYPTO_HASH help Tiger hash algorithm 192, 160 and 128-bit hashes @@ -312,7 +404,7 @@ config CRYPTO_TGR192 config CRYPTO_WP512 tristate "Whirlpool digest algorithms" - select CRYPTO_ALGAPI + select CRYPTO_HASH help Whirlpool hash algorithm 512, 384 and 256-bit hashes @@ -388,6 +480,31 @@ config CRYPTO_AES_X86_64 See for more information. +config CRYPTO_AES_NI_INTEL + tristate "AES cipher algorithms (AES-NI)" + depends on (X86 || UML_X86) && 64BIT + select CRYPTO_AES_X86_64 + select CRYPTO_CRYPTD + select CRYPTO_ALGAPI + help + Use Intel AES-NI instructions for AES algorithm. + + AES cipher algorithms (FIPS-197). AES uses the Rijndael + algorithm. + + Rijndael appears to be consistently a very good performer in + both hardware and software across a wide range of computing + environments regardless of its use in feedback or non-feedback + modes. Its key setup time is excellent, and its key agility is + good. Rijndael's very low memory requirements make it very well + suited for restricted-space environments, in which it also + demonstrates excellent performance. Rijndael's operations are + among the easiest to defend against power and timing attacks. + + The AES specifies three key sizes: 128, 192 and 256 bits + + See for more information. + config CRYPTO_ANUBIS tristate "Anubis cipher algorithm" select CRYPTO_ALGAPI @@ -632,6 +749,15 @@ config CRYPTO_DEFLATE You will most probably want this if using IPSec. +config CRYPTO_ZLIB + tristate "Zlib compression algorithm" + select CRYPTO_PCOMP + select ZLIB_INFLATE + select ZLIB_DEFLATE + select NLATTR + help + This is the zlib algorithm. + config CRYPTO_LZO tristate "LZO compression algorithm" select CRYPTO_ALGAPI @@ -640,6 +766,18 @@ config CRYPTO_LZO help This is the LZO algorithm. +comment "Random Number Generation" + +config CRYPTO_ANSI_CPRNG + tristate "Pseudo Random Number Generation for Cryptographic modules" + select CRYPTO_AES + select CRYPTO_RNG + select CRYPTO_FIPS + help + This option enables the generic pseudo random number generator + for cryptographic modules. Uses the Algorithm specified in + ANSI X9.31 A.2.4 + source "drivers/crypto/Kconfig" endif # if CRYPTO