2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
35 This option provides the API for cryptographic algorithms.
41 config CRYPTO_BLKCIPHER
54 tristate "Cryptographic algorithm manager"
57 select CRYPTO_BLKCIPHER
59 Create default cryptographic template instantiations such as
62 config CRYPTO_GF128MUL
63 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
64 depends on EXPERIMENTAL
66 Efficient table driven implementation of multiplications in the
67 field GF(2^128). This is needed by some cypher modes. This
68 option will be selected automatically if you select such a
69 cipher mode. Only select this option by hand if you expect to load
70 an external module that requires these functions.
73 tristate "Null algorithms"
75 select CRYPTO_BLKCIPHER
77 These are 'Null' algorithms, used by IPsec, which do nothing.
80 tristate "Software async crypto daemon"
81 select CRYPTO_BLKCIPHER
85 This is a generic software asynchronous crypto daemon that
86 converts an arbitrary synchronous software crypto algorithm
87 into an asynchronous algorithm that executes in a kernel thread.
90 tristate "Authenc support"
92 select CRYPTO_BLKCIPHER
96 Authenc: Combined mode wrapper for IPsec.
97 This is required for IPSec.
100 tristate "Testing module"
102 select CRYPTO_MANAGER
104 Quick & dirty crypto test module.
106 comment "Authenticated Encryption with Associated Data"
109 tristate "CCM support"
113 Support for Counter with CBC MAC. Required for IPsec.
116 tristate "GCM/GMAC support"
119 select CRYPTO_GF128MUL
121 Support for Galois/Counter Mode (GCM) and Galois Message
122 Authentication Code (GMAC). Required for IPSec.
125 tristate "Sequence Number IV Generator"
127 select CRYPTO_BLKCIPHER
129 This IV generator generates an IV based on a sequence number by
130 xoring it with a salt. This algorithm is mainly useful for CTR
132 comment "Block modes"
135 tristate "CBC support"
136 select CRYPTO_BLKCIPHER
137 select CRYPTO_MANAGER
139 CBC: Cipher Block Chaining mode
140 This block cipher algorithm is required for IPSec.
143 tristate "CTR support"
144 select CRYPTO_BLKCIPHER
146 select CRYPTO_MANAGER
149 This block cipher algorithm is required for IPSec.
152 tristate "CTS support"
153 select CRYPTO_BLKCIPHER
155 CTS: Cipher Text Stealing
156 This is the Cipher Text Stealing mode as described by
157 Section 8 of rfc2040 and referenced by rfc3962.
158 (rfc3962 includes errata information in its Appendix A)
159 This mode is required for Kerberos gss mechanism support
163 tristate "ECB support"
164 select CRYPTO_BLKCIPHER
165 select CRYPTO_MANAGER
167 ECB: Electronic CodeBook mode
168 This is the simplest block cipher algorithm. It simply encrypts
169 the input block by block.
172 tristate "LRW support (EXPERIMENTAL)"
173 depends on EXPERIMENTAL
174 select CRYPTO_BLKCIPHER
175 select CRYPTO_MANAGER
176 select CRYPTO_GF128MUL
178 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
179 narrow block cipher mode for dm-crypt. Use it with cipher
180 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
181 The first 128, 192 or 256 bits in the key are used for AES and the
182 rest is used to tie each cipher block to its logical position.
185 tristate "PCBC support"
186 select CRYPTO_BLKCIPHER
187 select CRYPTO_MANAGER
189 PCBC: Propagating Cipher Block Chaining mode
190 This block cipher algorithm is required for RxRPC.
193 tristate "XTS support (EXPERIMENTAL)"
194 depends on EXPERIMENTAL
195 select CRYPTO_BLKCIPHER
196 select CRYPTO_MANAGER
197 select CRYPTO_GF128MUL
199 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
200 key size 256, 384 or 512 bits. This implementation currently
201 can't handle a sectorsize which is not a multiple of 16 bytes.
206 tristate "HMAC support"
208 select CRYPTO_MANAGER
210 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
211 This is required for IPSec.
214 tristate "XCBC support"
215 depends on EXPERIMENTAL
217 select CRYPTO_MANAGER
219 XCBC: Keyed-Hashing with encryption algorithm
220 http://www.ietf.org/rfc/rfc3566.txt
221 http://csrc.nist.gov/encryption/modes/proposedmodes/
222 xcbc-mac/xcbc-mac-spec.pdf
227 tristate "CRC32c CRC algorithm"
231 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
232 by iSCSI for header and data digests and by others.
233 See Castagnoli93. This implementation uses lib/libcrc32c.
234 Module will be crc32c.
236 config CRYPTO_CRC32C_INTEL
237 tristate "CRC32c INTEL hardware acceleration"
241 In Intel processor with SSE4.2 supported, the processor will
242 support CRC32C implementation using hardware accelerated CRC32
243 instruction. This option will create 'crc32c-intel' module,
244 which will enable any routine to use the CRC32 instruction to
245 gain performance compared with software implementation.
246 Module will be crc32c-intel.
249 tristate "MD4 digest algorithm"
252 MD4 message digest algorithm (RFC1320).
255 tristate "MD5 digest algorithm"
258 MD5 message digest algorithm (RFC1321).
260 config CRYPTO_MICHAEL_MIC
261 tristate "Michael MIC keyed digest algorithm"
264 Michael MIC is used for message integrity protection in TKIP
265 (IEEE 802.11i). This algorithm is required for TKIP, but it
266 should not be used for other purposes because of the weakness
270 tristate "RIPEMD-128 digest algorithm"
273 RIPEMD-128 (ISO/IEC 10118-3:2004).
275 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
276 to be used as a secure replacement for RIPEMD. For other use cases
277 RIPEMD-160 should be used.
279 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
280 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
283 tristate "RIPEMD-160 digest algorithm"
286 RIPEMD-160 (ISO/IEC 10118-3:2004).
288 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
289 to be used as a secure replacement for the 128-bit hash functions
290 MD4, MD5 and it's predecessor RIPEMD
291 (not to be confused with RIPEMD-128).
293 It's speed is comparable to SHA1 and there are no known attacks
296 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
297 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
300 tristate "RIPEMD-256 digest algorithm"
303 RIPEMD-256 is an optional extension of RIPEMD-128 with a
304 256 bit hash. It is intended for applications that require
305 longer hash-results, without needing a larger security level
308 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
309 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
312 tristate "RIPEMD-320 digest algorithm"
315 RIPEMD-320 is an optional extension of RIPEMD-160 with a
316 320 bit hash. It is intended for applications that require
317 longer hash-results, without needing a larger security level
320 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
321 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
324 tristate "SHA1 digest algorithm"
327 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
330 tristate "SHA224 and SHA256 digest algorithm"
333 SHA256 secure hash standard (DFIPS 180-2).
335 This version of SHA implements a 256 bit hash with 128 bits of
336 security against collision attacks.
338 This code also includes SHA-224, a 224 bit hash with 112 bits
339 of security against collision attacks.
342 tristate "SHA384 and SHA512 digest algorithms"
345 SHA512 secure hash standard (DFIPS 180-2).
347 This version of SHA implements a 512 bit hash with 256 bits of
348 security against collision attacks.
350 This code also includes SHA-384, a 384 bit hash with 192 bits
351 of security against collision attacks.
354 tristate "Tiger digest algorithms"
357 Tiger hash algorithm 192, 160 and 128-bit hashes
359 Tiger is a hash function optimized for 64-bit processors while
360 still having decent performance on 32-bit processors.
361 Tiger was developed by Ross Anderson and Eli Biham.
364 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
367 tristate "Whirlpool digest algorithms"
370 Whirlpool hash algorithm 512, 384 and 256-bit hashes
372 Whirlpool-512 is part of the NESSIE cryptographic primitives.
373 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
376 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
381 tristate "AES cipher algorithms"
384 AES cipher algorithms (FIPS-197). AES uses the Rijndael
387 Rijndael appears to be consistently a very good performer in
388 both hardware and software across a wide range of computing
389 environments regardless of its use in feedback or non-feedback
390 modes. Its key setup time is excellent, and its key agility is
391 good. Rijndael's very low memory requirements make it very well
392 suited for restricted-space environments, in which it also
393 demonstrates excellent performance. Rijndael's operations are
394 among the easiest to defend against power and timing attacks.
396 The AES specifies three key sizes: 128, 192 and 256 bits
398 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
400 config CRYPTO_AES_586
401 tristate "AES cipher algorithms (i586)"
402 depends on (X86 || UML_X86) && !64BIT
406 AES cipher algorithms (FIPS-197). AES uses the Rijndael
409 Rijndael appears to be consistently a very good performer in
410 both hardware and software across a wide range of computing
411 environments regardless of its use in feedback or non-feedback
412 modes. Its key setup time is excellent, and its key agility is
413 good. Rijndael's very low memory requirements make it very well
414 suited for restricted-space environments, in which it also
415 demonstrates excellent performance. Rijndael's operations are
416 among the easiest to defend against power and timing attacks.
418 The AES specifies three key sizes: 128, 192 and 256 bits
420 See <http://csrc.nist.gov/encryption/aes/> for more information.
422 config CRYPTO_AES_X86_64
423 tristate "AES cipher algorithms (x86_64)"
424 depends on (X86 || UML_X86) && 64BIT
428 AES cipher algorithms (FIPS-197). AES uses the Rijndael
431 Rijndael appears to be consistently a very good performer in
432 both hardware and software across a wide range of computing
433 environments regardless of its use in feedback or non-feedback
434 modes. Its key setup time is excellent, and its key agility is
435 good. Rijndael's very low memory requirements make it very well
436 suited for restricted-space environments, in which it also
437 demonstrates excellent performance. Rijndael's operations are
438 among the easiest to defend against power and timing attacks.
440 The AES specifies three key sizes: 128, 192 and 256 bits
442 See <http://csrc.nist.gov/encryption/aes/> for more information.
445 tristate "Anubis cipher algorithm"
448 Anubis cipher algorithm.
450 Anubis is a variable key length cipher which can use keys from
451 128 bits to 320 bits in length. It was evaluated as a entrant
452 in the NESSIE competition.
455 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
456 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
459 tristate "ARC4 cipher algorithm"
462 ARC4 cipher algorithm.
464 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
465 bits in length. This algorithm is required for driver-based
466 WEP, but it should not be for other purposes because of the
467 weakness of the algorithm.
469 config CRYPTO_BLOWFISH
470 tristate "Blowfish cipher algorithm"
473 Blowfish cipher algorithm, by Bruce Schneier.
475 This is a variable key length cipher which can use keys from 32
476 bits to 448 bits in length. It's fast, simple and specifically
477 designed for use on "large microprocessors".
480 <http://www.schneier.com/blowfish.html>
482 config CRYPTO_CAMELLIA
483 tristate "Camellia cipher algorithms"
487 Camellia cipher algorithms module.
489 Camellia is a symmetric key block cipher developed jointly
490 at NTT and Mitsubishi Electric Corporation.
492 The Camellia specifies three key sizes: 128, 192 and 256 bits.
495 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
498 tristate "CAST5 (CAST-128) cipher algorithm"
501 The CAST5 encryption algorithm (synonymous with CAST-128) is
502 described in RFC2144.
505 tristate "CAST6 (CAST-256) cipher algorithm"
508 The CAST6 encryption algorithm (synonymous with CAST-256) is
509 described in RFC2612.
512 tristate "DES and Triple DES EDE cipher algorithms"
515 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
518 tristate "FCrypt cipher algorithm"
520 select CRYPTO_BLKCIPHER
522 FCrypt algorithm used by RxRPC.
525 tristate "Khazad cipher algorithm"
528 Khazad cipher algorithm.
530 Khazad was a finalist in the initial NESSIE competition. It is
531 an algorithm optimized for 64-bit processors with good performance
532 on 32-bit processors. Khazad uses an 128 bit key size.
535 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
537 config CRYPTO_SALSA20
538 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
539 depends on EXPERIMENTAL
540 select CRYPTO_BLKCIPHER
542 Salsa20 stream cipher algorithm.
544 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
545 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
547 The Salsa20 stream cipher algorithm is designed by Daniel J.
548 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
550 config CRYPTO_SALSA20_586
551 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
552 depends on (X86 || UML_X86) && !64BIT
553 depends on EXPERIMENTAL
554 select CRYPTO_BLKCIPHER
556 Salsa20 stream cipher algorithm.
558 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
559 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
561 The Salsa20 stream cipher algorithm is designed by Daniel J.
562 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
564 config CRYPTO_SALSA20_X86_64
565 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
566 depends on (X86 || UML_X86) && 64BIT
567 depends on EXPERIMENTAL
568 select CRYPTO_BLKCIPHER
570 Salsa20 stream cipher algorithm.
572 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
573 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
575 The Salsa20 stream cipher algorithm is designed by Daniel J.
576 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
579 tristate "SEED cipher algorithm"
582 SEED cipher algorithm (RFC4269).
584 SEED is a 128-bit symmetric key block cipher that has been
585 developed by KISA (Korea Information Security Agency) as a
586 national standard encryption algorithm of the Republic of Korea.
587 It is a 16 round block cipher with the key size of 128 bit.
590 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
592 config CRYPTO_SERPENT
593 tristate "Serpent cipher algorithm"
596 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
598 Keys are allowed to be from 0 to 256 bits in length, in steps
599 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
600 variant of Serpent for compatibility with old kerneli.org code.
603 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
606 tristate "TEA, XTEA and XETA cipher algorithms"
609 TEA cipher algorithm.
611 Tiny Encryption Algorithm is a simple cipher that uses
612 many rounds for security. It is very fast and uses
615 Xtendend Tiny Encryption Algorithm is a modification to
616 the TEA algorithm to address a potential key weakness
617 in the TEA algorithm.
619 Xtendend Encryption Tiny Algorithm is a mis-implementation
620 of the XTEA algorithm for compatibility purposes.
622 config CRYPTO_TWOFISH
623 tristate "Twofish cipher algorithm"
625 select CRYPTO_TWOFISH_COMMON
627 Twofish cipher algorithm.
629 Twofish was submitted as an AES (Advanced Encryption Standard)
630 candidate cipher by researchers at CounterPane Systems. It is a
631 16 round block cipher supporting key sizes of 128, 192, and 256
635 <http://www.schneier.com/twofish.html>
637 config CRYPTO_TWOFISH_COMMON
640 Common parts of the Twofish cipher algorithm shared by the
641 generic c and the assembler implementations.
643 config CRYPTO_TWOFISH_586
644 tristate "Twofish cipher algorithms (i586)"
645 depends on (X86 || UML_X86) && !64BIT
647 select CRYPTO_TWOFISH_COMMON
649 Twofish cipher algorithm.
651 Twofish was submitted as an AES (Advanced Encryption Standard)
652 candidate cipher by researchers at CounterPane Systems. It is a
653 16 round block cipher supporting key sizes of 128, 192, and 256
657 <http://www.schneier.com/twofish.html>
659 config CRYPTO_TWOFISH_X86_64
660 tristate "Twofish cipher algorithm (x86_64)"
661 depends on (X86 || UML_X86) && 64BIT
663 select CRYPTO_TWOFISH_COMMON
665 Twofish cipher algorithm (x86_64).
667 Twofish was submitted as an AES (Advanced Encryption Standard)
668 candidate cipher by researchers at CounterPane Systems. It is a
669 16 round block cipher supporting key sizes of 128, 192, and 256
673 <http://www.schneier.com/twofish.html>
675 comment "Compression"
677 config CRYPTO_DEFLATE
678 tristate "Deflate compression algorithm"
683 This is the Deflate algorithm (RFC1951), specified for use in
684 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
686 You will most probably want this if using IPSec.
689 tristate "LZO compression algorithm"
692 select LZO_DECOMPRESS
694 This is the LZO algorithm.
696 comment "Random Number Generation"
698 config CRYPTO_ANSI_CPRNG
699 tristate "Pseudo Random Number Generation for Cryptographic modules"
704 This option enables the generic pseudo random number generator
705 for cryptographic modules. Uses the Algorithm specified in
708 source "drivers/crypto/Kconfig"