2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
36 This option provides the API for cryptographic algorithms.
50 config CRYPTO_BLKCIPHER
52 select CRYPTO_BLKCIPHER2
55 config CRYPTO_BLKCIPHER2
79 tristate "Cryptographic algorithm manager"
80 select CRYPTO_MANAGER2
82 Create default cryptographic template instantiations such as
85 config CRYPTO_MANAGER2
86 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
89 select CRYPTO_BLKCIPHER2
91 config CRYPTO_GF128MUL
92 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
93 depends on EXPERIMENTAL
95 Efficient table driven implementation of multiplications in the
96 field GF(2^128). This is needed by some cypher modes. This
97 option will be selected automatically if you select such a
98 cipher mode. Only select this option by hand if you expect to load
99 an external module that requires these functions.
102 tristate "Null algorithms"
104 select CRYPTO_BLKCIPHER
107 These are 'Null' algorithms, used by IPsec, which do nothing.
110 tristate "Software async crypto daemon"
111 select CRYPTO_BLKCIPHER
113 select CRYPTO_MANAGER
115 This is a generic software asynchronous crypto daemon that
116 converts an arbitrary synchronous software crypto algorithm
117 into an asynchronous algorithm that executes in a kernel thread.
119 config CRYPTO_AUTHENC
120 tristate "Authenc support"
122 select CRYPTO_BLKCIPHER
123 select CRYPTO_MANAGER
126 Authenc: Combined mode wrapper for IPsec.
127 This is required for IPSec.
130 tristate "Testing module"
132 select CRYPTO_MANAGER
134 Quick & dirty crypto test module.
136 comment "Authenticated Encryption with Associated Data"
139 tristate "CCM support"
143 Support for Counter with CBC MAC. Required for IPsec.
146 tristate "GCM/GMAC support"
149 select CRYPTO_GF128MUL
151 Support for Galois/Counter Mode (GCM) and Galois Message
152 Authentication Code (GMAC). Required for IPSec.
155 tristate "Sequence Number IV Generator"
157 select CRYPTO_BLKCIPHER
160 This IV generator generates an IV based on a sequence number by
161 xoring it with a salt. This algorithm is mainly useful for CTR
163 comment "Block modes"
166 tristate "CBC support"
167 select CRYPTO_BLKCIPHER
168 select CRYPTO_MANAGER
170 CBC: Cipher Block Chaining mode
171 This block cipher algorithm is required for IPSec.
174 tristate "CTR support"
175 select CRYPTO_BLKCIPHER
177 select CRYPTO_MANAGER
180 This block cipher algorithm is required for IPSec.
183 tristate "CTS support"
184 select CRYPTO_BLKCIPHER
186 CTS: Cipher Text Stealing
187 This is the Cipher Text Stealing mode as described by
188 Section 8 of rfc2040 and referenced by rfc3962.
189 (rfc3962 includes errata information in its Appendix A)
190 This mode is required for Kerberos gss mechanism support
194 tristate "ECB support"
195 select CRYPTO_BLKCIPHER
196 select CRYPTO_MANAGER
198 ECB: Electronic CodeBook mode
199 This is the simplest block cipher algorithm. It simply encrypts
200 the input block by block.
203 tristate "LRW support (EXPERIMENTAL)"
204 depends on EXPERIMENTAL
205 select CRYPTO_BLKCIPHER
206 select CRYPTO_MANAGER
207 select CRYPTO_GF128MUL
209 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
210 narrow block cipher mode for dm-crypt. Use it with cipher
211 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
212 The first 128, 192 or 256 bits in the key are used for AES and the
213 rest is used to tie each cipher block to its logical position.
216 tristate "PCBC support"
217 select CRYPTO_BLKCIPHER
218 select CRYPTO_MANAGER
220 PCBC: Propagating Cipher Block Chaining mode
221 This block cipher algorithm is required for RxRPC.
224 tristate "XTS support (EXPERIMENTAL)"
225 depends on EXPERIMENTAL
226 select CRYPTO_BLKCIPHER
227 select CRYPTO_MANAGER
228 select CRYPTO_GF128MUL
230 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
231 key size 256, 384 or 512 bits. This implementation currently
232 can't handle a sectorsize which is not a multiple of 16 bytes.
237 tristate "HMAC support"
239 select CRYPTO_MANAGER
241 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
242 This is required for IPSec.
245 tristate "XCBC support"
246 depends on EXPERIMENTAL
248 select CRYPTO_MANAGER
250 XCBC: Keyed-Hashing with encryption algorithm
251 http://www.ietf.org/rfc/rfc3566.txt
252 http://csrc.nist.gov/encryption/modes/proposedmodes/
253 xcbc-mac/xcbc-mac-spec.pdf
258 tristate "CRC32c CRC algorithm"
261 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
262 by iSCSI for header and data digests and by others.
263 See Castagnoli93. Module will be crc32c.
265 config CRYPTO_CRC32C_INTEL
266 tristate "CRC32c INTEL hardware acceleration"
270 In Intel processor with SSE4.2 supported, the processor will
271 support CRC32C implementation using hardware accelerated CRC32
272 instruction. This option will create 'crc32c-intel' module,
273 which will enable any routine to use the CRC32 instruction to
274 gain performance compared with software implementation.
275 Module will be crc32c-intel.
278 tristate "MD4 digest algorithm"
281 MD4 message digest algorithm (RFC1320).
284 tristate "MD5 digest algorithm"
287 MD5 message digest algorithm (RFC1321).
289 config CRYPTO_MICHAEL_MIC
290 tristate "Michael MIC keyed digest algorithm"
293 Michael MIC is used for message integrity protection in TKIP
294 (IEEE 802.11i). This algorithm is required for TKIP, but it
295 should not be used for other purposes because of the weakness
299 tristate "RIPEMD-128 digest algorithm"
302 RIPEMD-128 (ISO/IEC 10118-3:2004).
304 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
305 to be used as a secure replacement for RIPEMD. For other use cases
306 RIPEMD-160 should be used.
308 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
309 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
312 tristate "RIPEMD-160 digest algorithm"
315 RIPEMD-160 (ISO/IEC 10118-3:2004).
317 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
318 to be used as a secure replacement for the 128-bit hash functions
319 MD4, MD5 and it's predecessor RIPEMD
320 (not to be confused with RIPEMD-128).
322 It's speed is comparable to SHA1 and there are no known attacks
325 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
326 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
329 tristate "RIPEMD-256 digest algorithm"
332 RIPEMD-256 is an optional extension of RIPEMD-128 with a
333 256 bit hash. It is intended for applications that require
334 longer hash-results, without needing a larger security level
337 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
338 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
341 tristate "RIPEMD-320 digest algorithm"
344 RIPEMD-320 is an optional extension of RIPEMD-160 with a
345 320 bit hash. It is intended for applications that require
346 longer hash-results, without needing a larger security level
349 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
350 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
353 tristate "SHA1 digest algorithm"
356 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
359 tristate "SHA224 and SHA256 digest algorithm"
362 SHA256 secure hash standard (DFIPS 180-2).
364 This version of SHA implements a 256 bit hash with 128 bits of
365 security against collision attacks.
367 This code also includes SHA-224, a 224 bit hash with 112 bits
368 of security against collision attacks.
371 tristate "SHA384 and SHA512 digest algorithms"
374 SHA512 secure hash standard (DFIPS 180-2).
376 This version of SHA implements a 512 bit hash with 256 bits of
377 security against collision attacks.
379 This code also includes SHA-384, a 384 bit hash with 192 bits
380 of security against collision attacks.
383 tristate "Tiger digest algorithms"
386 Tiger hash algorithm 192, 160 and 128-bit hashes
388 Tiger is a hash function optimized for 64-bit processors while
389 still having decent performance on 32-bit processors.
390 Tiger was developed by Ross Anderson and Eli Biham.
393 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
396 tristate "Whirlpool digest algorithms"
399 Whirlpool hash algorithm 512, 384 and 256-bit hashes
401 Whirlpool-512 is part of the NESSIE cryptographic primitives.
402 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
405 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
410 tristate "AES cipher algorithms"
413 AES cipher algorithms (FIPS-197). AES uses the Rijndael
416 Rijndael appears to be consistently a very good performer in
417 both hardware and software across a wide range of computing
418 environments regardless of its use in feedback or non-feedback
419 modes. Its key setup time is excellent, and its key agility is
420 good. Rijndael's very low memory requirements make it very well
421 suited for restricted-space environments, in which it also
422 demonstrates excellent performance. Rijndael's operations are
423 among the easiest to defend against power and timing attacks.
425 The AES specifies three key sizes: 128, 192 and 256 bits
427 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
429 config CRYPTO_AES_586
430 tristate "AES cipher algorithms (i586)"
431 depends on (X86 || UML_X86) && !64BIT
435 AES cipher algorithms (FIPS-197). AES uses the Rijndael
438 Rijndael appears to be consistently a very good performer in
439 both hardware and software across a wide range of computing
440 environments regardless of its use in feedback or non-feedback
441 modes. Its key setup time is excellent, and its key agility is
442 good. Rijndael's very low memory requirements make it very well
443 suited for restricted-space environments, in which it also
444 demonstrates excellent performance. Rijndael's operations are
445 among the easiest to defend against power and timing attacks.
447 The AES specifies three key sizes: 128, 192 and 256 bits
449 See <http://csrc.nist.gov/encryption/aes/> for more information.
451 config CRYPTO_AES_X86_64
452 tristate "AES cipher algorithms (x86_64)"
453 depends on (X86 || UML_X86) && 64BIT
457 AES cipher algorithms (FIPS-197). AES uses the Rijndael
460 Rijndael appears to be consistently a very good performer in
461 both hardware and software across a wide range of computing
462 environments regardless of its use in feedback or non-feedback
463 modes. Its key setup time is excellent, and its key agility is
464 good. Rijndael's very low memory requirements make it very well
465 suited for restricted-space environments, in which it also
466 demonstrates excellent performance. Rijndael's operations are
467 among the easiest to defend against power and timing attacks.
469 The AES specifies three key sizes: 128, 192 and 256 bits
471 See <http://csrc.nist.gov/encryption/aes/> for more information.
474 tristate "Anubis cipher algorithm"
477 Anubis cipher algorithm.
479 Anubis is a variable key length cipher which can use keys from
480 128 bits to 320 bits in length. It was evaluated as a entrant
481 in the NESSIE competition.
484 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
485 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
488 tristate "ARC4 cipher algorithm"
491 ARC4 cipher algorithm.
493 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
494 bits in length. This algorithm is required for driver-based
495 WEP, but it should not be for other purposes because of the
496 weakness of the algorithm.
498 config CRYPTO_BLOWFISH
499 tristate "Blowfish cipher algorithm"
502 Blowfish cipher algorithm, by Bruce Schneier.
504 This is a variable key length cipher which can use keys from 32
505 bits to 448 bits in length. It's fast, simple and specifically
506 designed for use on "large microprocessors".
509 <http://www.schneier.com/blowfish.html>
511 config CRYPTO_CAMELLIA
512 tristate "Camellia cipher algorithms"
516 Camellia cipher algorithms module.
518 Camellia is a symmetric key block cipher developed jointly
519 at NTT and Mitsubishi Electric Corporation.
521 The Camellia specifies three key sizes: 128, 192 and 256 bits.
524 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
527 tristate "CAST5 (CAST-128) cipher algorithm"
530 The CAST5 encryption algorithm (synonymous with CAST-128) is
531 described in RFC2144.
534 tristate "CAST6 (CAST-256) cipher algorithm"
537 The CAST6 encryption algorithm (synonymous with CAST-256) is
538 described in RFC2612.
541 tristate "DES and Triple DES EDE cipher algorithms"
544 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
547 tristate "FCrypt cipher algorithm"
549 select CRYPTO_BLKCIPHER
551 FCrypt algorithm used by RxRPC.
554 tristate "Khazad cipher algorithm"
557 Khazad cipher algorithm.
559 Khazad was a finalist in the initial NESSIE competition. It is
560 an algorithm optimized for 64-bit processors with good performance
561 on 32-bit processors. Khazad uses an 128 bit key size.
564 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
566 config CRYPTO_SALSA20
567 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
568 depends on EXPERIMENTAL
569 select CRYPTO_BLKCIPHER
571 Salsa20 stream cipher algorithm.
573 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
574 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
576 The Salsa20 stream cipher algorithm is designed by Daniel J.
577 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
579 config CRYPTO_SALSA20_586
580 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
581 depends on (X86 || UML_X86) && !64BIT
582 depends on EXPERIMENTAL
583 select CRYPTO_BLKCIPHER
585 Salsa20 stream cipher algorithm.
587 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
588 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
590 The Salsa20 stream cipher algorithm is designed by Daniel J.
591 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
593 config CRYPTO_SALSA20_X86_64
594 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
595 depends on (X86 || UML_X86) && 64BIT
596 depends on EXPERIMENTAL
597 select CRYPTO_BLKCIPHER
599 Salsa20 stream cipher algorithm.
601 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
602 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
604 The Salsa20 stream cipher algorithm is designed by Daniel J.
605 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
608 tristate "SEED cipher algorithm"
611 SEED cipher algorithm (RFC4269).
613 SEED is a 128-bit symmetric key block cipher that has been
614 developed by KISA (Korea Information Security Agency) as a
615 national standard encryption algorithm of the Republic of Korea.
616 It is a 16 round block cipher with the key size of 128 bit.
619 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
621 config CRYPTO_SERPENT
622 tristate "Serpent cipher algorithm"
625 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
627 Keys are allowed to be from 0 to 256 bits in length, in steps
628 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
629 variant of Serpent for compatibility with old kerneli.org code.
632 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
635 tristate "TEA, XTEA and XETA cipher algorithms"
638 TEA cipher algorithm.
640 Tiny Encryption Algorithm is a simple cipher that uses
641 many rounds for security. It is very fast and uses
644 Xtendend Tiny Encryption Algorithm is a modification to
645 the TEA algorithm to address a potential key weakness
646 in the TEA algorithm.
648 Xtendend Encryption Tiny Algorithm is a mis-implementation
649 of the XTEA algorithm for compatibility purposes.
651 config CRYPTO_TWOFISH
652 tristate "Twofish cipher algorithm"
654 select CRYPTO_TWOFISH_COMMON
656 Twofish cipher algorithm.
658 Twofish was submitted as an AES (Advanced Encryption Standard)
659 candidate cipher by researchers at CounterPane Systems. It is a
660 16 round block cipher supporting key sizes of 128, 192, and 256
664 <http://www.schneier.com/twofish.html>
666 config CRYPTO_TWOFISH_COMMON
669 Common parts of the Twofish cipher algorithm shared by the
670 generic c and the assembler implementations.
672 config CRYPTO_TWOFISH_586
673 tristate "Twofish cipher algorithms (i586)"
674 depends on (X86 || UML_X86) && !64BIT
676 select CRYPTO_TWOFISH_COMMON
678 Twofish cipher algorithm.
680 Twofish was submitted as an AES (Advanced Encryption Standard)
681 candidate cipher by researchers at CounterPane Systems. It is a
682 16 round block cipher supporting key sizes of 128, 192, and 256
686 <http://www.schneier.com/twofish.html>
688 config CRYPTO_TWOFISH_X86_64
689 tristate "Twofish cipher algorithm (x86_64)"
690 depends on (X86 || UML_X86) && 64BIT
692 select CRYPTO_TWOFISH_COMMON
694 Twofish cipher algorithm (x86_64).
696 Twofish was submitted as an AES (Advanced Encryption Standard)
697 candidate cipher by researchers at CounterPane Systems. It is a
698 16 round block cipher supporting key sizes of 128, 192, and 256
702 <http://www.schneier.com/twofish.html>
704 comment "Compression"
706 config CRYPTO_DEFLATE
707 tristate "Deflate compression algorithm"
712 This is the Deflate algorithm (RFC1951), specified for use in
713 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
715 You will most probably want this if using IPSec.
718 tristate "LZO compression algorithm"
721 select LZO_DECOMPRESS
723 This is the LZO algorithm.
725 comment "Random Number Generation"
727 config CRYPTO_ANSI_CPRNG
728 tristate "Pseudo Random Number Generation for Cryptographic modules"
733 This option enables the generic pseudo random number generator
734 for cryptographic modules. Uses the Algorithm specified in
737 source "drivers/crypto/Kconfig"
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob