2 # Cryptographic API Configuration
5 menu "Cryptographic options"
8 bool "Cryptographic API"
10 This option provides the core Cryptographic API.
17 This option provides the API for cryptographic algorithms.
19 config CRYPTO_BLKCIPHER
28 tristate "Cryptographic algorithm manager"
31 Create default cryptographic template instantiations such as
35 tristate "HMAC support"
39 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
40 This is required for IPSec.
43 tristate "XCBC support"
44 depends on EXPERIMENTAL
48 XCBC: Keyed-Hashing with encryption algorithm
49 http://www.ietf.org/rfc/rfc3566.txt
50 http://csrc.nist.gov/encryption/modes/proposedmodes/
51 xcbc-mac/xcbc-mac-spec.pdf
54 tristate "Null algorithms"
57 These are 'Null' algorithms, used by IPsec, which do nothing.
60 tristate "MD4 digest algorithm"
63 MD4 message digest algorithm (RFC1320).
66 tristate "MD5 digest algorithm"
69 MD5 message digest algorithm (RFC1321).
72 tristate "SHA1 digest algorithm"
75 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
78 tristate "SHA256 digest algorithm"
81 SHA256 secure hash standard (DFIPS 180-2).
83 This version of SHA implements a 256 bit hash with 128 bits of
84 security against collision attacks.
87 tristate "SHA384 and SHA512 digest algorithms"
90 SHA512 secure hash standard (DFIPS 180-2).
92 This version of SHA implements a 512 bit hash with 256 bits of
93 security against collision attacks.
95 This code also includes SHA-384, a 384 bit hash with 192 bits
96 of security against collision attacks.
99 tristate "Whirlpool digest algorithms"
102 Whirlpool hash algorithm 512, 384 and 256-bit hashes
104 Whirlpool-512 is part of the NESSIE cryptographic primitives.
105 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
108 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
111 tristate "Tiger digest algorithms"
114 Tiger hash algorithm 192, 160 and 128-bit hashes
116 Tiger is a hash function optimized for 64-bit processors while
117 still having decent performance on 32-bit processors.
118 Tiger was developed by Ross Anderson and Eli Biham.
121 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
123 config CRYPTO_GF128MUL
124 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
125 depends on EXPERIMENTAL
127 Efficient table driven implementation of multiplications in the
128 field GF(2^128). This is needed by some cypher modes. This
129 option will be selected automatically if you select such a
130 cipher mode. Only select this option by hand if you expect to load
131 an external module that requires these functions.
134 tristate "ECB support"
135 select CRYPTO_BLKCIPHER
136 select CRYPTO_MANAGER
139 ECB: Electronic CodeBook mode
140 This is the simplest block cipher algorithm. It simply encrypts
141 the input block by block.
144 tristate "CBC support"
145 select CRYPTO_BLKCIPHER
146 select CRYPTO_MANAGER
149 CBC: Cipher Block Chaining mode
150 This block cipher algorithm is required for IPSec.
153 tristate "PCBC support"
154 select CRYPTO_BLKCIPHER
155 select CRYPTO_MANAGER
158 PCBC: Propagating Cipher Block Chaining mode
159 This block cipher algorithm is required for RxRPC.
162 tristate "LRW support (EXPERIMENTAL)"
163 depends on EXPERIMENTAL
164 select CRYPTO_BLKCIPHER
165 select CRYPTO_MANAGER
166 select CRYPTO_GF128MUL
168 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
169 narrow block cipher mode for dm-crypt. Use it with cipher
170 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
171 The first 128, 192 or 256 bits in the key are used for AES and the
172 rest is used to tie each cipher block to its logical position.
175 tristate "DES and Triple DES EDE cipher algorithms"
178 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
181 tristate "FCrypt cipher algorithm"
183 select CRYPTO_BLKCIPHER
185 FCrypt algorithm used by RxRPC.
187 config CRYPTO_BLOWFISH
188 tristate "Blowfish cipher algorithm"
191 Blowfish cipher algorithm, by Bruce Schneier.
193 This is a variable key length cipher which can use keys from 32
194 bits to 448 bits in length. It's fast, simple and specifically
195 designed for use on "large microprocessors".
198 <http://www.schneier.com/blowfish.html>
200 config CRYPTO_TWOFISH
201 tristate "Twofish cipher algorithm"
203 select CRYPTO_TWOFISH_COMMON
205 Twofish cipher algorithm.
207 Twofish was submitted as an AES (Advanced Encryption Standard)
208 candidate cipher by researchers at CounterPane Systems. It is a
209 16 round block cipher supporting key sizes of 128, 192, and 256
213 <http://www.schneier.com/twofish.html>
215 config CRYPTO_TWOFISH_COMMON
218 Common parts of the Twofish cipher algorithm shared by the
219 generic c and the assembler implementations.
221 config CRYPTO_TWOFISH_586
222 tristate "Twofish cipher algorithms (i586)"
223 depends on (X86 || UML_X86) && !64BIT
225 select CRYPTO_TWOFISH_COMMON
227 Twofish cipher algorithm.
229 Twofish was submitted as an AES (Advanced Encryption Standard)
230 candidate cipher by researchers at CounterPane Systems. It is a
231 16 round block cipher supporting key sizes of 128, 192, and 256
235 <http://www.schneier.com/twofish.html>
237 config CRYPTO_TWOFISH_X86_64
238 tristate "Twofish cipher algorithm (x86_64)"
239 depends on (X86 || UML_X86) && 64BIT
241 select CRYPTO_TWOFISH_COMMON
243 Twofish cipher algorithm (x86_64).
245 Twofish was submitted as an AES (Advanced Encryption Standard)
246 candidate cipher by researchers at CounterPane Systems. It is a
247 16 round block cipher supporting key sizes of 128, 192, and 256
251 <http://www.schneier.com/twofish.html>
253 config CRYPTO_SERPENT
254 tristate "Serpent cipher algorithm"
257 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
259 Keys are allowed to be from 0 to 256 bits in length, in steps
260 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
261 variant of Serpent for compatibility with old kerneli code.
264 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
267 tristate "AES cipher algorithms"
270 AES cipher algorithms (FIPS-197). AES uses the Rijndael
273 Rijndael appears to be consistently a very good performer in
274 both hardware and software across a wide range of computing
275 environments regardless of its use in feedback or non-feedback
276 modes. Its key setup time is excellent, and its key agility is
277 good. Rijndael's very low memory requirements make it very well
278 suited for restricted-space environments, in which it also
279 demonstrates excellent performance. Rijndael's operations are
280 among the easiest to defend against power and timing attacks.
282 The AES specifies three key sizes: 128, 192 and 256 bits
284 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
286 config CRYPTO_AES_586
287 tristate "AES cipher algorithms (i586)"
288 depends on (X86 || UML_X86) && !64BIT
291 AES cipher algorithms (FIPS-197). AES uses the Rijndael
294 Rijndael appears to be consistently a very good performer in
295 both hardware and software across a wide range of computing
296 environments regardless of its use in feedback or non-feedback
297 modes. Its key setup time is excellent, and its key agility is
298 good. Rijndael's very low memory requirements make it very well
299 suited for restricted-space environments, in which it also
300 demonstrates excellent performance. Rijndael's operations are
301 among the easiest to defend against power and timing attacks.
303 The AES specifies three key sizes: 128, 192 and 256 bits
305 See <http://csrc.nist.gov/encryption/aes/> for more information.
307 config CRYPTO_AES_X86_64
308 tristate "AES cipher algorithms (x86_64)"
309 depends on (X86 || UML_X86) && 64BIT
312 AES cipher algorithms (FIPS-197). AES uses the Rijndael
315 Rijndael appears to be consistently a very good performer in
316 both hardware and software across a wide range of computing
317 environments regardless of its use in feedback or non-feedback
318 modes. Its key setup time is excellent, and its key agility is
319 good. Rijndael's very low memory requirements make it very well
320 suited for restricted-space environments, in which it also
321 demonstrates excellent performance. Rijndael's operations are
322 among the easiest to defend against power and timing attacks.
324 The AES specifies three key sizes: 128, 192 and 256 bits
326 See <http://csrc.nist.gov/encryption/aes/> for more information.
329 tristate "CAST5 (CAST-128) cipher algorithm"
332 The CAST5 encryption algorithm (synonymous with CAST-128) is
333 described in RFC2144.
336 tristate "CAST6 (CAST-256) cipher algorithm"
339 The CAST6 encryption algorithm (synonymous with CAST-256) is
340 described in RFC2612.
343 tristate "TEA, XTEA and XETA cipher algorithms"
346 TEA cipher algorithm.
348 Tiny Encryption Algorithm is a simple cipher that uses
349 many rounds for security. It is very fast and uses
352 Xtendend Tiny Encryption Algorithm is a modification to
353 the TEA algorithm to address a potential key weakness
354 in the TEA algorithm.
356 Xtendend Encryption Tiny Algorithm is a mis-implementation
357 of the XTEA algorithm for compatibility purposes.
360 tristate "ARC4 cipher algorithm"
363 ARC4 cipher algorithm.
365 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
366 bits in length. This algorithm is required for driver-based
367 WEP, but it should not be for other purposes because of the
368 weakness of the algorithm.
371 tristate "Khazad cipher algorithm"
374 Khazad cipher algorithm.
376 Khazad was a finalist in the initial NESSIE competition. It is
377 an algorithm optimized for 64-bit processors with good performance
378 on 32-bit processors. Khazad uses an 128 bit key size.
381 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
384 tristate "Anubis cipher algorithm"
387 Anubis cipher algorithm.
389 Anubis is a variable key length cipher which can use keys from
390 128 bits to 320 bits in length. It was evaluated as a entrant
391 in the NESSIE competition.
394 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
395 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
398 config CRYPTO_DEFLATE
399 tristate "Deflate compression algorithm"
404 This is the Deflate algorithm (RFC1951), specified for use in
405 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
407 You will most probably want this if using IPSec.
409 config CRYPTO_MICHAEL_MIC
410 tristate "Michael MIC keyed digest algorithm"
413 Michael MIC is used for message integrity protection in TKIP
414 (IEEE 802.11i). This algorithm is required for TKIP, but it
415 should not be used for other purposes because of the weakness
419 tristate "CRC32c CRC algorithm"
423 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
424 by iSCSI for header and data digests and by others.
425 See Castagnoli93. This implementation uses lib/libcrc32c.
426 Module will be crc32c.
428 config CRYPTO_CAMELLIA
429 tristate "Camellia cipher algorithms"
433 Camellia cipher algorithms module.
435 Camellia is a symmetric key block cipher developed jointly
436 at NTT and Mitsubishi Electric Corporation.
438 The Camellia specifies three key sizes: 128, 192 and 256 bits.
441 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
444 tristate "Testing module"
448 Quick & dirty crypto test module.
450 source "drivers/crypto/Kconfig"