2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 bool "Cryptographic API"
18 This option provides the core Cryptographic API.
25 This option provides the API for cryptographic algorithms.
31 config CRYPTO_BLKCIPHER
36 tristate "Sequence Number IV Generator"
38 select CRYPTO_BLKCIPHER
40 This IV generator generates an IV based on a sequence number by
41 xoring it with a salt. This algorithm is mainly useful for CTR
49 tristate "Cryptographic algorithm manager"
52 Create default cryptographic template instantiations such as
56 tristate "HMAC support"
60 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
61 This is required for IPSec.
64 tristate "XCBC support"
65 depends on EXPERIMENTAL
69 XCBC: Keyed-Hashing with encryption algorithm
70 http://www.ietf.org/rfc/rfc3566.txt
71 http://csrc.nist.gov/encryption/modes/proposedmodes/
72 xcbc-mac/xcbc-mac-spec.pdf
75 tristate "Null algorithms"
77 select CRYPTO_BLKCIPHER
79 These are 'Null' algorithms, used by IPsec, which do nothing.
82 tristate "MD4 digest algorithm"
85 MD4 message digest algorithm (RFC1320).
88 tristate "MD5 digest algorithm"
91 MD5 message digest algorithm (RFC1321).
94 tristate "SHA1 digest algorithm"
97 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
100 tristate "SHA224 and SHA256 digest algorithm"
103 SHA256 secure hash standard (DFIPS 180-2).
105 This version of SHA implements a 256 bit hash with 128 bits of
106 security against collision attacks.
108 This code also includes SHA-224, a 224 bit hash with 112 bits
109 of security against collision attacks.
112 tristate "SHA384 and SHA512 digest algorithms"
115 SHA512 secure hash standard (DFIPS 180-2).
117 This version of SHA implements a 512 bit hash with 256 bits of
118 security against collision attacks.
120 This code also includes SHA-384, a 384 bit hash with 192 bits
121 of security against collision attacks.
124 tristate "Whirlpool digest algorithms"
127 Whirlpool hash algorithm 512, 384 and 256-bit hashes
129 Whirlpool-512 is part of the NESSIE cryptographic primitives.
130 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
133 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
136 tristate "Tiger digest algorithms"
139 Tiger hash algorithm 192, 160 and 128-bit hashes
141 Tiger is a hash function optimized for 64-bit processors while
142 still having decent performance on 32-bit processors.
143 Tiger was developed by Ross Anderson and Eli Biham.
146 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
148 config CRYPTO_GF128MUL
149 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
150 depends on EXPERIMENTAL
152 Efficient table driven implementation of multiplications in the
153 field GF(2^128). This is needed by some cypher modes. This
154 option will be selected automatically if you select such a
155 cipher mode. Only select this option by hand if you expect to load
156 an external module that requires these functions.
159 tristate "ECB support"
160 select CRYPTO_BLKCIPHER
161 select CRYPTO_MANAGER
163 ECB: Electronic CodeBook mode
164 This is the simplest block cipher algorithm. It simply encrypts
165 the input block by block.
168 tristate "CBC support"
169 select CRYPTO_BLKCIPHER
170 select CRYPTO_MANAGER
172 CBC: Cipher Block Chaining mode
173 This block cipher algorithm is required for IPSec.
176 tristate "PCBC support"
177 select CRYPTO_BLKCIPHER
178 select CRYPTO_MANAGER
180 PCBC: Propagating Cipher Block Chaining mode
181 This block cipher algorithm is required for RxRPC.
184 tristate "LRW support (EXPERIMENTAL)"
185 depends on EXPERIMENTAL
186 select CRYPTO_BLKCIPHER
187 select CRYPTO_MANAGER
188 select CRYPTO_GF128MUL
190 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
191 narrow block cipher mode for dm-crypt. Use it with cipher
192 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
193 The first 128, 192 or 256 bits in the key are used for AES and the
194 rest is used to tie each cipher block to its logical position.
197 tristate "XTS support (EXPERIMENTAL)"
198 depends on EXPERIMENTAL
199 select CRYPTO_BLKCIPHER
200 select CRYPTO_MANAGER
201 select CRYPTO_GF128MUL
203 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
204 key size 256, 384 or 512 bits. This implementation currently
205 can't handle a sectorsize which is not a multiple of 16 bytes.
208 tristate "CTR support"
209 select CRYPTO_BLKCIPHER
211 select CRYPTO_MANAGER
214 This block cipher algorithm is required for IPSec.
217 tristate "GCM/GMAC support"
220 select CRYPTO_GF128MUL
222 Support for Galois/Counter Mode (GCM) and Galois Message
223 Authentication Code (GMAC). Required for IPSec.
226 tristate "CCM support"
230 Support for Counter with CBC MAC. Required for IPsec.
233 tristate "Software async crypto daemon"
234 select CRYPTO_BLKCIPHER
235 select CRYPTO_MANAGER
237 This is a generic software asynchronous crypto daemon that
238 converts an arbitrary synchronous software crypto algorithm
239 into an asynchronous algorithm that executes in a kernel thread.
242 tristate "DES and Triple DES EDE cipher algorithms"
245 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
248 tristate "FCrypt cipher algorithm"
250 select CRYPTO_BLKCIPHER
252 FCrypt algorithm used by RxRPC.
254 config CRYPTO_BLOWFISH
255 tristate "Blowfish cipher algorithm"
258 Blowfish cipher algorithm, by Bruce Schneier.
260 This is a variable key length cipher which can use keys from 32
261 bits to 448 bits in length. It's fast, simple and specifically
262 designed for use on "large microprocessors".
265 <http://www.schneier.com/blowfish.html>
267 config CRYPTO_TWOFISH
268 tristate "Twofish cipher algorithm"
270 select CRYPTO_TWOFISH_COMMON
272 Twofish cipher algorithm.
274 Twofish was submitted as an AES (Advanced Encryption Standard)
275 candidate cipher by researchers at CounterPane Systems. It is a
276 16 round block cipher supporting key sizes of 128, 192, and 256
280 <http://www.schneier.com/twofish.html>
282 config CRYPTO_TWOFISH_COMMON
285 Common parts of the Twofish cipher algorithm shared by the
286 generic c and the assembler implementations.
288 config CRYPTO_TWOFISH_586
289 tristate "Twofish cipher algorithms (i586)"
290 depends on (X86 || UML_X86) && !64BIT
292 select CRYPTO_TWOFISH_COMMON
294 Twofish cipher algorithm.
296 Twofish was submitted as an AES (Advanced Encryption Standard)
297 candidate cipher by researchers at CounterPane Systems. It is a
298 16 round block cipher supporting key sizes of 128, 192, and 256
302 <http://www.schneier.com/twofish.html>
304 config CRYPTO_TWOFISH_X86_64
305 tristate "Twofish cipher algorithm (x86_64)"
306 depends on (X86 || UML_X86) && 64BIT
308 select CRYPTO_TWOFISH_COMMON
310 Twofish cipher algorithm (x86_64).
312 Twofish was submitted as an AES (Advanced Encryption Standard)
313 candidate cipher by researchers at CounterPane Systems. It is a
314 16 round block cipher supporting key sizes of 128, 192, and 256
318 <http://www.schneier.com/twofish.html>
320 config CRYPTO_SERPENT
321 tristate "Serpent cipher algorithm"
324 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
326 Keys are allowed to be from 0 to 256 bits in length, in steps
327 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
328 variant of Serpent for compatibility with old kerneli.org code.
331 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
334 tristate "AES cipher algorithms"
337 AES cipher algorithms (FIPS-197). AES uses the Rijndael
340 Rijndael appears to be consistently a very good performer in
341 both hardware and software across a wide range of computing
342 environments regardless of its use in feedback or non-feedback
343 modes. Its key setup time is excellent, and its key agility is
344 good. Rijndael's very low memory requirements make it very well
345 suited for restricted-space environments, in which it also
346 demonstrates excellent performance. Rijndael's operations are
347 among the easiest to defend against power and timing attacks.
349 The AES specifies three key sizes: 128, 192 and 256 bits
351 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
353 config CRYPTO_AES_586
354 tristate "AES cipher algorithms (i586)"
355 depends on (X86 || UML_X86) && !64BIT
359 AES cipher algorithms (FIPS-197). AES uses the Rijndael
362 Rijndael appears to be consistently a very good performer in
363 both hardware and software across a wide range of computing
364 environments regardless of its use in feedback or non-feedback
365 modes. Its key setup time is excellent, and its key agility is
366 good. Rijndael's very low memory requirements make it very well
367 suited for restricted-space environments, in which it also
368 demonstrates excellent performance. Rijndael's operations are
369 among the easiest to defend against power and timing attacks.
371 The AES specifies three key sizes: 128, 192 and 256 bits
373 See <http://csrc.nist.gov/encryption/aes/> for more information.
375 config CRYPTO_AES_X86_64
376 tristate "AES cipher algorithms (x86_64)"
377 depends on (X86 || UML_X86) && 64BIT
381 AES cipher algorithms (FIPS-197). AES uses the Rijndael
384 Rijndael appears to be consistently a very good performer in
385 both hardware and software across a wide range of computing
386 environments regardless of its use in feedback or non-feedback
387 modes. Its key setup time is excellent, and its key agility is
388 good. Rijndael's very low memory requirements make it very well
389 suited for restricted-space environments, in which it also
390 demonstrates excellent performance. Rijndael's operations are
391 among the easiest to defend against power and timing attacks.
393 The AES specifies three key sizes: 128, 192 and 256 bits
395 See <http://csrc.nist.gov/encryption/aes/> for more information.
398 tristate "CAST5 (CAST-128) cipher algorithm"
401 The CAST5 encryption algorithm (synonymous with CAST-128) is
402 described in RFC2144.
405 tristate "CAST6 (CAST-256) cipher algorithm"
408 The CAST6 encryption algorithm (synonymous with CAST-256) is
409 described in RFC2612.
412 tristate "TEA, XTEA and XETA cipher algorithms"
415 TEA cipher algorithm.
417 Tiny Encryption Algorithm is a simple cipher that uses
418 many rounds for security. It is very fast and uses
421 Xtendend Tiny Encryption Algorithm is a modification to
422 the TEA algorithm to address a potential key weakness
423 in the TEA algorithm.
425 Xtendend Encryption Tiny Algorithm is a mis-implementation
426 of the XTEA algorithm for compatibility purposes.
429 tristate "ARC4 cipher algorithm"
432 ARC4 cipher algorithm.
434 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
435 bits in length. This algorithm is required for driver-based
436 WEP, but it should not be for other purposes because of the
437 weakness of the algorithm.
440 tristate "Khazad cipher algorithm"
443 Khazad cipher algorithm.
445 Khazad was a finalist in the initial NESSIE competition. It is
446 an algorithm optimized for 64-bit processors with good performance
447 on 32-bit processors. Khazad uses an 128 bit key size.
450 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
453 tristate "Anubis cipher algorithm"
456 Anubis cipher algorithm.
458 Anubis is a variable key length cipher which can use keys from
459 128 bits to 320 bits in length. It was evaluated as a entrant
460 in the NESSIE competition.
463 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
464 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
467 tristate "SEED cipher algorithm"
470 SEED cipher algorithm (RFC4269).
472 SEED is a 128-bit symmetric key block cipher that has been
473 developed by KISA (Korea Information Security Agency) as a
474 national standard encryption algorithm of the Republic of Korea.
475 It is a 16 round block cipher with the key size of 128 bit.
478 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
480 config CRYPTO_SALSA20
481 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
482 depends on EXPERIMENTAL
483 select CRYPTO_BLKCIPHER
485 Salsa20 stream cipher algorithm.
487 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
488 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
490 The Salsa20 stream cipher algorithm is designed by Daniel J.
491 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
493 config CRYPTO_SALSA20_586
494 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
495 depends on (X86 || UML_X86) && !64BIT
496 depends on EXPERIMENTAL
497 select CRYPTO_BLKCIPHER
499 Salsa20 stream cipher algorithm.
501 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
502 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
504 The Salsa20 stream cipher algorithm is designed by Daniel J.
505 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
507 config CRYPTO_SALSA20_X86_64
508 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
509 depends on (X86 || UML_X86) && 64BIT
510 depends on EXPERIMENTAL
511 select CRYPTO_BLKCIPHER
513 Salsa20 stream cipher algorithm.
515 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
516 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
518 The Salsa20 stream cipher algorithm is designed by Daniel J.
519 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
521 config CRYPTO_DEFLATE
522 tristate "Deflate compression algorithm"
527 This is the Deflate algorithm (RFC1951), specified for use in
528 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
530 You will most probably want this if using IPSec.
532 config CRYPTO_MICHAEL_MIC
533 tristate "Michael MIC keyed digest algorithm"
536 Michael MIC is used for message integrity protection in TKIP
537 (IEEE 802.11i). This algorithm is required for TKIP, but it
538 should not be used for other purposes because of the weakness
542 tristate "CRC32c CRC algorithm"
546 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
547 by iSCSI for header and data digests and by others.
548 See Castagnoli93. This implementation uses lib/libcrc32c.
549 Module will be crc32c.
551 config CRYPTO_CAMELLIA
552 tristate "Camellia cipher algorithms"
556 Camellia cipher algorithms module.
558 Camellia is a symmetric key block cipher developed jointly
559 at NTT and Mitsubishi Electric Corporation.
561 The Camellia specifies three key sizes: 128, 192 and 256 bits.
564 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
567 tristate "Testing module"
571 select CRYPTO_BLKCIPHER
573 Quick & dirty crypto test module.
575 config CRYPTO_AUTHENC
576 tristate "Authenc support"
578 select CRYPTO_BLKCIPHER
579 select CRYPTO_MANAGER
582 Authenc: Combined mode wrapper for IPsec.
583 This is required for IPSec.
586 tristate "LZO compression algorithm"
589 select LZO_DECOMPRESS
591 This is the LZO algorithm.
593 source "drivers/crypto/Kconfig"