2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
36 This option provides the API for cryptographic algorithms.
50 config CRYPTO_BLKCIPHER
52 select CRYPTO_BLKCIPHER2
55 config CRYPTO_BLKCIPHER2
59 select CRYPTO_WORKQUEUE
80 tristate "Cryptographic algorithm manager"
81 select CRYPTO_MANAGER2
83 Create default cryptographic template instantiations such as
86 config CRYPTO_MANAGER2
87 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
90 select CRYPTO_BLKCIPHER2
92 config CRYPTO_GF128MUL
93 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
94 depends on EXPERIMENTAL
96 Efficient table driven implementation of multiplications in the
97 field GF(2^128). This is needed by some cypher modes. This
98 option will be selected automatically if you select such a
99 cipher mode. Only select this option by hand if you expect to load
100 an external module that requires these functions.
103 tristate "Null algorithms"
105 select CRYPTO_BLKCIPHER
108 These are 'Null' algorithms, used by IPsec, which do nothing.
110 config CRYPTO_WORKQUEUE
114 tristate "Software async crypto daemon"
115 select CRYPTO_BLKCIPHER
117 select CRYPTO_MANAGER
118 select CRYPTO_WORKQUEUE
120 This is a generic software asynchronous crypto daemon that
121 converts an arbitrary synchronous software crypto algorithm
122 into an asynchronous algorithm that executes in a kernel thread.
124 config CRYPTO_AUTHENC
125 tristate "Authenc support"
127 select CRYPTO_BLKCIPHER
128 select CRYPTO_MANAGER
131 Authenc: Combined mode wrapper for IPsec.
132 This is required for IPSec.
135 tristate "Testing module"
137 select CRYPTO_MANAGER
139 Quick & dirty crypto test module.
141 comment "Authenticated Encryption with Associated Data"
144 tristate "CCM support"
148 Support for Counter with CBC MAC. Required for IPsec.
151 tristate "GCM/GMAC support"
154 select CRYPTO_GF128MUL
156 Support for Galois/Counter Mode (GCM) and Galois Message
157 Authentication Code (GMAC). Required for IPSec.
160 tristate "Sequence Number IV Generator"
162 select CRYPTO_BLKCIPHER
165 This IV generator generates an IV based on a sequence number by
166 xoring it with a salt. This algorithm is mainly useful for CTR
168 comment "Block modes"
171 tristate "CBC support"
172 select CRYPTO_BLKCIPHER
173 select CRYPTO_MANAGER
175 CBC: Cipher Block Chaining mode
176 This block cipher algorithm is required for IPSec.
179 tristate "CTR support"
180 select CRYPTO_BLKCIPHER
182 select CRYPTO_MANAGER
185 This block cipher algorithm is required for IPSec.
188 tristate "CTS support"
189 select CRYPTO_BLKCIPHER
191 CTS: Cipher Text Stealing
192 This is the Cipher Text Stealing mode as described by
193 Section 8 of rfc2040 and referenced by rfc3962.
194 (rfc3962 includes errata information in its Appendix A)
195 This mode is required for Kerberos gss mechanism support
199 tristate "ECB support"
200 select CRYPTO_BLKCIPHER
201 select CRYPTO_MANAGER
203 ECB: Electronic CodeBook mode
204 This is the simplest block cipher algorithm. It simply encrypts
205 the input block by block.
208 tristate "LRW support (EXPERIMENTAL)"
209 depends on EXPERIMENTAL
210 select CRYPTO_BLKCIPHER
211 select CRYPTO_MANAGER
212 select CRYPTO_GF128MUL
214 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
215 narrow block cipher mode for dm-crypt. Use it with cipher
216 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
217 The first 128, 192 or 256 bits in the key are used for AES and the
218 rest is used to tie each cipher block to its logical position.
221 tristate "PCBC support"
222 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER
225 PCBC: Propagating Cipher Block Chaining mode
226 This block cipher algorithm is required for RxRPC.
229 tristate "XTS support (EXPERIMENTAL)"
230 depends on EXPERIMENTAL
231 select CRYPTO_BLKCIPHER
232 select CRYPTO_MANAGER
233 select CRYPTO_GF128MUL
235 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
236 key size 256, 384 or 512 bits. This implementation currently
237 can't handle a sectorsize which is not a multiple of 16 bytes.
242 tristate "HMAC support"
244 select CRYPTO_MANAGER
246 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
247 This is required for IPSec.
250 tristate "XCBC support"
251 depends on EXPERIMENTAL
253 select CRYPTO_MANAGER
255 XCBC: Keyed-Hashing with encryption algorithm
256 http://www.ietf.org/rfc/rfc3566.txt
257 http://csrc.nist.gov/encryption/modes/proposedmodes/
258 xcbc-mac/xcbc-mac-spec.pdf
263 tristate "CRC32c CRC algorithm"
266 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
267 by iSCSI for header and data digests and by others.
268 See Castagnoli93. Module will be crc32c.
270 config CRYPTO_CRC32C_INTEL
271 tristate "CRC32c INTEL hardware acceleration"
275 In Intel processor with SSE4.2 supported, the processor will
276 support CRC32C implementation using hardware accelerated CRC32
277 instruction. This option will create 'crc32c-intel' module,
278 which will enable any routine to use the CRC32 instruction to
279 gain performance compared with software implementation.
280 Module will be crc32c-intel.
283 tristate "MD4 digest algorithm"
286 MD4 message digest algorithm (RFC1320).
289 tristate "MD5 digest algorithm"
292 MD5 message digest algorithm (RFC1321).
294 config CRYPTO_MICHAEL_MIC
295 tristate "Michael MIC keyed digest algorithm"
298 Michael MIC is used for message integrity protection in TKIP
299 (IEEE 802.11i). This algorithm is required for TKIP, but it
300 should not be used for other purposes because of the weakness
304 tristate "RIPEMD-128 digest algorithm"
307 RIPEMD-128 (ISO/IEC 10118-3:2004).
309 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
310 to be used as a secure replacement for RIPEMD. For other use cases
311 RIPEMD-160 should be used.
313 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
314 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
317 tristate "RIPEMD-160 digest algorithm"
320 RIPEMD-160 (ISO/IEC 10118-3:2004).
322 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
323 to be used as a secure replacement for the 128-bit hash functions
324 MD4, MD5 and it's predecessor RIPEMD
325 (not to be confused with RIPEMD-128).
327 It's speed is comparable to SHA1 and there are no known attacks
330 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
331 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
334 tristate "RIPEMD-256 digest algorithm"
337 RIPEMD-256 is an optional extension of RIPEMD-128 with a
338 256 bit hash. It is intended for applications that require
339 longer hash-results, without needing a larger security level
342 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
343 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
346 tristate "RIPEMD-320 digest algorithm"
349 RIPEMD-320 is an optional extension of RIPEMD-160 with a
350 320 bit hash. It is intended for applications that require
351 longer hash-results, without needing a larger security level
354 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
355 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
358 tristate "SHA1 digest algorithm"
361 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
364 tristate "SHA224 and SHA256 digest algorithm"
367 SHA256 secure hash standard (DFIPS 180-2).
369 This version of SHA implements a 256 bit hash with 128 bits of
370 security against collision attacks.
372 This code also includes SHA-224, a 224 bit hash with 112 bits
373 of security against collision attacks.
376 tristate "SHA384 and SHA512 digest algorithms"
379 SHA512 secure hash standard (DFIPS 180-2).
381 This version of SHA implements a 512 bit hash with 256 bits of
382 security against collision attacks.
384 This code also includes SHA-384, a 384 bit hash with 192 bits
385 of security against collision attacks.
388 tristate "Tiger digest algorithms"
391 Tiger hash algorithm 192, 160 and 128-bit hashes
393 Tiger is a hash function optimized for 64-bit processors while
394 still having decent performance on 32-bit processors.
395 Tiger was developed by Ross Anderson and Eli Biham.
398 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
401 tristate "Whirlpool digest algorithms"
404 Whirlpool hash algorithm 512, 384 and 256-bit hashes
406 Whirlpool-512 is part of the NESSIE cryptographic primitives.
407 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
410 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
415 tristate "AES cipher algorithms"
418 AES cipher algorithms (FIPS-197). AES uses the Rijndael
421 Rijndael appears to be consistently a very good performer in
422 both hardware and software across a wide range of computing
423 environments regardless of its use in feedback or non-feedback
424 modes. Its key setup time is excellent, and its key agility is
425 good. Rijndael's very low memory requirements make it very well
426 suited for restricted-space environments, in which it also
427 demonstrates excellent performance. Rijndael's operations are
428 among the easiest to defend against power and timing attacks.
430 The AES specifies three key sizes: 128, 192 and 256 bits
432 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
434 config CRYPTO_AES_586
435 tristate "AES cipher algorithms (i586)"
436 depends on (X86 || UML_X86) && !64BIT
440 AES cipher algorithms (FIPS-197). AES uses the Rijndael
443 Rijndael appears to be consistently a very good performer in
444 both hardware and software across a wide range of computing
445 environments regardless of its use in feedback or non-feedback
446 modes. Its key setup time is excellent, and its key agility is
447 good. Rijndael's very low memory requirements make it very well
448 suited for restricted-space environments, in which it also
449 demonstrates excellent performance. Rijndael's operations are
450 among the easiest to defend against power and timing attacks.
452 The AES specifies three key sizes: 128, 192 and 256 bits
454 See <http://csrc.nist.gov/encryption/aes/> for more information.
456 config CRYPTO_AES_X86_64
457 tristate "AES cipher algorithms (x86_64)"
458 depends on (X86 || UML_X86) && 64BIT
462 AES cipher algorithms (FIPS-197). AES uses the Rijndael
465 Rijndael appears to be consistently a very good performer in
466 both hardware and software across a wide range of computing
467 environments regardless of its use in feedback or non-feedback
468 modes. Its key setup time is excellent, and its key agility is
469 good. Rijndael's very low memory requirements make it very well
470 suited for restricted-space environments, in which it also
471 demonstrates excellent performance. Rijndael's operations are
472 among the easiest to defend against power and timing attacks.
474 The AES specifies three key sizes: 128, 192 and 256 bits
476 See <http://csrc.nist.gov/encryption/aes/> for more information.
478 config CRYPTO_AES_NI_INTEL
479 tristate "AES cipher algorithms (AES-NI)"
480 depends on (X86 || UML_X86) && 64BIT
481 select CRYPTO_AES_X86_64
485 Use Intel AES-NI instructions for AES algorithm.
487 AES cipher algorithms (FIPS-197). AES uses the Rijndael
490 Rijndael appears to be consistently a very good performer in
491 both hardware and software across a wide range of computing
492 environments regardless of its use in feedback or non-feedback
493 modes. Its key setup time is excellent, and its key agility is
494 good. Rijndael's very low memory requirements make it very well
495 suited for restricted-space environments, in which it also
496 demonstrates excellent performance. Rijndael's operations are
497 among the easiest to defend against power and timing attacks.
499 The AES specifies three key sizes: 128, 192 and 256 bits
501 See <http://csrc.nist.gov/encryption/aes/> for more information.
504 tristate "Anubis cipher algorithm"
507 Anubis cipher algorithm.
509 Anubis is a variable key length cipher which can use keys from
510 128 bits to 320 bits in length. It was evaluated as a entrant
511 in the NESSIE competition.
514 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
515 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
518 tristate "ARC4 cipher algorithm"
521 ARC4 cipher algorithm.
523 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
524 bits in length. This algorithm is required for driver-based
525 WEP, but it should not be for other purposes because of the
526 weakness of the algorithm.
528 config CRYPTO_BLOWFISH
529 tristate "Blowfish cipher algorithm"
532 Blowfish cipher algorithm, by Bruce Schneier.
534 This is a variable key length cipher which can use keys from 32
535 bits to 448 bits in length. It's fast, simple and specifically
536 designed for use on "large microprocessors".
539 <http://www.schneier.com/blowfish.html>
541 config CRYPTO_CAMELLIA
542 tristate "Camellia cipher algorithms"
546 Camellia cipher algorithms module.
548 Camellia is a symmetric key block cipher developed jointly
549 at NTT and Mitsubishi Electric Corporation.
551 The Camellia specifies three key sizes: 128, 192 and 256 bits.
554 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
557 tristate "CAST5 (CAST-128) cipher algorithm"
560 The CAST5 encryption algorithm (synonymous with CAST-128) is
561 described in RFC2144.
564 tristate "CAST6 (CAST-256) cipher algorithm"
567 The CAST6 encryption algorithm (synonymous with CAST-256) is
568 described in RFC2612.
571 tristate "DES and Triple DES EDE cipher algorithms"
574 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
577 tristate "FCrypt cipher algorithm"
579 select CRYPTO_BLKCIPHER
581 FCrypt algorithm used by RxRPC.
584 tristate "Khazad cipher algorithm"
587 Khazad cipher algorithm.
589 Khazad was a finalist in the initial NESSIE competition. It is
590 an algorithm optimized for 64-bit processors with good performance
591 on 32-bit processors. Khazad uses an 128 bit key size.
594 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
596 config CRYPTO_SALSA20
597 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
598 depends on EXPERIMENTAL
599 select CRYPTO_BLKCIPHER
601 Salsa20 stream cipher algorithm.
603 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
604 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
606 The Salsa20 stream cipher algorithm is designed by Daniel J.
607 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
609 config CRYPTO_SALSA20_586
610 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
611 depends on (X86 || UML_X86) && !64BIT
612 depends on EXPERIMENTAL
613 select CRYPTO_BLKCIPHER
615 Salsa20 stream cipher algorithm.
617 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
618 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
620 The Salsa20 stream cipher algorithm is designed by Daniel J.
621 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
623 config CRYPTO_SALSA20_X86_64
624 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
625 depends on (X86 || UML_X86) && 64BIT
626 depends on EXPERIMENTAL
627 select CRYPTO_BLKCIPHER
629 Salsa20 stream cipher algorithm.
631 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
632 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
634 The Salsa20 stream cipher algorithm is designed by Daniel J.
635 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
638 tristate "SEED cipher algorithm"
641 SEED cipher algorithm (RFC4269).
643 SEED is a 128-bit symmetric key block cipher that has been
644 developed by KISA (Korea Information Security Agency) as a
645 national standard encryption algorithm of the Republic of Korea.
646 It is a 16 round block cipher with the key size of 128 bit.
649 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
651 config CRYPTO_SERPENT
652 tristate "Serpent cipher algorithm"
655 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
657 Keys are allowed to be from 0 to 256 bits in length, in steps
658 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
659 variant of Serpent for compatibility with old kerneli.org code.
662 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
665 tristate "TEA, XTEA and XETA cipher algorithms"
668 TEA cipher algorithm.
670 Tiny Encryption Algorithm is a simple cipher that uses
671 many rounds for security. It is very fast and uses
674 Xtendend Tiny Encryption Algorithm is a modification to
675 the TEA algorithm to address a potential key weakness
676 in the TEA algorithm.
678 Xtendend Encryption Tiny Algorithm is a mis-implementation
679 of the XTEA algorithm for compatibility purposes.
681 config CRYPTO_TWOFISH
682 tristate "Twofish cipher algorithm"
684 select CRYPTO_TWOFISH_COMMON
686 Twofish cipher algorithm.
688 Twofish was submitted as an AES (Advanced Encryption Standard)
689 candidate cipher by researchers at CounterPane Systems. It is a
690 16 round block cipher supporting key sizes of 128, 192, and 256
694 <http://www.schneier.com/twofish.html>
696 config CRYPTO_TWOFISH_COMMON
699 Common parts of the Twofish cipher algorithm shared by the
700 generic c and the assembler implementations.
702 config CRYPTO_TWOFISH_586
703 tristate "Twofish cipher algorithms (i586)"
704 depends on (X86 || UML_X86) && !64BIT
706 select CRYPTO_TWOFISH_COMMON
708 Twofish cipher algorithm.
710 Twofish was submitted as an AES (Advanced Encryption Standard)
711 candidate cipher by researchers at CounterPane Systems. It is a
712 16 round block cipher supporting key sizes of 128, 192, and 256
716 <http://www.schneier.com/twofish.html>
718 config CRYPTO_TWOFISH_X86_64
719 tristate "Twofish cipher algorithm (x86_64)"
720 depends on (X86 || UML_X86) && 64BIT
722 select CRYPTO_TWOFISH_COMMON
724 Twofish cipher algorithm (x86_64).
726 Twofish was submitted as an AES (Advanced Encryption Standard)
727 candidate cipher by researchers at CounterPane Systems. It is a
728 16 round block cipher supporting key sizes of 128, 192, and 256
732 <http://www.schneier.com/twofish.html>
734 comment "Compression"
736 config CRYPTO_DEFLATE
737 tristate "Deflate compression algorithm"
742 This is the Deflate algorithm (RFC1951), specified for use in
743 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
745 You will most probably want this if using IPSec.
748 tristate "LZO compression algorithm"
751 select LZO_DECOMPRESS
753 This is the LZO algorithm.
755 comment "Random Number Generation"
757 config CRYPTO_ANSI_CPRNG
758 tristate "Pseudo Random Number Generation for Cryptographic modules"
763 This option enables the generic pseudo random number generator
764 for cryptographic modules. Uses the Algorithm specified in
767 source "drivers/crypto/Kconfig"