2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 bool "Cryptographic API"
18 This option provides the core Cryptographic API.
25 This option provides the API for cryptographic algorithms.
31 config CRYPTO_BLKCIPHER
36 tristate "Sequence Number IV Generator"
38 select CRYPTO_BLKCIPHER
40 This IV generator generates an IV based on a sequence number by
41 xoring it with a salt. This algorithm is mainly useful for CTR
49 tristate "Cryptographic algorithm manager"
52 Create default cryptographic template instantiations such as
56 tristate "HMAC support"
60 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
61 This is required for IPSec.
64 tristate "XCBC support"
65 depends on EXPERIMENTAL
69 XCBC: Keyed-Hashing with encryption algorithm
70 http://www.ietf.org/rfc/rfc3566.txt
71 http://csrc.nist.gov/encryption/modes/proposedmodes/
72 xcbc-mac/xcbc-mac-spec.pdf
75 tristate "Null algorithms"
77 select CRYPTO_BLKCIPHER
79 These are 'Null' algorithms, used by IPsec, which do nothing.
82 tristate "MD4 digest algorithm"
85 MD4 message digest algorithm (RFC1320).
88 tristate "MD5 digest algorithm"
91 MD5 message digest algorithm (RFC1321).
94 tristate "SHA1 digest algorithm"
97 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
100 tristate "SHA224 and SHA256 digest algorithm"
103 SHA256 secure hash standard (DFIPS 180-2).
105 This version of SHA implements a 256 bit hash with 128 bits of
106 security against collision attacks.
108 This code also includes SHA-224, a 224 bit hash with 112 bits
109 of security against collision attacks.
112 tristate "SHA384 and SHA512 digest algorithms"
115 SHA512 secure hash standard (DFIPS 180-2).
117 This version of SHA implements a 512 bit hash with 256 bits of
118 security against collision attacks.
120 This code also includes SHA-384, a 384 bit hash with 192 bits
121 of security against collision attacks.
124 tristate "Whirlpool digest algorithms"
127 Whirlpool hash algorithm 512, 384 and 256-bit hashes
129 Whirlpool-512 is part of the NESSIE cryptographic primitives.
130 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
133 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
136 tristate "Tiger digest algorithms"
139 Tiger hash algorithm 192, 160 and 128-bit hashes
141 Tiger is a hash function optimized for 64-bit processors while
142 still having decent performance on 32-bit processors.
143 Tiger was developed by Ross Anderson and Eli Biham.
146 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
148 config CRYPTO_GF128MUL
149 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
150 depends on EXPERIMENTAL
152 Efficient table driven implementation of multiplications in the
153 field GF(2^128). This is needed by some cypher modes. This
154 option will be selected automatically if you select such a
155 cipher mode. Only select this option by hand if you expect to load
156 an external module that requires these functions.
159 tristate "ECB support"
160 select CRYPTO_BLKCIPHER
161 select CRYPTO_MANAGER
163 ECB: Electronic CodeBook mode
164 This is the simplest block cipher algorithm. It simply encrypts
165 the input block by block.
168 tristate "CBC support"
169 select CRYPTO_BLKCIPHER
170 select CRYPTO_MANAGER
172 CBC: Cipher Block Chaining mode
173 This block cipher algorithm is required for IPSec.
176 tristate "PCBC support"
177 select CRYPTO_BLKCIPHER
178 select CRYPTO_MANAGER
180 PCBC: Propagating Cipher Block Chaining mode
181 This block cipher algorithm is required for RxRPC.
184 tristate "LRW support (EXPERIMENTAL)"
185 depends on EXPERIMENTAL
186 select CRYPTO_BLKCIPHER
187 select CRYPTO_MANAGER
188 select CRYPTO_GF128MUL
190 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
191 narrow block cipher mode for dm-crypt. Use it with cipher
192 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
193 The first 128, 192 or 256 bits in the key are used for AES and the
194 rest is used to tie each cipher block to its logical position.
197 tristate "XTS support (EXPERIMENTAL)"
198 depends on EXPERIMENTAL
199 select CRYPTO_BLKCIPHER
200 select CRYPTO_MANAGER
201 select CRYPTO_GF128MUL
203 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
204 key size 256, 384 or 512 bits. This implementation currently
205 can't handle a sectorsize which is not a multiple of 16 bytes.
208 tristate "CTR support"
209 select CRYPTO_BLKCIPHER
211 select CRYPTO_MANAGER
214 This block cipher algorithm is required for IPSec.
217 tristate "CTS support"
218 select CRYPTO_BLKCIPHER
220 CTS: Cipher Text Stealing
221 This is the Cipher Text Stealing mode as described by
222 Section 8 of rfc2040 and referenced by rfc3962.
223 (rfc3962 includes errata information in its Appendix A)
224 This mode is required for Kerberos gss mechanism support
228 tristate "GCM/GMAC support"
231 select CRYPTO_GF128MUL
233 Support for Galois/Counter Mode (GCM) and Galois Message
234 Authentication Code (GMAC). Required for IPSec.
237 tristate "CCM support"
241 Support for Counter with CBC MAC. Required for IPsec.
244 tristate "Software async crypto daemon"
245 select CRYPTO_BLKCIPHER
246 select CRYPTO_MANAGER
248 This is a generic software asynchronous crypto daemon that
249 converts an arbitrary synchronous software crypto algorithm
250 into an asynchronous algorithm that executes in a kernel thread.
253 tristate "DES and Triple DES EDE cipher algorithms"
256 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
259 tristate "FCrypt cipher algorithm"
261 select CRYPTO_BLKCIPHER
263 FCrypt algorithm used by RxRPC.
265 config CRYPTO_BLOWFISH
266 tristate "Blowfish cipher algorithm"
269 Blowfish cipher algorithm, by Bruce Schneier.
271 This is a variable key length cipher which can use keys from 32
272 bits to 448 bits in length. It's fast, simple and specifically
273 designed for use on "large microprocessors".
276 <http://www.schneier.com/blowfish.html>
278 config CRYPTO_TWOFISH
279 tristate "Twofish cipher algorithm"
281 select CRYPTO_TWOFISH_COMMON
283 Twofish cipher algorithm.
285 Twofish was submitted as an AES (Advanced Encryption Standard)
286 candidate cipher by researchers at CounterPane Systems. It is a
287 16 round block cipher supporting key sizes of 128, 192, and 256
291 <http://www.schneier.com/twofish.html>
293 config CRYPTO_TWOFISH_COMMON
296 Common parts of the Twofish cipher algorithm shared by the
297 generic c and the assembler implementations.
299 config CRYPTO_TWOFISH_586
300 tristate "Twofish cipher algorithms (i586)"
301 depends on (X86 || UML_X86) && !64BIT
303 select CRYPTO_TWOFISH_COMMON
305 Twofish cipher algorithm.
307 Twofish was submitted as an AES (Advanced Encryption Standard)
308 candidate cipher by researchers at CounterPane Systems. It is a
309 16 round block cipher supporting key sizes of 128, 192, and 256
313 <http://www.schneier.com/twofish.html>
315 config CRYPTO_TWOFISH_X86_64
316 tristate "Twofish cipher algorithm (x86_64)"
317 depends on (X86 || UML_X86) && 64BIT
319 select CRYPTO_TWOFISH_COMMON
321 Twofish cipher algorithm (x86_64).
323 Twofish was submitted as an AES (Advanced Encryption Standard)
324 candidate cipher by researchers at CounterPane Systems. It is a
325 16 round block cipher supporting key sizes of 128, 192, and 256
329 <http://www.schneier.com/twofish.html>
331 config CRYPTO_SERPENT
332 tristate "Serpent cipher algorithm"
335 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
337 Keys are allowed to be from 0 to 256 bits in length, in steps
338 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
339 variant of Serpent for compatibility with old kerneli.org code.
342 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
345 tristate "AES cipher algorithms"
348 AES cipher algorithms (FIPS-197). AES uses the Rijndael
351 Rijndael appears to be consistently a very good performer in
352 both hardware and software across a wide range of computing
353 environments regardless of its use in feedback or non-feedback
354 modes. Its key setup time is excellent, and its key agility is
355 good. Rijndael's very low memory requirements make it very well
356 suited for restricted-space environments, in which it also
357 demonstrates excellent performance. Rijndael's operations are
358 among the easiest to defend against power and timing attacks.
360 The AES specifies three key sizes: 128, 192 and 256 bits
362 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
364 config CRYPTO_AES_586
365 tristate "AES cipher algorithms (i586)"
366 depends on (X86 || UML_X86) && !64BIT
370 AES cipher algorithms (FIPS-197). AES uses the Rijndael
373 Rijndael appears to be consistently a very good performer in
374 both hardware and software across a wide range of computing
375 environments regardless of its use in feedback or non-feedback
376 modes. Its key setup time is excellent, and its key agility is
377 good. Rijndael's very low memory requirements make it very well
378 suited for restricted-space environments, in which it also
379 demonstrates excellent performance. Rijndael's operations are
380 among the easiest to defend against power and timing attacks.
382 The AES specifies three key sizes: 128, 192 and 256 bits
384 See <http://csrc.nist.gov/encryption/aes/> for more information.
386 config CRYPTO_AES_X86_64
387 tristate "AES cipher algorithms (x86_64)"
388 depends on (X86 || UML_X86) && 64BIT
392 AES cipher algorithms (FIPS-197). AES uses the Rijndael
395 Rijndael appears to be consistently a very good performer in
396 both hardware and software across a wide range of computing
397 environments regardless of its use in feedback or non-feedback
398 modes. Its key setup time is excellent, and its key agility is
399 good. Rijndael's very low memory requirements make it very well
400 suited for restricted-space environments, in which it also
401 demonstrates excellent performance. Rijndael's operations are
402 among the easiest to defend against power and timing attacks.
404 The AES specifies three key sizes: 128, 192 and 256 bits
406 See <http://csrc.nist.gov/encryption/aes/> for more information.
409 tristate "CAST5 (CAST-128) cipher algorithm"
412 The CAST5 encryption algorithm (synonymous with CAST-128) is
413 described in RFC2144.
416 tristate "CAST6 (CAST-256) cipher algorithm"
419 The CAST6 encryption algorithm (synonymous with CAST-256) is
420 described in RFC2612.
423 tristate "TEA, XTEA and XETA cipher algorithms"
426 TEA cipher algorithm.
428 Tiny Encryption Algorithm is a simple cipher that uses
429 many rounds for security. It is very fast and uses
432 Xtendend Tiny Encryption Algorithm is a modification to
433 the TEA algorithm to address a potential key weakness
434 in the TEA algorithm.
436 Xtendend Encryption Tiny Algorithm is a mis-implementation
437 of the XTEA algorithm for compatibility purposes.
440 tristate "ARC4 cipher algorithm"
443 ARC4 cipher algorithm.
445 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
446 bits in length. This algorithm is required for driver-based
447 WEP, but it should not be for other purposes because of the
448 weakness of the algorithm.
451 tristate "Khazad cipher algorithm"
454 Khazad cipher algorithm.
456 Khazad was a finalist in the initial NESSIE competition. It is
457 an algorithm optimized for 64-bit processors with good performance
458 on 32-bit processors. Khazad uses an 128 bit key size.
461 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
464 tristate "Anubis cipher algorithm"
467 Anubis cipher algorithm.
469 Anubis is a variable key length cipher which can use keys from
470 128 bits to 320 bits in length. It was evaluated as a entrant
471 in the NESSIE competition.
474 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
475 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
478 tristate "SEED cipher algorithm"
481 SEED cipher algorithm (RFC4269).
483 SEED is a 128-bit symmetric key block cipher that has been
484 developed by KISA (Korea Information Security Agency) as a
485 national standard encryption algorithm of the Republic of Korea.
486 It is a 16 round block cipher with the key size of 128 bit.
489 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
491 config CRYPTO_SALSA20
492 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
493 depends on EXPERIMENTAL
494 select CRYPTO_BLKCIPHER
496 Salsa20 stream cipher algorithm.
498 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
499 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
501 The Salsa20 stream cipher algorithm is designed by Daniel J.
502 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
504 config CRYPTO_SALSA20_586
505 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
506 depends on (X86 || UML_X86) && !64BIT
507 depends on EXPERIMENTAL
508 select CRYPTO_BLKCIPHER
510 Salsa20 stream cipher algorithm.
512 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
513 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
515 The Salsa20 stream cipher algorithm is designed by Daniel J.
516 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
518 config CRYPTO_SALSA20_X86_64
519 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
520 depends on (X86 || UML_X86) && 64BIT
521 depends on EXPERIMENTAL
522 select CRYPTO_BLKCIPHER
524 Salsa20 stream cipher algorithm.
526 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
527 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
529 The Salsa20 stream cipher algorithm is designed by Daniel J.
530 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
532 config CRYPTO_DEFLATE
533 tristate "Deflate compression algorithm"
538 This is the Deflate algorithm (RFC1951), specified for use in
539 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
541 You will most probably want this if using IPSec.
543 config CRYPTO_MICHAEL_MIC
544 tristate "Michael MIC keyed digest algorithm"
547 Michael MIC is used for message integrity protection in TKIP
548 (IEEE 802.11i). This algorithm is required for TKIP, but it
549 should not be used for other purposes because of the weakness
553 tristate "CRC32c CRC algorithm"
557 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
558 by iSCSI for header and data digests and by others.
559 See Castagnoli93. This implementation uses lib/libcrc32c.
560 Module will be crc32c.
562 config CRYPTO_CAMELLIA
563 tristate "Camellia cipher algorithms"
567 Camellia cipher algorithms module.
569 Camellia is a symmetric key block cipher developed jointly
570 at NTT and Mitsubishi Electric Corporation.
572 The Camellia specifies three key sizes: 128, 192 and 256 bits.
575 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
578 tristate "Testing module"
582 select CRYPTO_BLKCIPHER
584 Quick & dirty crypto test module.
586 config CRYPTO_AUTHENC
587 tristate "Authenc support"
589 select CRYPTO_BLKCIPHER
590 select CRYPTO_MANAGER
593 Authenc: Combined mode wrapper for IPsec.
594 This is required for IPSec.
597 tristate "LZO compression algorithm"
600 select LZO_DECOMPRESS
602 This is the LZO algorithm.
604 source "drivers/crypto/Kconfig"