2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
36 This option provides the API for cryptographic algorithms.
50 config CRYPTO_BLKCIPHER
52 select CRYPTO_BLKCIPHER2
55 config CRYPTO_BLKCIPHER2
79 tristate "Cryptographic algorithm manager"
80 select CRYPTO_MANAGER2
82 Create default cryptographic template instantiations such as
85 config CRYPTO_MANAGER2
86 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
89 select CRYPTO_BLKCIPHER2
91 config CRYPTO_GF128MUL
92 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
93 depends on EXPERIMENTAL
95 Efficient table driven implementation of multiplications in the
96 field GF(2^128). This is needed by some cypher modes. This
97 option will be selected automatically if you select such a
98 cipher mode. Only select this option by hand if you expect to load
99 an external module that requires these functions.
102 tristate "Null algorithms"
104 select CRYPTO_BLKCIPHER
107 These are 'Null' algorithms, used by IPsec, which do nothing.
110 tristate "Software async crypto daemon"
111 select CRYPTO_BLKCIPHER
113 select CRYPTO_MANAGER
115 This is a generic software asynchronous crypto daemon that
116 converts an arbitrary synchronous software crypto algorithm
117 into an asynchronous algorithm that executes in a kernel thread.
119 config CRYPTO_AUTHENC
120 tristate "Authenc support"
122 select CRYPTO_BLKCIPHER
123 select CRYPTO_MANAGER
126 Authenc: Combined mode wrapper for IPsec.
127 This is required for IPSec.
130 tristate "Testing module"
132 select CRYPTO_MANAGER
134 Quick & dirty crypto test module.
136 comment "Authenticated Encryption with Associated Data"
139 tristate "CCM support"
143 Support for Counter with CBC MAC. Required for IPsec.
146 tristate "GCM/GMAC support"
149 select CRYPTO_GF128MUL
151 Support for Galois/Counter Mode (GCM) and Galois Message
152 Authentication Code (GMAC). Required for IPSec.
155 tristate "Sequence Number IV Generator"
157 select CRYPTO_BLKCIPHER
160 This IV generator generates an IV based on a sequence number by
161 xoring it with a salt. This algorithm is mainly useful for CTR
163 comment "Block modes"
166 tristate "CBC support"
167 select CRYPTO_BLKCIPHER
168 select CRYPTO_MANAGER
170 CBC: Cipher Block Chaining mode
171 This block cipher algorithm is required for IPSec.
174 tristate "CTR support"
175 select CRYPTO_BLKCIPHER
177 select CRYPTO_MANAGER
180 This block cipher algorithm is required for IPSec.
183 tristate "CTS support"
184 select CRYPTO_BLKCIPHER
186 CTS: Cipher Text Stealing
187 This is the Cipher Text Stealing mode as described by
188 Section 8 of rfc2040 and referenced by rfc3962.
189 (rfc3962 includes errata information in its Appendix A)
190 This mode is required for Kerberos gss mechanism support
194 tristate "ECB support"
195 select CRYPTO_BLKCIPHER
196 select CRYPTO_MANAGER
198 ECB: Electronic CodeBook mode
199 This is the simplest block cipher algorithm. It simply encrypts
200 the input block by block.
203 tristate "LRW support (EXPERIMENTAL)"
204 depends on EXPERIMENTAL
205 select CRYPTO_BLKCIPHER
206 select CRYPTO_MANAGER
207 select CRYPTO_GF128MUL
209 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
210 narrow block cipher mode for dm-crypt. Use it with cipher
211 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
212 The first 128, 192 or 256 bits in the key are used for AES and the
213 rest is used to tie each cipher block to its logical position.
216 tristate "PCBC support"
217 select CRYPTO_BLKCIPHER
218 select CRYPTO_MANAGER
220 PCBC: Propagating Cipher Block Chaining mode
221 This block cipher algorithm is required for RxRPC.
224 tristate "XTS support (EXPERIMENTAL)"
225 depends on EXPERIMENTAL
226 select CRYPTO_BLKCIPHER
227 select CRYPTO_MANAGER
228 select CRYPTO_GF128MUL
230 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
231 key size 256, 384 or 512 bits. This implementation currently
232 can't handle a sectorsize which is not a multiple of 16 bytes.
237 tristate "HMAC support"
239 select CRYPTO_MANAGER
241 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
242 This is required for IPSec.
245 tristate "XCBC support"
246 depends on EXPERIMENTAL
248 select CRYPTO_MANAGER
250 XCBC: Keyed-Hashing with encryption algorithm
251 http://www.ietf.org/rfc/rfc3566.txt
252 http://csrc.nist.gov/encryption/modes/proposedmodes/
253 xcbc-mac/xcbc-mac-spec.pdf
258 tristate "CRC32c CRC algorithm"
261 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
262 by iSCSI for header and data digests and by others.
263 See Castagnoli93. Module will be crc32c.
265 config CRYPTO_CRC32C_INTEL
266 tristate "CRC32c INTEL hardware acceleration"
270 In Intel processor with SSE4.2 supported, the processor will
271 support CRC32C implementation using hardware accelerated CRC32
272 instruction. This option will create 'crc32c-intel' module,
273 which will enable any routine to use the CRC32 instruction to
274 gain performance compared with software implementation.
275 Module will be crc32c-intel.
278 tristate "MD4 digest algorithm"
281 MD4 message digest algorithm (RFC1320).
284 tristate "MD5 digest algorithm"
287 MD5 message digest algorithm (RFC1321).
289 config CRYPTO_MICHAEL_MIC
290 tristate "Michael MIC keyed digest algorithm"
293 Michael MIC is used for message integrity protection in TKIP
294 (IEEE 802.11i). This algorithm is required for TKIP, but it
295 should not be used for other purposes because of the weakness
299 tristate "RIPEMD-128 digest algorithm"
302 RIPEMD-128 (ISO/IEC 10118-3:2004).
304 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
305 to be used as a secure replacement for RIPEMD. For other use cases
306 RIPEMD-160 should be used.
308 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
309 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
312 tristate "RIPEMD-160 digest algorithm"
315 RIPEMD-160 (ISO/IEC 10118-3:2004).
317 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
318 to be used as a secure replacement for the 128-bit hash functions
319 MD4, MD5 and it's predecessor RIPEMD
320 (not to be confused with RIPEMD-128).
322 It's speed is comparable to SHA1 and there are no known attacks
325 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
326 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
329 tristate "RIPEMD-256 digest algorithm"
332 RIPEMD-256 is an optional extension of RIPEMD-128 with a
333 256 bit hash. It is intended for applications that require
334 longer hash-results, without needing a larger security level
337 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
338 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
341 tristate "RIPEMD-320 digest algorithm"
344 RIPEMD-320 is an optional extension of RIPEMD-160 with a
345 320 bit hash. It is intended for applications that require
346 longer hash-results, without needing a larger security level
349 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
350 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
353 tristate "SHA1 digest algorithm"
356 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
359 tristate "SHA224 and SHA256 digest algorithm"
362 SHA256 secure hash standard (DFIPS 180-2).
364 This version of SHA implements a 256 bit hash with 128 bits of
365 security against collision attacks.
367 This code also includes SHA-224, a 224 bit hash with 112 bits
368 of security against collision attacks.
371 tristate "SHA384 and SHA512 digest algorithms"
374 SHA512 secure hash standard (DFIPS 180-2).
376 This version of SHA implements a 512 bit hash with 256 bits of
377 security against collision attacks.
379 This code also includes SHA-384, a 384 bit hash with 192 bits
380 of security against collision attacks.
383 tristate "Tiger digest algorithms"
386 Tiger hash algorithm 192, 160 and 128-bit hashes
388 Tiger is a hash function optimized for 64-bit processors while
389 still having decent performance on 32-bit processors.
390 Tiger was developed by Ross Anderson and Eli Biham.
393 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
396 tristate "Whirlpool digest algorithms"
399 Whirlpool hash algorithm 512, 384 and 256-bit hashes
401 Whirlpool-512 is part of the NESSIE cryptographic primitives.
402 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
405 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
410 tristate "AES cipher algorithms"
413 AES cipher algorithms (FIPS-197). AES uses the Rijndael
416 Rijndael appears to be consistently a very good performer in
417 both hardware and software across a wide range of computing
418 environments regardless of its use in feedback or non-feedback
419 modes. Its key setup time is excellent, and its key agility is
420 good. Rijndael's very low memory requirements make it very well
421 suited for restricted-space environments, in which it also
422 demonstrates excellent performance. Rijndael's operations are
423 among the easiest to defend against power and timing attacks.
425 The AES specifies three key sizes: 128, 192 and 256 bits
427 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
429 config CRYPTO_AES_586
430 tristate "AES cipher algorithms (i586)"
431 depends on (X86 || UML_X86) && !64BIT
435 AES cipher algorithms (FIPS-197). AES uses the Rijndael
438 Rijndael appears to be consistently a very good performer in
439 both hardware and software across a wide range of computing
440 environments regardless of its use in feedback or non-feedback
441 modes. Its key setup time is excellent, and its key agility is
442 good. Rijndael's very low memory requirements make it very well
443 suited for restricted-space environments, in which it also
444 demonstrates excellent performance. Rijndael's operations are
445 among the easiest to defend against power and timing attacks.
447 The AES specifies three key sizes: 128, 192 and 256 bits
449 See <http://csrc.nist.gov/encryption/aes/> for more information.
451 config CRYPTO_AES_X86_64
452 tristate "AES cipher algorithms (x86_64)"
453 depends on (X86 || UML_X86) && 64BIT
457 AES cipher algorithms (FIPS-197). AES uses the Rijndael
460 Rijndael appears to be consistently a very good performer in
461 both hardware and software across a wide range of computing
462 environments regardless of its use in feedback or non-feedback
463 modes. Its key setup time is excellent, and its key agility is
464 good. Rijndael's very low memory requirements make it very well
465 suited for restricted-space environments, in which it also
466 demonstrates excellent performance. Rijndael's operations are
467 among the easiest to defend against power and timing attacks.
469 The AES specifies three key sizes: 128, 192 and 256 bits
471 See <http://csrc.nist.gov/encryption/aes/> for more information.
473 config CRYPTO_AES_NI_INTEL
474 tristate "AES cipher algorithms (AES-NI)"
475 depends on (X86 || UML_X86) && 64BIT
476 select CRYPTO_AES_X86_64
480 Use Intel AES-NI instructions for AES algorithm.
482 AES cipher algorithms (FIPS-197). AES uses the Rijndael
485 Rijndael appears to be consistently a very good performer in
486 both hardware and software across a wide range of computing
487 environments regardless of its use in feedback or non-feedback
488 modes. Its key setup time is excellent, and its key agility is
489 good. Rijndael's very low memory requirements make it very well
490 suited for restricted-space environments, in which it also
491 demonstrates excellent performance. Rijndael's operations are
492 among the easiest to defend against power and timing attacks.
494 The AES specifies three key sizes: 128, 192 and 256 bits
496 See <http://csrc.nist.gov/encryption/aes/> for more information.
499 tristate "Anubis cipher algorithm"
502 Anubis cipher algorithm.
504 Anubis is a variable key length cipher which can use keys from
505 128 bits to 320 bits in length. It was evaluated as a entrant
506 in the NESSIE competition.
509 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
510 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
513 tristate "ARC4 cipher algorithm"
516 ARC4 cipher algorithm.
518 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
519 bits in length. This algorithm is required for driver-based
520 WEP, but it should not be for other purposes because of the
521 weakness of the algorithm.
523 config CRYPTO_BLOWFISH
524 tristate "Blowfish cipher algorithm"
527 Blowfish cipher algorithm, by Bruce Schneier.
529 This is a variable key length cipher which can use keys from 32
530 bits to 448 bits in length. It's fast, simple and specifically
531 designed for use on "large microprocessors".
534 <http://www.schneier.com/blowfish.html>
536 config CRYPTO_CAMELLIA
537 tristate "Camellia cipher algorithms"
541 Camellia cipher algorithms module.
543 Camellia is a symmetric key block cipher developed jointly
544 at NTT and Mitsubishi Electric Corporation.
546 The Camellia specifies three key sizes: 128, 192 and 256 bits.
549 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
552 tristate "CAST5 (CAST-128) cipher algorithm"
555 The CAST5 encryption algorithm (synonymous with CAST-128) is
556 described in RFC2144.
559 tristate "CAST6 (CAST-256) cipher algorithm"
562 The CAST6 encryption algorithm (synonymous with CAST-256) is
563 described in RFC2612.
566 tristate "DES and Triple DES EDE cipher algorithms"
569 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
572 tristate "FCrypt cipher algorithm"
574 select CRYPTO_BLKCIPHER
576 FCrypt algorithm used by RxRPC.
579 tristate "Khazad cipher algorithm"
582 Khazad cipher algorithm.
584 Khazad was a finalist in the initial NESSIE competition. It is
585 an algorithm optimized for 64-bit processors with good performance
586 on 32-bit processors. Khazad uses an 128 bit key size.
589 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
591 config CRYPTO_SALSA20
592 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
593 depends on EXPERIMENTAL
594 select CRYPTO_BLKCIPHER
596 Salsa20 stream cipher algorithm.
598 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
599 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
601 The Salsa20 stream cipher algorithm is designed by Daniel J.
602 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
604 config CRYPTO_SALSA20_586
605 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
606 depends on (X86 || UML_X86) && !64BIT
607 depends on EXPERIMENTAL
608 select CRYPTO_BLKCIPHER
610 Salsa20 stream cipher algorithm.
612 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
613 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
615 The Salsa20 stream cipher algorithm is designed by Daniel J.
616 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
618 config CRYPTO_SALSA20_X86_64
619 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
620 depends on (X86 || UML_X86) && 64BIT
621 depends on EXPERIMENTAL
622 select CRYPTO_BLKCIPHER
624 Salsa20 stream cipher algorithm.
626 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
627 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
629 The Salsa20 stream cipher algorithm is designed by Daniel J.
630 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
633 tristate "SEED cipher algorithm"
636 SEED cipher algorithm (RFC4269).
638 SEED is a 128-bit symmetric key block cipher that has been
639 developed by KISA (Korea Information Security Agency) as a
640 national standard encryption algorithm of the Republic of Korea.
641 It is a 16 round block cipher with the key size of 128 bit.
644 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
646 config CRYPTO_SERPENT
647 tristate "Serpent cipher algorithm"
650 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
652 Keys are allowed to be from 0 to 256 bits in length, in steps
653 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
654 variant of Serpent for compatibility with old kerneli.org code.
657 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
660 tristate "TEA, XTEA and XETA cipher algorithms"
663 TEA cipher algorithm.
665 Tiny Encryption Algorithm is a simple cipher that uses
666 many rounds for security. It is very fast and uses
669 Xtendend Tiny Encryption Algorithm is a modification to
670 the TEA algorithm to address a potential key weakness
671 in the TEA algorithm.
673 Xtendend Encryption Tiny Algorithm is a mis-implementation
674 of the XTEA algorithm for compatibility purposes.
676 config CRYPTO_TWOFISH
677 tristate "Twofish cipher algorithm"
679 select CRYPTO_TWOFISH_COMMON
681 Twofish cipher algorithm.
683 Twofish was submitted as an AES (Advanced Encryption Standard)
684 candidate cipher by researchers at CounterPane Systems. It is a
685 16 round block cipher supporting key sizes of 128, 192, and 256
689 <http://www.schneier.com/twofish.html>
691 config CRYPTO_TWOFISH_COMMON
694 Common parts of the Twofish cipher algorithm shared by the
695 generic c and the assembler implementations.
697 config CRYPTO_TWOFISH_586
698 tristate "Twofish cipher algorithms (i586)"
699 depends on (X86 || UML_X86) && !64BIT
701 select CRYPTO_TWOFISH_COMMON
703 Twofish cipher algorithm.
705 Twofish was submitted as an AES (Advanced Encryption Standard)
706 candidate cipher by researchers at CounterPane Systems. It is a
707 16 round block cipher supporting key sizes of 128, 192, and 256
711 <http://www.schneier.com/twofish.html>
713 config CRYPTO_TWOFISH_X86_64
714 tristate "Twofish cipher algorithm (x86_64)"
715 depends on (X86 || UML_X86) && 64BIT
717 select CRYPTO_TWOFISH_COMMON
719 Twofish cipher algorithm (x86_64).
721 Twofish was submitted as an AES (Advanced Encryption Standard)
722 candidate cipher by researchers at CounterPane Systems. It is a
723 16 round block cipher supporting key sizes of 128, 192, and 256
727 <http://www.schneier.com/twofish.html>
729 comment "Compression"
731 config CRYPTO_DEFLATE
732 tristate "Deflate compression algorithm"
737 This is the Deflate algorithm (RFC1951), specified for use in
738 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
740 You will most probably want this if using IPSec.
743 tristate "LZO compression algorithm"
746 select LZO_DECOMPRESS
748 This is the LZO algorithm.
750 comment "Random Number Generation"
752 config CRYPTO_ANSI_CPRNG
753 tristate "Pseudo Random Number Generation for Cryptographic modules"
758 This option enables the generic pseudo random number generator
759 for cryptographic modules. Uses the Algorithm specified in
762 source "drivers/crypto/Kconfig"