2 # Generic algorithms support
8 # async_tx api: hardware offloaded memory transfer/transform support
10 source "crypto/async_tx/Kconfig"
13 # Cryptographic API Configuration
16 tristate "Cryptographic API"
18 This option provides the core Cryptographic API.
22 comment "Crypto core or helper"
25 bool "FIPS 200 compliance"
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
36 This option provides the API for cryptographic algorithms.
50 config CRYPTO_BLKCIPHER
52 select CRYPTO_BLKCIPHER2
55 config CRYPTO_BLKCIPHER2
59 select CRYPTO_WORKQUEUE
84 tristate "Cryptographic algorithm manager"
85 select CRYPTO_MANAGER2
87 Create default cryptographic template instantiations such as
90 config CRYPTO_MANAGER2
91 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
94 select CRYPTO_BLKCIPHER2
96 config CRYPTO_GF128MUL
97 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
98 depends on EXPERIMENTAL
100 Efficient table driven implementation of multiplications in the
101 field GF(2^128). This is needed by some cypher modes. This
102 option will be selected automatically if you select such a
103 cipher mode. Only select this option by hand if you expect to load
104 an external module that requires these functions.
107 tristate "Null algorithms"
109 select CRYPTO_BLKCIPHER
112 These are 'Null' algorithms, used by IPsec, which do nothing.
114 config CRYPTO_WORKQUEUE
118 tristate "Software async crypto daemon"
119 select CRYPTO_BLKCIPHER
121 select CRYPTO_MANAGER
122 select CRYPTO_WORKQUEUE
124 This is a generic software asynchronous crypto daemon that
125 converts an arbitrary synchronous software crypto algorithm
126 into an asynchronous algorithm that executes in a kernel thread.
128 config CRYPTO_AUTHENC
129 tristate "Authenc support"
131 select CRYPTO_BLKCIPHER
132 select CRYPTO_MANAGER
135 Authenc: Combined mode wrapper for IPsec.
136 This is required for IPSec.
139 tristate "Testing module"
141 select CRYPTO_MANAGER
143 Quick & dirty crypto test module.
145 comment "Authenticated Encryption with Associated Data"
148 tristate "CCM support"
152 Support for Counter with CBC MAC. Required for IPsec.
155 tristate "GCM/GMAC support"
158 select CRYPTO_GF128MUL
160 Support for Galois/Counter Mode (GCM) and Galois Message
161 Authentication Code (GMAC). Required for IPSec.
164 tristate "Sequence Number IV Generator"
166 select CRYPTO_BLKCIPHER
169 This IV generator generates an IV based on a sequence number by
170 xoring it with a salt. This algorithm is mainly useful for CTR
172 comment "Block modes"
175 tristate "CBC support"
176 select CRYPTO_BLKCIPHER
177 select CRYPTO_MANAGER
179 CBC: Cipher Block Chaining mode
180 This block cipher algorithm is required for IPSec.
183 tristate "CTR support"
184 select CRYPTO_BLKCIPHER
186 select CRYPTO_MANAGER
189 This block cipher algorithm is required for IPSec.
192 tristate "CTS support"
193 select CRYPTO_BLKCIPHER
195 CTS: Cipher Text Stealing
196 This is the Cipher Text Stealing mode as described by
197 Section 8 of rfc2040 and referenced by rfc3962.
198 (rfc3962 includes errata information in its Appendix A)
199 This mode is required for Kerberos gss mechanism support
203 tristate "ECB support"
204 select CRYPTO_BLKCIPHER
205 select CRYPTO_MANAGER
207 ECB: Electronic CodeBook mode
208 This is the simplest block cipher algorithm. It simply encrypts
209 the input block by block.
212 tristate "LRW support (EXPERIMENTAL)"
213 depends on EXPERIMENTAL
214 select CRYPTO_BLKCIPHER
215 select CRYPTO_MANAGER
216 select CRYPTO_GF128MUL
218 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
219 narrow block cipher mode for dm-crypt. Use it with cipher
220 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
221 The first 128, 192 or 256 bits in the key are used for AES and the
222 rest is used to tie each cipher block to its logical position.
225 tristate "PCBC support"
226 select CRYPTO_BLKCIPHER
227 select CRYPTO_MANAGER
229 PCBC: Propagating Cipher Block Chaining mode
230 This block cipher algorithm is required for RxRPC.
233 tristate "XTS support (EXPERIMENTAL)"
234 depends on EXPERIMENTAL
235 select CRYPTO_BLKCIPHER
236 select CRYPTO_MANAGER
237 select CRYPTO_GF128MUL
239 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
240 key size 256, 384 or 512 bits. This implementation currently
241 can't handle a sectorsize which is not a multiple of 16 bytes.
246 tristate "HMAC support"
248 select CRYPTO_MANAGER
250 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
251 This is required for IPSec.
254 tristate "XCBC support"
255 depends on EXPERIMENTAL
257 select CRYPTO_MANAGER
259 XCBC: Keyed-Hashing with encryption algorithm
260 http://www.ietf.org/rfc/rfc3566.txt
261 http://csrc.nist.gov/encryption/modes/proposedmodes/
262 xcbc-mac/xcbc-mac-spec.pdf
267 tristate "CRC32c CRC algorithm"
270 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
271 by iSCSI for header and data digests and by others.
272 See Castagnoli93. Module will be crc32c.
274 config CRYPTO_CRC32C_INTEL
275 tristate "CRC32c INTEL hardware acceleration"
279 In Intel processor with SSE4.2 supported, the processor will
280 support CRC32C implementation using hardware accelerated CRC32
281 instruction. This option will create 'crc32c-intel' module,
282 which will enable any routine to use the CRC32 instruction to
283 gain performance compared with software implementation.
284 Module will be crc32c-intel.
287 tristate "MD4 digest algorithm"
290 MD4 message digest algorithm (RFC1320).
293 tristate "MD5 digest algorithm"
296 MD5 message digest algorithm (RFC1321).
298 config CRYPTO_MICHAEL_MIC
299 tristate "Michael MIC keyed digest algorithm"
302 Michael MIC is used for message integrity protection in TKIP
303 (IEEE 802.11i). This algorithm is required for TKIP, but it
304 should not be used for other purposes because of the weakness
308 tristate "RIPEMD-128 digest algorithm"
311 RIPEMD-128 (ISO/IEC 10118-3:2004).
313 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
314 to be used as a secure replacement for RIPEMD. For other use cases
315 RIPEMD-160 should be used.
317 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
318 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
321 tristate "RIPEMD-160 digest algorithm"
324 RIPEMD-160 (ISO/IEC 10118-3:2004).
326 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
327 to be used as a secure replacement for the 128-bit hash functions
328 MD4, MD5 and it's predecessor RIPEMD
329 (not to be confused with RIPEMD-128).
331 It's speed is comparable to SHA1 and there are no known attacks
334 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
335 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
338 tristate "RIPEMD-256 digest algorithm"
341 RIPEMD-256 is an optional extension of RIPEMD-128 with a
342 256 bit hash. It is intended for applications that require
343 longer hash-results, without needing a larger security level
346 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
347 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
350 tristate "RIPEMD-320 digest algorithm"
353 RIPEMD-320 is an optional extension of RIPEMD-160 with a
354 320 bit hash. It is intended for applications that require
355 longer hash-results, without needing a larger security level
358 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
359 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
362 tristate "SHA1 digest algorithm"
365 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
368 tristate "SHA224 and SHA256 digest algorithm"
371 SHA256 secure hash standard (DFIPS 180-2).
373 This version of SHA implements a 256 bit hash with 128 bits of
374 security against collision attacks.
376 This code also includes SHA-224, a 224 bit hash with 112 bits
377 of security against collision attacks.
380 tristate "SHA384 and SHA512 digest algorithms"
383 SHA512 secure hash standard (DFIPS 180-2).
385 This version of SHA implements a 512 bit hash with 256 bits of
386 security against collision attacks.
388 This code also includes SHA-384, a 384 bit hash with 192 bits
389 of security against collision attacks.
392 tristate "Tiger digest algorithms"
395 Tiger hash algorithm 192, 160 and 128-bit hashes
397 Tiger is a hash function optimized for 64-bit processors while
398 still having decent performance on 32-bit processors.
399 Tiger was developed by Ross Anderson and Eli Biham.
402 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
405 tristate "Whirlpool digest algorithms"
408 Whirlpool hash algorithm 512, 384 and 256-bit hashes
410 Whirlpool-512 is part of the NESSIE cryptographic primitives.
411 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
414 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
419 tristate "AES cipher algorithms"
422 AES cipher algorithms (FIPS-197). AES uses the Rijndael
425 Rijndael appears to be consistently a very good performer in
426 both hardware and software across a wide range of computing
427 environments regardless of its use in feedback or non-feedback
428 modes. Its key setup time is excellent, and its key agility is
429 good. Rijndael's very low memory requirements make it very well
430 suited for restricted-space environments, in which it also
431 demonstrates excellent performance. Rijndael's operations are
432 among the easiest to defend against power and timing attacks.
434 The AES specifies three key sizes: 128, 192 and 256 bits
436 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
438 config CRYPTO_AES_586
439 tristate "AES cipher algorithms (i586)"
440 depends on (X86 || UML_X86) && !64BIT
444 AES cipher algorithms (FIPS-197). AES uses the Rijndael
447 Rijndael appears to be consistently a very good performer in
448 both hardware and software across a wide range of computing
449 environments regardless of its use in feedback or non-feedback
450 modes. Its key setup time is excellent, and its key agility is
451 good. Rijndael's very low memory requirements make it very well
452 suited for restricted-space environments, in which it also
453 demonstrates excellent performance. Rijndael's operations are
454 among the easiest to defend against power and timing attacks.
456 The AES specifies three key sizes: 128, 192 and 256 bits
458 See <http://csrc.nist.gov/encryption/aes/> for more information.
460 config CRYPTO_AES_X86_64
461 tristate "AES cipher algorithms (x86_64)"
462 depends on (X86 || UML_X86) && 64BIT
466 AES cipher algorithms (FIPS-197). AES uses the Rijndael
469 Rijndael appears to be consistently a very good performer in
470 both hardware and software across a wide range of computing
471 environments regardless of its use in feedback or non-feedback
472 modes. Its key setup time is excellent, and its key agility is
473 good. Rijndael's very low memory requirements make it very well
474 suited for restricted-space environments, in which it also
475 demonstrates excellent performance. Rijndael's operations are
476 among the easiest to defend against power and timing attacks.
478 The AES specifies three key sizes: 128, 192 and 256 bits
480 See <http://csrc.nist.gov/encryption/aes/> for more information.
482 config CRYPTO_AES_NI_INTEL
483 tristate "AES cipher algorithms (AES-NI)"
484 depends on (X86 || UML_X86) && 64BIT
485 select CRYPTO_AES_X86_64
489 Use Intel AES-NI instructions for AES algorithm.
491 AES cipher algorithms (FIPS-197). AES uses the Rijndael
494 Rijndael appears to be consistently a very good performer in
495 both hardware and software across a wide range of computing
496 environments regardless of its use in feedback or non-feedback
497 modes. Its key setup time is excellent, and its key agility is
498 good. Rijndael's very low memory requirements make it very well
499 suited for restricted-space environments, in which it also
500 demonstrates excellent performance. Rijndael's operations are
501 among the easiest to defend against power and timing attacks.
503 The AES specifies three key sizes: 128, 192 and 256 bits
505 See <http://csrc.nist.gov/encryption/aes/> for more information.
508 tristate "Anubis cipher algorithm"
511 Anubis cipher algorithm.
513 Anubis is a variable key length cipher which can use keys from
514 128 bits to 320 bits in length. It was evaluated as a entrant
515 in the NESSIE competition.
518 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
519 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
522 tristate "ARC4 cipher algorithm"
525 ARC4 cipher algorithm.
527 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
528 bits in length. This algorithm is required for driver-based
529 WEP, but it should not be for other purposes because of the
530 weakness of the algorithm.
532 config CRYPTO_BLOWFISH
533 tristate "Blowfish cipher algorithm"
536 Blowfish cipher algorithm, by Bruce Schneier.
538 This is a variable key length cipher which can use keys from 32
539 bits to 448 bits in length. It's fast, simple and specifically
540 designed for use on "large microprocessors".
543 <http://www.schneier.com/blowfish.html>
545 config CRYPTO_CAMELLIA
546 tristate "Camellia cipher algorithms"
550 Camellia cipher algorithms module.
552 Camellia is a symmetric key block cipher developed jointly
553 at NTT and Mitsubishi Electric Corporation.
555 The Camellia specifies three key sizes: 128, 192 and 256 bits.
558 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
561 tristate "CAST5 (CAST-128) cipher algorithm"
564 The CAST5 encryption algorithm (synonymous with CAST-128) is
565 described in RFC2144.
568 tristate "CAST6 (CAST-256) cipher algorithm"
571 The CAST6 encryption algorithm (synonymous with CAST-256) is
572 described in RFC2612.
575 tristate "DES and Triple DES EDE cipher algorithms"
578 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
581 tristate "FCrypt cipher algorithm"
583 select CRYPTO_BLKCIPHER
585 FCrypt algorithm used by RxRPC.
588 tristate "Khazad cipher algorithm"
591 Khazad cipher algorithm.
593 Khazad was a finalist in the initial NESSIE competition. It is
594 an algorithm optimized for 64-bit processors with good performance
595 on 32-bit processors. Khazad uses an 128 bit key size.
598 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
600 config CRYPTO_SALSA20
601 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
602 depends on EXPERIMENTAL
603 select CRYPTO_BLKCIPHER
605 Salsa20 stream cipher algorithm.
607 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
608 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
610 The Salsa20 stream cipher algorithm is designed by Daniel J.
611 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
613 config CRYPTO_SALSA20_586
614 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
615 depends on (X86 || UML_X86) && !64BIT
616 depends on EXPERIMENTAL
617 select CRYPTO_BLKCIPHER
619 Salsa20 stream cipher algorithm.
621 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
622 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
624 The Salsa20 stream cipher algorithm is designed by Daniel J.
625 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
627 config CRYPTO_SALSA20_X86_64
628 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
629 depends on (X86 || UML_X86) && 64BIT
630 depends on EXPERIMENTAL
631 select CRYPTO_BLKCIPHER
633 Salsa20 stream cipher algorithm.
635 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
636 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
638 The Salsa20 stream cipher algorithm is designed by Daniel J.
639 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
642 tristate "SEED cipher algorithm"
645 SEED cipher algorithm (RFC4269).
647 SEED is a 128-bit symmetric key block cipher that has been
648 developed by KISA (Korea Information Security Agency) as a
649 national standard encryption algorithm of the Republic of Korea.
650 It is a 16 round block cipher with the key size of 128 bit.
653 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
655 config CRYPTO_SERPENT
656 tristate "Serpent cipher algorithm"
659 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
661 Keys are allowed to be from 0 to 256 bits in length, in steps
662 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
663 variant of Serpent for compatibility with old kerneli.org code.
666 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
669 tristate "TEA, XTEA and XETA cipher algorithms"
672 TEA cipher algorithm.
674 Tiny Encryption Algorithm is a simple cipher that uses
675 many rounds for security. It is very fast and uses
678 Xtendend Tiny Encryption Algorithm is a modification to
679 the TEA algorithm to address a potential key weakness
680 in the TEA algorithm.
682 Xtendend Encryption Tiny Algorithm is a mis-implementation
683 of the XTEA algorithm for compatibility purposes.
685 config CRYPTO_TWOFISH
686 tristate "Twofish cipher algorithm"
688 select CRYPTO_TWOFISH_COMMON
690 Twofish cipher algorithm.
692 Twofish was submitted as an AES (Advanced Encryption Standard)
693 candidate cipher by researchers at CounterPane Systems. It is a
694 16 round block cipher supporting key sizes of 128, 192, and 256
698 <http://www.schneier.com/twofish.html>
700 config CRYPTO_TWOFISH_COMMON
703 Common parts of the Twofish cipher algorithm shared by the
704 generic c and the assembler implementations.
706 config CRYPTO_TWOFISH_586
707 tristate "Twofish cipher algorithms (i586)"
708 depends on (X86 || UML_X86) && !64BIT
710 select CRYPTO_TWOFISH_COMMON
712 Twofish cipher algorithm.
714 Twofish was submitted as an AES (Advanced Encryption Standard)
715 candidate cipher by researchers at CounterPane Systems. It is a
716 16 round block cipher supporting key sizes of 128, 192, and 256
720 <http://www.schneier.com/twofish.html>
722 config CRYPTO_TWOFISH_X86_64
723 tristate "Twofish cipher algorithm (x86_64)"
724 depends on (X86 || UML_X86) && 64BIT
726 select CRYPTO_TWOFISH_COMMON
728 Twofish cipher algorithm (x86_64).
730 Twofish was submitted as an AES (Advanced Encryption Standard)
731 candidate cipher by researchers at CounterPane Systems. It is a
732 16 round block cipher supporting key sizes of 128, 192, and 256
736 <http://www.schneier.com/twofish.html>
738 comment "Compression"
740 config CRYPTO_DEFLATE
741 tristate "Deflate compression algorithm"
746 This is the Deflate algorithm (RFC1951), specified for use in
747 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
749 You will most probably want this if using IPSec.
752 tristate "LZO compression algorithm"
755 select LZO_DECOMPRESS
757 This is the LZO algorithm.
759 comment "Random Number Generation"
761 config CRYPTO_ANSI_CPRNG
762 tristate "Pseudo Random Number Generation for Cryptographic modules"
767 This option enables the generic pseudo random number generator
768 for cryptographic modules. Uses the Algorithm specified in
771 source "drivers/crypto/Kconfig"