2 # Generic algorithms support
8 # Cryptographic API Configuration
11 menu "Cryptographic options"
14 bool "Cryptographic API"
16 This option provides the core Cryptographic API.
23 This option provides the API for cryptographic algorithms.
25 config CRYPTO_ABLKCIPHER
27 select CRYPTO_BLKCIPHER
29 config CRYPTO_BLKCIPHER
38 tristate "Cryptographic algorithm manager"
41 Create default cryptographic template instantiations such as
45 tristate "HMAC support"
49 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
50 This is required for IPSec.
53 tristate "XCBC support"
54 depends on EXPERIMENTAL
58 XCBC: Keyed-Hashing with encryption algorithm
59 http://www.ietf.org/rfc/rfc3566.txt
60 http://csrc.nist.gov/encryption/modes/proposedmodes/
61 xcbc-mac/xcbc-mac-spec.pdf
64 tristate "Null algorithms"
67 These are 'Null' algorithms, used by IPsec, which do nothing.
70 tristate "MD4 digest algorithm"
73 MD4 message digest algorithm (RFC1320).
76 tristate "MD5 digest algorithm"
79 MD5 message digest algorithm (RFC1321).
82 tristate "SHA1 digest algorithm"
85 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
88 tristate "SHA256 digest algorithm"
91 SHA256 secure hash standard (DFIPS 180-2).
93 This version of SHA implements a 256 bit hash with 128 bits of
94 security against collision attacks.
97 tristate "SHA384 and SHA512 digest algorithms"
100 SHA512 secure hash standard (DFIPS 180-2).
102 This version of SHA implements a 512 bit hash with 256 bits of
103 security against collision attacks.
105 This code also includes SHA-384, a 384 bit hash with 192 bits
106 of security against collision attacks.
109 tristate "Whirlpool digest algorithms"
112 Whirlpool hash algorithm 512, 384 and 256-bit hashes
114 Whirlpool-512 is part of the NESSIE cryptographic primitives.
115 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
118 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
121 tristate "Tiger digest algorithms"
124 Tiger hash algorithm 192, 160 and 128-bit hashes
126 Tiger is a hash function optimized for 64-bit processors while
127 still having decent performance on 32-bit processors.
128 Tiger was developed by Ross Anderson and Eli Biham.
131 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
133 config CRYPTO_GF128MUL
134 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
135 depends on EXPERIMENTAL
137 Efficient table driven implementation of multiplications in the
138 field GF(2^128). This is needed by some cypher modes. This
139 option will be selected automatically if you select such a
140 cipher mode. Only select this option by hand if you expect to load
141 an external module that requires these functions.
144 tristate "ECB support"
145 select CRYPTO_BLKCIPHER
146 select CRYPTO_MANAGER
149 ECB: Electronic CodeBook mode
150 This is the simplest block cipher algorithm. It simply encrypts
151 the input block by block.
154 tristate "CBC support"
155 select CRYPTO_BLKCIPHER
156 select CRYPTO_MANAGER
159 CBC: Cipher Block Chaining mode
160 This block cipher algorithm is required for IPSec.
163 tristate "PCBC support"
164 select CRYPTO_BLKCIPHER
165 select CRYPTO_MANAGER
168 PCBC: Propagating Cipher Block Chaining mode
169 This block cipher algorithm is required for RxRPC.
172 tristate "LRW support (EXPERIMENTAL)"
173 depends on EXPERIMENTAL
174 select CRYPTO_BLKCIPHER
175 select CRYPTO_MANAGER
176 select CRYPTO_GF128MUL
178 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
179 narrow block cipher mode for dm-crypt. Use it with cipher
180 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
181 The first 128, 192 or 256 bits in the key are used for AES and the
182 rest is used to tie each cipher block to its logical position.
185 tristate "Software async crypto daemon"
186 select CRYPTO_ABLKCIPHER
187 select CRYPTO_MANAGER
189 This is a generic software asynchronous crypto daemon that
190 converts an arbitrary synchronous software crypto algorithm
191 into an asynchronous algorithm that executes in a kernel thread.
194 tristate "DES and Triple DES EDE cipher algorithms"
197 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
200 tristate "FCrypt cipher algorithm"
202 select CRYPTO_BLKCIPHER
204 FCrypt algorithm used by RxRPC.
206 config CRYPTO_BLOWFISH
207 tristate "Blowfish cipher algorithm"
210 Blowfish cipher algorithm, by Bruce Schneier.
212 This is a variable key length cipher which can use keys from 32
213 bits to 448 bits in length. It's fast, simple and specifically
214 designed for use on "large microprocessors".
217 <http://www.schneier.com/blowfish.html>
219 config CRYPTO_TWOFISH
220 tristate "Twofish cipher algorithm"
222 select CRYPTO_TWOFISH_COMMON
224 Twofish cipher algorithm.
226 Twofish was submitted as an AES (Advanced Encryption Standard)
227 candidate cipher by researchers at CounterPane Systems. It is a
228 16 round block cipher supporting key sizes of 128, 192, and 256
232 <http://www.schneier.com/twofish.html>
234 config CRYPTO_TWOFISH_COMMON
237 Common parts of the Twofish cipher algorithm shared by the
238 generic c and the assembler implementations.
240 config CRYPTO_TWOFISH_586
241 tristate "Twofish cipher algorithms (i586)"
242 depends on (X86 || UML_X86) && !64BIT
244 select CRYPTO_TWOFISH_COMMON
246 Twofish cipher algorithm.
248 Twofish was submitted as an AES (Advanced Encryption Standard)
249 candidate cipher by researchers at CounterPane Systems. It is a
250 16 round block cipher supporting key sizes of 128, 192, and 256
254 <http://www.schneier.com/twofish.html>
256 config CRYPTO_TWOFISH_X86_64
257 tristate "Twofish cipher algorithm (x86_64)"
258 depends on (X86 || UML_X86) && 64BIT
260 select CRYPTO_TWOFISH_COMMON
262 Twofish cipher algorithm (x86_64).
264 Twofish was submitted as an AES (Advanced Encryption Standard)
265 candidate cipher by researchers at CounterPane Systems. It is a
266 16 round block cipher supporting key sizes of 128, 192, and 256
270 <http://www.schneier.com/twofish.html>
272 config CRYPTO_SERPENT
273 tristate "Serpent cipher algorithm"
276 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
278 Keys are allowed to be from 0 to 256 bits in length, in steps
279 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
280 variant of Serpent for compatibility with old kerneli.org code.
283 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
286 tristate "AES cipher algorithms"
289 AES cipher algorithms (FIPS-197). AES uses the Rijndael
292 Rijndael appears to be consistently a very good performer in
293 both hardware and software across a wide range of computing
294 environments regardless of its use in feedback or non-feedback
295 modes. Its key setup time is excellent, and its key agility is
296 good. Rijndael's very low memory requirements make it very well
297 suited for restricted-space environments, in which it also
298 demonstrates excellent performance. Rijndael's operations are
299 among the easiest to defend against power and timing attacks.
301 The AES specifies three key sizes: 128, 192 and 256 bits
303 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
305 config CRYPTO_AES_586
306 tristate "AES cipher algorithms (i586)"
307 depends on (X86 || UML_X86) && !64BIT
310 AES cipher algorithms (FIPS-197). AES uses the Rijndael
313 Rijndael appears to be consistently a very good performer in
314 both hardware and software across a wide range of computing
315 environments regardless of its use in feedback or non-feedback
316 modes. Its key setup time is excellent, and its key agility is
317 good. Rijndael's very low memory requirements make it very well
318 suited for restricted-space environments, in which it also
319 demonstrates excellent performance. Rijndael's operations are
320 among the easiest to defend against power and timing attacks.
322 The AES specifies three key sizes: 128, 192 and 256 bits
324 See <http://csrc.nist.gov/encryption/aes/> for more information.
326 config CRYPTO_AES_X86_64
327 tristate "AES cipher algorithms (x86_64)"
328 depends on (X86 || UML_X86) && 64BIT
331 AES cipher algorithms (FIPS-197). AES uses the Rijndael
334 Rijndael appears to be consistently a very good performer in
335 both hardware and software across a wide range of computing
336 environments regardless of its use in feedback or non-feedback
337 modes. Its key setup time is excellent, and its key agility is
338 good. Rijndael's very low memory requirements make it very well
339 suited for restricted-space environments, in which it also
340 demonstrates excellent performance. Rijndael's operations are
341 among the easiest to defend against power and timing attacks.
343 The AES specifies three key sizes: 128, 192 and 256 bits
345 See <http://csrc.nist.gov/encryption/aes/> for more information.
348 tristate "CAST5 (CAST-128) cipher algorithm"
351 The CAST5 encryption algorithm (synonymous with CAST-128) is
352 described in RFC2144.
355 tristate "CAST6 (CAST-256) cipher algorithm"
358 The CAST6 encryption algorithm (synonymous with CAST-256) is
359 described in RFC2612.
362 tristate "TEA, XTEA and XETA cipher algorithms"
365 TEA cipher algorithm.
367 Tiny Encryption Algorithm is a simple cipher that uses
368 many rounds for security. It is very fast and uses
371 Xtendend Tiny Encryption Algorithm is a modification to
372 the TEA algorithm to address a potential key weakness
373 in the TEA algorithm.
375 Xtendend Encryption Tiny Algorithm is a mis-implementation
376 of the XTEA algorithm for compatibility purposes.
379 tristate "ARC4 cipher algorithm"
382 ARC4 cipher algorithm.
384 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
385 bits in length. This algorithm is required for driver-based
386 WEP, but it should not be for other purposes because of the
387 weakness of the algorithm.
390 tristate "Khazad cipher algorithm"
393 Khazad cipher algorithm.
395 Khazad was a finalist in the initial NESSIE competition. It is
396 an algorithm optimized for 64-bit processors with good performance
397 on 32-bit processors. Khazad uses an 128 bit key size.
400 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
403 tristate "Anubis cipher algorithm"
406 Anubis cipher algorithm.
408 Anubis is a variable key length cipher which can use keys from
409 128 bits to 320 bits in length. It was evaluated as a entrant
410 in the NESSIE competition.
413 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
414 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
417 config CRYPTO_DEFLATE
418 tristate "Deflate compression algorithm"
423 This is the Deflate algorithm (RFC1951), specified for use in
424 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
426 You will most probably want this if using IPSec.
428 config CRYPTO_MICHAEL_MIC
429 tristate "Michael MIC keyed digest algorithm"
432 Michael MIC is used for message integrity protection in TKIP
433 (IEEE 802.11i). This algorithm is required for TKIP, but it
434 should not be used for other purposes because of the weakness
438 tristate "CRC32c CRC algorithm"
442 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
443 by iSCSI for header and data digests and by others.
444 See Castagnoli93. This implementation uses lib/libcrc32c.
445 Module will be crc32c.
447 config CRYPTO_CAMELLIA
448 tristate "Camellia cipher algorithms"
452 Camellia cipher algorithms module.
454 Camellia is a symmetric key block cipher developed jointly
455 at NTT and Mitsubishi Electric Corporation.
457 The Camellia specifies three key sizes: 128, 192 and 256 bits.
460 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
463 tristate "Testing module"
467 Quick & dirty crypto test module.
469 source "drivers/crypto/Kconfig"