xref: /openbmc/linux/crypto/Kconfig (revision 643d1f7f)
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	bool "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22config CRYPTO_ALGAPI
23	tristate
24	help
25	  This option provides the API for cryptographic algorithms.
26
27config CRYPTO_AEAD
28	tristate
29	select CRYPTO_ALGAPI
30
31config CRYPTO_BLKCIPHER
32	tristate
33	select CRYPTO_ALGAPI
34
35config CRYPTO_SEQIV
36	tristate "Sequence Number IV Generator"
37	select CRYPTO_AEAD
38	select CRYPTO_BLKCIPHER
39	help
40	  This IV generator generates an IV based on a sequence number by
41	  xoring it with a salt.  This algorithm is mainly useful for CTR
42	  and similar modes.
43
44config CRYPTO_HASH
45	tristate
46	select CRYPTO_ALGAPI
47
48config CRYPTO_MANAGER
49	tristate "Cryptographic algorithm manager"
50	select CRYPTO_ALGAPI
51	help
52	  Create default cryptographic template instantiations such as
53	  cbc(aes).
54
55config CRYPTO_HMAC
56	tristate "HMAC support"
57	select CRYPTO_HASH
58	select CRYPTO_MANAGER
59	help
60	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
61	  This is required for IPSec.
62
63config CRYPTO_XCBC
64	tristate "XCBC support"
65	depends on EXPERIMENTAL
66	select CRYPTO_HASH
67	select CRYPTO_MANAGER
68	help
69	  XCBC: Keyed-Hashing with encryption algorithm
70		http://www.ietf.org/rfc/rfc3566.txt
71		http://csrc.nist.gov/encryption/modes/proposedmodes/
72		 xcbc-mac/xcbc-mac-spec.pdf
73
74config CRYPTO_NULL
75	tristate "Null algorithms"
76	select CRYPTO_ALGAPI
77	help
78	  These are 'Null' algorithms, used by IPsec, which do nothing.
79
80config CRYPTO_MD4
81	tristate "MD4 digest algorithm"
82	select CRYPTO_ALGAPI
83	help
84	  MD4 message digest algorithm (RFC1320).
85
86config CRYPTO_MD5
87	tristate "MD5 digest algorithm"
88	select CRYPTO_ALGAPI
89	help
90	  MD5 message digest algorithm (RFC1321).
91
92config CRYPTO_SHA1
93	tristate "SHA1 digest algorithm"
94	select CRYPTO_ALGAPI
95	help
96	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
97
98config CRYPTO_SHA256
99	tristate "SHA224 and SHA256 digest algorithm"
100	select CRYPTO_ALGAPI
101	help
102	  SHA256 secure hash standard (DFIPS 180-2).
103
104	  This version of SHA implements a 256 bit hash with 128 bits of
105	  security against collision attacks.
106
107          This code also includes SHA-224, a 224 bit hash with 112 bits
108          of security against collision attacks.
109
110config CRYPTO_SHA512
111	tristate "SHA384 and SHA512 digest algorithms"
112	select CRYPTO_ALGAPI
113	help
114	  SHA512 secure hash standard (DFIPS 180-2).
115
116	  This version of SHA implements a 512 bit hash with 256 bits of
117	  security against collision attacks.
118
119	  This code also includes SHA-384, a 384 bit hash with 192 bits
120	  of security against collision attacks.
121
122config CRYPTO_WP512
123	tristate "Whirlpool digest algorithms"
124	select CRYPTO_ALGAPI
125	help
126	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
127
128	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
129	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
130
131	  See also:
132	  <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
133
134config CRYPTO_TGR192
135	tristate "Tiger digest algorithms"
136	select CRYPTO_ALGAPI
137	help
138	  Tiger hash algorithm 192, 160 and 128-bit hashes
139
140	  Tiger is a hash function optimized for 64-bit processors while
141	  still having decent performance on 32-bit processors.
142	  Tiger was developed by Ross Anderson and Eli Biham.
143
144	  See also:
145	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
146
147config CRYPTO_GF128MUL
148	tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
149	depends on EXPERIMENTAL
150	help
151	  Efficient table driven implementation of multiplications in the
152	  field GF(2^128).  This is needed by some cypher modes. This
153	  option will be selected automatically if you select such a
154	  cipher mode.  Only select this option by hand if you expect to load
155	  an external module that requires these functions.
156
157config CRYPTO_ECB
158	tristate "ECB support"
159	select CRYPTO_BLKCIPHER
160	select CRYPTO_MANAGER
161	help
162	  ECB: Electronic CodeBook mode
163	  This is the simplest block cipher algorithm.  It simply encrypts
164	  the input block by block.
165
166config CRYPTO_CBC
167	tristate "CBC support"
168	select CRYPTO_BLKCIPHER
169	select CRYPTO_MANAGER
170	help
171	  CBC: Cipher Block Chaining mode
172	  This block cipher algorithm is required for IPSec.
173
174config CRYPTO_PCBC
175	tristate "PCBC support"
176	select CRYPTO_BLKCIPHER
177	select CRYPTO_MANAGER
178	help
179	  PCBC: Propagating Cipher Block Chaining mode
180	  This block cipher algorithm is required for RxRPC.
181
182config CRYPTO_LRW
183	tristate "LRW support (EXPERIMENTAL)"
184	depends on EXPERIMENTAL
185	select CRYPTO_BLKCIPHER
186	select CRYPTO_MANAGER
187	select CRYPTO_GF128MUL
188	help
189	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
190	  narrow block cipher mode for dm-crypt.  Use it with cipher
191	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
192	  The first 128, 192 or 256 bits in the key are used for AES and the
193	  rest is used to tie each cipher block to its logical position.
194
195config CRYPTO_XTS
196	tristate "XTS support (EXPERIMENTAL)"
197	depends on EXPERIMENTAL
198	select CRYPTO_BLKCIPHER
199	select CRYPTO_MANAGER
200	select CRYPTO_GF128MUL
201	help
202	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
203	  key size 256, 384 or 512 bits. This implementation currently
204	  can't handle a sectorsize which is not a multiple of 16 bytes.
205
206config CRYPTO_CTR
207	tristate "CTR support"
208	select CRYPTO_BLKCIPHER
209	select CRYPTO_SEQIV
210	select CRYPTO_MANAGER
211	help
212	  CTR: Counter mode
213	  This block cipher algorithm is required for IPSec.
214
215config CRYPTO_GCM
216	tristate "GCM/GMAC support"
217	select CRYPTO_CTR
218	select CRYPTO_AEAD
219	select CRYPTO_GF128MUL
220	help
221	  Support for Galois/Counter Mode (GCM) and Galois Message
222	  Authentication Code (GMAC). Required for IPSec.
223
224config CRYPTO_CCM
225	tristate "CCM support"
226	select CRYPTO_CTR
227	select CRYPTO_AEAD
228	help
229	  Support for Counter with CBC MAC. Required for IPsec.
230
231config CRYPTO_CRYPTD
232	tristate "Software async crypto daemon"
233	select CRYPTO_BLKCIPHER
234	select CRYPTO_MANAGER
235	help
236	  This is a generic software asynchronous crypto daemon that
237	  converts an arbitrary synchronous software crypto algorithm
238	  into an asynchronous algorithm that executes in a kernel thread.
239
240config CRYPTO_DES
241	tristate "DES and Triple DES EDE cipher algorithms"
242	select CRYPTO_ALGAPI
243	help
244	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
245
246config CRYPTO_FCRYPT
247	tristate "FCrypt cipher algorithm"
248	select CRYPTO_ALGAPI
249	select CRYPTO_BLKCIPHER
250	help
251	  FCrypt algorithm used by RxRPC.
252
253config CRYPTO_BLOWFISH
254	tristate "Blowfish cipher algorithm"
255	select CRYPTO_ALGAPI
256	help
257	  Blowfish cipher algorithm, by Bruce Schneier.
258
259	  This is a variable key length cipher which can use keys from 32
260	  bits to 448 bits in length.  It's fast, simple and specifically
261	  designed for use on "large microprocessors".
262
263	  See also:
264	  <http://www.schneier.com/blowfish.html>
265
266config CRYPTO_TWOFISH
267	tristate "Twofish cipher algorithm"
268	select CRYPTO_ALGAPI
269	select CRYPTO_TWOFISH_COMMON
270	help
271	  Twofish cipher algorithm.
272
273	  Twofish was submitted as an AES (Advanced Encryption Standard)
274	  candidate cipher by researchers at CounterPane Systems.  It is a
275	  16 round block cipher supporting key sizes of 128, 192, and 256
276	  bits.
277
278	  See also:
279	  <http://www.schneier.com/twofish.html>
280
281config CRYPTO_TWOFISH_COMMON
282	tristate
283	help
284	  Common parts of the Twofish cipher algorithm shared by the
285	  generic c and the assembler implementations.
286
287config CRYPTO_TWOFISH_586
288	tristate "Twofish cipher algorithms (i586)"
289	depends on (X86 || UML_X86) && !64BIT
290	select CRYPTO_ALGAPI
291	select CRYPTO_TWOFISH_COMMON
292	help
293	  Twofish cipher algorithm.
294
295	  Twofish was submitted as an AES (Advanced Encryption Standard)
296	  candidate cipher by researchers at CounterPane Systems.  It is a
297	  16 round block cipher supporting key sizes of 128, 192, and 256
298	  bits.
299
300	  See also:
301	  <http://www.schneier.com/twofish.html>
302
303config CRYPTO_TWOFISH_X86_64
304	tristate "Twofish cipher algorithm (x86_64)"
305	depends on (X86 || UML_X86) && 64BIT
306	select CRYPTO_ALGAPI
307	select CRYPTO_TWOFISH_COMMON
308	help
309	  Twofish cipher algorithm (x86_64).
310
311	  Twofish was submitted as an AES (Advanced Encryption Standard)
312	  candidate cipher by researchers at CounterPane Systems.  It is a
313	  16 round block cipher supporting key sizes of 128, 192, and 256
314	  bits.
315
316	  See also:
317	  <http://www.schneier.com/twofish.html>
318
319config CRYPTO_SERPENT
320	tristate "Serpent cipher algorithm"
321	select CRYPTO_ALGAPI
322	help
323	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
324
325	  Keys are allowed to be from 0 to 256 bits in length, in steps
326	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
327	  variant of Serpent for compatibility with old kerneli.org code.
328
329	  See also:
330	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
331
332config CRYPTO_AES
333	tristate "AES cipher algorithms"
334	select CRYPTO_ALGAPI
335	help
336	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
337	  algorithm.
338
339	  Rijndael appears to be consistently a very good performer in
340	  both hardware and software across a wide range of computing
341	  environments regardless of its use in feedback or non-feedback
342	  modes. Its key setup time is excellent, and its key agility is
343	  good. Rijndael's very low memory requirements make it very well
344	  suited for restricted-space environments, in which it also
345	  demonstrates excellent performance. Rijndael's operations are
346	  among the easiest to defend against power and timing attacks.
347
348	  The AES specifies three key sizes: 128, 192 and 256 bits
349
350	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
351
352config CRYPTO_AES_586
353	tristate "AES cipher algorithms (i586)"
354	depends on (X86 || UML_X86) && !64BIT
355	select CRYPTO_ALGAPI
356	select CRYPTO_AES
357	help
358	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
359	  algorithm.
360
361	  Rijndael appears to be consistently a very good performer in
362	  both hardware and software across a wide range of computing
363	  environments regardless of its use in feedback or non-feedback
364	  modes. Its key setup time is excellent, and its key agility is
365	  good. Rijndael's very low memory requirements make it very well
366	  suited for restricted-space environments, in which it also
367	  demonstrates excellent performance. Rijndael's operations are
368	  among the easiest to defend against power and timing attacks.
369
370	  The AES specifies three key sizes: 128, 192 and 256 bits
371
372	  See <http://csrc.nist.gov/encryption/aes/> for more information.
373
374config CRYPTO_AES_X86_64
375	tristate "AES cipher algorithms (x86_64)"
376	depends on (X86 || UML_X86) && 64BIT
377	select CRYPTO_ALGAPI
378	select CRYPTO_AES
379	help
380	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
381	  algorithm.
382
383	  Rijndael appears to be consistently a very good performer in
384	  both hardware and software across a wide range of computing
385	  environments regardless of its use in feedback or non-feedback
386	  modes. Its key setup time is excellent, and its key agility is
387	  good. Rijndael's very low memory requirements make it very well
388	  suited for restricted-space environments, in which it also
389	  demonstrates excellent performance. Rijndael's operations are
390	  among the easiest to defend against power and timing attacks.
391
392	  The AES specifies three key sizes: 128, 192 and 256 bits
393
394	  See <http://csrc.nist.gov/encryption/aes/> for more information.
395
396config CRYPTO_CAST5
397	tristate "CAST5 (CAST-128) cipher algorithm"
398	select CRYPTO_ALGAPI
399	help
400	  The CAST5 encryption algorithm (synonymous with CAST-128) is
401	  described in RFC2144.
402
403config CRYPTO_CAST6
404	tristate "CAST6 (CAST-256) cipher algorithm"
405	select CRYPTO_ALGAPI
406	help
407	  The CAST6 encryption algorithm (synonymous with CAST-256) is
408	  described in RFC2612.
409
410config CRYPTO_TEA
411	tristate "TEA, XTEA and XETA cipher algorithms"
412	select CRYPTO_ALGAPI
413	help
414	  TEA cipher algorithm.
415
416	  Tiny Encryption Algorithm is a simple cipher that uses
417	  many rounds for security.  It is very fast and uses
418	  little memory.
419
420	  Xtendend Tiny Encryption Algorithm is a modification to
421	  the TEA algorithm to address a potential key weakness
422	  in the TEA algorithm.
423
424	  Xtendend Encryption Tiny Algorithm is a mis-implementation
425	  of the XTEA algorithm for compatibility purposes.
426
427config CRYPTO_ARC4
428	tristate "ARC4 cipher algorithm"
429	select CRYPTO_ALGAPI
430	help
431	  ARC4 cipher algorithm.
432
433	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
434	  bits in length.  This algorithm is required for driver-based
435	  WEP, but it should not be for other purposes because of the
436	  weakness of the algorithm.
437
438config CRYPTO_KHAZAD
439	tristate "Khazad cipher algorithm"
440	select CRYPTO_ALGAPI
441	help
442	  Khazad cipher algorithm.
443
444	  Khazad was a finalist in the initial NESSIE competition.  It is
445	  an algorithm optimized for 64-bit processors with good performance
446	  on 32-bit processors.  Khazad uses an 128 bit key size.
447
448	  See also:
449	  <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
450
451config CRYPTO_ANUBIS
452	tristate "Anubis cipher algorithm"
453	select CRYPTO_ALGAPI
454	help
455	  Anubis cipher algorithm.
456
457	  Anubis is a variable key length cipher which can use keys from
458	  128 bits to 320 bits in length.  It was evaluated as a entrant
459	  in the NESSIE competition.
460
461	  See also:
462	  <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
463	  <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
464
465config CRYPTO_SEED
466	tristate "SEED cipher algorithm"
467	select CRYPTO_ALGAPI
468	help
469	  SEED cipher algorithm (RFC4269).
470
471	  SEED is a 128-bit symmetric key block cipher that has been
472	  developed by KISA (Korea Information Security Agency) as a
473	  national standard encryption algorithm of the Republic of Korea.
474	  It is a 16 round block cipher with the key size of 128 bit.
475
476	  See also:
477	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
478
479config CRYPTO_SALSA20
480	tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
481	depends on EXPERIMENTAL
482	select CRYPTO_BLKCIPHER
483	help
484	  Salsa20 stream cipher algorithm.
485
486	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
487	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
488
489	  The Salsa20 stream cipher algorithm is designed by Daniel J.
490	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
491
492config CRYPTO_SALSA20_586
493	tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
494	depends on (X86 || UML_X86) && !64BIT
495	depends on EXPERIMENTAL
496	select CRYPTO_BLKCIPHER
497	help
498	  Salsa20 stream cipher algorithm.
499
500	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
501	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
502
503	  The Salsa20 stream cipher algorithm is designed by Daniel J.
504	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
505
506config CRYPTO_SALSA20_X86_64
507	tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
508	depends on (X86 || UML_X86) && 64BIT
509	depends on EXPERIMENTAL
510	select CRYPTO_BLKCIPHER
511	help
512	  Salsa20 stream cipher algorithm.
513
514	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
515	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
516
517	  The Salsa20 stream cipher algorithm is designed by Daniel J.
518	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
519
520config CRYPTO_DEFLATE
521	tristate "Deflate compression algorithm"
522	select CRYPTO_ALGAPI
523	select ZLIB_INFLATE
524	select ZLIB_DEFLATE
525	help
526	  This is the Deflate algorithm (RFC1951), specified for use in
527	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
528
529	  You will most probably want this if using IPSec.
530
531config CRYPTO_MICHAEL_MIC
532	tristate "Michael MIC keyed digest algorithm"
533	select CRYPTO_ALGAPI
534	help
535	  Michael MIC is used for message integrity protection in TKIP
536	  (IEEE 802.11i). This algorithm is required for TKIP, but it
537	  should not be used for other purposes because of the weakness
538	  of the algorithm.
539
540config CRYPTO_CRC32C
541	tristate "CRC32c CRC algorithm"
542	select CRYPTO_ALGAPI
543	select LIBCRC32C
544	help
545	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
546	  by iSCSI for header and data digests and by others.
547	  See Castagnoli93.  This implementation uses lib/libcrc32c.
548          Module will be crc32c.
549
550config CRYPTO_CAMELLIA
551	tristate "Camellia cipher algorithms"
552	depends on CRYPTO
553	select CRYPTO_ALGAPI
554	help
555	  Camellia cipher algorithms module.
556
557	  Camellia is a symmetric key block cipher developed jointly
558	  at NTT and Mitsubishi Electric Corporation.
559
560	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
561
562	  See also:
563	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
564
565config CRYPTO_TEST
566	tristate "Testing module"
567	depends on m
568	select CRYPTO_ALGAPI
569	select CRYPTO_AEAD
570	help
571	  Quick & dirty crypto test module.
572
573config CRYPTO_AUTHENC
574	tristate "Authenc support"
575	select CRYPTO_AEAD
576	select CRYPTO_MANAGER
577	select CRYPTO_HASH
578	help
579	  Authenc: Combined mode wrapper for IPsec.
580	  This is required for IPSec.
581
582config CRYPTO_LZO
583	tristate "LZO compression algorithm"
584	select CRYPTO_ALGAPI
585	select LZO_COMPRESS
586	select LZO_DECOMPRESS
587	help
588	  This is the LZO algorithm.
589
590source "drivers/crypto/Kconfig"
591
592endif	# if CRYPTO
593