1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS 27 help 28 This options enables the fips boot option which is 29 required if you want to system to operate in a FIPS 200 30 certification. You should say no unless you know what 31 this is. 32 33config CRYPTO_ALGAPI 34 tristate 35 select CRYPTO_ALGAPI2 36 help 37 This option provides the API for cryptographic algorithms. 38 39config CRYPTO_ALGAPI2 40 tristate 41 42config CRYPTO_AEAD 43 tristate 44 select CRYPTO_AEAD2 45 select CRYPTO_ALGAPI 46 47config CRYPTO_AEAD2 48 tristate 49 select CRYPTO_ALGAPI2 50 51config CRYPTO_BLKCIPHER 52 tristate 53 select CRYPTO_BLKCIPHER2 54 select CRYPTO_ALGAPI 55 56config CRYPTO_BLKCIPHER2 57 tristate 58 select CRYPTO_ALGAPI2 59 select CRYPTO_RNG2 60 select CRYPTO_WORKQUEUE 61 62config CRYPTO_HASH 63 tristate 64 select CRYPTO_HASH2 65 select CRYPTO_ALGAPI 66 67config CRYPTO_HASH2 68 tristate 69 select CRYPTO_ALGAPI2 70 71config CRYPTO_RNG 72 tristate 73 select CRYPTO_RNG2 74 select CRYPTO_ALGAPI 75 76config CRYPTO_RNG2 77 tristate 78 select CRYPTO_ALGAPI2 79 80config CRYPTO_PCOMP 81 tristate 82 select CRYPTO_PCOMP2 83 select CRYPTO_ALGAPI 84 85config CRYPTO_PCOMP2 86 tristate 87 select CRYPTO_ALGAPI2 88 89config CRYPTO_MANAGER 90 tristate "Cryptographic algorithm manager" 91 select CRYPTO_MANAGER2 92 help 93 Create default cryptographic template instantiations such as 94 cbc(aes). 95 96config CRYPTO_MANAGER2 97 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 98 select CRYPTO_AEAD2 99 select CRYPTO_HASH2 100 select CRYPTO_BLKCIPHER2 101 select CRYPTO_PCOMP2 102 103config CRYPTO_USER 104 tristate "Userspace cryptographic algorithm configuration" 105 depends on NET 106 select CRYPTO_MANAGER 107 help 108 Userspace configuration for cryptographic instantiations such as 109 cbc(aes). 110 111config CRYPTO_MANAGER_DISABLE_TESTS 112 bool "Disable run-time self tests" 113 default y 114 depends on CRYPTO_MANAGER2 115 help 116 Disable run-time self tests that normally take place at 117 algorithm registration. 118 119config CRYPTO_GF128MUL 120 tristate "GF(2^128) multiplication functions" 121 help 122 Efficient table driven implementation of multiplications in the 123 field GF(2^128). This is needed by some cypher modes. This 124 option will be selected automatically if you select such a 125 cipher mode. Only select this option by hand if you expect to load 126 an external module that requires these functions. 127 128config CRYPTO_NULL 129 tristate "Null algorithms" 130 select CRYPTO_ALGAPI 131 select CRYPTO_BLKCIPHER 132 select CRYPTO_HASH 133 help 134 These are 'Null' algorithms, used by IPsec, which do nothing. 135 136config CRYPTO_PCRYPT 137 tristate "Parallel crypto engine" 138 depends on SMP 139 select PADATA 140 select CRYPTO_MANAGER 141 select CRYPTO_AEAD 142 help 143 This converts an arbitrary crypto algorithm into a parallel 144 algorithm that executes in kernel threads. 145 146config CRYPTO_WORKQUEUE 147 tristate 148 149config CRYPTO_CRYPTD 150 tristate "Software async crypto daemon" 151 select CRYPTO_BLKCIPHER 152 select CRYPTO_HASH 153 select CRYPTO_MANAGER 154 select CRYPTO_WORKQUEUE 155 help 156 This is a generic software asynchronous crypto daemon that 157 converts an arbitrary synchronous software crypto algorithm 158 into an asynchronous algorithm that executes in a kernel thread. 159 160config CRYPTO_AUTHENC 161 tristate "Authenc support" 162 select CRYPTO_AEAD 163 select CRYPTO_BLKCIPHER 164 select CRYPTO_MANAGER 165 select CRYPTO_HASH 166 help 167 Authenc: Combined mode wrapper for IPsec. 168 This is required for IPSec. 169 170config CRYPTO_TEST 171 tristate "Testing module" 172 depends on m 173 select CRYPTO_MANAGER 174 help 175 Quick & dirty crypto test module. 176 177config CRYPTO_ABLK_HELPER_X86 178 tristate 179 depends on X86 180 select CRYPTO_CRYPTD 181 182config CRYPTO_GLUE_HELPER_X86 183 tristate 184 depends on X86 185 select CRYPTO_ALGAPI 186 187comment "Authenticated Encryption with Associated Data" 188 189config CRYPTO_CCM 190 tristate "CCM support" 191 select CRYPTO_CTR 192 select CRYPTO_AEAD 193 help 194 Support for Counter with CBC MAC. Required for IPsec. 195 196config CRYPTO_GCM 197 tristate "GCM/GMAC support" 198 select CRYPTO_CTR 199 select CRYPTO_AEAD 200 select CRYPTO_GHASH 201 help 202 Support for Galois/Counter Mode (GCM) and Galois Message 203 Authentication Code (GMAC). Required for IPSec. 204 205config CRYPTO_SEQIV 206 tristate "Sequence Number IV Generator" 207 select CRYPTO_AEAD 208 select CRYPTO_BLKCIPHER 209 select CRYPTO_RNG 210 help 211 This IV generator generates an IV based on a sequence number by 212 xoring it with a salt. This algorithm is mainly useful for CTR 213 214comment "Block modes" 215 216config CRYPTO_CBC 217 tristate "CBC support" 218 select CRYPTO_BLKCIPHER 219 select CRYPTO_MANAGER 220 help 221 CBC: Cipher Block Chaining mode 222 This block cipher algorithm is required for IPSec. 223 224config CRYPTO_CTR 225 tristate "CTR support" 226 select CRYPTO_BLKCIPHER 227 select CRYPTO_SEQIV 228 select CRYPTO_MANAGER 229 help 230 CTR: Counter mode 231 This block cipher algorithm is required for IPSec. 232 233config CRYPTO_CTS 234 tristate "CTS support" 235 select CRYPTO_BLKCIPHER 236 help 237 CTS: Cipher Text Stealing 238 This is the Cipher Text Stealing mode as described by 239 Section 8 of rfc2040 and referenced by rfc3962. 240 (rfc3962 includes errata information in its Appendix A) 241 This mode is required for Kerberos gss mechanism support 242 for AES encryption. 243 244config CRYPTO_ECB 245 tristate "ECB support" 246 select CRYPTO_BLKCIPHER 247 select CRYPTO_MANAGER 248 help 249 ECB: Electronic CodeBook mode 250 This is the simplest block cipher algorithm. It simply encrypts 251 the input block by block. 252 253config CRYPTO_LRW 254 tristate "LRW support" 255 select CRYPTO_BLKCIPHER 256 select CRYPTO_MANAGER 257 select CRYPTO_GF128MUL 258 help 259 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 260 narrow block cipher mode for dm-crypt. Use it with cipher 261 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 262 The first 128, 192 or 256 bits in the key are used for AES and the 263 rest is used to tie each cipher block to its logical position. 264 265config CRYPTO_PCBC 266 tristate "PCBC support" 267 select CRYPTO_BLKCIPHER 268 select CRYPTO_MANAGER 269 help 270 PCBC: Propagating Cipher Block Chaining mode 271 This block cipher algorithm is required for RxRPC. 272 273config CRYPTO_XTS 274 tristate "XTS support" 275 select CRYPTO_BLKCIPHER 276 select CRYPTO_MANAGER 277 select CRYPTO_GF128MUL 278 help 279 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 280 key size 256, 384 or 512 bits. This implementation currently 281 can't handle a sectorsize which is not a multiple of 16 bytes. 282 283comment "Hash modes" 284 285config CRYPTO_HMAC 286 tristate "HMAC support" 287 select CRYPTO_HASH 288 select CRYPTO_MANAGER 289 help 290 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 291 This is required for IPSec. 292 293config CRYPTO_XCBC 294 tristate "XCBC support" 295 select CRYPTO_HASH 296 select CRYPTO_MANAGER 297 help 298 XCBC: Keyed-Hashing with encryption algorithm 299 http://www.ietf.org/rfc/rfc3566.txt 300 http://csrc.nist.gov/encryption/modes/proposedmodes/ 301 xcbc-mac/xcbc-mac-spec.pdf 302 303config CRYPTO_VMAC 304 tristate "VMAC support" 305 select CRYPTO_HASH 306 select CRYPTO_MANAGER 307 help 308 VMAC is a message authentication algorithm designed for 309 very high speed on 64-bit architectures. 310 311 See also: 312 <http://fastcrypto.org/vmac> 313 314comment "Digest" 315 316config CRYPTO_CRC32C 317 tristate "CRC32c CRC algorithm" 318 select CRYPTO_HASH 319 select CRC32 320 help 321 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 322 by iSCSI for header and data digests and by others. 323 See Castagnoli93. Module will be crc32c. 324 325config CRYPTO_CRC32C_X86_64 326 bool 327 depends on X86 && 64BIT 328 select CRYPTO_HASH 329 help 330 In Intel processor with SSE4.2 supported, the processor will 331 support CRC32C calculation using hardware accelerated CRC32 332 instruction optimized with PCLMULQDQ instruction when available. 333 334config CRYPTO_CRC32C_INTEL 335 tristate "CRC32c INTEL hardware acceleration" 336 depends on X86 337 select CRYPTO_CRC32C_X86_64 if 64BIT 338 select CRYPTO_HASH 339 help 340 In Intel processor with SSE4.2 supported, the processor will 341 support CRC32C implementation using hardware accelerated CRC32 342 instruction. This option will create 'crc32c-intel' module, 343 which will enable any routine to use the CRC32 instruction to 344 gain performance compared with software implementation. 345 Module will be crc32c-intel. 346 347config CRYPTO_CRC32C_SPARC64 348 tristate "CRC32c CRC algorithm (SPARC64)" 349 depends on SPARC64 350 select CRYPTO_HASH 351 select CRC32 352 help 353 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 354 when available. 355 356config CRYPTO_CRC32 357 tristate "CRC32 CRC algorithm" 358 select CRYPTO_HASH 359 select CRC32 360 help 361 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 362 Shash crypto api wrappers to crc32_le function. 363 364config CRYPTO_CRC32_PCLMUL 365 tristate "CRC32 PCLMULQDQ hardware acceleration" 366 depends on X86 367 select CRYPTO_HASH 368 select CRC32 369 help 370 From Intel Westmere and AMD Bulldozer processor with SSE4.2 371 and PCLMULQDQ supported, the processor will support 372 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 373 instruction. This option will create 'crc32-plcmul' module, 374 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 375 and gain better performance as compared with the table implementation. 376 377config CRYPTO_GHASH 378 tristate "GHASH digest algorithm" 379 select CRYPTO_GF128MUL 380 help 381 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 382 383config CRYPTO_MD4 384 tristate "MD4 digest algorithm" 385 select CRYPTO_HASH 386 help 387 MD4 message digest algorithm (RFC1320). 388 389config CRYPTO_MD5 390 tristate "MD5 digest algorithm" 391 select CRYPTO_HASH 392 help 393 MD5 message digest algorithm (RFC1321). 394 395config CRYPTO_MD5_SPARC64 396 tristate "MD5 digest algorithm (SPARC64)" 397 depends on SPARC64 398 select CRYPTO_MD5 399 select CRYPTO_HASH 400 help 401 MD5 message digest algorithm (RFC1321) implemented 402 using sparc64 crypto instructions, when available. 403 404config CRYPTO_MICHAEL_MIC 405 tristate "Michael MIC keyed digest algorithm" 406 select CRYPTO_HASH 407 help 408 Michael MIC is used for message integrity protection in TKIP 409 (IEEE 802.11i). This algorithm is required for TKIP, but it 410 should not be used for other purposes because of the weakness 411 of the algorithm. 412 413config CRYPTO_RMD128 414 tristate "RIPEMD-128 digest algorithm" 415 select CRYPTO_HASH 416 help 417 RIPEMD-128 (ISO/IEC 10118-3:2004). 418 419 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 420 be used as a secure replacement for RIPEMD. For other use cases, 421 RIPEMD-160 should be used. 422 423 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 424 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 425 426config CRYPTO_RMD160 427 tristate "RIPEMD-160 digest algorithm" 428 select CRYPTO_HASH 429 help 430 RIPEMD-160 (ISO/IEC 10118-3:2004). 431 432 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 433 to be used as a secure replacement for the 128-bit hash functions 434 MD4, MD5 and it's predecessor RIPEMD 435 (not to be confused with RIPEMD-128). 436 437 It's speed is comparable to SHA1 and there are no known attacks 438 against RIPEMD-160. 439 440 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 441 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 442 443config CRYPTO_RMD256 444 tristate "RIPEMD-256 digest algorithm" 445 select CRYPTO_HASH 446 help 447 RIPEMD-256 is an optional extension of RIPEMD-128 with a 448 256 bit hash. It is intended for applications that require 449 longer hash-results, without needing a larger security level 450 (than RIPEMD-128). 451 452 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 453 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 454 455config CRYPTO_RMD320 456 tristate "RIPEMD-320 digest algorithm" 457 select CRYPTO_HASH 458 help 459 RIPEMD-320 is an optional extension of RIPEMD-160 with a 460 320 bit hash. It is intended for applications that require 461 longer hash-results, without needing a larger security level 462 (than RIPEMD-160). 463 464 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 465 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 466 467config CRYPTO_SHA1 468 tristate "SHA1 digest algorithm" 469 select CRYPTO_HASH 470 help 471 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 472 473config CRYPTO_SHA1_SSSE3 474 tristate "SHA1 digest algorithm (SSSE3/AVX)" 475 depends on X86 && 64BIT 476 select CRYPTO_SHA1 477 select CRYPTO_HASH 478 help 479 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 480 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 481 Extensions (AVX), when available. 482 483config CRYPTO_SHA1_SPARC64 484 tristate "SHA1 digest algorithm (SPARC64)" 485 depends on SPARC64 486 select CRYPTO_SHA1 487 select CRYPTO_HASH 488 help 489 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 490 using sparc64 crypto instructions, when available. 491 492config CRYPTO_SHA1_ARM 493 tristate "SHA1 digest algorithm (ARM-asm)" 494 depends on ARM 495 select CRYPTO_SHA1 496 select CRYPTO_HASH 497 help 498 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 499 using optimized ARM assembler. 500 501config CRYPTO_SHA1_PPC 502 tristate "SHA1 digest algorithm (powerpc)" 503 depends on PPC 504 help 505 This is the powerpc hardware accelerated implementation of the 506 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 507 508config CRYPTO_SHA256 509 tristate "SHA224 and SHA256 digest algorithm" 510 select CRYPTO_HASH 511 help 512 SHA256 secure hash standard (DFIPS 180-2). 513 514 This version of SHA implements a 256 bit hash with 128 bits of 515 security against collision attacks. 516 517 This code also includes SHA-224, a 224 bit hash with 112 bits 518 of security against collision attacks. 519 520config CRYPTO_SHA256_SPARC64 521 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 522 depends on SPARC64 523 select CRYPTO_SHA256 524 select CRYPTO_HASH 525 help 526 SHA-256 secure hash standard (DFIPS 180-2) implemented 527 using sparc64 crypto instructions, when available. 528 529config CRYPTO_SHA512 530 tristate "SHA384 and SHA512 digest algorithms" 531 select CRYPTO_HASH 532 help 533 SHA512 secure hash standard (DFIPS 180-2). 534 535 This version of SHA implements a 512 bit hash with 256 bits of 536 security against collision attacks. 537 538 This code also includes SHA-384, a 384 bit hash with 192 bits 539 of security against collision attacks. 540 541config CRYPTO_SHA512_SPARC64 542 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 543 depends on SPARC64 544 select CRYPTO_SHA512 545 select CRYPTO_HASH 546 help 547 SHA-512 secure hash standard (DFIPS 180-2) implemented 548 using sparc64 crypto instructions, when available. 549 550config CRYPTO_TGR192 551 tristate "Tiger digest algorithms" 552 select CRYPTO_HASH 553 help 554 Tiger hash algorithm 192, 160 and 128-bit hashes 555 556 Tiger is a hash function optimized for 64-bit processors while 557 still having decent performance on 32-bit processors. 558 Tiger was developed by Ross Anderson and Eli Biham. 559 560 See also: 561 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 562 563config CRYPTO_WP512 564 tristate "Whirlpool digest algorithms" 565 select CRYPTO_HASH 566 help 567 Whirlpool hash algorithm 512, 384 and 256-bit hashes 568 569 Whirlpool-512 is part of the NESSIE cryptographic primitives. 570 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 571 572 See also: 573 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 574 575config CRYPTO_GHASH_CLMUL_NI_INTEL 576 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 577 depends on X86 && 64BIT 578 select CRYPTO_CRYPTD 579 help 580 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 581 The implementation is accelerated by CLMUL-NI of Intel. 582 583comment "Ciphers" 584 585config CRYPTO_AES 586 tristate "AES cipher algorithms" 587 select CRYPTO_ALGAPI 588 help 589 AES cipher algorithms (FIPS-197). AES uses the Rijndael 590 algorithm. 591 592 Rijndael appears to be consistently a very good performer in 593 both hardware and software across a wide range of computing 594 environments regardless of its use in feedback or non-feedback 595 modes. Its key setup time is excellent, and its key agility is 596 good. Rijndael's very low memory requirements make it very well 597 suited for restricted-space environments, in which it also 598 demonstrates excellent performance. Rijndael's operations are 599 among the easiest to defend against power and timing attacks. 600 601 The AES specifies three key sizes: 128, 192 and 256 bits 602 603 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 604 605config CRYPTO_AES_586 606 tristate "AES cipher algorithms (i586)" 607 depends on (X86 || UML_X86) && !64BIT 608 select CRYPTO_ALGAPI 609 select CRYPTO_AES 610 help 611 AES cipher algorithms (FIPS-197). AES uses the Rijndael 612 algorithm. 613 614 Rijndael appears to be consistently a very good performer in 615 both hardware and software across a wide range of computing 616 environments regardless of its use in feedback or non-feedback 617 modes. Its key setup time is excellent, and its key agility is 618 good. Rijndael's very low memory requirements make it very well 619 suited for restricted-space environments, in which it also 620 demonstrates excellent performance. Rijndael's operations are 621 among the easiest to defend against power and timing attacks. 622 623 The AES specifies three key sizes: 128, 192 and 256 bits 624 625 See <http://csrc.nist.gov/encryption/aes/> for more information. 626 627config CRYPTO_AES_X86_64 628 tristate "AES cipher algorithms (x86_64)" 629 depends on (X86 || UML_X86) && 64BIT 630 select CRYPTO_ALGAPI 631 select CRYPTO_AES 632 help 633 AES cipher algorithms (FIPS-197). AES uses the Rijndael 634 algorithm. 635 636 Rijndael appears to be consistently a very good performer in 637 both hardware and software across a wide range of computing 638 environments regardless of its use in feedback or non-feedback 639 modes. Its key setup time is excellent, and its key agility is 640 good. Rijndael's very low memory requirements make it very well 641 suited for restricted-space environments, in which it also 642 demonstrates excellent performance. Rijndael's operations are 643 among the easiest to defend against power and timing attacks. 644 645 The AES specifies three key sizes: 128, 192 and 256 bits 646 647 See <http://csrc.nist.gov/encryption/aes/> for more information. 648 649config CRYPTO_AES_NI_INTEL 650 tristate "AES cipher algorithms (AES-NI)" 651 depends on X86 652 select CRYPTO_AES_X86_64 if 64BIT 653 select CRYPTO_AES_586 if !64BIT 654 select CRYPTO_CRYPTD 655 select CRYPTO_ABLK_HELPER_X86 656 select CRYPTO_ALGAPI 657 select CRYPTO_LRW 658 select CRYPTO_XTS 659 help 660 Use Intel AES-NI instructions for AES algorithm. 661 662 AES cipher algorithms (FIPS-197). AES uses the Rijndael 663 algorithm. 664 665 Rijndael appears to be consistently a very good performer in 666 both hardware and software across a wide range of computing 667 environments regardless of its use in feedback or non-feedback 668 modes. Its key setup time is excellent, and its key agility is 669 good. Rijndael's very low memory requirements make it very well 670 suited for restricted-space environments, in which it also 671 demonstrates excellent performance. Rijndael's operations are 672 among the easiest to defend against power and timing attacks. 673 674 The AES specifies three key sizes: 128, 192 and 256 bits 675 676 See <http://csrc.nist.gov/encryption/aes/> for more information. 677 678 In addition to AES cipher algorithm support, the acceleration 679 for some popular block cipher mode is supported too, including 680 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 681 acceleration for CTR. 682 683config CRYPTO_AES_SPARC64 684 tristate "AES cipher algorithms (SPARC64)" 685 depends on SPARC64 686 select CRYPTO_CRYPTD 687 select CRYPTO_ALGAPI 688 help 689 Use SPARC64 crypto opcodes for AES algorithm. 690 691 AES cipher algorithms (FIPS-197). AES uses the Rijndael 692 algorithm. 693 694 Rijndael appears to be consistently a very good performer in 695 both hardware and software across a wide range of computing 696 environments regardless of its use in feedback or non-feedback 697 modes. Its key setup time is excellent, and its key agility is 698 good. Rijndael's very low memory requirements make it very well 699 suited for restricted-space environments, in which it also 700 demonstrates excellent performance. Rijndael's operations are 701 among the easiest to defend against power and timing attacks. 702 703 The AES specifies three key sizes: 128, 192 and 256 bits 704 705 See <http://csrc.nist.gov/encryption/aes/> for more information. 706 707 In addition to AES cipher algorithm support, the acceleration 708 for some popular block cipher mode is supported too, including 709 ECB and CBC. 710 711config CRYPTO_AES_ARM 712 tristate "AES cipher algorithms (ARM-asm)" 713 depends on ARM 714 select CRYPTO_ALGAPI 715 select CRYPTO_AES 716 help 717 Use optimized AES assembler routines for ARM platforms. 718 719 AES cipher algorithms (FIPS-197). AES uses the Rijndael 720 algorithm. 721 722 Rijndael appears to be consistently a very good performer in 723 both hardware and software across a wide range of computing 724 environments regardless of its use in feedback or non-feedback 725 modes. Its key setup time is excellent, and its key agility is 726 good. Rijndael's very low memory requirements make it very well 727 suited for restricted-space environments, in which it also 728 demonstrates excellent performance. Rijndael's operations are 729 among the easiest to defend against power and timing attacks. 730 731 The AES specifies three key sizes: 128, 192 and 256 bits 732 733 See <http://csrc.nist.gov/encryption/aes/> for more information. 734 735config CRYPTO_ANUBIS 736 tristate "Anubis cipher algorithm" 737 select CRYPTO_ALGAPI 738 help 739 Anubis cipher algorithm. 740 741 Anubis is a variable key length cipher which can use keys from 742 128 bits to 320 bits in length. It was evaluated as a entrant 743 in the NESSIE competition. 744 745 See also: 746 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 747 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 748 749config CRYPTO_ARC4 750 tristate "ARC4 cipher algorithm" 751 select CRYPTO_BLKCIPHER 752 help 753 ARC4 cipher algorithm. 754 755 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 756 bits in length. This algorithm is required for driver-based 757 WEP, but it should not be for other purposes because of the 758 weakness of the algorithm. 759 760config CRYPTO_BLOWFISH 761 tristate "Blowfish cipher algorithm" 762 select CRYPTO_ALGAPI 763 select CRYPTO_BLOWFISH_COMMON 764 help 765 Blowfish cipher algorithm, by Bruce Schneier. 766 767 This is a variable key length cipher which can use keys from 32 768 bits to 448 bits in length. It's fast, simple and specifically 769 designed for use on "large microprocessors". 770 771 See also: 772 <http://www.schneier.com/blowfish.html> 773 774config CRYPTO_BLOWFISH_COMMON 775 tristate 776 help 777 Common parts of the Blowfish cipher algorithm shared by the 778 generic c and the assembler implementations. 779 780 See also: 781 <http://www.schneier.com/blowfish.html> 782 783config CRYPTO_BLOWFISH_X86_64 784 tristate "Blowfish cipher algorithm (x86_64)" 785 depends on X86 && 64BIT 786 select CRYPTO_ALGAPI 787 select CRYPTO_BLOWFISH_COMMON 788 help 789 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 790 791 This is a variable key length cipher which can use keys from 32 792 bits to 448 bits in length. It's fast, simple and specifically 793 designed for use on "large microprocessors". 794 795 See also: 796 <http://www.schneier.com/blowfish.html> 797 798config CRYPTO_CAMELLIA 799 tristate "Camellia cipher algorithms" 800 depends on CRYPTO 801 select CRYPTO_ALGAPI 802 help 803 Camellia cipher algorithms module. 804 805 Camellia is a symmetric key block cipher developed jointly 806 at NTT and Mitsubishi Electric Corporation. 807 808 The Camellia specifies three key sizes: 128, 192 and 256 bits. 809 810 See also: 811 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 812 813config CRYPTO_CAMELLIA_X86_64 814 tristate "Camellia cipher algorithm (x86_64)" 815 depends on X86 && 64BIT 816 depends on CRYPTO 817 select CRYPTO_ALGAPI 818 select CRYPTO_GLUE_HELPER_X86 819 select CRYPTO_LRW 820 select CRYPTO_XTS 821 help 822 Camellia cipher algorithm module (x86_64). 823 824 Camellia is a symmetric key block cipher developed jointly 825 at NTT and Mitsubishi Electric Corporation. 826 827 The Camellia specifies three key sizes: 128, 192 and 256 bits. 828 829 See also: 830 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 831 832config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 833 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 834 depends on X86 && 64BIT 835 depends on CRYPTO 836 select CRYPTO_ALGAPI 837 select CRYPTO_CRYPTD 838 select CRYPTO_ABLK_HELPER_X86 839 select CRYPTO_GLUE_HELPER_X86 840 select CRYPTO_CAMELLIA_X86_64 841 select CRYPTO_LRW 842 select CRYPTO_XTS 843 help 844 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 845 846 Camellia is a symmetric key block cipher developed jointly 847 at NTT and Mitsubishi Electric Corporation. 848 849 The Camellia specifies three key sizes: 128, 192 and 256 bits. 850 851 See also: 852 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 853 854config CRYPTO_CAMELLIA_SPARC64 855 tristate "Camellia cipher algorithm (SPARC64)" 856 depends on SPARC64 857 depends on CRYPTO 858 select CRYPTO_ALGAPI 859 help 860 Camellia cipher algorithm module (SPARC64). 861 862 Camellia is a symmetric key block cipher developed jointly 863 at NTT and Mitsubishi Electric Corporation. 864 865 The Camellia specifies three key sizes: 128, 192 and 256 bits. 866 867 See also: 868 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 869 870config CRYPTO_CAST_COMMON 871 tristate 872 help 873 Common parts of the CAST cipher algorithms shared by the 874 generic c and the assembler implementations. 875 876config CRYPTO_CAST5 877 tristate "CAST5 (CAST-128) cipher algorithm" 878 select CRYPTO_ALGAPI 879 select CRYPTO_CAST_COMMON 880 help 881 The CAST5 encryption algorithm (synonymous with CAST-128) is 882 described in RFC2144. 883 884config CRYPTO_CAST5_AVX_X86_64 885 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 886 depends on X86 && 64BIT 887 select CRYPTO_ALGAPI 888 select CRYPTO_CRYPTD 889 select CRYPTO_ABLK_HELPER_X86 890 select CRYPTO_CAST_COMMON 891 select CRYPTO_CAST5 892 help 893 The CAST5 encryption algorithm (synonymous with CAST-128) is 894 described in RFC2144. 895 896 This module provides the Cast5 cipher algorithm that processes 897 sixteen blocks parallel using the AVX instruction set. 898 899config CRYPTO_CAST6 900 tristate "CAST6 (CAST-256) cipher algorithm" 901 select CRYPTO_ALGAPI 902 select CRYPTO_CAST_COMMON 903 help 904 The CAST6 encryption algorithm (synonymous with CAST-256) is 905 described in RFC2612. 906 907config CRYPTO_CAST6_AVX_X86_64 908 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 909 depends on X86 && 64BIT 910 select CRYPTO_ALGAPI 911 select CRYPTO_CRYPTD 912 select CRYPTO_ABLK_HELPER_X86 913 select CRYPTO_GLUE_HELPER_X86 914 select CRYPTO_CAST_COMMON 915 select CRYPTO_CAST6 916 select CRYPTO_LRW 917 select CRYPTO_XTS 918 help 919 The CAST6 encryption algorithm (synonymous with CAST-256) is 920 described in RFC2612. 921 922 This module provides the Cast6 cipher algorithm that processes 923 eight blocks parallel using the AVX instruction set. 924 925config CRYPTO_DES 926 tristate "DES and Triple DES EDE cipher algorithms" 927 select CRYPTO_ALGAPI 928 help 929 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 930 931config CRYPTO_DES_SPARC64 932 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 933 depends on SPARC64 934 select CRYPTO_ALGAPI 935 select CRYPTO_DES 936 help 937 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 938 optimized using SPARC64 crypto opcodes. 939 940config CRYPTO_FCRYPT 941 tristate "FCrypt cipher algorithm" 942 select CRYPTO_ALGAPI 943 select CRYPTO_BLKCIPHER 944 help 945 FCrypt algorithm used by RxRPC. 946 947config CRYPTO_KHAZAD 948 tristate "Khazad cipher algorithm" 949 select CRYPTO_ALGAPI 950 help 951 Khazad cipher algorithm. 952 953 Khazad was a finalist in the initial NESSIE competition. It is 954 an algorithm optimized for 64-bit processors with good performance 955 on 32-bit processors. Khazad uses an 128 bit key size. 956 957 See also: 958 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 959 960config CRYPTO_SALSA20 961 tristate "Salsa20 stream cipher algorithm" 962 select CRYPTO_BLKCIPHER 963 help 964 Salsa20 stream cipher algorithm. 965 966 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 967 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 968 969 The Salsa20 stream cipher algorithm is designed by Daniel J. 970 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 971 972config CRYPTO_SALSA20_586 973 tristate "Salsa20 stream cipher algorithm (i586)" 974 depends on (X86 || UML_X86) && !64BIT 975 select CRYPTO_BLKCIPHER 976 help 977 Salsa20 stream cipher algorithm. 978 979 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 980 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 981 982 The Salsa20 stream cipher algorithm is designed by Daniel J. 983 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 984 985config CRYPTO_SALSA20_X86_64 986 tristate "Salsa20 stream cipher algorithm (x86_64)" 987 depends on (X86 || UML_X86) && 64BIT 988 select CRYPTO_BLKCIPHER 989 help 990 Salsa20 stream cipher algorithm. 991 992 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 993 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 994 995 The Salsa20 stream cipher algorithm is designed by Daniel J. 996 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 997 998config CRYPTO_SEED 999 tristate "SEED cipher algorithm" 1000 select CRYPTO_ALGAPI 1001 help 1002 SEED cipher algorithm (RFC4269). 1003 1004 SEED is a 128-bit symmetric key block cipher that has been 1005 developed by KISA (Korea Information Security Agency) as a 1006 national standard encryption algorithm of the Republic of Korea. 1007 It is a 16 round block cipher with the key size of 128 bit. 1008 1009 See also: 1010 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1011 1012config CRYPTO_SERPENT 1013 tristate "Serpent cipher algorithm" 1014 select CRYPTO_ALGAPI 1015 help 1016 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1017 1018 Keys are allowed to be from 0 to 256 bits in length, in steps 1019 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1020 variant of Serpent for compatibility with old kerneli.org code. 1021 1022 See also: 1023 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1024 1025config CRYPTO_SERPENT_SSE2_X86_64 1026 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1027 depends on X86 && 64BIT 1028 select CRYPTO_ALGAPI 1029 select CRYPTO_CRYPTD 1030 select CRYPTO_ABLK_HELPER_X86 1031 select CRYPTO_GLUE_HELPER_X86 1032 select CRYPTO_SERPENT 1033 select CRYPTO_LRW 1034 select CRYPTO_XTS 1035 help 1036 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1037 1038 Keys are allowed to be from 0 to 256 bits in length, in steps 1039 of 8 bits. 1040 1041 This module provides Serpent cipher algorithm that processes eigth 1042 blocks parallel using SSE2 instruction set. 1043 1044 See also: 1045 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1046 1047config CRYPTO_SERPENT_SSE2_586 1048 tristate "Serpent cipher algorithm (i586/SSE2)" 1049 depends on X86 && !64BIT 1050 select CRYPTO_ALGAPI 1051 select CRYPTO_CRYPTD 1052 select CRYPTO_ABLK_HELPER_X86 1053 select CRYPTO_GLUE_HELPER_X86 1054 select CRYPTO_SERPENT 1055 select CRYPTO_LRW 1056 select CRYPTO_XTS 1057 help 1058 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1059 1060 Keys are allowed to be from 0 to 256 bits in length, in steps 1061 of 8 bits. 1062 1063 This module provides Serpent cipher algorithm that processes four 1064 blocks parallel using SSE2 instruction set. 1065 1066 See also: 1067 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1068 1069config CRYPTO_SERPENT_AVX_X86_64 1070 tristate "Serpent cipher algorithm (x86_64/AVX)" 1071 depends on X86 && 64BIT 1072 select CRYPTO_ALGAPI 1073 select CRYPTO_CRYPTD 1074 select CRYPTO_ABLK_HELPER_X86 1075 select CRYPTO_GLUE_HELPER_X86 1076 select CRYPTO_SERPENT 1077 select CRYPTO_LRW 1078 select CRYPTO_XTS 1079 help 1080 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1081 1082 Keys are allowed to be from 0 to 256 bits in length, in steps 1083 of 8 bits. 1084 1085 This module provides the Serpent cipher algorithm that processes 1086 eight blocks parallel using the AVX instruction set. 1087 1088 See also: 1089 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1090 1091config CRYPTO_TEA 1092 tristate "TEA, XTEA and XETA cipher algorithms" 1093 select CRYPTO_ALGAPI 1094 help 1095 TEA cipher algorithm. 1096 1097 Tiny Encryption Algorithm is a simple cipher that uses 1098 many rounds for security. It is very fast and uses 1099 little memory. 1100 1101 Xtendend Tiny Encryption Algorithm is a modification to 1102 the TEA algorithm to address a potential key weakness 1103 in the TEA algorithm. 1104 1105 Xtendend Encryption Tiny Algorithm is a mis-implementation 1106 of the XTEA algorithm for compatibility purposes. 1107 1108config CRYPTO_TWOFISH 1109 tristate "Twofish cipher algorithm" 1110 select CRYPTO_ALGAPI 1111 select CRYPTO_TWOFISH_COMMON 1112 help 1113 Twofish cipher algorithm. 1114 1115 Twofish was submitted as an AES (Advanced Encryption Standard) 1116 candidate cipher by researchers at CounterPane Systems. It is a 1117 16 round block cipher supporting key sizes of 128, 192, and 256 1118 bits. 1119 1120 See also: 1121 <http://www.schneier.com/twofish.html> 1122 1123config CRYPTO_TWOFISH_COMMON 1124 tristate 1125 help 1126 Common parts of the Twofish cipher algorithm shared by the 1127 generic c and the assembler implementations. 1128 1129config CRYPTO_TWOFISH_586 1130 tristate "Twofish cipher algorithms (i586)" 1131 depends on (X86 || UML_X86) && !64BIT 1132 select CRYPTO_ALGAPI 1133 select CRYPTO_TWOFISH_COMMON 1134 help 1135 Twofish cipher algorithm. 1136 1137 Twofish was submitted as an AES (Advanced Encryption Standard) 1138 candidate cipher by researchers at CounterPane Systems. It is a 1139 16 round block cipher supporting key sizes of 128, 192, and 256 1140 bits. 1141 1142 See also: 1143 <http://www.schneier.com/twofish.html> 1144 1145config CRYPTO_TWOFISH_X86_64 1146 tristate "Twofish cipher algorithm (x86_64)" 1147 depends on (X86 || UML_X86) && 64BIT 1148 select CRYPTO_ALGAPI 1149 select CRYPTO_TWOFISH_COMMON 1150 help 1151 Twofish cipher algorithm (x86_64). 1152 1153 Twofish was submitted as an AES (Advanced Encryption Standard) 1154 candidate cipher by researchers at CounterPane Systems. It is a 1155 16 round block cipher supporting key sizes of 128, 192, and 256 1156 bits. 1157 1158 See also: 1159 <http://www.schneier.com/twofish.html> 1160 1161config CRYPTO_TWOFISH_X86_64_3WAY 1162 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1163 depends on X86 && 64BIT 1164 select CRYPTO_ALGAPI 1165 select CRYPTO_TWOFISH_COMMON 1166 select CRYPTO_TWOFISH_X86_64 1167 select CRYPTO_GLUE_HELPER_X86 1168 select CRYPTO_LRW 1169 select CRYPTO_XTS 1170 help 1171 Twofish cipher algorithm (x86_64, 3-way parallel). 1172 1173 Twofish was submitted as an AES (Advanced Encryption Standard) 1174 candidate cipher by researchers at CounterPane Systems. It is a 1175 16 round block cipher supporting key sizes of 128, 192, and 256 1176 bits. 1177 1178 This module provides Twofish cipher algorithm that processes three 1179 blocks parallel, utilizing resources of out-of-order CPUs better. 1180 1181 See also: 1182 <http://www.schneier.com/twofish.html> 1183 1184config CRYPTO_TWOFISH_AVX_X86_64 1185 tristate "Twofish cipher algorithm (x86_64/AVX)" 1186 depends on X86 && 64BIT 1187 select CRYPTO_ALGAPI 1188 select CRYPTO_CRYPTD 1189 select CRYPTO_ABLK_HELPER_X86 1190 select CRYPTO_GLUE_HELPER_X86 1191 select CRYPTO_TWOFISH_COMMON 1192 select CRYPTO_TWOFISH_X86_64 1193 select CRYPTO_TWOFISH_X86_64_3WAY 1194 select CRYPTO_LRW 1195 select CRYPTO_XTS 1196 help 1197 Twofish cipher algorithm (x86_64/AVX). 1198 1199 Twofish was submitted as an AES (Advanced Encryption Standard) 1200 candidate cipher by researchers at CounterPane Systems. It is a 1201 16 round block cipher supporting key sizes of 128, 192, and 256 1202 bits. 1203 1204 This module provides the Twofish cipher algorithm that processes 1205 eight blocks parallel using the AVX Instruction Set. 1206 1207 See also: 1208 <http://www.schneier.com/twofish.html> 1209 1210comment "Compression" 1211 1212config CRYPTO_DEFLATE 1213 tristate "Deflate compression algorithm" 1214 select CRYPTO_ALGAPI 1215 select ZLIB_INFLATE 1216 select ZLIB_DEFLATE 1217 help 1218 This is the Deflate algorithm (RFC1951), specified for use in 1219 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1220 1221 You will most probably want this if using IPSec. 1222 1223config CRYPTO_ZLIB 1224 tristate "Zlib compression algorithm" 1225 select CRYPTO_PCOMP 1226 select ZLIB_INFLATE 1227 select ZLIB_DEFLATE 1228 select NLATTR 1229 help 1230 This is the zlib algorithm. 1231 1232config CRYPTO_LZO 1233 tristate "LZO compression algorithm" 1234 select CRYPTO_ALGAPI 1235 select LZO_COMPRESS 1236 select LZO_DECOMPRESS 1237 help 1238 This is the LZO algorithm. 1239 1240config CRYPTO_842 1241 tristate "842 compression algorithm" 1242 depends on CRYPTO_DEV_NX_COMPRESS 1243 # 842 uses lzo if the hardware becomes unavailable 1244 select LZO_COMPRESS 1245 select LZO_DECOMPRESS 1246 help 1247 This is the 842 algorithm. 1248 1249comment "Random Number Generation" 1250 1251config CRYPTO_ANSI_CPRNG 1252 tristate "Pseudo Random Number Generation for Cryptographic modules" 1253 default m 1254 select CRYPTO_AES 1255 select CRYPTO_RNG 1256 help 1257 This option enables the generic pseudo random number generator 1258 for cryptographic modules. Uses the Algorithm specified in 1259 ANSI X9.31 A.2.4. Note that this option must be enabled if 1260 CRYPTO_FIPS is selected 1261 1262config CRYPTO_USER_API 1263 tristate 1264 1265config CRYPTO_USER_API_HASH 1266 tristate "User-space interface for hash algorithms" 1267 depends on NET 1268 select CRYPTO_HASH 1269 select CRYPTO_USER_API 1270 help 1271 This option enables the user-spaces interface for hash 1272 algorithms. 1273 1274config CRYPTO_USER_API_SKCIPHER 1275 tristate "User-space interface for symmetric key cipher algorithms" 1276 depends on NET 1277 select CRYPTO_BLKCIPHER 1278 select CRYPTO_USER_API 1279 help 1280 This option enables the user-spaces interface for symmetric 1281 key cipher algorithms. 1282 1283source "drivers/crypto/Kconfig" 1284source crypto/asymmetric_keys/Kconfig 1285 1286endif # if CRYPTO 1287