1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_ALGAPI 25 tristate 26 help 27 This option provides the API for cryptographic algorithms. 28 29config CRYPTO_AEAD 30 tristate 31 select CRYPTO_ALGAPI 32 33config CRYPTO_BLKCIPHER 34 tristate 35 select CRYPTO_ALGAPI 36 37config CRYPTO_HASH 38 tristate 39 select CRYPTO_ALGAPI 40 41config CRYPTO_MANAGER 42 tristate "Cryptographic algorithm manager" 43 select CRYPTO_ALGAPI 44 help 45 Create default cryptographic template instantiations such as 46 cbc(aes). 47 48config CRYPTO_GF128MUL 49 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" 50 depends on EXPERIMENTAL 51 help 52 Efficient table driven implementation of multiplications in the 53 field GF(2^128). This is needed by some cypher modes. This 54 option will be selected automatically if you select such a 55 cipher mode. Only select this option by hand if you expect to load 56 an external module that requires these functions. 57 58config CRYPTO_NULL 59 tristate "Null algorithms" 60 select CRYPTO_ALGAPI 61 select CRYPTO_BLKCIPHER 62 help 63 These are 'Null' algorithms, used by IPsec, which do nothing. 64 65config CRYPTO_CRYPTD 66 tristate "Software async crypto daemon" 67 select CRYPTO_BLKCIPHER 68 select CRYPTO_HASH 69 select CRYPTO_MANAGER 70 help 71 This is a generic software asynchronous crypto daemon that 72 converts an arbitrary synchronous software crypto algorithm 73 into an asynchronous algorithm that executes in a kernel thread. 74 75config CRYPTO_AUTHENC 76 tristate "Authenc support" 77 select CRYPTO_AEAD 78 select CRYPTO_BLKCIPHER 79 select CRYPTO_MANAGER 80 select CRYPTO_HASH 81 help 82 Authenc: Combined mode wrapper for IPsec. 83 This is required for IPSec. 84 85config CRYPTO_TEST 86 tristate "Testing module" 87 depends on m 88 select CRYPTO_ALGAPI 89 select CRYPTO_AEAD 90 select CRYPTO_BLKCIPHER 91 help 92 Quick & dirty crypto test module. 93 94comment "Authenticated Encryption with Associated Data" 95 96config CRYPTO_CCM 97 tristate "CCM support" 98 select CRYPTO_CTR 99 select CRYPTO_AEAD 100 help 101 Support for Counter with CBC MAC. Required for IPsec. 102 103config CRYPTO_GCM 104 tristate "GCM/GMAC support" 105 select CRYPTO_CTR 106 select CRYPTO_AEAD 107 select CRYPTO_GF128MUL 108 help 109 Support for Galois/Counter Mode (GCM) and Galois Message 110 Authentication Code (GMAC). Required for IPSec. 111 112config CRYPTO_SEQIV 113 tristate "Sequence Number IV Generator" 114 select CRYPTO_AEAD 115 select CRYPTO_BLKCIPHER 116 help 117 This IV generator generates an IV based on a sequence number by 118 xoring it with a salt. This algorithm is mainly useful for CTR 119 120comment "Block modes" 121 122config CRYPTO_CBC 123 tristate "CBC support" 124 select CRYPTO_BLKCIPHER 125 select CRYPTO_MANAGER 126 help 127 CBC: Cipher Block Chaining mode 128 This block cipher algorithm is required for IPSec. 129 130config CRYPTO_CTR 131 tristate "CTR support" 132 select CRYPTO_BLKCIPHER 133 select CRYPTO_SEQIV 134 select CRYPTO_MANAGER 135 help 136 CTR: Counter mode 137 This block cipher algorithm is required for IPSec. 138 139config CRYPTO_CTS 140 tristate "CTS support" 141 select CRYPTO_BLKCIPHER 142 help 143 CTS: Cipher Text Stealing 144 This is the Cipher Text Stealing mode as described by 145 Section 8 of rfc2040 and referenced by rfc3962. 146 (rfc3962 includes errata information in its Appendix A) 147 This mode is required for Kerberos gss mechanism support 148 for AES encryption. 149 150config CRYPTO_ECB 151 tristate "ECB support" 152 select CRYPTO_BLKCIPHER 153 select CRYPTO_MANAGER 154 help 155 ECB: Electronic CodeBook mode 156 This is the simplest block cipher algorithm. It simply encrypts 157 the input block by block. 158 159config CRYPTO_LRW 160 tristate "LRW support (EXPERIMENTAL)" 161 depends on EXPERIMENTAL 162 select CRYPTO_BLKCIPHER 163 select CRYPTO_MANAGER 164 select CRYPTO_GF128MUL 165 help 166 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 167 narrow block cipher mode for dm-crypt. Use it with cipher 168 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 169 The first 128, 192 or 256 bits in the key are used for AES and the 170 rest is used to tie each cipher block to its logical position. 171 172config CRYPTO_PCBC 173 tristate "PCBC support" 174 select CRYPTO_BLKCIPHER 175 select CRYPTO_MANAGER 176 help 177 PCBC: Propagating Cipher Block Chaining mode 178 This block cipher algorithm is required for RxRPC. 179 180config CRYPTO_XTS 181 tristate "XTS support (EXPERIMENTAL)" 182 depends on EXPERIMENTAL 183 select CRYPTO_BLKCIPHER 184 select CRYPTO_MANAGER 185 select CRYPTO_GF128MUL 186 help 187 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 188 key size 256, 384 or 512 bits. This implementation currently 189 can't handle a sectorsize which is not a multiple of 16 bytes. 190 191comment "Hash modes" 192 193config CRYPTO_HMAC 194 tristate "HMAC support" 195 select CRYPTO_HASH 196 select CRYPTO_MANAGER 197 help 198 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 199 This is required for IPSec. 200 201config CRYPTO_XCBC 202 tristate "XCBC support" 203 depends on EXPERIMENTAL 204 select CRYPTO_HASH 205 select CRYPTO_MANAGER 206 help 207 XCBC: Keyed-Hashing with encryption algorithm 208 http://www.ietf.org/rfc/rfc3566.txt 209 http://csrc.nist.gov/encryption/modes/proposedmodes/ 210 xcbc-mac/xcbc-mac-spec.pdf 211 212comment "Digest" 213 214config CRYPTO_CRC32C 215 tristate "CRC32c CRC algorithm" 216 select CRYPTO_HASH 217 select LIBCRC32C 218 help 219 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 220 by iSCSI for header and data digests and by others. 221 See Castagnoli93. This implementation uses lib/libcrc32c. 222 Module will be crc32c. 223 224config CRYPTO_MD4 225 tristate "MD4 digest algorithm" 226 select CRYPTO_ALGAPI 227 help 228 MD4 message digest algorithm (RFC1320). 229 230config CRYPTO_MD5 231 tristate "MD5 digest algorithm" 232 select CRYPTO_ALGAPI 233 help 234 MD5 message digest algorithm (RFC1321). 235 236config CRYPTO_MICHAEL_MIC 237 tristate "Michael MIC keyed digest algorithm" 238 select CRYPTO_ALGAPI 239 help 240 Michael MIC is used for message integrity protection in TKIP 241 (IEEE 802.11i). This algorithm is required for TKIP, but it 242 should not be used for other purposes because of the weakness 243 of the algorithm. 244 245config CRYPTO_RMD128 246 tristate "RIPEMD-128 digest algorithm" 247 select CRYPTO_ALGAPI 248 help 249 RIPEMD-128 (ISO/IEC 10118-3:2004). 250 251 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 252 to be used as a secure replacement for RIPEMD. For other use cases 253 RIPEMD-160 should be used. 254 255 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 256 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 257 258config CRYPTO_RMD160 259 tristate "RIPEMD-160 digest algorithm" 260 select CRYPTO_ALGAPI 261 help 262 RIPEMD-160 (ISO/IEC 10118-3:2004). 263 264 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 265 to be used as a secure replacement for the 128-bit hash functions 266 MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). 267 268 It's speed is comparable to SHA1 and there are no known attacks against 269 RIPEMD-160. 270 271 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 272 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 273 274config CRYPTO_RMD256 275 tristate "RIPEMD-256 digest algorithm" 276 select CRYPTO_ALGAPI 277 help 278 RIPEMD-256 is an optional extension of RIPEMD-128 with a 256 bit hash. 279 It is intended for applications that require longer hash-results, without 280 needing a larger security level (than RIPEMD-128). 281 282 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 283 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 284 285config CRYPTO_RMD320 286 tristate "RIPEMD-320 digest algorithm" 287 select CRYPTO_ALGAPI 288 help 289 RIPEMD-320 is an optional extension of RIPEMD-160 with a 320 bit hash. 290 It is intended for applications that require longer hash-results, without 291 needing a larger security level (than RIPEMD-160). 292 293 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 294 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 295 296config CRYPTO_SHA1 297 tristate "SHA1 digest algorithm" 298 select CRYPTO_ALGAPI 299 help 300 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 301 302config CRYPTO_SHA256 303 tristate "SHA224 and SHA256 digest algorithm" 304 select CRYPTO_ALGAPI 305 help 306 SHA256 secure hash standard (DFIPS 180-2). 307 308 This version of SHA implements a 256 bit hash with 128 bits of 309 security against collision attacks. 310 311 This code also includes SHA-224, a 224 bit hash with 112 bits 312 of security against collision attacks. 313 314config CRYPTO_SHA512 315 tristate "SHA384 and SHA512 digest algorithms" 316 select CRYPTO_ALGAPI 317 help 318 SHA512 secure hash standard (DFIPS 180-2). 319 320 This version of SHA implements a 512 bit hash with 256 bits of 321 security against collision attacks. 322 323 This code also includes SHA-384, a 384 bit hash with 192 bits 324 of security against collision attacks. 325 326config CRYPTO_TGR192 327 tristate "Tiger digest algorithms" 328 select CRYPTO_ALGAPI 329 help 330 Tiger hash algorithm 192, 160 and 128-bit hashes 331 332 Tiger is a hash function optimized for 64-bit processors while 333 still having decent performance on 32-bit processors. 334 Tiger was developed by Ross Anderson and Eli Biham. 335 336 See also: 337 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 338 339config CRYPTO_WP512 340 tristate "Whirlpool digest algorithms" 341 select CRYPTO_ALGAPI 342 help 343 Whirlpool hash algorithm 512, 384 and 256-bit hashes 344 345 Whirlpool-512 is part of the NESSIE cryptographic primitives. 346 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 347 348 See also: 349 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> 350 351comment "Ciphers" 352 353config CRYPTO_AES 354 tristate "AES cipher algorithms" 355 select CRYPTO_ALGAPI 356 help 357 AES cipher algorithms (FIPS-197). AES uses the Rijndael 358 algorithm. 359 360 Rijndael appears to be consistently a very good performer in 361 both hardware and software across a wide range of computing 362 environments regardless of its use in feedback or non-feedback 363 modes. Its key setup time is excellent, and its key agility is 364 good. Rijndael's very low memory requirements make it very well 365 suited for restricted-space environments, in which it also 366 demonstrates excellent performance. Rijndael's operations are 367 among the easiest to defend against power and timing attacks. 368 369 The AES specifies three key sizes: 128, 192 and 256 bits 370 371 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 372 373config CRYPTO_AES_586 374 tristate "AES cipher algorithms (i586)" 375 depends on (X86 || UML_X86) && !64BIT 376 select CRYPTO_ALGAPI 377 select CRYPTO_AES 378 help 379 AES cipher algorithms (FIPS-197). AES uses the Rijndael 380 algorithm. 381 382 Rijndael appears to be consistently a very good performer in 383 both hardware and software across a wide range of computing 384 environments regardless of its use in feedback or non-feedback 385 modes. Its key setup time is excellent, and its key agility is 386 good. Rijndael's very low memory requirements make it very well 387 suited for restricted-space environments, in which it also 388 demonstrates excellent performance. Rijndael's operations are 389 among the easiest to defend against power and timing attacks. 390 391 The AES specifies three key sizes: 128, 192 and 256 bits 392 393 See <http://csrc.nist.gov/encryption/aes/> for more information. 394 395config CRYPTO_AES_X86_64 396 tristate "AES cipher algorithms (x86_64)" 397 depends on (X86 || UML_X86) && 64BIT 398 select CRYPTO_ALGAPI 399 select CRYPTO_AES 400 help 401 AES cipher algorithms (FIPS-197). AES uses the Rijndael 402 algorithm. 403 404 Rijndael appears to be consistently a very good performer in 405 both hardware and software across a wide range of computing 406 environments regardless of its use in feedback or non-feedback 407 modes. Its key setup time is excellent, and its key agility is 408 good. Rijndael's very low memory requirements make it very well 409 suited for restricted-space environments, in which it also 410 demonstrates excellent performance. Rijndael's operations are 411 among the easiest to defend against power and timing attacks. 412 413 The AES specifies three key sizes: 128, 192 and 256 bits 414 415 See <http://csrc.nist.gov/encryption/aes/> for more information. 416 417config CRYPTO_ANUBIS 418 tristate "Anubis cipher algorithm" 419 select CRYPTO_ALGAPI 420 help 421 Anubis cipher algorithm. 422 423 Anubis is a variable key length cipher which can use keys from 424 128 bits to 320 bits in length. It was evaluated as a entrant 425 in the NESSIE competition. 426 427 See also: 428 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 429 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 430 431config CRYPTO_ARC4 432 tristate "ARC4 cipher algorithm" 433 select CRYPTO_ALGAPI 434 help 435 ARC4 cipher algorithm. 436 437 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 438 bits in length. This algorithm is required for driver-based 439 WEP, but it should not be for other purposes because of the 440 weakness of the algorithm. 441 442config CRYPTO_BLOWFISH 443 tristate "Blowfish cipher algorithm" 444 select CRYPTO_ALGAPI 445 help 446 Blowfish cipher algorithm, by Bruce Schneier. 447 448 This is a variable key length cipher which can use keys from 32 449 bits to 448 bits in length. It's fast, simple and specifically 450 designed for use on "large microprocessors". 451 452 See also: 453 <http://www.schneier.com/blowfish.html> 454 455config CRYPTO_CAMELLIA 456 tristate "Camellia cipher algorithms" 457 depends on CRYPTO 458 select CRYPTO_ALGAPI 459 help 460 Camellia cipher algorithms module. 461 462 Camellia is a symmetric key block cipher developed jointly 463 at NTT and Mitsubishi Electric Corporation. 464 465 The Camellia specifies three key sizes: 128, 192 and 256 bits. 466 467 See also: 468 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 469 470config CRYPTO_CAST5 471 tristate "CAST5 (CAST-128) cipher algorithm" 472 select CRYPTO_ALGAPI 473 help 474 The CAST5 encryption algorithm (synonymous with CAST-128) is 475 described in RFC2144. 476 477config CRYPTO_CAST6 478 tristate "CAST6 (CAST-256) cipher algorithm" 479 select CRYPTO_ALGAPI 480 help 481 The CAST6 encryption algorithm (synonymous with CAST-256) is 482 described in RFC2612. 483 484config CRYPTO_DES 485 tristate "DES and Triple DES EDE cipher algorithms" 486 select CRYPTO_ALGAPI 487 help 488 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 489 490config CRYPTO_FCRYPT 491 tristate "FCrypt cipher algorithm" 492 select CRYPTO_ALGAPI 493 select CRYPTO_BLKCIPHER 494 help 495 FCrypt algorithm used by RxRPC. 496 497config CRYPTO_KHAZAD 498 tristate "Khazad cipher algorithm" 499 select CRYPTO_ALGAPI 500 help 501 Khazad cipher algorithm. 502 503 Khazad was a finalist in the initial NESSIE competition. It is 504 an algorithm optimized for 64-bit processors with good performance 505 on 32-bit processors. Khazad uses an 128 bit key size. 506 507 See also: 508 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> 509 510config CRYPTO_SALSA20 511 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 512 depends on EXPERIMENTAL 513 select CRYPTO_BLKCIPHER 514 help 515 Salsa20 stream cipher algorithm. 516 517 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 518 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 519 520 The Salsa20 stream cipher algorithm is designed by Daniel J. 521 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 522 523config CRYPTO_SALSA20_586 524 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 525 depends on (X86 || UML_X86) && !64BIT 526 depends on EXPERIMENTAL 527 select CRYPTO_BLKCIPHER 528 help 529 Salsa20 stream cipher algorithm. 530 531 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 532 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 533 534 The Salsa20 stream cipher algorithm is designed by Daniel J. 535 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 536 537config CRYPTO_SALSA20_X86_64 538 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 539 depends on (X86 || UML_X86) && 64BIT 540 depends on EXPERIMENTAL 541 select CRYPTO_BLKCIPHER 542 help 543 Salsa20 stream cipher algorithm. 544 545 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 546 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 547 548 The Salsa20 stream cipher algorithm is designed by Daniel J. 549 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 550 551config CRYPTO_SEED 552 tristate "SEED cipher algorithm" 553 select CRYPTO_ALGAPI 554 help 555 SEED cipher algorithm (RFC4269). 556 557 SEED is a 128-bit symmetric key block cipher that has been 558 developed by KISA (Korea Information Security Agency) as a 559 national standard encryption algorithm of the Republic of Korea. 560 It is a 16 round block cipher with the key size of 128 bit. 561 562 See also: 563 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 564 565config CRYPTO_SERPENT 566 tristate "Serpent cipher algorithm" 567 select CRYPTO_ALGAPI 568 help 569 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 570 571 Keys are allowed to be from 0 to 256 bits in length, in steps 572 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 573 variant of Serpent for compatibility with old kerneli.org code. 574 575 See also: 576 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 577 578config CRYPTO_TEA 579 tristate "TEA, XTEA and XETA cipher algorithms" 580 select CRYPTO_ALGAPI 581 help 582 TEA cipher algorithm. 583 584 Tiny Encryption Algorithm is a simple cipher that uses 585 many rounds for security. It is very fast and uses 586 little memory. 587 588 Xtendend Tiny Encryption Algorithm is a modification to 589 the TEA algorithm to address a potential key weakness 590 in the TEA algorithm. 591 592 Xtendend Encryption Tiny Algorithm is a mis-implementation 593 of the XTEA algorithm for compatibility purposes. 594 595config CRYPTO_TWOFISH 596 tristate "Twofish cipher algorithm" 597 select CRYPTO_ALGAPI 598 select CRYPTO_TWOFISH_COMMON 599 help 600 Twofish cipher algorithm. 601 602 Twofish was submitted as an AES (Advanced Encryption Standard) 603 candidate cipher by researchers at CounterPane Systems. It is a 604 16 round block cipher supporting key sizes of 128, 192, and 256 605 bits. 606 607 See also: 608 <http://www.schneier.com/twofish.html> 609 610config CRYPTO_TWOFISH_COMMON 611 tristate 612 help 613 Common parts of the Twofish cipher algorithm shared by the 614 generic c and the assembler implementations. 615 616config CRYPTO_TWOFISH_586 617 tristate "Twofish cipher algorithms (i586)" 618 depends on (X86 || UML_X86) && !64BIT 619 select CRYPTO_ALGAPI 620 select CRYPTO_TWOFISH_COMMON 621 help 622 Twofish cipher algorithm. 623 624 Twofish was submitted as an AES (Advanced Encryption Standard) 625 candidate cipher by researchers at CounterPane Systems. It is a 626 16 round block cipher supporting key sizes of 128, 192, and 256 627 bits. 628 629 See also: 630 <http://www.schneier.com/twofish.html> 631 632config CRYPTO_TWOFISH_X86_64 633 tristate "Twofish cipher algorithm (x86_64)" 634 depends on (X86 || UML_X86) && 64BIT 635 select CRYPTO_ALGAPI 636 select CRYPTO_TWOFISH_COMMON 637 help 638 Twofish cipher algorithm (x86_64). 639 640 Twofish was submitted as an AES (Advanced Encryption Standard) 641 candidate cipher by researchers at CounterPane Systems. It is a 642 16 round block cipher supporting key sizes of 128, 192, and 256 643 bits. 644 645 See also: 646 <http://www.schneier.com/twofish.html> 647 648comment "Compression" 649 650config CRYPTO_DEFLATE 651 tristate "Deflate compression algorithm" 652 select CRYPTO_ALGAPI 653 select ZLIB_INFLATE 654 select ZLIB_DEFLATE 655 help 656 This is the Deflate algorithm (RFC1951), specified for use in 657 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 658 659 You will most probably want this if using IPSec. 660 661config CRYPTO_LZO 662 tristate "LZO compression algorithm" 663 select CRYPTO_ALGAPI 664 select LZO_COMPRESS 665 select LZO_DECOMPRESS 666 help 667 This is the LZO algorithm. 668 669source "drivers/crypto/Kconfig" 670 671endif # if CRYPTO 672