blob: 935301ee5ac83215073c3564ac6384c8caed3961 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
2# Cryptographic API Configuration
3#
4
Jan Engelhardt2e290f42007-05-18 15:11:01 +10005menuconfig CRYPTO
Linus Torvalds1da177e2005-04-16 15:20:36 -07006 bool "Cryptographic API"
7 help
8 This option provides the core Cryptographic API.
9
Herbert Xucce9e062006-08-21 21:08:13 +100010if CRYPTO
11
12config CRYPTO_ALGAPI
13 tristate
14 help
15 This option provides the API for cryptographic algorithms.
16
Herbert Xub5b7f082007-04-16 20:48:54 +100017config CRYPTO_ABLKCIPHER
18 tristate
19 select CRYPTO_BLKCIPHER
20
Herbert Xu5cde0af2006-08-22 00:07:53 +100021config CRYPTO_BLKCIPHER
22 tristate
23 select CRYPTO_ALGAPI
24
Herbert Xu055bcee2006-08-19 22:24:23 +100025config CRYPTO_HASH
26 tristate
27 select CRYPTO_ALGAPI
28
Herbert Xu2b8c19d2006-09-21 11:31:44 +100029config CRYPTO_MANAGER
30 tristate "Cryptographic algorithm manager"
31 select CRYPTO_ALGAPI
Herbert Xu2b8c19d2006-09-21 11:31:44 +100032 help
33 Create default cryptographic template instantiations such as
34 cbc(aes).
35
Linus Torvalds1da177e2005-04-16 15:20:36 -070036config CRYPTO_HMAC
Herbert Xu84251652006-08-20 15:25:22 +100037 tristate "HMAC support"
Herbert Xu0796ae02006-08-21 20:50:52 +100038 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +100039 select CRYPTO_MANAGER
Linus Torvalds1da177e2005-04-16 15:20:36 -070040 help
41 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
42 This is required for IPSec.
43
Kazunori MIYAZAWA333b0d72006-10-28 13:15:24 +100044config CRYPTO_XCBC
45 tristate "XCBC support"
46 depends on EXPERIMENTAL
47 select CRYPTO_HASH
48 select CRYPTO_MANAGER
49 help
50 XCBC: Keyed-Hashing with encryption algorithm
51 http://www.ietf.org/rfc/rfc3566.txt
52 http://csrc.nist.gov/encryption/modes/proposedmodes/
53 xcbc-mac/xcbc-mac-spec.pdf
54
Linus Torvalds1da177e2005-04-16 15:20:36 -070055config CRYPTO_NULL
56 tristate "Null algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +100057 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070058 help
59 These are 'Null' algorithms, used by IPsec, which do nothing.
60
61config CRYPTO_MD4
62 tristate "MD4 digest algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +100063 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070064 help
65 MD4 message digest algorithm (RFC1320).
66
67config CRYPTO_MD5
68 tristate "MD5 digest algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +100069 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070070 help
71 MD5 message digest algorithm (RFC1321).
72
73config CRYPTO_SHA1
74 tristate "SHA1 digest algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +100075 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070076 help
77 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
78
Linus Torvalds1da177e2005-04-16 15:20:36 -070079config CRYPTO_SHA256
80 tristate "SHA256 digest algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +100081 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070082 help
83 SHA256 secure hash standard (DFIPS 180-2).
84
85 This version of SHA implements a 256 bit hash with 128 bits of
86 security against collision attacks.
87
88config CRYPTO_SHA512
89 tristate "SHA384 and SHA512 digest algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +100090 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -070091 help
92 SHA512 secure hash standard (DFIPS 180-2).
93
94 This version of SHA implements a 512 bit hash with 256 bits of
95 security against collision attacks.
96
97 This code also includes SHA-384, a 384 bit hash with 192 bits
98 of security against collision attacks.
99
100config CRYPTO_WP512
101 tristate "Whirlpool digest algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000102 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700103 help
104 Whirlpool hash algorithm 512, 384 and 256-bit hashes
105
106 Whirlpool-512 is part of the NESSIE cryptographic primitives.
107 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
108
109 See also:
110 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
111
112config CRYPTO_TGR192
113 tristate "Tiger digest algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000114 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700115 help
116 Tiger hash algorithm 192, 160 and 128-bit hashes
117
118 Tiger is a hash function optimized for 64-bit processors while
119 still having decent performance on 32-bit processors.
120 Tiger was developed by Ross Anderson and Eli Biham.
121
122 See also:
123 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
124
Rik Snelc494e072006-11-29 18:59:44 +1100125config CRYPTO_GF128MUL
126 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
127 depends on EXPERIMENTAL
128 help
129 Efficient table driven implementation of multiplications in the
130 field GF(2^128). This is needed by some cypher modes. This
131 option will be selected automatically if you select such a
132 cipher mode. Only select this option by hand if you expect to load
133 an external module that requires these functions.
134
Herbert Xudb131ef2006-09-21 11:44:08 +1000135config CRYPTO_ECB
136 tristate "ECB support"
137 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000138 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000139 default m
140 help
141 ECB: Electronic CodeBook mode
142 This is the simplest block cipher algorithm. It simply encrypts
143 the input block by block.
144
145config CRYPTO_CBC
146 tristate "CBC support"
147 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000148 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000149 default m
150 help
151 CBC: Cipher Block Chaining mode
152 This block cipher algorithm is required for IPSec.
153
David Howells91652be2006-12-16 12:09:02 +1100154config CRYPTO_PCBC
155 tristate "PCBC support"
156 select CRYPTO_BLKCIPHER
157 select CRYPTO_MANAGER
158 default m
159 help
160 PCBC: Propagating Cipher Block Chaining mode
161 This block cipher algorithm is required for RxRPC.
162
Rik Snel64470f12006-11-26 09:43:10 +1100163config CRYPTO_LRW
164 tristate "LRW support (EXPERIMENTAL)"
165 depends on EXPERIMENTAL
166 select CRYPTO_BLKCIPHER
167 select CRYPTO_MANAGER
168 select CRYPTO_GF128MUL
169 help
170 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
171 narrow block cipher mode for dm-crypt. Use it with cipher
172 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
173 The first 128, 192 or 256 bits in the key are used for AES and the
174 rest is used to tie each cipher block to its logical position.
175
Herbert Xu124b53d2007-04-16 20:49:20 +1000176config CRYPTO_CRYPTD
177 tristate "Software async crypto daemon"
178 select CRYPTO_ABLKCIPHER
179 select CRYPTO_MANAGER
180 help
181 This is a generic software asynchronous crypto daemon that
182 converts an arbitrary synchronous software crypto algorithm
183 into an asynchronous algorithm that executes in a kernel thread.
184
Linus Torvalds1da177e2005-04-16 15:20:36 -0700185config CRYPTO_DES
186 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000187 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700188 help
189 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
190
David Howells90831632006-12-16 12:13:14 +1100191config CRYPTO_FCRYPT
192 tristate "FCrypt cipher algorithm"
193 select CRYPTO_ALGAPI
194 select CRYPTO_BLKCIPHER
195 help
196 FCrypt algorithm used by RxRPC.
197
Linus Torvalds1da177e2005-04-16 15:20:36 -0700198config CRYPTO_BLOWFISH
199 tristate "Blowfish cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000200 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700201 help
202 Blowfish cipher algorithm, by Bruce Schneier.
203
204 This is a variable key length cipher which can use keys from 32
205 bits to 448 bits in length. It's fast, simple and specifically
206 designed for use on "large microprocessors".
207
208 See also:
209 <http://www.schneier.com/blowfish.html>
210
211config CRYPTO_TWOFISH
212 tristate "Twofish cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000213 select CRYPTO_ALGAPI
Joachim Fritschi2729bb42006-06-20 20:37:23 +1000214 select CRYPTO_TWOFISH_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -0700215 help
216 Twofish cipher algorithm.
217
218 Twofish was submitted as an AES (Advanced Encryption Standard)
219 candidate cipher by researchers at CounterPane Systems. It is a
220 16 round block cipher supporting key sizes of 128, 192, and 256
221 bits.
222
223 See also:
224 <http://www.schneier.com/twofish.html>
225
Joachim Fritschi2729bb42006-06-20 20:37:23 +1000226config CRYPTO_TWOFISH_COMMON
227 tristate
Joachim Fritschi2729bb42006-06-20 20:37:23 +1000228 help
229 Common parts of the Twofish cipher algorithm shared by the
230 generic c and the assembler implementations.
231
Joachim Fritschib9f535f2006-06-20 20:59:16 +1000232config CRYPTO_TWOFISH_586
233 tristate "Twofish cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000234 depends on (X86 || UML_X86) && !64BIT
235 select CRYPTO_ALGAPI
Joachim Fritschib9f535f2006-06-20 20:59:16 +1000236 select CRYPTO_TWOFISH_COMMON
237 help
238 Twofish cipher algorithm.
239
240 Twofish was submitted as an AES (Advanced Encryption Standard)
241 candidate cipher by researchers at CounterPane Systems. It is a
242 16 round block cipher supporting key sizes of 128, 192, and 256
243 bits.
244
245 See also:
246 <http://www.schneier.com/twofish.html>
247
Joachim Fritschieaf44082006-06-20 21:12:02 +1000248config CRYPTO_TWOFISH_X86_64
249 tristate "Twofish cipher algorithm (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000250 depends on (X86 || UML_X86) && 64BIT
251 select CRYPTO_ALGAPI
Joachim Fritschieaf44082006-06-20 21:12:02 +1000252 select CRYPTO_TWOFISH_COMMON
253 help
254 Twofish cipher algorithm (x86_64).
255
256 Twofish was submitted as an AES (Advanced Encryption Standard)
257 candidate cipher by researchers at CounterPane Systems. It is a
258 16 round block cipher supporting key sizes of 128, 192, and 256
259 bits.
260
261 See also:
262 <http://www.schneier.com/twofish.html>
263
Linus Torvalds1da177e2005-04-16 15:20:36 -0700264config CRYPTO_SERPENT
265 tristate "Serpent cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000266 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700267 help
268 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
269
270 Keys are allowed to be from 0 to 256 bits in length, in steps
271 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
David Sterba3dde6ad2007-05-09 07:12:20 +0200272 variant of Serpent for compatibility with old kerneli.org code.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700273
274 See also:
275 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
276
277config CRYPTO_AES
278 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000279 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700280 help
281 AES cipher algorithms (FIPS-197). AES uses the Rijndael
282 algorithm.
283
284 Rijndael appears to be consistently a very good performer in
285 both hardware and software across a wide range of computing
286 environments regardless of its use in feedback or non-feedback
287 modes. Its key setup time is excellent, and its key agility is
288 good. Rijndael's very low memory requirements make it very well
289 suited for restricted-space environments, in which it also
290 demonstrates excellent performance. Rijndael's operations are
291 among the easiest to defend against power and timing attacks.
292
293 The AES specifies three key sizes: 128, 192 and 256 bits
294
295 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
296
297config CRYPTO_AES_586
298 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000299 depends on (X86 || UML_X86) && !64BIT
300 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700301 help
302 AES cipher algorithms (FIPS-197). AES uses the Rijndael
303 algorithm.
304
305 Rijndael appears to be consistently a very good performer in
306 both hardware and software across a wide range of computing
307 environments regardless of its use in feedback or non-feedback
308 modes. Its key setup time is excellent, and its key agility is
309 good. Rijndael's very low memory requirements make it very well
310 suited for restricted-space environments, in which it also
311 demonstrates excellent performance. Rijndael's operations are
312 among the easiest to defend against power and timing attacks.
313
314 The AES specifies three key sizes: 128, 192 and 256 bits
315
316 See <http://csrc.nist.gov/encryption/aes/> for more information.
317
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700318config CRYPTO_AES_X86_64
319 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000320 depends on (X86 || UML_X86) && 64BIT
321 select CRYPTO_ALGAPI
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700322 help
323 AES cipher algorithms (FIPS-197). AES uses the Rijndael
324 algorithm.
325
326 Rijndael appears to be consistently a very good performer in
327 both hardware and software across a wide range of computing
328 environments regardless of its use in feedback or non-feedback
329 modes. Its key setup time is excellent, and its key agility is
330 good. Rijndael's very low memory requirements make it very well
331 suited for restricted-space environments, in which it also
332 demonstrates excellent performance. Rijndael's operations are
333 among the easiest to defend against power and timing attacks.
334
335 The AES specifies three key sizes: 128, 192 and 256 bits
336
337 See <http://csrc.nist.gov/encryption/aes/> for more information.
338
Linus Torvalds1da177e2005-04-16 15:20:36 -0700339config CRYPTO_CAST5
340 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000341 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700342 help
343 The CAST5 encryption algorithm (synonymous with CAST-128) is
344 described in RFC2144.
345
346config CRYPTO_CAST6
347 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000348 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700349 help
350 The CAST6 encryption algorithm (synonymous with CAST-256) is
351 described in RFC2612.
352
353config CRYPTO_TEA
Aaron Grothefb4f10e2005-09-01 17:42:46 -0700354 tristate "TEA, XTEA and XETA cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000355 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700356 help
357 TEA cipher algorithm.
358
359 Tiny Encryption Algorithm is a simple cipher that uses
360 many rounds for security. It is very fast and uses
361 little memory.
362
363 Xtendend Tiny Encryption Algorithm is a modification to
364 the TEA algorithm to address a potential key weakness
365 in the TEA algorithm.
366
Aaron Grothefb4f10e2005-09-01 17:42:46 -0700367 Xtendend Encryption Tiny Algorithm is a mis-implementation
368 of the XTEA algorithm for compatibility purposes.
369
Linus Torvalds1da177e2005-04-16 15:20:36 -0700370config CRYPTO_ARC4
371 tristate "ARC4 cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000372 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700373 help
374 ARC4 cipher algorithm.
375
376 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
377 bits in length. This algorithm is required for driver-based
378 WEP, but it should not be for other purposes because of the
379 weakness of the algorithm.
380
381config CRYPTO_KHAZAD
382 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000383 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700384 help
385 Khazad cipher algorithm.
386
387 Khazad was a finalist in the initial NESSIE competition. It is
388 an algorithm optimized for 64-bit processors with good performance
389 on 32-bit processors. Khazad uses an 128 bit key size.
390
391 See also:
392 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
393
394config CRYPTO_ANUBIS
395 tristate "Anubis cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000396 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700397 help
398 Anubis cipher algorithm.
399
400 Anubis is a variable key length cipher which can use keys from
401 128 bits to 320 bits in length. It was evaluated as a entrant
402 in the NESSIE competition.
403
404 See also:
405 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
406 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
407
408
409config CRYPTO_DEFLATE
410 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000411 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700412 select ZLIB_INFLATE
413 select ZLIB_DEFLATE
414 help
415 This is the Deflate algorithm (RFC1951), specified for use in
416 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
417
418 You will most probably want this if using IPSec.
419
420config CRYPTO_MICHAEL_MIC
421 tristate "Michael MIC keyed digest algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000422 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700423 help
424 Michael MIC is used for message integrity protection in TKIP
425 (IEEE 802.11i). This algorithm is required for TKIP, but it
426 should not be used for other purposes because of the weakness
427 of the algorithm.
428
429config CRYPTO_CRC32C
430 tristate "CRC32c CRC algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000431 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700432 select LIBCRC32C
433 help
434 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
435 by iSCSI for header and data digests and by others.
436 See Castagnoli93. This implementation uses lib/libcrc32c.
437 Module will be crc32c.
438
Noriaki TAKAMIYA04ac7db2006-10-22 14:49:17 +1000439config CRYPTO_CAMELLIA
440 tristate "Camellia cipher algorithms"
441 depends on CRYPTO
442 select CRYPTO_ALGAPI
443 help
444 Camellia cipher algorithms module.
445
446 Camellia is a symmetric key block cipher developed jointly
447 at NTT and Mitsubishi Electric Corporation.
448
449 The Camellia specifies three key sizes: 128, 192 and 256 bits.
450
451 See also:
452 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
453
Linus Torvalds1da177e2005-04-16 15:20:36 -0700454config CRYPTO_TEST
455 tristate "Testing module"
Herbert Xucce9e062006-08-21 21:08:13 +1000456 depends on m
457 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700458 help
459 Quick & dirty crypto test module.
460
461source "drivers/crypto/Kconfig"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700462
Herbert Xucce9e062006-08-21 21:08:13 +1000463endif # if CRYPTO