blob: 420b630a17cf90b32a833f8cdeb15619fb1c92eb [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
26 help
27 This options enables the fips boot option which is
28 required if you want to system to operate in a FIPS 200
29 certification. You should say no unless you know what
30 this is.
31
Herbert Xucce9e062006-08-21 21:08:13 +100032config CRYPTO_ALGAPI
33 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110034 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100035 help
36 This option provides the API for cryptographic algorithms.
37
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110038config CRYPTO_ALGAPI2
39 tristate
40
Herbert Xu1ae97822007-08-30 15:36:14 +080041config CRYPTO_AEAD
42 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110043 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080044 select CRYPTO_ALGAPI
45
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110046config CRYPTO_AEAD2
47 tristate
48 select CRYPTO_ALGAPI2
49
Herbert Xu5cde0af2006-08-22 00:07:53 +100050config CRYPTO_BLKCIPHER
51 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110052 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100053 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110054
55config CRYPTO_BLKCIPHER2
56 tristate
57 select CRYPTO_ALGAPI2
58 select CRYPTO_RNG2
Herbert Xu5cde0af2006-08-22 00:07:53 +100059
Herbert Xu055bcee2006-08-19 22:24:23 +100060config CRYPTO_HASH
61 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110062 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100063 select CRYPTO_ALGAPI
64
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110065config CRYPTO_HASH2
66 tristate
67 select CRYPTO_ALGAPI2
68
Neil Horman17f0f4a2008-08-14 22:15:52 +100069config CRYPTO_RNG
70 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110071 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100072 select CRYPTO_ALGAPI
73
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110074config CRYPTO_RNG2
75 tristate
76 select CRYPTO_ALGAPI2
77
Herbert Xu2b8c19d2006-09-21 11:31:44 +100078config CRYPTO_MANAGER
79 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110080 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +100081 help
82 Create default cryptographic template instantiations such as
83 cbc(aes).
84
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110085config CRYPTO_MANAGER2
86 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
87 select CRYPTO_AEAD2
88 select CRYPTO_HASH2
89 select CRYPTO_BLKCIPHER2
90
Rik Snelc494e072006-11-29 18:59:44 +110091config CRYPTO_GF128MUL
92 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
93 depends on EXPERIMENTAL
94 help
95 Efficient table driven implementation of multiplications in the
96 field GF(2^128). This is needed by some cypher modes. This
97 option will be selected automatically if you select such a
98 cipher mode. Only select this option by hand if you expect to load
99 an external module that requires these functions.
100
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800101config CRYPTO_NULL
102 tristate "Null algorithms"
103 select CRYPTO_ALGAPI
104 select CRYPTO_BLKCIPHER
Herbert Xud35d2452008-11-08 08:09:56 +0800105 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800106 help
107 These are 'Null' algorithms, used by IPsec, which do nothing.
108
Huang Ying25c38d32009-02-19 14:33:40 +0800109config CRYPTO_WORKQUEUE
110 tristate
111
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800112config CRYPTO_CRYPTD
113 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000114 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800115 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000116 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000117 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800118 This is a generic software asynchronous crypto daemon that
119 converts an arbitrary synchronous software crypto algorithm
120 into an asynchronous algorithm that executes in a kernel thread.
121
122config CRYPTO_AUTHENC
123 tristate "Authenc support"
124 select CRYPTO_AEAD
125 select CRYPTO_BLKCIPHER
126 select CRYPTO_MANAGER
127 select CRYPTO_HASH
128 help
129 Authenc: Combined mode wrapper for IPsec.
130 This is required for IPSec.
131
132config CRYPTO_TEST
133 tristate "Testing module"
134 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800135 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800136 help
137 Quick & dirty crypto test module.
138
139comment "Authenticated Encryption with Associated Data"
140
141config CRYPTO_CCM
142 tristate "CCM support"
143 select CRYPTO_CTR
144 select CRYPTO_AEAD
145 help
146 Support for Counter with CBC MAC. Required for IPsec.
147
148config CRYPTO_GCM
149 tristate "GCM/GMAC support"
150 select CRYPTO_CTR
151 select CRYPTO_AEAD
152 select CRYPTO_GF128MUL
153 help
154 Support for Galois/Counter Mode (GCM) and Galois Message
155 Authentication Code (GMAC). Required for IPSec.
156
157config CRYPTO_SEQIV
158 tristate "Sequence Number IV Generator"
159 select CRYPTO_AEAD
160 select CRYPTO_BLKCIPHER
Herbert Xua0f000e2008-08-14 22:21:31 +1000161 select CRYPTO_RNG
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800162 help
163 This IV generator generates an IV based on a sequence number by
164 xoring it with a salt. This algorithm is mainly useful for CTR
165
166comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000167
168config CRYPTO_CBC
169 tristate "CBC support"
170 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000171 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000172 help
173 CBC: Cipher Block Chaining mode
174 This block cipher algorithm is required for IPSec.
175
Joy Latten23e353c2007-10-23 08:50:32 +0800176config CRYPTO_CTR
177 tristate "CTR support"
178 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100179 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800180 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800181 help
182 CTR: Counter mode
183 This block cipher algorithm is required for IPSec.
184
Kevin Coffman76cb9522008-03-24 21:26:16 +0800185config CRYPTO_CTS
186 tristate "CTS support"
187 select CRYPTO_BLKCIPHER
188 help
189 CTS: Cipher Text Stealing
190 This is the Cipher Text Stealing mode as described by
191 Section 8 of rfc2040 and referenced by rfc3962.
192 (rfc3962 includes errata information in its Appendix A)
193 This mode is required for Kerberos gss mechanism support
194 for AES encryption.
195
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800196config CRYPTO_ECB
197 tristate "ECB support"
Herbert Xu653ebd92007-11-27 19:48:27 +0800198 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000199 select CRYPTO_MANAGER
200 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800201 ECB: Electronic CodeBook mode
202 This is the simplest block cipher algorithm. It simply encrypts
203 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000204
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800205config CRYPTO_LRW
206 tristate "LRW support (EXPERIMENTAL)"
207 depends on EXPERIMENTAL
David Howells90831632006-12-16 12:13:14 +1100208 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800209 select CRYPTO_MANAGER
210 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100211 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800212 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
213 narrow block cipher mode for dm-crypt. Use it with cipher
214 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
215 The first 128, 192 or 256 bits in the key are used for AES and the
216 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100217
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800218config CRYPTO_PCBC
219 tristate "PCBC support"
220 select CRYPTO_BLKCIPHER
221 select CRYPTO_MANAGER
222 help
223 PCBC: Propagating Cipher Block Chaining mode
224 This block cipher algorithm is required for RxRPC.
225
226config CRYPTO_XTS
227 tristate "XTS support (EXPERIMENTAL)"
228 depends on EXPERIMENTAL
229 select CRYPTO_BLKCIPHER
230 select CRYPTO_MANAGER
231 select CRYPTO_GF128MUL
232 help
233 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
234 key size 256, 384 or 512 bits. This implementation currently
235 can't handle a sectorsize which is not a multiple of 16 bytes.
236
237comment "Hash modes"
238
239config CRYPTO_HMAC
240 tristate "HMAC support"
241 select CRYPTO_HASH
242 select CRYPTO_MANAGER
243 help
244 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
245 This is required for IPSec.
246
247config CRYPTO_XCBC
248 tristate "XCBC support"
249 depends on EXPERIMENTAL
250 select CRYPTO_HASH
251 select CRYPTO_MANAGER
252 help
253 XCBC: Keyed-Hashing with encryption algorithm
254 http://www.ietf.org/rfc/rfc3566.txt
255 http://csrc.nist.gov/encryption/modes/proposedmodes/
256 xcbc-mac/xcbc-mac-spec.pdf
257
258comment "Digest"
259
260config CRYPTO_CRC32C
261 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800262 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800263 help
264 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
265 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800266 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800267
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800268config CRYPTO_CRC32C_INTEL
269 tristate "CRC32c INTEL hardware acceleration"
270 depends on X86
271 select CRYPTO_HASH
272 help
273 In Intel processor with SSE4.2 supported, the processor will
274 support CRC32C implementation using hardware accelerated CRC32
275 instruction. This option will create 'crc32c-intel' module,
276 which will enable any routine to use the CRC32 instruction to
277 gain performance compared with software implementation.
278 Module will be crc32c-intel.
279
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800280config CRYPTO_MD4
281 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800282 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700283 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800284 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700285
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800286config CRYPTO_MD5
287 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800288 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700289 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800290 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700291
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800292config CRYPTO_MICHAEL_MIC
293 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800294 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800295 help
296 Michael MIC is used for message integrity protection in TKIP
297 (IEEE 802.11i). This algorithm is required for TKIP, but it
298 should not be used for other purposes because of the weakness
299 of the algorithm.
300
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800301config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800302 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800303 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800304 help
305 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800306
Adrian Bunkb6d44342008-07-16 19:28:00 +0800307 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
308 to be used as a secure replacement for RIPEMD. For other use cases
309 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800310
Adrian Bunkb6d44342008-07-16 19:28:00 +0800311 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
312 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800313
314config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800315 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800316 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800317 help
318 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800319
Adrian Bunkb6d44342008-07-16 19:28:00 +0800320 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
321 to be used as a secure replacement for the 128-bit hash functions
322 MD4, MD5 and it's predecessor RIPEMD
323 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800324
Adrian Bunkb6d44342008-07-16 19:28:00 +0800325 It's speed is comparable to SHA1 and there are no known attacks
326 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800327
Adrian Bunkb6d44342008-07-16 19:28:00 +0800328 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
329 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800330
331config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800332 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800333 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800334 help
335 RIPEMD-256 is an optional extension of RIPEMD-128 with a
336 256 bit hash. It is intended for applications that require
337 longer hash-results, without needing a larger security level
338 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800339
Adrian Bunkb6d44342008-07-16 19:28:00 +0800340 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
341 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800342
343config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800344 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800345 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800346 help
347 RIPEMD-320 is an optional extension of RIPEMD-160 with a
348 320 bit hash. It is intended for applications that require
349 longer hash-results, without needing a larger security level
350 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800351
Adrian Bunkb6d44342008-07-16 19:28:00 +0800352 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
353 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800354
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800355config CRYPTO_SHA1
356 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800357 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800358 help
359 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
360
361config CRYPTO_SHA256
362 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800363 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800364 help
365 SHA256 secure hash standard (DFIPS 180-2).
366
367 This version of SHA implements a 256 bit hash with 128 bits of
368 security against collision attacks.
369
Adrian Bunkb6d44342008-07-16 19:28:00 +0800370 This code also includes SHA-224, a 224 bit hash with 112 bits
371 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800372
373config CRYPTO_SHA512
374 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100375 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800376 help
377 SHA512 secure hash standard (DFIPS 180-2).
378
379 This version of SHA implements a 512 bit hash with 256 bits of
380 security against collision attacks.
381
382 This code also includes SHA-384, a 384 bit hash with 192 bits
383 of security against collision attacks.
384
385config CRYPTO_TGR192
386 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800387 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800388 help
389 Tiger hash algorithm 192, 160 and 128-bit hashes
390
391 Tiger is a hash function optimized for 64-bit processors while
392 still having decent performance on 32-bit processors.
393 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700394
395 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800396 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
397
398config CRYPTO_WP512
399 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800400 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800401 help
402 Whirlpool hash algorithm 512, 384 and 256-bit hashes
403
404 Whirlpool-512 is part of the NESSIE cryptographic primitives.
405 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
406
407 See also:
408 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
409
410comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700411
412config CRYPTO_AES
413 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000414 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700415 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800416 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700417 algorithm.
418
419 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800420 both hardware and software across a wide range of computing
421 environments regardless of its use in feedback or non-feedback
422 modes. Its key setup time is excellent, and its key agility is
423 good. Rijndael's very low memory requirements make it very well
424 suited for restricted-space environments, in which it also
425 demonstrates excellent performance. Rijndael's operations are
426 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700427
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800428 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700429
430 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
431
432config CRYPTO_AES_586
433 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000434 depends on (X86 || UML_X86) && !64BIT
435 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800436 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700437 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800438 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700439 algorithm.
440
441 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800442 both hardware and software across a wide range of computing
443 environments regardless of its use in feedback or non-feedback
444 modes. Its key setup time is excellent, and its key agility is
445 good. Rijndael's very low memory requirements make it very well
446 suited for restricted-space environments, in which it also
447 demonstrates excellent performance. Rijndael's operations are
448 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700449
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800450 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700451
452 See <http://csrc.nist.gov/encryption/aes/> for more information.
453
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700454config CRYPTO_AES_X86_64
455 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000456 depends on (X86 || UML_X86) && 64BIT
457 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800458 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700459 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800460 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700461 algorithm.
462
463 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800464 both hardware and software across a wide range of computing
465 environments regardless of its use in feedback or non-feedback
466 modes. Its key setup time is excellent, and its key agility is
467 good. Rijndael's very low memory requirements make it very well
468 suited for restricted-space environments, in which it also
469 demonstrates excellent performance. Rijndael's operations are
470 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700471
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800472 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700473
474 See <http://csrc.nist.gov/encryption/aes/> for more information.
475
Huang Ying54b6a1b2009-01-18 16:28:34 +1100476config CRYPTO_AES_NI_INTEL
477 tristate "AES cipher algorithms (AES-NI)"
478 depends on (X86 || UML_X86) && 64BIT
479 select CRYPTO_AES_X86_64
480 select CRYPTO_CRYPTD
481 select CRYPTO_ALGAPI
482 help
483 Use Intel AES-NI instructions for AES algorithm.
484
485 AES cipher algorithms (FIPS-197). AES uses the Rijndael
486 algorithm.
487
488 Rijndael appears to be consistently a very good performer in
489 both hardware and software across a wide range of computing
490 environments regardless of its use in feedback or non-feedback
491 modes. Its key setup time is excellent, and its key agility is
492 good. Rijndael's very low memory requirements make it very well
493 suited for restricted-space environments, in which it also
494 demonstrates excellent performance. Rijndael's operations are
495 among the easiest to defend against power and timing attacks.
496
497 The AES specifies three key sizes: 128, 192 and 256 bits
498
499 See <http://csrc.nist.gov/encryption/aes/> for more information.
500
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800501config CRYPTO_ANUBIS
502 tristate "Anubis cipher algorithm"
503 select CRYPTO_ALGAPI
504 help
505 Anubis cipher algorithm.
506
507 Anubis is a variable key length cipher which can use keys from
508 128 bits to 320 bits in length. It was evaluated as a entrant
509 in the NESSIE competition.
510
511 See also:
512 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
513 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
514
515config CRYPTO_ARC4
516 tristate "ARC4 cipher algorithm"
517 select CRYPTO_ALGAPI
518 help
519 ARC4 cipher algorithm.
520
521 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
522 bits in length. This algorithm is required for driver-based
523 WEP, but it should not be for other purposes because of the
524 weakness of the algorithm.
525
526config CRYPTO_BLOWFISH
527 tristate "Blowfish cipher algorithm"
528 select CRYPTO_ALGAPI
529 help
530 Blowfish cipher algorithm, by Bruce Schneier.
531
532 This is a variable key length cipher which can use keys from 32
533 bits to 448 bits in length. It's fast, simple and specifically
534 designed for use on "large microprocessors".
535
536 See also:
537 <http://www.schneier.com/blowfish.html>
538
539config CRYPTO_CAMELLIA
540 tristate "Camellia cipher algorithms"
541 depends on CRYPTO
542 select CRYPTO_ALGAPI
543 help
544 Camellia cipher algorithms module.
545
546 Camellia is a symmetric key block cipher developed jointly
547 at NTT and Mitsubishi Electric Corporation.
548
549 The Camellia specifies three key sizes: 128, 192 and 256 bits.
550
551 See also:
552 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
553
Linus Torvalds1da177e2005-04-16 15:20:36 -0700554config CRYPTO_CAST5
555 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000556 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700557 help
558 The CAST5 encryption algorithm (synonymous with CAST-128) is
559 described in RFC2144.
560
561config CRYPTO_CAST6
562 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000563 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700564 help
565 The CAST6 encryption algorithm (synonymous with CAST-256) is
566 described in RFC2612.
567
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800568config CRYPTO_DES
569 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000570 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700571 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800572 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700573
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800574config CRYPTO_FCRYPT
575 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000576 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800577 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -0700578 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800579 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700580
581config CRYPTO_KHAZAD
582 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000583 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700584 help
585 Khazad cipher algorithm.
586
587 Khazad was a finalist in the initial NESSIE competition. It is
588 an algorithm optimized for 64-bit processors with good performance
589 on 32-bit processors. Khazad uses an 128 bit key size.
590
591 See also:
592 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
593
Tan Swee Heng2407d602007-11-23 19:45:00 +0800594config CRYPTO_SALSA20
595 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
596 depends on EXPERIMENTAL
597 select CRYPTO_BLKCIPHER
598 help
599 Salsa20 stream cipher algorithm.
600
601 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
602 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
603
604 The Salsa20 stream cipher algorithm is designed by Daniel J.
605 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700606
Tan Swee Heng974e4b72007-12-10 15:52:56 +0800607config CRYPTO_SALSA20_586
608 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
609 depends on (X86 || UML_X86) && !64BIT
610 depends on EXPERIMENTAL
611 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +0800612 help
613 Salsa20 stream cipher algorithm.
614
615 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
616 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
617
618 The Salsa20 stream cipher algorithm is designed by Daniel J.
619 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
620
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +0800621config CRYPTO_SALSA20_X86_64
622 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
623 depends on (X86 || UML_X86) && 64BIT
624 depends on EXPERIMENTAL
625 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +0800626 help
627 Salsa20 stream cipher algorithm.
628
629 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
630 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
631
632 The Salsa20 stream cipher algorithm is designed by Daniel J.
633 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
634
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800635config CRYPTO_SEED
636 tristate "SEED cipher algorithm"
637 select CRYPTO_ALGAPI
638 help
639 SEED cipher algorithm (RFC4269).
640
641 SEED is a 128-bit symmetric key block cipher that has been
642 developed by KISA (Korea Information Security Agency) as a
643 national standard encryption algorithm of the Republic of Korea.
644 It is a 16 round block cipher with the key size of 128 bit.
645
646 See also:
647 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
648
649config CRYPTO_SERPENT
650 tristate "Serpent cipher algorithm"
651 select CRYPTO_ALGAPI
652 help
653 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
654
655 Keys are allowed to be from 0 to 256 bits in length, in steps
656 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
657 variant of Serpent for compatibility with old kerneli.org code.
658
659 See also:
660 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
661
662config CRYPTO_TEA
663 tristate "TEA, XTEA and XETA cipher algorithms"
664 select CRYPTO_ALGAPI
665 help
666 TEA cipher algorithm.
667
668 Tiny Encryption Algorithm is a simple cipher that uses
669 many rounds for security. It is very fast and uses
670 little memory.
671
672 Xtendend Tiny Encryption Algorithm is a modification to
673 the TEA algorithm to address a potential key weakness
674 in the TEA algorithm.
675
676 Xtendend Encryption Tiny Algorithm is a mis-implementation
677 of the XTEA algorithm for compatibility purposes.
678
679config CRYPTO_TWOFISH
680 tristate "Twofish cipher algorithm"
681 select CRYPTO_ALGAPI
682 select CRYPTO_TWOFISH_COMMON
683 help
684 Twofish cipher algorithm.
685
686 Twofish was submitted as an AES (Advanced Encryption Standard)
687 candidate cipher by researchers at CounterPane Systems. It is a
688 16 round block cipher supporting key sizes of 128, 192, and 256
689 bits.
690
691 See also:
692 <http://www.schneier.com/twofish.html>
693
694config CRYPTO_TWOFISH_COMMON
695 tristate
696 help
697 Common parts of the Twofish cipher algorithm shared by the
698 generic c and the assembler implementations.
699
700config CRYPTO_TWOFISH_586
701 tristate "Twofish cipher algorithms (i586)"
702 depends on (X86 || UML_X86) && !64BIT
703 select CRYPTO_ALGAPI
704 select CRYPTO_TWOFISH_COMMON
705 help
706 Twofish cipher algorithm.
707
708 Twofish was submitted as an AES (Advanced Encryption Standard)
709 candidate cipher by researchers at CounterPane Systems. It is a
710 16 round block cipher supporting key sizes of 128, 192, and 256
711 bits.
712
713 See also:
714 <http://www.schneier.com/twofish.html>
715
716config CRYPTO_TWOFISH_X86_64
717 tristate "Twofish cipher algorithm (x86_64)"
718 depends on (X86 || UML_X86) && 64BIT
719 select CRYPTO_ALGAPI
720 select CRYPTO_TWOFISH_COMMON
721 help
722 Twofish cipher algorithm (x86_64).
723
724 Twofish was submitted as an AES (Advanced Encryption Standard)
725 candidate cipher by researchers at CounterPane Systems. It is a
726 16 round block cipher supporting key sizes of 128, 192, and 256
727 bits.
728
729 See also:
730 <http://www.schneier.com/twofish.html>
731
732comment "Compression"
733
Linus Torvalds1da177e2005-04-16 15:20:36 -0700734config CRYPTO_DEFLATE
735 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000736 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700737 select ZLIB_INFLATE
738 select ZLIB_DEFLATE
739 help
740 This is the Deflate algorithm (RFC1951), specified for use in
741 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800742
Linus Torvalds1da177e2005-04-16 15:20:36 -0700743 You will most probably want this if using IPSec.
744
Zoltan Sogor0b77abb2007-12-07 16:53:23 +0800745config CRYPTO_LZO
746 tristate "LZO compression algorithm"
747 select CRYPTO_ALGAPI
748 select LZO_COMPRESS
749 select LZO_DECOMPRESS
750 help
751 This is the LZO algorithm.
752
Neil Horman17f0f4a2008-08-14 22:15:52 +1000753comment "Random Number Generation"
754
755config CRYPTO_ANSI_CPRNG
756 tristate "Pseudo Random Number Generation for Cryptographic modules"
757 select CRYPTO_AES
758 select CRYPTO_RNG
759 select CRYPTO_FIPS
760 help
761 This option enables the generic pseudo random number generator
762 for cryptographic modules. Uses the Algorithm specified in
763 ANSI X9.31 A.2.4
764
Linus Torvalds1da177e2005-04-16 15:20:36 -0700765source "drivers/crypto/Kconfig"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700766
Herbert Xucce9e062006-08-21 21:08:13 +1000767endif # if CRYPTO