blob: 11d0f21fd4175d3a780a267370c0cff88c8eaaa3 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
Neil Horman4e4ed832009-08-20 17:54:16 +100026 depends on CRYPTO_ANSI_CPRNG
Neil Hormanccb778e2008-08-05 14:13:08 +080027 help
28 This options enables the fips boot option which is
29 required if you want to system to operate in a FIPS 200
30 certification. You should say no unless you know what
Gilles Espinassef77f13e2010-03-29 15:41:47 +020031 this is. Note that CRYPTO_ANSI_CPRNG is required if this
Neil Horman4e4ed832009-08-20 17:54:16 +100032 option is selected
Neil Hormanccb778e2008-08-05 14:13:08 +080033
Herbert Xucce9e062006-08-21 21:08:13 +100034config CRYPTO_ALGAPI
35 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110036 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100037 help
38 This option provides the API for cryptographic algorithms.
39
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110040config CRYPTO_ALGAPI2
41 tristate
42
Herbert Xu1ae97822007-08-30 15:36:14 +080043config CRYPTO_AEAD
44 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110045 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080046 select CRYPTO_ALGAPI
47
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110048config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
51
Herbert Xu5cde0af2006-08-22 00:07:53 +100052config CRYPTO_BLKCIPHER
53 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110054 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100055 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110056
57config CRYPTO_BLKCIPHER2
58 tristate
59 select CRYPTO_ALGAPI2
60 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080061 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100062
Herbert Xu055bcee2006-08-19 22:24:23 +100063config CRYPTO_HASH
64 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110065 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100066 select CRYPTO_ALGAPI
67
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110068config CRYPTO_HASH2
69 tristate
70 select CRYPTO_ALGAPI2
71
Neil Horman17f0f4a2008-08-14 22:15:52 +100072config CRYPTO_RNG
73 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110074 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100075 select CRYPTO_ALGAPI
76
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110077config CRYPTO_RNG2
78 tristate
79 select CRYPTO_ALGAPI2
80
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080081config CRYPTO_PCOMP
82 tristate
Herbert Xubc94e592010-06-03 20:33:06 +100083 select CRYPTO_PCOMP2
84 select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
87 tristate
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080088 select CRYPTO_ALGAPI2
89
Herbert Xu2b8c19d2006-09-21 11:31:44 +100090config CRYPTO_MANAGER
91 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110092 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +100093 help
94 Create default cryptographic template instantiations such as
95 cbc(aes).
96
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110097config CRYPTO_MANAGER2
98 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99 select CRYPTO_AEAD2
100 select CRYPTO_HASH2
101 select CRYPTO_BLKCIPHER2
Herbert Xubc94e592010-06-03 20:33:06 +1000102 select CRYPTO_PCOMP2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100103
Rik Snelc494e072006-11-29 18:59:44 +1100104config CRYPTO_GF128MUL
105 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
106 depends on EXPERIMENTAL
107 help
108 Efficient table driven implementation of multiplications in the
109 field GF(2^128). This is needed by some cypher modes. This
110 option will be selected automatically if you select such a
111 cipher mode. Only select this option by hand if you expect to load
112 an external module that requires these functions.
113
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800114config CRYPTO_NULL
115 tristate "Null algorithms"
116 select CRYPTO_ALGAPI
117 select CRYPTO_BLKCIPHER
Herbert Xud35d2452008-11-08 08:09:56 +0800118 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800119 help
120 These are 'Null' algorithms, used by IPsec, which do nothing.
121
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100122config CRYPTO_PCRYPT
123 tristate "Parallel crypto engine (EXPERIMENTAL)"
124 depends on SMP && EXPERIMENTAL
125 select PADATA
126 select CRYPTO_MANAGER
127 select CRYPTO_AEAD
128 help
129 This converts an arbitrary crypto algorithm into a parallel
130 algorithm that executes in kernel threads.
131
Huang Ying25c38d32009-02-19 14:33:40 +0800132config CRYPTO_WORKQUEUE
133 tristate
134
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800135config CRYPTO_CRYPTD
136 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000137 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800138 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000139 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800140 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000141 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800142 This is a generic software asynchronous crypto daemon that
143 converts an arbitrary synchronous software crypto algorithm
144 into an asynchronous algorithm that executes in a kernel thread.
145
146config CRYPTO_AUTHENC
147 tristate "Authenc support"
148 select CRYPTO_AEAD
149 select CRYPTO_BLKCIPHER
150 select CRYPTO_MANAGER
151 select CRYPTO_HASH
152 help
153 Authenc: Combined mode wrapper for IPsec.
154 This is required for IPSec.
155
156config CRYPTO_TEST
157 tristate "Testing module"
158 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800159 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800160 help
161 Quick & dirty crypto test module.
162
163comment "Authenticated Encryption with Associated Data"
164
165config CRYPTO_CCM
166 tristate "CCM support"
167 select CRYPTO_CTR
168 select CRYPTO_AEAD
169 help
170 Support for Counter with CBC MAC. Required for IPsec.
171
172config CRYPTO_GCM
173 tristate "GCM/GMAC support"
174 select CRYPTO_CTR
175 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000176 select CRYPTO_GHASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800177 help
178 Support for Galois/Counter Mode (GCM) and Galois Message
179 Authentication Code (GMAC). Required for IPSec.
180
181config CRYPTO_SEQIV
182 tristate "Sequence Number IV Generator"
183 select CRYPTO_AEAD
184 select CRYPTO_BLKCIPHER
Herbert Xua0f000e2008-08-14 22:21:31 +1000185 select CRYPTO_RNG
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800186 help
187 This IV generator generates an IV based on a sequence number by
188 xoring it with a salt. This algorithm is mainly useful for CTR
189
190comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000191
192config CRYPTO_CBC
193 tristate "CBC support"
194 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000195 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000196 help
197 CBC: Cipher Block Chaining mode
198 This block cipher algorithm is required for IPSec.
199
Joy Latten23e353c2007-10-23 08:50:32 +0800200config CRYPTO_CTR
201 tristate "CTR support"
202 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100203 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800204 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800205 help
206 CTR: Counter mode
207 This block cipher algorithm is required for IPSec.
208
Kevin Coffman76cb9522008-03-24 21:26:16 +0800209config CRYPTO_CTS
210 tristate "CTS support"
211 select CRYPTO_BLKCIPHER
212 help
213 CTS: Cipher Text Stealing
214 This is the Cipher Text Stealing mode as described by
215 Section 8 of rfc2040 and referenced by rfc3962.
216 (rfc3962 includes errata information in its Appendix A)
217 This mode is required for Kerberos gss mechanism support
218 for AES encryption.
219
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800220config CRYPTO_ECB
221 tristate "ECB support"
Herbert Xu653ebd92007-11-27 19:48:27 +0800222 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000223 select CRYPTO_MANAGER
224 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800225 ECB: Electronic CodeBook mode
226 This is the simplest block cipher algorithm. It simply encrypts
227 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000228
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800229config CRYPTO_LRW
230 tristate "LRW support (EXPERIMENTAL)"
231 depends on EXPERIMENTAL
David Howells90831632006-12-16 12:13:14 +1100232 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800233 select CRYPTO_MANAGER
234 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100235 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800236 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
237 narrow block cipher mode for dm-crypt. Use it with cipher
238 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
239 The first 128, 192 or 256 bits in the key are used for AES and the
240 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100241
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800242config CRYPTO_PCBC
243 tristate "PCBC support"
244 select CRYPTO_BLKCIPHER
245 select CRYPTO_MANAGER
246 help
247 PCBC: Propagating Cipher Block Chaining mode
248 This block cipher algorithm is required for RxRPC.
249
250config CRYPTO_XTS
251 tristate "XTS support (EXPERIMENTAL)"
252 depends on EXPERIMENTAL
253 select CRYPTO_BLKCIPHER
254 select CRYPTO_MANAGER
255 select CRYPTO_GF128MUL
256 help
257 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
258 key size 256, 384 or 512 bits. This implementation currently
259 can't handle a sectorsize which is not a multiple of 16 bytes.
260
Huang Ying150c7e82009-03-29 15:39:02 +0800261config CRYPTO_FPU
262 tristate
263 select CRYPTO_BLKCIPHER
264 select CRYPTO_MANAGER
265
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800266comment "Hash modes"
267
268config CRYPTO_HMAC
269 tristate "HMAC support"
270 select CRYPTO_HASH
271 select CRYPTO_MANAGER
272 help
273 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
274 This is required for IPSec.
275
276config CRYPTO_XCBC
277 tristate "XCBC support"
278 depends on EXPERIMENTAL
279 select CRYPTO_HASH
280 select CRYPTO_MANAGER
281 help
282 XCBC: Keyed-Hashing with encryption algorithm
283 http://www.ietf.org/rfc/rfc3566.txt
284 http://csrc.nist.gov/encryption/modes/proposedmodes/
285 xcbc-mac/xcbc-mac-spec.pdf
286
Shane Wangf1939f72009-09-02 20:05:22 +1000287config CRYPTO_VMAC
288 tristate "VMAC support"
289 depends on EXPERIMENTAL
290 select CRYPTO_HASH
291 select CRYPTO_MANAGER
292 help
293 VMAC is a message authentication algorithm designed for
294 very high speed on 64-bit architectures.
295
296 See also:
297 <http://fastcrypto.org/vmac>
298
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800299comment "Digest"
300
301config CRYPTO_CRC32C
302 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800303 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800304 help
305 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
306 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800307 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800308
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800309config CRYPTO_CRC32C_INTEL
310 tristate "CRC32c INTEL hardware acceleration"
311 depends on X86
312 select CRYPTO_HASH
313 help
314 In Intel processor with SSE4.2 supported, the processor will
315 support CRC32C implementation using hardware accelerated CRC32
316 instruction. This option will create 'crc32c-intel' module,
317 which will enable any routine to use the CRC32 instruction to
318 gain performance compared with software implementation.
319 Module will be crc32c-intel.
320
Huang Ying2cdc6892009-08-06 15:32:38 +1000321config CRYPTO_GHASH
322 tristate "GHASH digest algorithm"
323 select CRYPTO_SHASH
324 select CRYPTO_GF128MUL
325 help
326 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
327
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800328config CRYPTO_MD4
329 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800330 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700331 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800332 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700333
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800334config CRYPTO_MD5
335 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800336 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700337 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800338 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700339
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800340config CRYPTO_MICHAEL_MIC
341 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800342 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800343 help
344 Michael MIC is used for message integrity protection in TKIP
345 (IEEE 802.11i). This algorithm is required for TKIP, but it
346 should not be used for other purposes because of the weakness
347 of the algorithm.
348
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800349config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800350 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800351 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800352 help
353 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800354
Adrian Bunkb6d44342008-07-16 19:28:00 +0800355 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
356 to be used as a secure replacement for RIPEMD. For other use cases
357 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800358
Adrian Bunkb6d44342008-07-16 19:28:00 +0800359 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
360 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800361
362config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800363 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800364 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800365 help
366 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800367
Adrian Bunkb6d44342008-07-16 19:28:00 +0800368 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
369 to be used as a secure replacement for the 128-bit hash functions
370 MD4, MD5 and it's predecessor RIPEMD
371 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800372
Adrian Bunkb6d44342008-07-16 19:28:00 +0800373 It's speed is comparable to SHA1 and there are no known attacks
374 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800375
Adrian Bunkb6d44342008-07-16 19:28:00 +0800376 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
377 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800378
379config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800380 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800381 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800382 help
383 RIPEMD-256 is an optional extension of RIPEMD-128 with a
384 256 bit hash. It is intended for applications that require
385 longer hash-results, without needing a larger security level
386 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800387
Adrian Bunkb6d44342008-07-16 19:28:00 +0800388 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
389 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800390
391config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800392 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800393 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800394 help
395 RIPEMD-320 is an optional extension of RIPEMD-160 with a
396 320 bit hash. It is intended for applications that require
397 longer hash-results, without needing a larger security level
398 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800399
Adrian Bunkb6d44342008-07-16 19:28:00 +0800400 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
401 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800402
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800403config CRYPTO_SHA1
404 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800405 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800406 help
407 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
408
409config CRYPTO_SHA256
410 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b2008-12-03 19:57:49 +0800411 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800412 help
413 SHA256 secure hash standard (DFIPS 180-2).
414
415 This version of SHA implements a 256 bit hash with 128 bits of
416 security against collision attacks.
417
Adrian Bunkb6d44342008-07-16 19:28:00 +0800418 This code also includes SHA-224, a 224 bit hash with 112 bits
419 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800420
421config CRYPTO_SHA512
422 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100423 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800424 help
425 SHA512 secure hash standard (DFIPS 180-2).
426
427 This version of SHA implements a 512 bit hash with 256 bits of
428 security against collision attacks.
429
430 This code also includes SHA-384, a 384 bit hash with 192 bits
431 of security against collision attacks.
432
433config CRYPTO_TGR192
434 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800435 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800436 help
437 Tiger hash algorithm 192, 160 and 128-bit hashes
438
439 Tiger is a hash function optimized for 64-bit processors while
440 still having decent performance on 32-bit processors.
441 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700442
443 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800444 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
445
446config CRYPTO_WP512
447 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800448 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800449 help
450 Whirlpool hash algorithm 512, 384 and 256-bit hashes
451
452 Whirlpool-512 is part of the NESSIE cryptographic primitives.
453 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
454
455 See also:
456 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
457
Huang Ying0e1227d2009-10-19 11:53:06 +0900458config CRYPTO_GHASH_CLMUL_NI_INTEL
459 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Huang Ying3e02e5c2009-10-27 19:07:24 +0800460 depends on (X86 || UML_X86) && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +0900461 select CRYPTO_SHASH
462 select CRYPTO_CRYPTD
463 help
464 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
465 The implementation is accelerated by CLMUL-NI of Intel.
466
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800467comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700468
469config CRYPTO_AES
470 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000471 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700472 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800473 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700474 algorithm.
475
476 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800477 both hardware and software across a wide range of computing
478 environments regardless of its use in feedback or non-feedback
479 modes. Its key setup time is excellent, and its key agility is
480 good. Rijndael's very low memory requirements make it very well
481 suited for restricted-space environments, in which it also
482 demonstrates excellent performance. Rijndael's operations are
483 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700484
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800485 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700486
487 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
488
489config CRYPTO_AES_586
490 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000491 depends on (X86 || UML_X86) && !64BIT
492 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800493 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700494 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800495 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700496 algorithm.
497
498 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800499 both hardware and software across a wide range of computing
500 environments regardless of its use in feedback or non-feedback
501 modes. Its key setup time is excellent, and its key agility is
502 good. Rijndael's very low memory requirements make it very well
503 suited for restricted-space environments, in which it also
504 demonstrates excellent performance. Rijndael's operations are
505 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700506
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800507 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700508
509 See <http://csrc.nist.gov/encryption/aes/> for more information.
510
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700511config CRYPTO_AES_X86_64
512 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000513 depends on (X86 || UML_X86) && 64BIT
514 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800515 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700516 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800517 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700518 algorithm.
519
520 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800521 both hardware and software across a wide range of computing
522 environments regardless of its use in feedback or non-feedback
523 modes. Its key setup time is excellent, and its key agility is
524 good. Rijndael's very low memory requirements make it very well
525 suited for restricted-space environments, in which it also
526 demonstrates excellent performance. Rijndael's operations are
527 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700528
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800529 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700530
531 See <http://csrc.nist.gov/encryption/aes/> for more information.
532
Huang Ying54b6a1b2009-01-18 16:28:34 +1100533config CRYPTO_AES_NI_INTEL
534 tristate "AES cipher algorithms (AES-NI)"
535 depends on (X86 || UML_X86) && 64BIT
536 select CRYPTO_AES_X86_64
537 select CRYPTO_CRYPTD
538 select CRYPTO_ALGAPI
Huang Ying2cf4ac82009-03-29 15:41:20 +0800539 select CRYPTO_FPU
Huang Ying54b6a1b2009-01-18 16:28:34 +1100540 help
541 Use Intel AES-NI instructions for AES algorithm.
542
543 AES cipher algorithms (FIPS-197). AES uses the Rijndael
544 algorithm.
545
546 Rijndael appears to be consistently a very good performer in
547 both hardware and software across a wide range of computing
548 environments regardless of its use in feedback or non-feedback
549 modes. Its key setup time is excellent, and its key agility is
550 good. Rijndael's very low memory requirements make it very well
551 suited for restricted-space environments, in which it also
552 demonstrates excellent performance. Rijndael's operations are
553 among the easiest to defend against power and timing attacks.
554
555 The AES specifies three key sizes: 128, 192 and 256 bits
556
557 See <http://csrc.nist.gov/encryption/aes/> for more information.
558
Huang Ying2cf4ac82009-03-29 15:41:20 +0800559 In addition to AES cipher algorithm support, the
560 acceleration for some popular block cipher mode is supported
561 too, including ECB, CBC, CTR, LRW, PCBC, XTS.
562
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800563config CRYPTO_ANUBIS
564 tristate "Anubis cipher algorithm"
565 select CRYPTO_ALGAPI
566 help
567 Anubis cipher algorithm.
568
569 Anubis is a variable key length cipher which can use keys from
570 128 bits to 320 bits in length. It was evaluated as a entrant
571 in the NESSIE competition.
572
573 See also:
574 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
575 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
576
577config CRYPTO_ARC4
578 tristate "ARC4 cipher algorithm"
579 select CRYPTO_ALGAPI
580 help
581 ARC4 cipher algorithm.
582
583 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
584 bits in length. This algorithm is required for driver-based
585 WEP, but it should not be for other purposes because of the
586 weakness of the algorithm.
587
588config CRYPTO_BLOWFISH
589 tristate "Blowfish cipher algorithm"
590 select CRYPTO_ALGAPI
591 help
592 Blowfish cipher algorithm, by Bruce Schneier.
593
594 This is a variable key length cipher which can use keys from 32
595 bits to 448 bits in length. It's fast, simple and specifically
596 designed for use on "large microprocessors".
597
598 See also:
599 <http://www.schneier.com/blowfish.html>
600
601config CRYPTO_CAMELLIA
602 tristate "Camellia cipher algorithms"
603 depends on CRYPTO
604 select CRYPTO_ALGAPI
605 help
606 Camellia cipher algorithms module.
607
608 Camellia is a symmetric key block cipher developed jointly
609 at NTT and Mitsubishi Electric Corporation.
610
611 The Camellia specifies three key sizes: 128, 192 and 256 bits.
612
613 See also:
614 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
615
Linus Torvalds1da177e2005-04-16 15:20:36 -0700616config CRYPTO_CAST5
617 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000618 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700619 help
620 The CAST5 encryption algorithm (synonymous with CAST-128) is
621 described in RFC2144.
622
623config CRYPTO_CAST6
624 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000625 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700626 help
627 The CAST6 encryption algorithm (synonymous with CAST-256) is
628 described in RFC2612.
629
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800630config CRYPTO_DES
631 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000632 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700633 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800634 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700635
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800636config CRYPTO_FCRYPT
637 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000638 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800639 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -0700640 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800641 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700642
643config CRYPTO_KHAZAD
644 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000645 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700646 help
647 Khazad cipher algorithm.
648
649 Khazad was a finalist in the initial NESSIE competition. It is
650 an algorithm optimized for 64-bit processors with good performance
651 on 32-bit processors. Khazad uses an 128 bit key size.
652
653 See also:
654 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
655
Tan Swee Heng2407d602007-11-23 19:45:00 +0800656config CRYPTO_SALSA20
657 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
658 depends on EXPERIMENTAL
659 select CRYPTO_BLKCIPHER
660 help
661 Salsa20 stream cipher algorithm.
662
663 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
664 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
665
666 The Salsa20 stream cipher algorithm is designed by Daniel J.
667 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700668
Tan Swee Heng974e4b72007-12-10 15:52:56 +0800669config CRYPTO_SALSA20_586
670 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
671 depends on (X86 || UML_X86) && !64BIT
672 depends on EXPERIMENTAL
673 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +0800674 help
675 Salsa20 stream cipher algorithm.
676
677 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
678 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
679
680 The Salsa20 stream cipher algorithm is designed by Daniel J.
681 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
682
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +0800683config CRYPTO_SALSA20_X86_64
684 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
685 depends on (X86 || UML_X86) && 64BIT
686 depends on EXPERIMENTAL
687 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +0800688 help
689 Salsa20 stream cipher algorithm.
690
691 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
692 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
693
694 The Salsa20 stream cipher algorithm is designed by Daniel J.
695 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
696
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800697config CRYPTO_SEED
698 tristate "SEED cipher algorithm"
699 select CRYPTO_ALGAPI
700 help
701 SEED cipher algorithm (RFC4269).
702
703 SEED is a 128-bit symmetric key block cipher that has been
704 developed by KISA (Korea Information Security Agency) as a
705 national standard encryption algorithm of the Republic of Korea.
706 It is a 16 round block cipher with the key size of 128 bit.
707
708 See also:
709 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
710
711config CRYPTO_SERPENT
712 tristate "Serpent cipher algorithm"
713 select CRYPTO_ALGAPI
714 help
715 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
716
717 Keys are allowed to be from 0 to 256 bits in length, in steps
718 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
719 variant of Serpent for compatibility with old kerneli.org code.
720
721 See also:
722 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
723
724config CRYPTO_TEA
725 tristate "TEA, XTEA and XETA cipher algorithms"
726 select CRYPTO_ALGAPI
727 help
728 TEA cipher algorithm.
729
730 Tiny Encryption Algorithm is a simple cipher that uses
731 many rounds for security. It is very fast and uses
732 little memory.
733
734 Xtendend Tiny Encryption Algorithm is a modification to
735 the TEA algorithm to address a potential key weakness
736 in the TEA algorithm.
737
738 Xtendend Encryption Tiny Algorithm is a mis-implementation
739 of the XTEA algorithm for compatibility purposes.
740
741config CRYPTO_TWOFISH
742 tristate "Twofish cipher algorithm"
743 select CRYPTO_ALGAPI
744 select CRYPTO_TWOFISH_COMMON
745 help
746 Twofish cipher algorithm.
747
748 Twofish was submitted as an AES (Advanced Encryption Standard)
749 candidate cipher by researchers at CounterPane Systems. It is a
750 16 round block cipher supporting key sizes of 128, 192, and 256
751 bits.
752
753 See also:
754 <http://www.schneier.com/twofish.html>
755
756config CRYPTO_TWOFISH_COMMON
757 tristate
758 help
759 Common parts of the Twofish cipher algorithm shared by the
760 generic c and the assembler implementations.
761
762config CRYPTO_TWOFISH_586
763 tristate "Twofish cipher algorithms (i586)"
764 depends on (X86 || UML_X86) && !64BIT
765 select CRYPTO_ALGAPI
766 select CRYPTO_TWOFISH_COMMON
767 help
768 Twofish cipher algorithm.
769
770 Twofish was submitted as an AES (Advanced Encryption Standard)
771 candidate cipher by researchers at CounterPane Systems. It is a
772 16 round block cipher supporting key sizes of 128, 192, and 256
773 bits.
774
775 See also:
776 <http://www.schneier.com/twofish.html>
777
778config CRYPTO_TWOFISH_X86_64
779 tristate "Twofish cipher algorithm (x86_64)"
780 depends on (X86 || UML_X86) && 64BIT
781 select CRYPTO_ALGAPI
782 select CRYPTO_TWOFISH_COMMON
783 help
784 Twofish cipher algorithm (x86_64).
785
786 Twofish was submitted as an AES (Advanced Encryption Standard)
787 candidate cipher by researchers at CounterPane Systems. It is a
788 16 round block cipher supporting key sizes of 128, 192, and 256
789 bits.
790
791 See also:
792 <http://www.schneier.com/twofish.html>
793
794comment "Compression"
795
Linus Torvalds1da177e2005-04-16 15:20:36 -0700796config CRYPTO_DEFLATE
797 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +1000798 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700799 select ZLIB_INFLATE
800 select ZLIB_DEFLATE
801 help
802 This is the Deflate algorithm (RFC1951), specified for use in
803 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800804
Linus Torvalds1da177e2005-04-16 15:20:36 -0700805 You will most probably want this if using IPSec.
806
Geert Uytterhoevenbf68e652009-03-04 15:15:49 +0800807config CRYPTO_ZLIB
808 tristate "Zlib compression algorithm"
809 select CRYPTO_PCOMP
810 select ZLIB_INFLATE
811 select ZLIB_DEFLATE
812 select NLATTR
813 help
814 This is the zlib algorithm.
815
Zoltan Sogor0b77abb2007-12-07 16:53:23 +0800816config CRYPTO_LZO
817 tristate "LZO compression algorithm"
818 select CRYPTO_ALGAPI
819 select LZO_COMPRESS
820 select LZO_DECOMPRESS
821 help
822 This is the LZO algorithm.
823
Neil Horman17f0f4a2008-08-14 22:15:52 +1000824comment "Random Number Generation"
825
826config CRYPTO_ANSI_CPRNG
827 tristate "Pseudo Random Number Generation for Cryptographic modules"
Neil Horman4e4ed832009-08-20 17:54:16 +1000828 default m
Neil Horman17f0f4a2008-08-14 22:15:52 +1000829 select CRYPTO_AES
830 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +1000831 help
832 This option enables the generic pseudo random number generator
833 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +0100834 ANSI X9.31 A.2.4. Note that this option must be enabled if
835 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +1000836
Linus Torvalds1da177e2005-04-16 15:20:36 -0700837source "drivers/crypto/Kconfig"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700838
Herbert Xucce9e062006-08-21 21:08:13 +1000839endif # if CRYPTO