11da177e4SLinus Torvalds# 2685784aaSDan Williams# Generic algorithms support 3685784aaSDan Williams# 4685784aaSDan Williamsconfig XOR_BLOCKS 5685784aaSDan Williams tristate 6685784aaSDan Williams 7685784aaSDan Williams# 89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 99bc89cd8SDan Williams# 109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 119bc89cd8SDan Williams 129bc89cd8SDan Williams# 131da177e4SLinus Torvalds# Cryptographic API Configuration 141da177e4SLinus Torvalds# 152e290f43SJan Engelhardtmenuconfig CRYPTO 16c3715cb9SSebastian Siewior tristate "Cryptographic API" 171da177e4SLinus Torvalds help 181da177e4SLinus Torvalds This option provides the core Cryptographic API. 191da177e4SLinus Torvalds 20cce9e06dSHerbert Xuif CRYPTO 21cce9e06dSHerbert Xu 22*584fffc8SSebastian Siewiorcomment "Crypto core or helper" 23*584fffc8SSebastian Siewior 24cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 25cce9e06dSHerbert Xu tristate 26cce9e06dSHerbert Xu help 27cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 28cce9e06dSHerbert Xu 291ae97820SHerbert Xuconfig CRYPTO_AEAD 301ae97820SHerbert Xu tristate 311ae97820SHerbert Xu select CRYPTO_ALGAPI 321ae97820SHerbert Xu 335cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER 345cde0af2SHerbert Xu tristate 355cde0af2SHerbert Xu select CRYPTO_ALGAPI 365cde0af2SHerbert Xu 37055bcee3SHerbert Xuconfig CRYPTO_HASH 38055bcee3SHerbert Xu tristate 39055bcee3SHerbert Xu select CRYPTO_ALGAPI 40055bcee3SHerbert Xu 412b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 422b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 432b8c19dbSHerbert Xu select CRYPTO_ALGAPI 442b8c19dbSHerbert Xu help 452b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 462b8c19dbSHerbert Xu cbc(aes). 472b8c19dbSHerbert Xu 48*584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 49*584fffc8SSebastian Siewior tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" 50*584fffc8SSebastian Siewior depends on EXPERIMENTAL 51*584fffc8SSebastian Siewior help 52*584fffc8SSebastian Siewior Efficient table driven implementation of multiplications in the 53*584fffc8SSebastian Siewior field GF(2^128). This is needed by some cypher modes. This 54*584fffc8SSebastian Siewior option will be selected automatically if you select such a 55*584fffc8SSebastian Siewior cipher mode. Only select this option by hand if you expect to load 56*584fffc8SSebastian Siewior an external module that requires these functions. 57*584fffc8SSebastian Siewior 58*584fffc8SSebastian Siewiorconfig CRYPTO_NULL 59*584fffc8SSebastian Siewior tristate "Null algorithms" 60*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 61*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 62*584fffc8SSebastian Siewior help 63*584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 64*584fffc8SSebastian Siewior 65*584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 66*584fffc8SSebastian Siewior tristate "Software async crypto daemon" 67*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 68*584fffc8SSebastian Siewior select CRYPTO_MANAGER 69*584fffc8SSebastian Siewior help 70*584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 71*584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 72*584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 73*584fffc8SSebastian Siewior 74*584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 75*584fffc8SSebastian Siewior tristate "Authenc support" 76*584fffc8SSebastian Siewior select CRYPTO_AEAD 77*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 78*584fffc8SSebastian Siewior select CRYPTO_MANAGER 79*584fffc8SSebastian Siewior select CRYPTO_HASH 80*584fffc8SSebastian Siewior help 81*584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 82*584fffc8SSebastian Siewior This is required for IPSec. 83*584fffc8SSebastian Siewior 84*584fffc8SSebastian Siewiorconfig CRYPTO_TEST 85*584fffc8SSebastian Siewior tristate "Testing module" 86*584fffc8SSebastian Siewior depends on m 87*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 88*584fffc8SSebastian Siewior select CRYPTO_AEAD 89*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 90*584fffc8SSebastian Siewior help 91*584fffc8SSebastian Siewior Quick & dirty crypto test module. 92*584fffc8SSebastian Siewior 93*584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 94*584fffc8SSebastian Siewior 95*584fffc8SSebastian Siewiorconfig CRYPTO_CCM 96*584fffc8SSebastian Siewior tristate "CCM support" 97*584fffc8SSebastian Siewior select CRYPTO_CTR 98*584fffc8SSebastian Siewior select CRYPTO_AEAD 99*584fffc8SSebastian Siewior help 100*584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 101*584fffc8SSebastian Siewior 102*584fffc8SSebastian Siewiorconfig CRYPTO_GCM 103*584fffc8SSebastian Siewior tristate "GCM/GMAC support" 104*584fffc8SSebastian Siewior select CRYPTO_CTR 105*584fffc8SSebastian Siewior select CRYPTO_AEAD 106*584fffc8SSebastian Siewior select CRYPTO_GF128MUL 107*584fffc8SSebastian Siewior help 108*584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 109*584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 110*584fffc8SSebastian Siewior 111*584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 112*584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 113*584fffc8SSebastian Siewior select CRYPTO_AEAD 114*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 115*584fffc8SSebastian Siewior help 116*584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 117*584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 118*584fffc8SSebastian Siewior 119*584fffc8SSebastian Siewiorcomment "Block modes" 120*584fffc8SSebastian Siewior 121*584fffc8SSebastian Siewiorconfig CRYPTO_CBC 122*584fffc8SSebastian Siewior tristate "CBC support" 123*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 124*584fffc8SSebastian Siewior select CRYPTO_MANAGER 125*584fffc8SSebastian Siewior help 126*584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 127*584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 128*584fffc8SSebastian Siewior 129*584fffc8SSebastian Siewiorconfig CRYPTO_CTR 130*584fffc8SSebastian Siewior tristate "CTR support" 131*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 132*584fffc8SSebastian Siewior select CRYPTO_SEQIV 133*584fffc8SSebastian Siewior select CRYPTO_MANAGER 134*584fffc8SSebastian Siewior help 135*584fffc8SSebastian Siewior CTR: Counter mode 136*584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 137*584fffc8SSebastian Siewior 138*584fffc8SSebastian Siewiorconfig CRYPTO_CTS 139*584fffc8SSebastian Siewior tristate "CTS support" 140*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 141*584fffc8SSebastian Siewior help 142*584fffc8SSebastian Siewior CTS: Cipher Text Stealing 143*584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 144*584fffc8SSebastian Siewior Section 8 of rfc2040 and referenced by rfc3962. 145*584fffc8SSebastian Siewior (rfc3962 includes errata information in its Appendix A) 146*584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 147*584fffc8SSebastian Siewior for AES encryption. 148*584fffc8SSebastian Siewior 149*584fffc8SSebastian Siewiorconfig CRYPTO_ECB 150*584fffc8SSebastian Siewior tristate "ECB support" 151*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 152*584fffc8SSebastian Siewior select CRYPTO_MANAGER 153*584fffc8SSebastian Siewior help 154*584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 155*584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 156*584fffc8SSebastian Siewior the input block by block. 157*584fffc8SSebastian Siewior 158*584fffc8SSebastian Siewiorconfig CRYPTO_LRW 159*584fffc8SSebastian Siewior tristate "LRW support (EXPERIMENTAL)" 160*584fffc8SSebastian Siewior depends on EXPERIMENTAL 161*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 162*584fffc8SSebastian Siewior select CRYPTO_MANAGER 163*584fffc8SSebastian Siewior select CRYPTO_GF128MUL 164*584fffc8SSebastian Siewior help 165*584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 166*584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 167*584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 168*584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 169*584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 170*584fffc8SSebastian Siewior 171*584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 172*584fffc8SSebastian Siewior tristate "PCBC support" 173*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 174*584fffc8SSebastian Siewior select CRYPTO_MANAGER 175*584fffc8SSebastian Siewior help 176*584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 177*584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 178*584fffc8SSebastian Siewior 179*584fffc8SSebastian Siewiorconfig CRYPTO_XTS 180*584fffc8SSebastian Siewior tristate "XTS support (EXPERIMENTAL)" 181*584fffc8SSebastian Siewior depends on EXPERIMENTAL 182*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 183*584fffc8SSebastian Siewior select CRYPTO_MANAGER 184*584fffc8SSebastian Siewior select CRYPTO_GF128MUL 185*584fffc8SSebastian Siewior help 186*584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 187*584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 188*584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 189*584fffc8SSebastian Siewior 190*584fffc8SSebastian Siewiorcomment "Hash modes" 191*584fffc8SSebastian Siewior 1921da177e4SLinus Torvaldsconfig CRYPTO_HMAC 1938425165dSHerbert Xu tristate "HMAC support" 1940796ae06SHerbert Xu select CRYPTO_HASH 19543518407SHerbert Xu select CRYPTO_MANAGER 1961da177e4SLinus Torvalds help 1971da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 1981da177e4SLinus Torvalds This is required for IPSec. 1991da177e4SLinus Torvalds 200333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 201333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 202333b0d7eSKazunori MIYAZAWA depends on EXPERIMENTAL 203333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 204333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 205333b0d7eSKazunori MIYAZAWA help 206333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 207333b0d7eSKazunori MIYAZAWA http://www.ietf.org/rfc/rfc3566.txt 208333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 209333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 210333b0d7eSKazunori MIYAZAWA 211*584fffc8SSebastian Siewiorcomment "Digest" 212*584fffc8SSebastian Siewior 213*584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 214*584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 215cce9e06dSHerbert Xu select CRYPTO_ALGAPI 216*584fffc8SSebastian Siewior select LIBCRC32C 2171da177e4SLinus Torvalds help 218*584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 219*584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 220*584fffc8SSebastian Siewior See Castagnoli93. This implementation uses lib/libcrc32c. 221*584fffc8SSebastian Siewior Module will be crc32c. 2221da177e4SLinus Torvalds 2231da177e4SLinus Torvaldsconfig CRYPTO_MD4 2241da177e4SLinus Torvalds tristate "MD4 digest algorithm" 225cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2261da177e4SLinus Torvalds help 2271da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 2281da177e4SLinus Torvalds 2291da177e4SLinus Torvaldsconfig CRYPTO_MD5 2301da177e4SLinus Torvalds tristate "MD5 digest algorithm" 231cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2321da177e4SLinus Torvalds help 2331da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 2341da177e4SLinus Torvalds 235*584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 236*584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 237*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 238*584fffc8SSebastian Siewior help 239*584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 240*584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 241*584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 242*584fffc8SSebastian Siewior of the algorithm. 243*584fffc8SSebastian Siewior 2441da177e4SLinus Torvaldsconfig CRYPTO_SHA1 2451da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 246cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2471da177e4SLinus Torvalds help 2481da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 2491da177e4SLinus Torvalds 2501da177e4SLinus Torvaldsconfig CRYPTO_SHA256 251cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 252cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2531da177e4SLinus Torvalds help 2541da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 2551da177e4SLinus Torvalds 2561da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 2571da177e4SLinus Torvalds security against collision attacks. 2581da177e4SLinus Torvalds 259cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 260cd12fb90SJonathan Lynch of security against collision attacks. 261cd12fb90SJonathan Lynch 2621da177e4SLinus Torvaldsconfig CRYPTO_SHA512 2631da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 264cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2651da177e4SLinus Torvalds help 2661da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 2671da177e4SLinus Torvalds 2681da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 2691da177e4SLinus Torvalds security against collision attacks. 2701da177e4SLinus Torvalds 2711da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 2721da177e4SLinus Torvalds of security against collision attacks. 2731da177e4SLinus Torvalds 2741da177e4SLinus Torvaldsconfig CRYPTO_TGR192 2751da177e4SLinus Torvalds tristate "Tiger digest algorithms" 276cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2771da177e4SLinus Torvalds help 2781da177e4SLinus Torvalds Tiger hash algorithm 192, 160 and 128-bit hashes 2791da177e4SLinus Torvalds 2801da177e4SLinus Torvalds Tiger is a hash function optimized for 64-bit processors while 2811da177e4SLinus Torvalds still having decent performance on 32-bit processors. 2821da177e4SLinus Torvalds Tiger was developed by Ross Anderson and Eli Biham. 2831da177e4SLinus Torvalds 2841da177e4SLinus Torvalds See also: 2851da177e4SLinus Torvalds <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 2861da177e4SLinus Torvalds 287*584fffc8SSebastian Siewiorconfig CRYPTO_WP512 288*584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 289cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2901da177e4SLinus Torvalds help 291*584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 2921da177e4SLinus Torvalds 293*584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 294*584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 2951da177e4SLinus Torvalds 2961da177e4SLinus Torvalds See also: 297*584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> 2981da177e4SLinus Torvalds 299*584fffc8SSebastian Siewiorcomment "Ciphers" 3001da177e4SLinus Torvalds 3011da177e4SLinus Torvaldsconfig CRYPTO_AES 3021da177e4SLinus Torvalds tristate "AES cipher algorithms" 303cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3041da177e4SLinus Torvalds help 3051da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3061da177e4SLinus Torvalds algorithm. 3071da177e4SLinus Torvalds 3081da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3091da177e4SLinus Torvalds both hardware and software across a wide range of computing 3101da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3111da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3121da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3131da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3141da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3151da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3161da177e4SLinus Torvalds 3171da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3181da177e4SLinus Torvalds 3191da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 3201da177e4SLinus Torvalds 3211da177e4SLinus Torvaldsconfig CRYPTO_AES_586 3221da177e4SLinus Torvalds tristate "AES cipher algorithms (i586)" 323cce9e06dSHerbert Xu depends on (X86 || UML_X86) && !64BIT 324cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3255157dea8SSebastian Siewior select CRYPTO_AES 3261da177e4SLinus Torvalds help 3271da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3281da177e4SLinus Torvalds algorithm. 3291da177e4SLinus Torvalds 3301da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3311da177e4SLinus Torvalds both hardware and software across a wide range of computing 3321da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3331da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3341da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3351da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3361da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3371da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3381da177e4SLinus Torvalds 3391da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3401da177e4SLinus Torvalds 3411da177e4SLinus Torvalds See <http://csrc.nist.gov/encryption/aes/> for more information. 3421da177e4SLinus Torvalds 343a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64 344a2a892a2SAndreas Steinmetz tristate "AES cipher algorithms (x86_64)" 345cce9e06dSHerbert Xu depends on (X86 || UML_X86) && 64BIT 346cce9e06dSHerbert Xu select CRYPTO_ALGAPI 34781190b32SSebastian Siewior select CRYPTO_AES 348a2a892a2SAndreas Steinmetz help 349a2a892a2SAndreas Steinmetz AES cipher algorithms (FIPS-197). AES uses the Rijndael 350a2a892a2SAndreas Steinmetz algorithm. 351a2a892a2SAndreas Steinmetz 352a2a892a2SAndreas Steinmetz Rijndael appears to be consistently a very good performer in 353a2a892a2SAndreas Steinmetz both hardware and software across a wide range of computing 354a2a892a2SAndreas Steinmetz environments regardless of its use in feedback or non-feedback 355a2a892a2SAndreas Steinmetz modes. Its key setup time is excellent, and its key agility is 356a2a892a2SAndreas Steinmetz good. Rijndael's very low memory requirements make it very well 357a2a892a2SAndreas Steinmetz suited for restricted-space environments, in which it also 358a2a892a2SAndreas Steinmetz demonstrates excellent performance. Rijndael's operations are 359a2a892a2SAndreas Steinmetz among the easiest to defend against power and timing attacks. 360a2a892a2SAndreas Steinmetz 361a2a892a2SAndreas Steinmetz The AES specifies three key sizes: 128, 192 and 256 bits 362a2a892a2SAndreas Steinmetz 363a2a892a2SAndreas Steinmetz See <http://csrc.nist.gov/encryption/aes/> for more information. 364a2a892a2SAndreas Steinmetz 3651da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 3661da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 367cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3681da177e4SLinus Torvalds help 3691da177e4SLinus Torvalds Anubis cipher algorithm. 3701da177e4SLinus Torvalds 3711da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 3721da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 3731da177e4SLinus Torvalds in the NESSIE competition. 3741da177e4SLinus Torvalds 3751da177e4SLinus Torvalds See also: 3761da177e4SLinus Torvalds <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 3771da177e4SLinus Torvalds <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 3781da177e4SLinus Torvalds 379*584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 380*584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 381e2ee95b8SHye-Shik Chang select CRYPTO_ALGAPI 382e2ee95b8SHye-Shik Chang help 383*584fffc8SSebastian Siewior ARC4 cipher algorithm. 384e2ee95b8SHye-Shik Chang 385*584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 386*584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 387*584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 388*584fffc8SSebastian Siewior weakness of the algorithm. 389*584fffc8SSebastian Siewior 390*584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 391*584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 392*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 393*584fffc8SSebastian Siewior help 394*584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 395*584fffc8SSebastian Siewior 396*584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 397*584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 398*584fffc8SSebastian Siewior designed for use on "large microprocessors". 399e2ee95b8SHye-Shik Chang 400e2ee95b8SHye-Shik Chang See also: 401*584fffc8SSebastian Siewior <http://www.schneier.com/blowfish.html> 402*584fffc8SSebastian Siewior 403*584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 404*584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 405*584fffc8SSebastian Siewior depends on CRYPTO 406*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 407*584fffc8SSebastian Siewior help 408*584fffc8SSebastian Siewior Camellia cipher algorithms module. 409*584fffc8SSebastian Siewior 410*584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 411*584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 412*584fffc8SSebastian Siewior 413*584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 414*584fffc8SSebastian Siewior 415*584fffc8SSebastian Siewior See also: 416*584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 417*584fffc8SSebastian Siewior 418*584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 419*584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 420*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 421*584fffc8SSebastian Siewior help 422*584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 423*584fffc8SSebastian Siewior described in RFC2144. 424*584fffc8SSebastian Siewior 425*584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 426*584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 427*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 428*584fffc8SSebastian Siewior help 429*584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 430*584fffc8SSebastian Siewior described in RFC2612. 431*584fffc8SSebastian Siewior 432*584fffc8SSebastian Siewiorconfig CRYPTO_DES 433*584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 434*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 435*584fffc8SSebastian Siewior help 436*584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 437*584fffc8SSebastian Siewior 438*584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 439*584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 440*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 441*584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 442*584fffc8SSebastian Siewior help 443*584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 444*584fffc8SSebastian Siewior 445*584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 446*584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 447*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 448*584fffc8SSebastian Siewior help 449*584fffc8SSebastian Siewior Khazad cipher algorithm. 450*584fffc8SSebastian Siewior 451*584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 452*584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 453*584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 454*584fffc8SSebastian Siewior 455*584fffc8SSebastian Siewior See also: 456*584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> 457e2ee95b8SHye-Shik Chang 4582407d608STan Swee Hengconfig CRYPTO_SALSA20 4592407d608STan Swee Heng tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 4602407d608STan Swee Heng depends on EXPERIMENTAL 4612407d608STan Swee Heng select CRYPTO_BLKCIPHER 4622407d608STan Swee Heng help 4632407d608STan Swee Heng Salsa20 stream cipher algorithm. 4642407d608STan Swee Heng 4652407d608STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 4662407d608STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 4672407d608STan Swee Heng 4682407d608STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 4692407d608STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 4701da177e4SLinus Torvalds 471974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586 472974e4b75STan Swee Heng tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 473974e4b75STan Swee Heng depends on (X86 || UML_X86) && !64BIT 474974e4b75STan Swee Heng depends on EXPERIMENTAL 475974e4b75STan Swee Heng select CRYPTO_BLKCIPHER 476974e4b75STan Swee Heng help 477974e4b75STan Swee Heng Salsa20 stream cipher algorithm. 478974e4b75STan Swee Heng 479974e4b75STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 480974e4b75STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 481974e4b75STan Swee Heng 482974e4b75STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 483974e4b75STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 484974e4b75STan Swee Heng 4859a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64 4869a7dafbbSTan Swee Heng tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 4879a7dafbbSTan Swee Heng depends on (X86 || UML_X86) && 64BIT 4889a7dafbbSTan Swee Heng depends on EXPERIMENTAL 4899a7dafbbSTan Swee Heng select CRYPTO_BLKCIPHER 4909a7dafbbSTan Swee Heng help 4919a7dafbbSTan Swee Heng Salsa20 stream cipher algorithm. 4929a7dafbbSTan Swee Heng 4939a7dafbbSTan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 4949a7dafbbSTan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 4959a7dafbbSTan Swee Heng 4969a7dafbbSTan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 4979a7dafbbSTan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 4989a7dafbbSTan Swee Heng 499*584fffc8SSebastian Siewiorconfig CRYPTO_SEED 500*584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 501*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 502*584fffc8SSebastian Siewior help 503*584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 504*584fffc8SSebastian Siewior 505*584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 506*584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 507*584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 508*584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 509*584fffc8SSebastian Siewior 510*584fffc8SSebastian Siewior See also: 511*584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 512*584fffc8SSebastian Siewior 513*584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 514*584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 515*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 516*584fffc8SSebastian Siewior help 517*584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 518*584fffc8SSebastian Siewior 519*584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 520*584fffc8SSebastian Siewior of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 521*584fffc8SSebastian Siewior variant of Serpent for compatibility with old kerneli.org code. 522*584fffc8SSebastian Siewior 523*584fffc8SSebastian Siewior See also: 524*584fffc8SSebastian Siewior <http://www.cl.cam.ac.uk/~rja14/serpent.html> 525*584fffc8SSebastian Siewior 526*584fffc8SSebastian Siewiorconfig CRYPTO_TEA 527*584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 528*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 529*584fffc8SSebastian Siewior help 530*584fffc8SSebastian Siewior TEA cipher algorithm. 531*584fffc8SSebastian Siewior 532*584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 533*584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 534*584fffc8SSebastian Siewior little memory. 535*584fffc8SSebastian Siewior 536*584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 537*584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 538*584fffc8SSebastian Siewior in the TEA algorithm. 539*584fffc8SSebastian Siewior 540*584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 541*584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 542*584fffc8SSebastian Siewior 543*584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 544*584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 545*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 546*584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 547*584fffc8SSebastian Siewior help 548*584fffc8SSebastian Siewior Twofish cipher algorithm. 549*584fffc8SSebastian Siewior 550*584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 551*584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 552*584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 553*584fffc8SSebastian Siewior bits. 554*584fffc8SSebastian Siewior 555*584fffc8SSebastian Siewior See also: 556*584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 557*584fffc8SSebastian Siewior 558*584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 559*584fffc8SSebastian Siewior tristate 560*584fffc8SSebastian Siewior help 561*584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 562*584fffc8SSebastian Siewior generic c and the assembler implementations. 563*584fffc8SSebastian Siewior 564*584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 565*584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 566*584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 567*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 568*584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 569*584fffc8SSebastian Siewior help 570*584fffc8SSebastian Siewior Twofish cipher algorithm. 571*584fffc8SSebastian Siewior 572*584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 573*584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 574*584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 575*584fffc8SSebastian Siewior bits. 576*584fffc8SSebastian Siewior 577*584fffc8SSebastian Siewior See also: 578*584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 579*584fffc8SSebastian Siewior 580*584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 581*584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 582*584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 583*584fffc8SSebastian Siewior select CRYPTO_ALGAPI 584*584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 585*584fffc8SSebastian Siewior help 586*584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 587*584fffc8SSebastian Siewior 588*584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 589*584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 590*584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 591*584fffc8SSebastian Siewior bits. 592*584fffc8SSebastian Siewior 593*584fffc8SSebastian Siewior See also: 594*584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 595*584fffc8SSebastian Siewior 596*584fffc8SSebastian Siewiorcomment "Compression" 597*584fffc8SSebastian Siewior 5981da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 5991da177e4SLinus Torvalds tristate "Deflate compression algorithm" 600cce9e06dSHerbert Xu select CRYPTO_ALGAPI 6011da177e4SLinus Torvalds select ZLIB_INFLATE 6021da177e4SLinus Torvalds select ZLIB_DEFLATE 6031da177e4SLinus Torvalds help 6041da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 6051da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 6061da177e4SLinus Torvalds 6071da177e4SLinus Torvalds You will most probably want this if using IPSec. 6081da177e4SLinus Torvalds 6090b77abb3SZoltan Sogorconfig CRYPTO_LZO 6100b77abb3SZoltan Sogor tristate "LZO compression algorithm" 6110b77abb3SZoltan Sogor select CRYPTO_ALGAPI 6120b77abb3SZoltan Sogor select LZO_COMPRESS 6130b77abb3SZoltan Sogor select LZO_DECOMPRESS 6140b77abb3SZoltan Sogor help 6150b77abb3SZoltan Sogor This is the LZO algorithm. 6160b77abb3SZoltan Sogor 6171da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 6181da177e4SLinus Torvalds 619cce9e06dSHerbert Xuendif # if CRYPTO 620