11da177e4SLinus Torvalds# 2685784aaSDan Williams# Generic algorithms support 3685784aaSDan Williams# 4685784aaSDan Williamsconfig XOR_BLOCKS 5685784aaSDan Williams tristate 6685784aaSDan Williams 7685784aaSDan Williams# 89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 99bc89cd8SDan Williams# 109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 119bc89cd8SDan Williams 129bc89cd8SDan Williams# 131da177e4SLinus Torvalds# Cryptographic API Configuration 141da177e4SLinus Torvalds# 152e290f43SJan Engelhardtmenuconfig CRYPTO 16c3715cb9SSebastian Siewior tristate "Cryptographic API" 171da177e4SLinus Torvalds help 181da177e4SLinus Torvalds This option provides the core Cryptographic API. 191da177e4SLinus Torvalds 20cce9e06dSHerbert Xuif CRYPTO 21cce9e06dSHerbert Xu 22584fffc8SSebastian Siewiorcomment "Crypto core or helper" 23584fffc8SSebastian Siewior 24cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 25cce9e06dSHerbert Xu tristate 26cce9e06dSHerbert Xu help 27cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 28cce9e06dSHerbert Xu 291ae97820SHerbert Xuconfig CRYPTO_AEAD 301ae97820SHerbert Xu tristate 311ae97820SHerbert Xu select CRYPTO_ALGAPI 321ae97820SHerbert Xu 335cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER 345cde0af2SHerbert Xu tristate 355cde0af2SHerbert Xu select CRYPTO_ALGAPI 365cde0af2SHerbert Xu 37055bcee3SHerbert Xuconfig CRYPTO_HASH 38055bcee3SHerbert Xu tristate 39055bcee3SHerbert Xu select CRYPTO_ALGAPI 40055bcee3SHerbert Xu 412b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 422b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 432b8c19dbSHerbert Xu select CRYPTO_ALGAPI 442b8c19dbSHerbert Xu help 452b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 462b8c19dbSHerbert Xu cbc(aes). 472b8c19dbSHerbert Xu 48584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 49584fffc8SSebastian Siewior tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" 50584fffc8SSebastian Siewior depends on EXPERIMENTAL 51584fffc8SSebastian Siewior help 52584fffc8SSebastian Siewior Efficient table driven implementation of multiplications in the 53584fffc8SSebastian Siewior field GF(2^128). This is needed by some cypher modes. This 54584fffc8SSebastian Siewior option will be selected automatically if you select such a 55584fffc8SSebastian Siewior cipher mode. Only select this option by hand if you expect to load 56584fffc8SSebastian Siewior an external module that requires these functions. 57584fffc8SSebastian Siewior 58584fffc8SSebastian Siewiorconfig CRYPTO_NULL 59584fffc8SSebastian Siewior tristate "Null algorithms" 60584fffc8SSebastian Siewior select CRYPTO_ALGAPI 61584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 62584fffc8SSebastian Siewior help 63584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 64584fffc8SSebastian Siewior 65584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 66584fffc8SSebastian Siewior tristate "Software async crypto daemon" 67584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 68584fffc8SSebastian Siewior select CRYPTO_MANAGER 69584fffc8SSebastian Siewior help 70584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 71584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 72584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 73584fffc8SSebastian Siewior 74584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 75584fffc8SSebastian Siewior tristate "Authenc support" 76584fffc8SSebastian Siewior select CRYPTO_AEAD 77584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 78584fffc8SSebastian Siewior select CRYPTO_MANAGER 79584fffc8SSebastian Siewior select CRYPTO_HASH 80584fffc8SSebastian Siewior help 81584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 82584fffc8SSebastian Siewior This is required for IPSec. 83584fffc8SSebastian Siewior 84584fffc8SSebastian Siewiorconfig CRYPTO_TEST 85584fffc8SSebastian Siewior tristate "Testing module" 86584fffc8SSebastian Siewior depends on m 87584fffc8SSebastian Siewior select CRYPTO_ALGAPI 88584fffc8SSebastian Siewior select CRYPTO_AEAD 89584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 90584fffc8SSebastian Siewior help 91584fffc8SSebastian Siewior Quick & dirty crypto test module. 92584fffc8SSebastian Siewior 93584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 94584fffc8SSebastian Siewior 95584fffc8SSebastian Siewiorconfig CRYPTO_CCM 96584fffc8SSebastian Siewior tristate "CCM support" 97584fffc8SSebastian Siewior select CRYPTO_CTR 98584fffc8SSebastian Siewior select CRYPTO_AEAD 99584fffc8SSebastian Siewior help 100584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 101584fffc8SSebastian Siewior 102584fffc8SSebastian Siewiorconfig CRYPTO_GCM 103584fffc8SSebastian Siewior tristate "GCM/GMAC support" 104584fffc8SSebastian Siewior select CRYPTO_CTR 105584fffc8SSebastian Siewior select CRYPTO_AEAD 106584fffc8SSebastian Siewior select CRYPTO_GF128MUL 107584fffc8SSebastian Siewior help 108584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 109584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 110584fffc8SSebastian Siewior 111584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 112584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 113584fffc8SSebastian Siewior select CRYPTO_AEAD 114584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 115584fffc8SSebastian Siewior help 116584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 117584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 118584fffc8SSebastian Siewior 119584fffc8SSebastian Siewiorcomment "Block modes" 120584fffc8SSebastian Siewior 121584fffc8SSebastian Siewiorconfig CRYPTO_CBC 122584fffc8SSebastian Siewior tristate "CBC support" 123584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 124584fffc8SSebastian Siewior select CRYPTO_MANAGER 125584fffc8SSebastian Siewior help 126584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 127584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 128584fffc8SSebastian Siewior 129584fffc8SSebastian Siewiorconfig CRYPTO_CTR 130584fffc8SSebastian Siewior tristate "CTR support" 131584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 132584fffc8SSebastian Siewior select CRYPTO_SEQIV 133584fffc8SSebastian Siewior select CRYPTO_MANAGER 134584fffc8SSebastian Siewior help 135584fffc8SSebastian Siewior CTR: Counter mode 136584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 137584fffc8SSebastian Siewior 138584fffc8SSebastian Siewiorconfig CRYPTO_CTS 139584fffc8SSebastian Siewior tristate "CTS support" 140584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 141584fffc8SSebastian Siewior help 142584fffc8SSebastian Siewior CTS: Cipher Text Stealing 143584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 144584fffc8SSebastian Siewior Section 8 of rfc2040 and referenced by rfc3962. 145584fffc8SSebastian Siewior (rfc3962 includes errata information in its Appendix A) 146584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 147584fffc8SSebastian Siewior for AES encryption. 148584fffc8SSebastian Siewior 149584fffc8SSebastian Siewiorconfig CRYPTO_ECB 150584fffc8SSebastian Siewior tristate "ECB support" 151584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 152584fffc8SSebastian Siewior select CRYPTO_MANAGER 153584fffc8SSebastian Siewior help 154584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 155584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 156584fffc8SSebastian Siewior the input block by block. 157584fffc8SSebastian Siewior 158584fffc8SSebastian Siewiorconfig CRYPTO_LRW 159584fffc8SSebastian Siewior tristate "LRW support (EXPERIMENTAL)" 160584fffc8SSebastian Siewior depends on EXPERIMENTAL 161584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 162584fffc8SSebastian Siewior select CRYPTO_MANAGER 163584fffc8SSebastian Siewior select CRYPTO_GF128MUL 164584fffc8SSebastian Siewior help 165584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 166584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 167584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 168584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 169584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 170584fffc8SSebastian Siewior 171584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 172584fffc8SSebastian Siewior tristate "PCBC support" 173584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 174584fffc8SSebastian Siewior select CRYPTO_MANAGER 175584fffc8SSebastian Siewior help 176584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 177584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 178584fffc8SSebastian Siewior 179584fffc8SSebastian Siewiorconfig CRYPTO_XTS 180584fffc8SSebastian Siewior tristate "XTS support (EXPERIMENTAL)" 181584fffc8SSebastian Siewior depends on EXPERIMENTAL 182584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 183584fffc8SSebastian Siewior select CRYPTO_MANAGER 184584fffc8SSebastian Siewior select CRYPTO_GF128MUL 185584fffc8SSebastian Siewior help 186584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 187584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 188584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 189584fffc8SSebastian Siewior 190584fffc8SSebastian Siewiorcomment "Hash modes" 191584fffc8SSebastian Siewior 1921da177e4SLinus Torvaldsconfig CRYPTO_HMAC 1938425165dSHerbert Xu tristate "HMAC support" 1940796ae06SHerbert Xu select CRYPTO_HASH 19543518407SHerbert Xu select CRYPTO_MANAGER 1961da177e4SLinus Torvalds help 1971da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 1981da177e4SLinus Torvalds This is required for IPSec. 1991da177e4SLinus Torvalds 200333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 201333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 202333b0d7eSKazunori MIYAZAWA depends on EXPERIMENTAL 203333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 204333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 205333b0d7eSKazunori MIYAZAWA help 206333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 207333b0d7eSKazunori MIYAZAWA http://www.ietf.org/rfc/rfc3566.txt 208333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 209333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 210333b0d7eSKazunori MIYAZAWA 211584fffc8SSebastian Siewiorcomment "Digest" 212584fffc8SSebastian Siewior 213584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 214584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 215cce9e06dSHerbert Xu select CRYPTO_ALGAPI 216584fffc8SSebastian Siewior select LIBCRC32C 2171da177e4SLinus Torvalds help 218584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 219584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 220584fffc8SSebastian Siewior See Castagnoli93. This implementation uses lib/libcrc32c. 221584fffc8SSebastian Siewior Module will be crc32c. 2221da177e4SLinus Torvalds 2231da177e4SLinus Torvaldsconfig CRYPTO_MD4 2241da177e4SLinus Torvalds tristate "MD4 digest algorithm" 225cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2261da177e4SLinus Torvalds help 2271da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 2281da177e4SLinus Torvalds 2291da177e4SLinus Torvaldsconfig CRYPTO_MD5 2301da177e4SLinus Torvalds tristate "MD5 digest algorithm" 231cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2321da177e4SLinus Torvalds help 2331da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 2341da177e4SLinus Torvalds 235584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 236584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 237584fffc8SSebastian Siewior select CRYPTO_ALGAPI 238584fffc8SSebastian Siewior help 239584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 240584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 241584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 242584fffc8SSebastian Siewior of the algorithm. 243584fffc8SSebastian Siewior 244*82798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128 245*82798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-128 digest algorithm" 246*82798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 247*82798f90SAdrian-Ken Rueegsegger help 248*82798f90SAdrian-Ken Rueegsegger RIPEMD-128 (ISO/IEC 10118-3:2004). 249*82798f90SAdrian-Ken Rueegsegger 250*82798f90SAdrian-Ken Rueegsegger RIPEMD-128 is a 128-bit cryptographic hash function. It should only 251*82798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for RIPEMD. For other use cases 252*82798f90SAdrian-Ken Rueegsegger RIPEMD-160 should be used. 253*82798f90SAdrian-Ken Rueegsegger 254*82798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 255*82798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 256*82798f90SAdrian-Ken Rueegsegger 257*82798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 258*82798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 259*82798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 260*82798f90SAdrian-Ken Rueegsegger help 261*82798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 262*82798f90SAdrian-Ken Rueegsegger 263*82798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 264*82798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 265*82798f90SAdrian-Ken Rueegsegger MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). 266*82798f90SAdrian-Ken Rueegsegger 267*82798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 268*82798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 269*82798f90SAdrian-Ken Rueegsegger 2701da177e4SLinus Torvaldsconfig CRYPTO_SHA1 2711da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 272cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2731da177e4SLinus Torvalds help 2741da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 2751da177e4SLinus Torvalds 2761da177e4SLinus Torvaldsconfig CRYPTO_SHA256 277cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 278cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2791da177e4SLinus Torvalds help 2801da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 2811da177e4SLinus Torvalds 2821da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 2831da177e4SLinus Torvalds security against collision attacks. 2841da177e4SLinus Torvalds 285cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 286cd12fb90SJonathan Lynch of security against collision attacks. 287cd12fb90SJonathan Lynch 2881da177e4SLinus Torvaldsconfig CRYPTO_SHA512 2891da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 290cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2911da177e4SLinus Torvalds help 2921da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 2931da177e4SLinus Torvalds 2941da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 2951da177e4SLinus Torvalds security against collision attacks. 2961da177e4SLinus Torvalds 2971da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 2981da177e4SLinus Torvalds of security against collision attacks. 2991da177e4SLinus Torvalds 3001da177e4SLinus Torvaldsconfig CRYPTO_TGR192 3011da177e4SLinus Torvalds tristate "Tiger digest algorithms" 302cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3031da177e4SLinus Torvalds help 3041da177e4SLinus Torvalds Tiger hash algorithm 192, 160 and 128-bit hashes 3051da177e4SLinus Torvalds 3061da177e4SLinus Torvalds Tiger is a hash function optimized for 64-bit processors while 3071da177e4SLinus Torvalds still having decent performance on 32-bit processors. 3081da177e4SLinus Torvalds Tiger was developed by Ross Anderson and Eli Biham. 3091da177e4SLinus Torvalds 3101da177e4SLinus Torvalds See also: 3111da177e4SLinus Torvalds <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 3121da177e4SLinus Torvalds 313584fffc8SSebastian Siewiorconfig CRYPTO_WP512 314584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 315cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3161da177e4SLinus Torvalds help 317584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 3181da177e4SLinus Torvalds 319584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 320584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 3211da177e4SLinus Torvalds 3221da177e4SLinus Torvalds See also: 323584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> 3241da177e4SLinus Torvalds 325584fffc8SSebastian Siewiorcomment "Ciphers" 3261da177e4SLinus Torvalds 3271da177e4SLinus Torvaldsconfig CRYPTO_AES 3281da177e4SLinus Torvalds tristate "AES cipher algorithms" 329cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3301da177e4SLinus Torvalds help 3311da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3321da177e4SLinus Torvalds algorithm. 3331da177e4SLinus Torvalds 3341da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3351da177e4SLinus Torvalds both hardware and software across a wide range of computing 3361da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3371da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3381da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3391da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3401da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3411da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3421da177e4SLinus Torvalds 3431da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3441da177e4SLinus Torvalds 3451da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 3461da177e4SLinus Torvalds 3471da177e4SLinus Torvaldsconfig CRYPTO_AES_586 3481da177e4SLinus Torvalds tristate "AES cipher algorithms (i586)" 349cce9e06dSHerbert Xu depends on (X86 || UML_X86) && !64BIT 350cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3515157dea8SSebastian Siewior select CRYPTO_AES 3521da177e4SLinus Torvalds help 3531da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3541da177e4SLinus Torvalds algorithm. 3551da177e4SLinus Torvalds 3561da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3571da177e4SLinus Torvalds both hardware and software across a wide range of computing 3581da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3591da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3601da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3611da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3621da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3631da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3641da177e4SLinus Torvalds 3651da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3661da177e4SLinus Torvalds 3671da177e4SLinus Torvalds See <http://csrc.nist.gov/encryption/aes/> for more information. 3681da177e4SLinus Torvalds 369a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64 370a2a892a2SAndreas Steinmetz tristate "AES cipher algorithms (x86_64)" 371cce9e06dSHerbert Xu depends on (X86 || UML_X86) && 64BIT 372cce9e06dSHerbert Xu select CRYPTO_ALGAPI 37381190b32SSebastian Siewior select CRYPTO_AES 374a2a892a2SAndreas Steinmetz help 375a2a892a2SAndreas Steinmetz AES cipher algorithms (FIPS-197). AES uses the Rijndael 376a2a892a2SAndreas Steinmetz algorithm. 377a2a892a2SAndreas Steinmetz 378a2a892a2SAndreas Steinmetz Rijndael appears to be consistently a very good performer in 379a2a892a2SAndreas Steinmetz both hardware and software across a wide range of computing 380a2a892a2SAndreas Steinmetz environments regardless of its use in feedback or non-feedback 381a2a892a2SAndreas Steinmetz modes. Its key setup time is excellent, and its key agility is 382a2a892a2SAndreas Steinmetz good. Rijndael's very low memory requirements make it very well 383a2a892a2SAndreas Steinmetz suited for restricted-space environments, in which it also 384a2a892a2SAndreas Steinmetz demonstrates excellent performance. Rijndael's operations are 385a2a892a2SAndreas Steinmetz among the easiest to defend against power and timing attacks. 386a2a892a2SAndreas Steinmetz 387a2a892a2SAndreas Steinmetz The AES specifies three key sizes: 128, 192 and 256 bits 388a2a892a2SAndreas Steinmetz 389a2a892a2SAndreas Steinmetz See <http://csrc.nist.gov/encryption/aes/> for more information. 390a2a892a2SAndreas Steinmetz 3911da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 3921da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 393cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3941da177e4SLinus Torvalds help 3951da177e4SLinus Torvalds Anubis cipher algorithm. 3961da177e4SLinus Torvalds 3971da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 3981da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 3991da177e4SLinus Torvalds in the NESSIE competition. 4001da177e4SLinus Torvalds 4011da177e4SLinus Torvalds See also: 4021da177e4SLinus Torvalds <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 4031da177e4SLinus Torvalds <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 4041da177e4SLinus Torvalds 405584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 406584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 407e2ee95b8SHye-Shik Chang select CRYPTO_ALGAPI 408e2ee95b8SHye-Shik Chang help 409584fffc8SSebastian Siewior ARC4 cipher algorithm. 410e2ee95b8SHye-Shik Chang 411584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 412584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 413584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 414584fffc8SSebastian Siewior weakness of the algorithm. 415584fffc8SSebastian Siewior 416584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 417584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 418584fffc8SSebastian Siewior select CRYPTO_ALGAPI 419584fffc8SSebastian Siewior help 420584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 421584fffc8SSebastian Siewior 422584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 423584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 424584fffc8SSebastian Siewior designed for use on "large microprocessors". 425e2ee95b8SHye-Shik Chang 426e2ee95b8SHye-Shik Chang See also: 427584fffc8SSebastian Siewior <http://www.schneier.com/blowfish.html> 428584fffc8SSebastian Siewior 429584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 430584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 431584fffc8SSebastian Siewior depends on CRYPTO 432584fffc8SSebastian Siewior select CRYPTO_ALGAPI 433584fffc8SSebastian Siewior help 434584fffc8SSebastian Siewior Camellia cipher algorithms module. 435584fffc8SSebastian Siewior 436584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 437584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 438584fffc8SSebastian Siewior 439584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 440584fffc8SSebastian Siewior 441584fffc8SSebastian Siewior See also: 442584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 443584fffc8SSebastian Siewior 444584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 445584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 446584fffc8SSebastian Siewior select CRYPTO_ALGAPI 447584fffc8SSebastian Siewior help 448584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 449584fffc8SSebastian Siewior described in RFC2144. 450584fffc8SSebastian Siewior 451584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 452584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 453584fffc8SSebastian Siewior select CRYPTO_ALGAPI 454584fffc8SSebastian Siewior help 455584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 456584fffc8SSebastian Siewior described in RFC2612. 457584fffc8SSebastian Siewior 458584fffc8SSebastian Siewiorconfig CRYPTO_DES 459584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 460584fffc8SSebastian Siewior select CRYPTO_ALGAPI 461584fffc8SSebastian Siewior help 462584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 463584fffc8SSebastian Siewior 464584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 465584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 466584fffc8SSebastian Siewior select CRYPTO_ALGAPI 467584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 468584fffc8SSebastian Siewior help 469584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 470584fffc8SSebastian Siewior 471584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 472584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 473584fffc8SSebastian Siewior select CRYPTO_ALGAPI 474584fffc8SSebastian Siewior help 475584fffc8SSebastian Siewior Khazad cipher algorithm. 476584fffc8SSebastian Siewior 477584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 478584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 479584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 480584fffc8SSebastian Siewior 481584fffc8SSebastian Siewior See also: 482584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> 483e2ee95b8SHye-Shik Chang 4842407d608STan Swee Hengconfig CRYPTO_SALSA20 4852407d608STan Swee Heng tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 4862407d608STan Swee Heng depends on EXPERIMENTAL 4872407d608STan Swee Heng select CRYPTO_BLKCIPHER 4882407d608STan Swee Heng help 4892407d608STan Swee Heng Salsa20 stream cipher algorithm. 4902407d608STan Swee Heng 4912407d608STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 4922407d608STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 4932407d608STan Swee Heng 4942407d608STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 4952407d608STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 4961da177e4SLinus Torvalds 497974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586 498974e4b75STan Swee Heng tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 499974e4b75STan Swee Heng depends on (X86 || UML_X86) && !64BIT 500974e4b75STan Swee Heng depends on EXPERIMENTAL 501974e4b75STan Swee Heng select CRYPTO_BLKCIPHER 502974e4b75STan Swee Heng help 503974e4b75STan Swee Heng Salsa20 stream cipher algorithm. 504974e4b75STan Swee Heng 505974e4b75STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 506974e4b75STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 507974e4b75STan Swee Heng 508974e4b75STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 509974e4b75STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 510974e4b75STan Swee Heng 5119a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64 5129a7dafbbSTan Swee Heng tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 5139a7dafbbSTan Swee Heng depends on (X86 || UML_X86) && 64BIT 5149a7dafbbSTan Swee Heng depends on EXPERIMENTAL 5159a7dafbbSTan Swee Heng select CRYPTO_BLKCIPHER 5169a7dafbbSTan Swee Heng help 5179a7dafbbSTan Swee Heng Salsa20 stream cipher algorithm. 5189a7dafbbSTan Swee Heng 5199a7dafbbSTan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 5209a7dafbbSTan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 5219a7dafbbSTan Swee Heng 5229a7dafbbSTan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 5239a7dafbbSTan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 5249a7dafbbSTan Swee Heng 525584fffc8SSebastian Siewiorconfig CRYPTO_SEED 526584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 527584fffc8SSebastian Siewior select CRYPTO_ALGAPI 528584fffc8SSebastian Siewior help 529584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 530584fffc8SSebastian Siewior 531584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 532584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 533584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 534584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 535584fffc8SSebastian Siewior 536584fffc8SSebastian Siewior See also: 537584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 538584fffc8SSebastian Siewior 539584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 540584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 541584fffc8SSebastian Siewior select CRYPTO_ALGAPI 542584fffc8SSebastian Siewior help 543584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 544584fffc8SSebastian Siewior 545584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 546584fffc8SSebastian Siewior of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 547584fffc8SSebastian Siewior variant of Serpent for compatibility with old kerneli.org code. 548584fffc8SSebastian Siewior 549584fffc8SSebastian Siewior See also: 550584fffc8SSebastian Siewior <http://www.cl.cam.ac.uk/~rja14/serpent.html> 551584fffc8SSebastian Siewior 552584fffc8SSebastian Siewiorconfig CRYPTO_TEA 553584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 554584fffc8SSebastian Siewior select CRYPTO_ALGAPI 555584fffc8SSebastian Siewior help 556584fffc8SSebastian Siewior TEA cipher algorithm. 557584fffc8SSebastian Siewior 558584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 559584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 560584fffc8SSebastian Siewior little memory. 561584fffc8SSebastian Siewior 562584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 563584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 564584fffc8SSebastian Siewior in the TEA algorithm. 565584fffc8SSebastian Siewior 566584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 567584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 568584fffc8SSebastian Siewior 569584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 570584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 571584fffc8SSebastian Siewior select CRYPTO_ALGAPI 572584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 573584fffc8SSebastian Siewior help 574584fffc8SSebastian Siewior Twofish cipher algorithm. 575584fffc8SSebastian Siewior 576584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 577584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 578584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 579584fffc8SSebastian Siewior bits. 580584fffc8SSebastian Siewior 581584fffc8SSebastian Siewior See also: 582584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 583584fffc8SSebastian Siewior 584584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 585584fffc8SSebastian Siewior tristate 586584fffc8SSebastian Siewior help 587584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 588584fffc8SSebastian Siewior generic c and the assembler implementations. 589584fffc8SSebastian Siewior 590584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 591584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 592584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 593584fffc8SSebastian Siewior select CRYPTO_ALGAPI 594584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 595584fffc8SSebastian Siewior help 596584fffc8SSebastian Siewior Twofish cipher algorithm. 597584fffc8SSebastian Siewior 598584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 599584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 600584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 601584fffc8SSebastian Siewior bits. 602584fffc8SSebastian Siewior 603584fffc8SSebastian Siewior See also: 604584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 605584fffc8SSebastian Siewior 606584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 607584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 608584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 609584fffc8SSebastian Siewior select CRYPTO_ALGAPI 610584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 611584fffc8SSebastian Siewior help 612584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 613584fffc8SSebastian Siewior 614584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 615584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 616584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 617584fffc8SSebastian Siewior bits. 618584fffc8SSebastian Siewior 619584fffc8SSebastian Siewior See also: 620584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 621584fffc8SSebastian Siewior 622584fffc8SSebastian Siewiorcomment "Compression" 623584fffc8SSebastian Siewior 6241da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 6251da177e4SLinus Torvalds tristate "Deflate compression algorithm" 626cce9e06dSHerbert Xu select CRYPTO_ALGAPI 6271da177e4SLinus Torvalds select ZLIB_INFLATE 6281da177e4SLinus Torvalds select ZLIB_DEFLATE 6291da177e4SLinus Torvalds help 6301da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 6311da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 6321da177e4SLinus Torvalds 6331da177e4SLinus Torvalds You will most probably want this if using IPSec. 6341da177e4SLinus Torvalds 6350b77abb3SZoltan Sogorconfig CRYPTO_LZO 6360b77abb3SZoltan Sogor tristate "LZO compression algorithm" 6370b77abb3SZoltan Sogor select CRYPTO_ALGAPI 6380b77abb3SZoltan Sogor select LZO_COMPRESS 6390b77abb3SZoltan Sogor select LZO_DECOMPRESS 6400b77abb3SZoltan Sogor help 6410b77abb3SZoltan Sogor This is the LZO algorithm. 6420b77abb3SZoltan Sogor 6431da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 6441da177e4SLinus Torvalds 645cce9e06dSHerbert Xuendif # if CRYPTO 646