11da177e4SLinus Torvalds# 2685784aaSDan Williams# Generic algorithms support 3685784aaSDan Williams# 4685784aaSDan Williamsconfig XOR_BLOCKS 5685784aaSDan Williams tristate 6685784aaSDan Williams 7685784aaSDan Williams# 89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 99bc89cd8SDan Williams# 109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 119bc89cd8SDan Williams 129bc89cd8SDan Williams# 131da177e4SLinus Torvalds# Cryptographic API Configuration 141da177e4SLinus Torvalds# 152e290f43SJan Engelhardtmenuconfig CRYPTO 16c3715cb9SSebastian Siewior tristate "Cryptographic API" 171da177e4SLinus Torvalds help 181da177e4SLinus Torvalds This option provides the core Cryptographic API. 191da177e4SLinus Torvalds 20cce9e06dSHerbert Xuif CRYPTO 21cce9e06dSHerbert Xu 22584fffc8SSebastian Siewiorcomment "Crypto core or helper" 23584fffc8SSebastian Siewior 24cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 25cce9e06dSHerbert Xu tristate 26cce9e06dSHerbert Xu help 27cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 28cce9e06dSHerbert Xu 291ae97820SHerbert Xuconfig CRYPTO_AEAD 301ae97820SHerbert Xu tristate 311ae97820SHerbert Xu select CRYPTO_ALGAPI 321ae97820SHerbert Xu 335cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER 345cde0af2SHerbert Xu tristate 355cde0af2SHerbert Xu select CRYPTO_ALGAPI 365cde0af2SHerbert Xu 37055bcee3SHerbert Xuconfig CRYPTO_HASH 38055bcee3SHerbert Xu tristate 39055bcee3SHerbert Xu select CRYPTO_ALGAPI 40055bcee3SHerbert Xu 412b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 422b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 432b8c19dbSHerbert Xu select CRYPTO_ALGAPI 442b8c19dbSHerbert Xu help 452b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 462b8c19dbSHerbert Xu cbc(aes). 472b8c19dbSHerbert Xu 48584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 49584fffc8SSebastian Siewior tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" 50584fffc8SSebastian Siewior depends on EXPERIMENTAL 51584fffc8SSebastian Siewior help 52584fffc8SSebastian Siewior Efficient table driven implementation of multiplications in the 53584fffc8SSebastian Siewior field GF(2^128). This is needed by some cypher modes. This 54584fffc8SSebastian Siewior option will be selected automatically if you select such a 55584fffc8SSebastian Siewior cipher mode. Only select this option by hand if you expect to load 56584fffc8SSebastian Siewior an external module that requires these functions. 57584fffc8SSebastian Siewior 58584fffc8SSebastian Siewiorconfig CRYPTO_NULL 59584fffc8SSebastian Siewior tristate "Null algorithms" 60584fffc8SSebastian Siewior select CRYPTO_ALGAPI 61584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 62584fffc8SSebastian Siewior help 63584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 64584fffc8SSebastian Siewior 65584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 66584fffc8SSebastian Siewior tristate "Software async crypto daemon" 67584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 68b8a28251SLoc Ho select CRYPTO_HASH 69584fffc8SSebastian Siewior select CRYPTO_MANAGER 70584fffc8SSebastian Siewior help 71584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 72584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 73584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 74584fffc8SSebastian Siewior 75584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 76584fffc8SSebastian Siewior tristate "Authenc support" 77584fffc8SSebastian Siewior select CRYPTO_AEAD 78584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 79584fffc8SSebastian Siewior select CRYPTO_MANAGER 80584fffc8SSebastian Siewior select CRYPTO_HASH 81584fffc8SSebastian Siewior help 82584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 83584fffc8SSebastian Siewior This is required for IPSec. 84584fffc8SSebastian Siewior 85584fffc8SSebastian Siewiorconfig CRYPTO_TEST 86584fffc8SSebastian Siewior tristate "Testing module" 87584fffc8SSebastian Siewior depends on m 88584fffc8SSebastian Siewior select CRYPTO_ALGAPI 89584fffc8SSebastian Siewior select CRYPTO_AEAD 90584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 91584fffc8SSebastian Siewior help 92584fffc8SSebastian Siewior Quick & dirty crypto test module. 93584fffc8SSebastian Siewior 94584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 95584fffc8SSebastian Siewior 96584fffc8SSebastian Siewiorconfig CRYPTO_CCM 97584fffc8SSebastian Siewior tristate "CCM support" 98584fffc8SSebastian Siewior select CRYPTO_CTR 99584fffc8SSebastian Siewior select CRYPTO_AEAD 100584fffc8SSebastian Siewior help 101584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 102584fffc8SSebastian Siewior 103584fffc8SSebastian Siewiorconfig CRYPTO_GCM 104584fffc8SSebastian Siewior tristate "GCM/GMAC support" 105584fffc8SSebastian Siewior select CRYPTO_CTR 106584fffc8SSebastian Siewior select CRYPTO_AEAD 107584fffc8SSebastian Siewior select CRYPTO_GF128MUL 108584fffc8SSebastian Siewior help 109584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 110584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 111584fffc8SSebastian Siewior 112584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 113584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 114584fffc8SSebastian Siewior select CRYPTO_AEAD 115584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 116584fffc8SSebastian Siewior help 117584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 118584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 119584fffc8SSebastian Siewior 120584fffc8SSebastian Siewiorcomment "Block modes" 121584fffc8SSebastian Siewior 122584fffc8SSebastian Siewiorconfig CRYPTO_CBC 123584fffc8SSebastian Siewior tristate "CBC support" 124584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 125584fffc8SSebastian Siewior select CRYPTO_MANAGER 126584fffc8SSebastian Siewior help 127584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 128584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 129584fffc8SSebastian Siewior 130584fffc8SSebastian Siewiorconfig CRYPTO_CTR 131584fffc8SSebastian Siewior tristate "CTR support" 132584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 133584fffc8SSebastian Siewior select CRYPTO_SEQIV 134584fffc8SSebastian Siewior select CRYPTO_MANAGER 135584fffc8SSebastian Siewior help 136584fffc8SSebastian Siewior CTR: Counter mode 137584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 138584fffc8SSebastian Siewior 139584fffc8SSebastian Siewiorconfig CRYPTO_CTS 140584fffc8SSebastian Siewior tristate "CTS support" 141584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 142584fffc8SSebastian Siewior help 143584fffc8SSebastian Siewior CTS: Cipher Text Stealing 144584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 145584fffc8SSebastian Siewior Section 8 of rfc2040 and referenced by rfc3962. 146584fffc8SSebastian Siewior (rfc3962 includes errata information in its Appendix A) 147584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 148584fffc8SSebastian Siewior for AES encryption. 149584fffc8SSebastian Siewior 150584fffc8SSebastian Siewiorconfig CRYPTO_ECB 151584fffc8SSebastian Siewior tristate "ECB support" 152584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 153584fffc8SSebastian Siewior select CRYPTO_MANAGER 154584fffc8SSebastian Siewior help 155584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 156584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 157584fffc8SSebastian Siewior the input block by block. 158584fffc8SSebastian Siewior 159584fffc8SSebastian Siewiorconfig CRYPTO_LRW 160584fffc8SSebastian Siewior tristate "LRW support (EXPERIMENTAL)" 161584fffc8SSebastian Siewior depends on EXPERIMENTAL 162584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 163584fffc8SSebastian Siewior select CRYPTO_MANAGER 164584fffc8SSebastian Siewior select CRYPTO_GF128MUL 165584fffc8SSebastian Siewior help 166584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 167584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 168584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 169584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 170584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 171584fffc8SSebastian Siewior 172584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 173584fffc8SSebastian Siewior tristate "PCBC support" 174584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 175584fffc8SSebastian Siewior select CRYPTO_MANAGER 176584fffc8SSebastian Siewior help 177584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 178584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 179584fffc8SSebastian Siewior 180584fffc8SSebastian Siewiorconfig CRYPTO_XTS 181584fffc8SSebastian Siewior tristate "XTS support (EXPERIMENTAL)" 182584fffc8SSebastian Siewior depends on EXPERIMENTAL 183584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 184584fffc8SSebastian Siewior select CRYPTO_MANAGER 185584fffc8SSebastian Siewior select CRYPTO_GF128MUL 186584fffc8SSebastian Siewior help 187584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 188584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 189584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 190584fffc8SSebastian Siewior 191584fffc8SSebastian Siewiorcomment "Hash modes" 192584fffc8SSebastian Siewior 1931da177e4SLinus Torvaldsconfig CRYPTO_HMAC 1948425165dSHerbert Xu tristate "HMAC support" 1950796ae06SHerbert Xu select CRYPTO_HASH 19643518407SHerbert Xu select CRYPTO_MANAGER 1971da177e4SLinus Torvalds help 1981da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 1991da177e4SLinus Torvalds This is required for IPSec. 2001da177e4SLinus Torvalds 201333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 202333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 203333b0d7eSKazunori MIYAZAWA depends on EXPERIMENTAL 204333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 205333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 206333b0d7eSKazunori MIYAZAWA help 207333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 208333b0d7eSKazunori MIYAZAWA http://www.ietf.org/rfc/rfc3566.txt 209333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 210333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 211333b0d7eSKazunori MIYAZAWA 212584fffc8SSebastian Siewiorcomment "Digest" 213584fffc8SSebastian Siewior 214584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 215584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 2165773a3e6SHerbert Xu select CRYPTO_HASH 217584fffc8SSebastian Siewior select LIBCRC32C 2181da177e4SLinus Torvalds help 219584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 220584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 221584fffc8SSebastian Siewior See Castagnoli93. This implementation uses lib/libcrc32c. 222584fffc8SSebastian Siewior Module will be crc32c. 2231da177e4SLinus Torvalds 224*8cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL 225*8cb51ba8SAustin Zhang tristate "CRC32c INTEL hardware acceleration" 226*8cb51ba8SAustin Zhang depends on X86 227*8cb51ba8SAustin Zhang select CRYPTO_HASH 228*8cb51ba8SAustin Zhang help 229*8cb51ba8SAustin Zhang In Intel processor with SSE4.2 supported, the processor will 230*8cb51ba8SAustin Zhang support CRC32C implementation using hardware accelerated CRC32 231*8cb51ba8SAustin Zhang instruction. This option will create 'crc32c-intel' module, 232*8cb51ba8SAustin Zhang which will enable any routine to use the CRC32 instruction to 233*8cb51ba8SAustin Zhang gain performance compared with software implementation. 234*8cb51ba8SAustin Zhang Module will be crc32c-intel. 235*8cb51ba8SAustin Zhang 2361da177e4SLinus Torvaldsconfig CRYPTO_MD4 2371da177e4SLinus Torvalds tristate "MD4 digest algorithm" 238cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2391da177e4SLinus Torvalds help 2401da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 2411da177e4SLinus Torvalds 2421da177e4SLinus Torvaldsconfig CRYPTO_MD5 2431da177e4SLinus Torvalds tristate "MD5 digest algorithm" 244cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2451da177e4SLinus Torvalds help 2461da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 2471da177e4SLinus Torvalds 248584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 249584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 250584fffc8SSebastian Siewior select CRYPTO_ALGAPI 251584fffc8SSebastian Siewior help 252584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 253584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 254584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 255584fffc8SSebastian Siewior of the algorithm. 256584fffc8SSebastian Siewior 25782798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128 25882798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-128 digest algorithm" 25982798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 26082798f90SAdrian-Ken Rueegsegger help 26182798f90SAdrian-Ken Rueegsegger RIPEMD-128 (ISO/IEC 10118-3:2004). 26282798f90SAdrian-Ken Rueegsegger 26382798f90SAdrian-Ken Rueegsegger RIPEMD-128 is a 128-bit cryptographic hash function. It should only 26482798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for RIPEMD. For other use cases 26582798f90SAdrian-Ken Rueegsegger RIPEMD-160 should be used. 26682798f90SAdrian-Ken Rueegsegger 26782798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 26882798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 26982798f90SAdrian-Ken Rueegsegger 27082798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 27182798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 27282798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 27382798f90SAdrian-Ken Rueegsegger help 27482798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 27582798f90SAdrian-Ken Rueegsegger 27682798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 27782798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 278b6d44341SAdrian Bunk MD4, MD5 and it's predecessor RIPEMD 279b6d44341SAdrian Bunk (not to be confused with RIPEMD-128). 28082798f90SAdrian-Ken Rueegsegger 281b6d44341SAdrian Bunk It's speed is comparable to SHA1 and there are no known attacks 282b6d44341SAdrian Bunk against RIPEMD-160. 283534fe2c1SAdrian-Ken Rueegsegger 284534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 285534fe2c1SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 286534fe2c1SAdrian-Ken Rueegsegger 287534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD256 288534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-256 digest algorithm" 289534fe2c1SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 290534fe2c1SAdrian-Ken Rueegsegger help 291b6d44341SAdrian Bunk RIPEMD-256 is an optional extension of RIPEMD-128 with a 292b6d44341SAdrian Bunk 256 bit hash. It is intended for applications that require 293b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 294b6d44341SAdrian Bunk (than RIPEMD-128). 295534fe2c1SAdrian-Ken Rueegsegger 296534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 297534fe2c1SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 298534fe2c1SAdrian-Ken Rueegsegger 299534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD320 300534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-320 digest algorithm" 301534fe2c1SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 302534fe2c1SAdrian-Ken Rueegsegger help 303b6d44341SAdrian Bunk RIPEMD-320 is an optional extension of RIPEMD-160 with a 304b6d44341SAdrian Bunk 320 bit hash. It is intended for applications that require 305b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 306b6d44341SAdrian Bunk (than RIPEMD-160). 307534fe2c1SAdrian-Ken Rueegsegger 30882798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 30982798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 31082798f90SAdrian-Ken Rueegsegger 3111da177e4SLinus Torvaldsconfig CRYPTO_SHA1 3121da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 313cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3141da177e4SLinus Torvalds help 3151da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 3161da177e4SLinus Torvalds 3171da177e4SLinus Torvaldsconfig CRYPTO_SHA256 318cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 319cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3201da177e4SLinus Torvalds help 3211da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 3221da177e4SLinus Torvalds 3231da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 3241da177e4SLinus Torvalds security against collision attacks. 3251da177e4SLinus Torvalds 326cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 327cd12fb90SJonathan Lynch of security against collision attacks. 328cd12fb90SJonathan Lynch 3291da177e4SLinus Torvaldsconfig CRYPTO_SHA512 3301da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 331cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3321da177e4SLinus Torvalds help 3331da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 3341da177e4SLinus Torvalds 3351da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 3361da177e4SLinus Torvalds security against collision attacks. 3371da177e4SLinus Torvalds 3381da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 3391da177e4SLinus Torvalds of security against collision attacks. 3401da177e4SLinus Torvalds 3411da177e4SLinus Torvaldsconfig CRYPTO_TGR192 3421da177e4SLinus Torvalds tristate "Tiger digest algorithms" 343cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3441da177e4SLinus Torvalds help 3451da177e4SLinus Torvalds Tiger hash algorithm 192, 160 and 128-bit hashes 3461da177e4SLinus Torvalds 3471da177e4SLinus Torvalds Tiger is a hash function optimized for 64-bit processors while 3481da177e4SLinus Torvalds still having decent performance on 32-bit processors. 3491da177e4SLinus Torvalds Tiger was developed by Ross Anderson and Eli Biham. 3501da177e4SLinus Torvalds 3511da177e4SLinus Torvalds See also: 3521da177e4SLinus Torvalds <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 3531da177e4SLinus Torvalds 354584fffc8SSebastian Siewiorconfig CRYPTO_WP512 355584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 356cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3571da177e4SLinus Torvalds help 358584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 3591da177e4SLinus Torvalds 360584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 361584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 3621da177e4SLinus Torvalds 3631da177e4SLinus Torvalds See also: 364584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> 3651da177e4SLinus Torvalds 366584fffc8SSebastian Siewiorcomment "Ciphers" 3671da177e4SLinus Torvalds 3681da177e4SLinus Torvaldsconfig CRYPTO_AES 3691da177e4SLinus Torvalds tristate "AES cipher algorithms" 370cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3711da177e4SLinus Torvalds help 3721da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3731da177e4SLinus Torvalds algorithm. 3741da177e4SLinus Torvalds 3751da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3761da177e4SLinus Torvalds both hardware and software across a wide range of computing 3771da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3781da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3791da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3801da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3811da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3821da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3831da177e4SLinus Torvalds 3841da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3851da177e4SLinus Torvalds 3861da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 3871da177e4SLinus Torvalds 3881da177e4SLinus Torvaldsconfig CRYPTO_AES_586 3891da177e4SLinus Torvalds tristate "AES cipher algorithms (i586)" 390cce9e06dSHerbert Xu depends on (X86 || UML_X86) && !64BIT 391cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3925157dea8SSebastian Siewior select CRYPTO_AES 3931da177e4SLinus Torvalds help 3941da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3951da177e4SLinus Torvalds algorithm. 3961da177e4SLinus Torvalds 3971da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3981da177e4SLinus Torvalds both hardware and software across a wide range of computing 3991da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 4001da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 4011da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 4021da177e4SLinus Torvalds suited for restricted-space environments, in which it also 4031da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 4041da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 4051da177e4SLinus Torvalds 4061da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 4071da177e4SLinus Torvalds 4081da177e4SLinus Torvalds See <http://csrc.nist.gov/encryption/aes/> for more information. 4091da177e4SLinus Torvalds 410a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64 411a2a892a2SAndreas Steinmetz tristate "AES cipher algorithms (x86_64)" 412cce9e06dSHerbert Xu depends on (X86 || UML_X86) && 64BIT 413cce9e06dSHerbert Xu select CRYPTO_ALGAPI 41481190b32SSebastian Siewior select CRYPTO_AES 415a2a892a2SAndreas Steinmetz help 416a2a892a2SAndreas Steinmetz AES cipher algorithms (FIPS-197). AES uses the Rijndael 417a2a892a2SAndreas Steinmetz algorithm. 418a2a892a2SAndreas Steinmetz 419a2a892a2SAndreas Steinmetz Rijndael appears to be consistently a very good performer in 420a2a892a2SAndreas Steinmetz both hardware and software across a wide range of computing 421a2a892a2SAndreas Steinmetz environments regardless of its use in feedback or non-feedback 422a2a892a2SAndreas Steinmetz modes. Its key setup time is excellent, and its key agility is 423a2a892a2SAndreas Steinmetz good. Rijndael's very low memory requirements make it very well 424a2a892a2SAndreas Steinmetz suited for restricted-space environments, in which it also 425a2a892a2SAndreas Steinmetz demonstrates excellent performance. Rijndael's operations are 426a2a892a2SAndreas Steinmetz among the easiest to defend against power and timing attacks. 427a2a892a2SAndreas Steinmetz 428a2a892a2SAndreas Steinmetz The AES specifies three key sizes: 128, 192 and 256 bits 429a2a892a2SAndreas Steinmetz 430a2a892a2SAndreas Steinmetz See <http://csrc.nist.gov/encryption/aes/> for more information. 431a2a892a2SAndreas Steinmetz 4321da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 4331da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 434cce9e06dSHerbert Xu select CRYPTO_ALGAPI 4351da177e4SLinus Torvalds help 4361da177e4SLinus Torvalds Anubis cipher algorithm. 4371da177e4SLinus Torvalds 4381da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 4391da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 4401da177e4SLinus Torvalds in the NESSIE competition. 4411da177e4SLinus Torvalds 4421da177e4SLinus Torvalds See also: 4431da177e4SLinus Torvalds <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 4441da177e4SLinus Torvalds <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 4451da177e4SLinus Torvalds 446584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 447584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 448e2ee95b8SHye-Shik Chang select CRYPTO_ALGAPI 449e2ee95b8SHye-Shik Chang help 450584fffc8SSebastian Siewior ARC4 cipher algorithm. 451e2ee95b8SHye-Shik Chang 452584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 453584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 454584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 455584fffc8SSebastian Siewior weakness of the algorithm. 456584fffc8SSebastian Siewior 457584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 458584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 459584fffc8SSebastian Siewior select CRYPTO_ALGAPI 460584fffc8SSebastian Siewior help 461584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 462584fffc8SSebastian Siewior 463584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 464584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 465584fffc8SSebastian Siewior designed for use on "large microprocessors". 466e2ee95b8SHye-Shik Chang 467e2ee95b8SHye-Shik Chang See also: 468584fffc8SSebastian Siewior <http://www.schneier.com/blowfish.html> 469584fffc8SSebastian Siewior 470584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 471584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 472584fffc8SSebastian Siewior depends on CRYPTO 473584fffc8SSebastian Siewior select CRYPTO_ALGAPI 474584fffc8SSebastian Siewior help 475584fffc8SSebastian Siewior Camellia cipher algorithms module. 476584fffc8SSebastian Siewior 477584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 478584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 479584fffc8SSebastian Siewior 480584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 481584fffc8SSebastian Siewior 482584fffc8SSebastian Siewior See also: 483584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 484584fffc8SSebastian Siewior 485584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 486584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 487584fffc8SSebastian Siewior select CRYPTO_ALGAPI 488584fffc8SSebastian Siewior help 489584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 490584fffc8SSebastian Siewior described in RFC2144. 491584fffc8SSebastian Siewior 492584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 493584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 494584fffc8SSebastian Siewior select CRYPTO_ALGAPI 495584fffc8SSebastian Siewior help 496584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 497584fffc8SSebastian Siewior described in RFC2612. 498584fffc8SSebastian Siewior 499584fffc8SSebastian Siewiorconfig CRYPTO_DES 500584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 501584fffc8SSebastian Siewior select CRYPTO_ALGAPI 502584fffc8SSebastian Siewior help 503584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 504584fffc8SSebastian Siewior 505584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 506584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 507584fffc8SSebastian Siewior select CRYPTO_ALGAPI 508584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 509584fffc8SSebastian Siewior help 510584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 511584fffc8SSebastian Siewior 512584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 513584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 514584fffc8SSebastian Siewior select CRYPTO_ALGAPI 515584fffc8SSebastian Siewior help 516584fffc8SSebastian Siewior Khazad cipher algorithm. 517584fffc8SSebastian Siewior 518584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 519584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 520584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 521584fffc8SSebastian Siewior 522584fffc8SSebastian Siewior See also: 523584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> 524e2ee95b8SHye-Shik Chang 5252407d608STan Swee Hengconfig CRYPTO_SALSA20 5262407d608STan Swee Heng tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 5272407d608STan Swee Heng depends on EXPERIMENTAL 5282407d608STan Swee Heng select CRYPTO_BLKCIPHER 5292407d608STan Swee Heng help 5302407d608STan Swee Heng Salsa20 stream cipher algorithm. 5312407d608STan Swee Heng 5322407d608STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 5332407d608STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 5342407d608STan Swee Heng 5352407d608STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 5362407d608STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 5371da177e4SLinus Torvalds 538974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586 539974e4b75STan Swee Heng tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 540974e4b75STan Swee Heng depends on (X86 || UML_X86) && !64BIT 541974e4b75STan Swee Heng depends on EXPERIMENTAL 542974e4b75STan Swee Heng select CRYPTO_BLKCIPHER 543974e4b75STan Swee Heng help 544974e4b75STan Swee Heng Salsa20 stream cipher algorithm. 545974e4b75STan Swee Heng 546974e4b75STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 547974e4b75STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 548974e4b75STan Swee Heng 549974e4b75STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 550974e4b75STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 551974e4b75STan Swee Heng 5529a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64 5539a7dafbbSTan Swee Heng tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 5549a7dafbbSTan Swee Heng depends on (X86 || UML_X86) && 64BIT 5559a7dafbbSTan Swee Heng depends on EXPERIMENTAL 5569a7dafbbSTan Swee Heng select CRYPTO_BLKCIPHER 5579a7dafbbSTan Swee Heng help 5589a7dafbbSTan Swee Heng Salsa20 stream cipher algorithm. 5599a7dafbbSTan Swee Heng 5609a7dafbbSTan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 5619a7dafbbSTan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 5629a7dafbbSTan Swee Heng 5639a7dafbbSTan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 5649a7dafbbSTan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 5659a7dafbbSTan Swee Heng 566584fffc8SSebastian Siewiorconfig CRYPTO_SEED 567584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 568584fffc8SSebastian Siewior select CRYPTO_ALGAPI 569584fffc8SSebastian Siewior help 570584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 571584fffc8SSebastian Siewior 572584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 573584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 574584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 575584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 576584fffc8SSebastian Siewior 577584fffc8SSebastian Siewior See also: 578584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 579584fffc8SSebastian Siewior 580584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 581584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 582584fffc8SSebastian Siewior select CRYPTO_ALGAPI 583584fffc8SSebastian Siewior help 584584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 585584fffc8SSebastian Siewior 586584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 587584fffc8SSebastian Siewior of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 588584fffc8SSebastian Siewior variant of Serpent for compatibility with old kerneli.org code. 589584fffc8SSebastian Siewior 590584fffc8SSebastian Siewior See also: 591584fffc8SSebastian Siewior <http://www.cl.cam.ac.uk/~rja14/serpent.html> 592584fffc8SSebastian Siewior 593584fffc8SSebastian Siewiorconfig CRYPTO_TEA 594584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 595584fffc8SSebastian Siewior select CRYPTO_ALGAPI 596584fffc8SSebastian Siewior help 597584fffc8SSebastian Siewior TEA cipher algorithm. 598584fffc8SSebastian Siewior 599584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 600584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 601584fffc8SSebastian Siewior little memory. 602584fffc8SSebastian Siewior 603584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 604584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 605584fffc8SSebastian Siewior in the TEA algorithm. 606584fffc8SSebastian Siewior 607584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 608584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 609584fffc8SSebastian Siewior 610584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 611584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 612584fffc8SSebastian Siewior select CRYPTO_ALGAPI 613584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 614584fffc8SSebastian Siewior help 615584fffc8SSebastian Siewior Twofish cipher algorithm. 616584fffc8SSebastian Siewior 617584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 618584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 619584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 620584fffc8SSebastian Siewior bits. 621584fffc8SSebastian Siewior 622584fffc8SSebastian Siewior See also: 623584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 624584fffc8SSebastian Siewior 625584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 626584fffc8SSebastian Siewior tristate 627584fffc8SSebastian Siewior help 628584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 629584fffc8SSebastian Siewior generic c and the assembler implementations. 630584fffc8SSebastian Siewior 631584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 632584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 633584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 634584fffc8SSebastian Siewior select CRYPTO_ALGAPI 635584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 636584fffc8SSebastian Siewior help 637584fffc8SSebastian Siewior Twofish cipher algorithm. 638584fffc8SSebastian Siewior 639584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 640584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 641584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 642584fffc8SSebastian Siewior bits. 643584fffc8SSebastian Siewior 644584fffc8SSebastian Siewior See also: 645584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 646584fffc8SSebastian Siewior 647584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 648584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 649584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 650584fffc8SSebastian Siewior select CRYPTO_ALGAPI 651584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 652584fffc8SSebastian Siewior help 653584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 654584fffc8SSebastian Siewior 655584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 656584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 657584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 658584fffc8SSebastian Siewior bits. 659584fffc8SSebastian Siewior 660584fffc8SSebastian Siewior See also: 661584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 662584fffc8SSebastian Siewior 663584fffc8SSebastian Siewiorcomment "Compression" 664584fffc8SSebastian Siewior 6651da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 6661da177e4SLinus Torvalds tristate "Deflate compression algorithm" 667cce9e06dSHerbert Xu select CRYPTO_ALGAPI 6681da177e4SLinus Torvalds select ZLIB_INFLATE 6691da177e4SLinus Torvalds select ZLIB_DEFLATE 6701da177e4SLinus Torvalds help 6711da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 6721da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 6731da177e4SLinus Torvalds 6741da177e4SLinus Torvalds You will most probably want this if using IPSec. 6751da177e4SLinus Torvalds 6760b77abb3SZoltan Sogorconfig CRYPTO_LZO 6770b77abb3SZoltan Sogor tristate "LZO compression algorithm" 6780b77abb3SZoltan Sogor select CRYPTO_ALGAPI 6790b77abb3SZoltan Sogor select LZO_COMPRESS 6800b77abb3SZoltan Sogor select LZO_DECOMPRESS 6810b77abb3SZoltan Sogor help 6820b77abb3SZoltan Sogor This is the LZO algorithm. 6830b77abb3SZoltan Sogor 6841da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 6851da177e4SLinus Torvalds 686cce9e06dSHerbert Xuendif # if CRYPTO 687