11da177e4SLinus Torvalds# 2685784aaSDan Williams# Generic algorithms support 3685784aaSDan Williams# 4685784aaSDan Williamsconfig XOR_BLOCKS 5685784aaSDan Williams tristate 6685784aaSDan Williams 7685784aaSDan Williams# 89bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 99bc89cd8SDan Williams# 109bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 119bc89cd8SDan Williams 129bc89cd8SDan Williams# 131da177e4SLinus Torvalds# Cryptographic API Configuration 141da177e4SLinus Torvalds# 152e290f43SJan Engelhardtmenuconfig CRYPTO 16c3715cb9SSebastian Siewior tristate "Cryptographic API" 171da177e4SLinus Torvalds help 181da177e4SLinus Torvalds This option provides the core Cryptographic API. 191da177e4SLinus Torvalds 20cce9e06dSHerbert Xuif CRYPTO 21cce9e06dSHerbert Xu 22584fffc8SSebastian Siewiorcomment "Crypto core or helper" 23584fffc8SSebastian Siewior 24*ccb778e1SNeil Hormanconfig CRYPTO_FIPS 25*ccb778e1SNeil Horman bool "FIPS 200 compliance" 26*ccb778e1SNeil Horman help 27*ccb778e1SNeil Horman This options enables the fips boot option which is 28*ccb778e1SNeil Horman required if you want to system to operate in a FIPS 200 29*ccb778e1SNeil Horman certification. You should say no unless you know what 30*ccb778e1SNeil Horman this is. 31*ccb778e1SNeil Horman 32cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 33cce9e06dSHerbert Xu tristate 34cce9e06dSHerbert Xu help 35cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 36cce9e06dSHerbert Xu 371ae97820SHerbert Xuconfig CRYPTO_AEAD 381ae97820SHerbert Xu tristate 391ae97820SHerbert Xu select CRYPTO_ALGAPI 401ae97820SHerbert Xu 415cde0af2SHerbert Xuconfig CRYPTO_BLKCIPHER 425cde0af2SHerbert Xu tristate 435cde0af2SHerbert Xu select CRYPTO_ALGAPI 445cde0af2SHerbert Xu 45055bcee3SHerbert Xuconfig CRYPTO_HASH 46055bcee3SHerbert Xu tristate 47055bcee3SHerbert Xu select CRYPTO_ALGAPI 48055bcee3SHerbert Xu 492b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 502b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 51da7f033dSHerbert Xu select CRYPTO_AEAD 52da7f033dSHerbert Xu select CRYPTO_HASH 53da7f033dSHerbert Xu select CRYPTO_BLKCIPHER 542b8c19dbSHerbert Xu help 552b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 562b8c19dbSHerbert Xu cbc(aes). 572b8c19dbSHerbert Xu 58584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 59584fffc8SSebastian Siewior tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" 60584fffc8SSebastian Siewior depends on EXPERIMENTAL 61584fffc8SSebastian Siewior help 62584fffc8SSebastian Siewior Efficient table driven implementation of multiplications in the 63584fffc8SSebastian Siewior field GF(2^128). This is needed by some cypher modes. This 64584fffc8SSebastian Siewior option will be selected automatically if you select such a 65584fffc8SSebastian Siewior cipher mode. Only select this option by hand if you expect to load 66584fffc8SSebastian Siewior an external module that requires these functions. 67584fffc8SSebastian Siewior 68584fffc8SSebastian Siewiorconfig CRYPTO_NULL 69584fffc8SSebastian Siewior tristate "Null algorithms" 70584fffc8SSebastian Siewior select CRYPTO_ALGAPI 71584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 72584fffc8SSebastian Siewior help 73584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 74584fffc8SSebastian Siewior 75584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 76584fffc8SSebastian Siewior tristate "Software async crypto daemon" 77584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 78b8a28251SLoc Ho select CRYPTO_HASH 79584fffc8SSebastian Siewior select CRYPTO_MANAGER 80584fffc8SSebastian Siewior help 81584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 82584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 83584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 84584fffc8SSebastian Siewior 85584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 86584fffc8SSebastian Siewior tristate "Authenc support" 87584fffc8SSebastian Siewior select CRYPTO_AEAD 88584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 89584fffc8SSebastian Siewior select CRYPTO_MANAGER 90584fffc8SSebastian Siewior select CRYPTO_HASH 91584fffc8SSebastian Siewior help 92584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 93584fffc8SSebastian Siewior This is required for IPSec. 94584fffc8SSebastian Siewior 95584fffc8SSebastian Siewiorconfig CRYPTO_TEST 96584fffc8SSebastian Siewior tristate "Testing module" 97584fffc8SSebastian Siewior depends on m 98da7f033dSHerbert Xu select CRYPTO_MANAGER 99584fffc8SSebastian Siewior help 100584fffc8SSebastian Siewior Quick & dirty crypto test module. 101584fffc8SSebastian Siewior 102584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 103584fffc8SSebastian Siewior 104584fffc8SSebastian Siewiorconfig CRYPTO_CCM 105584fffc8SSebastian Siewior tristate "CCM support" 106584fffc8SSebastian Siewior select CRYPTO_CTR 107584fffc8SSebastian Siewior select CRYPTO_AEAD 108584fffc8SSebastian Siewior help 109584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 110584fffc8SSebastian Siewior 111584fffc8SSebastian Siewiorconfig CRYPTO_GCM 112584fffc8SSebastian Siewior tristate "GCM/GMAC support" 113584fffc8SSebastian Siewior select CRYPTO_CTR 114584fffc8SSebastian Siewior select CRYPTO_AEAD 115584fffc8SSebastian Siewior select CRYPTO_GF128MUL 116584fffc8SSebastian Siewior help 117584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 118584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 119584fffc8SSebastian Siewior 120584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 121584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 122584fffc8SSebastian Siewior select CRYPTO_AEAD 123584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 124584fffc8SSebastian Siewior help 125584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 126584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 127584fffc8SSebastian Siewior 128584fffc8SSebastian Siewiorcomment "Block modes" 129584fffc8SSebastian Siewior 130584fffc8SSebastian Siewiorconfig CRYPTO_CBC 131584fffc8SSebastian Siewior tristate "CBC support" 132584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 133584fffc8SSebastian Siewior select CRYPTO_MANAGER 134584fffc8SSebastian Siewior help 135584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 136584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 137584fffc8SSebastian Siewior 138584fffc8SSebastian Siewiorconfig CRYPTO_CTR 139584fffc8SSebastian Siewior tristate "CTR support" 140584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 141584fffc8SSebastian Siewior select CRYPTO_SEQIV 142584fffc8SSebastian Siewior select CRYPTO_MANAGER 143584fffc8SSebastian Siewior help 144584fffc8SSebastian Siewior CTR: Counter mode 145584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 146584fffc8SSebastian Siewior 147584fffc8SSebastian Siewiorconfig CRYPTO_CTS 148584fffc8SSebastian Siewior tristate "CTS support" 149584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 150584fffc8SSebastian Siewior help 151584fffc8SSebastian Siewior CTS: Cipher Text Stealing 152584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 153584fffc8SSebastian Siewior Section 8 of rfc2040 and referenced by rfc3962. 154584fffc8SSebastian Siewior (rfc3962 includes errata information in its Appendix A) 155584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 156584fffc8SSebastian Siewior for AES encryption. 157584fffc8SSebastian Siewior 158584fffc8SSebastian Siewiorconfig CRYPTO_ECB 159584fffc8SSebastian Siewior tristate "ECB support" 160584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 161584fffc8SSebastian Siewior select CRYPTO_MANAGER 162584fffc8SSebastian Siewior help 163584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 164584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 165584fffc8SSebastian Siewior the input block by block. 166584fffc8SSebastian Siewior 167584fffc8SSebastian Siewiorconfig CRYPTO_LRW 168584fffc8SSebastian Siewior tristate "LRW support (EXPERIMENTAL)" 169584fffc8SSebastian Siewior depends on EXPERIMENTAL 170584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 171584fffc8SSebastian Siewior select CRYPTO_MANAGER 172584fffc8SSebastian Siewior select CRYPTO_GF128MUL 173584fffc8SSebastian Siewior help 174584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 175584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 176584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 177584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 178584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 179584fffc8SSebastian Siewior 180584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 181584fffc8SSebastian Siewior tristate "PCBC support" 182584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 183584fffc8SSebastian Siewior select CRYPTO_MANAGER 184584fffc8SSebastian Siewior help 185584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 186584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 187584fffc8SSebastian Siewior 188584fffc8SSebastian Siewiorconfig CRYPTO_XTS 189584fffc8SSebastian Siewior tristate "XTS support (EXPERIMENTAL)" 190584fffc8SSebastian Siewior depends on EXPERIMENTAL 191584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 192584fffc8SSebastian Siewior select CRYPTO_MANAGER 193584fffc8SSebastian Siewior select CRYPTO_GF128MUL 194584fffc8SSebastian Siewior help 195584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 196584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 197584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 198584fffc8SSebastian Siewior 199584fffc8SSebastian Siewiorcomment "Hash modes" 200584fffc8SSebastian Siewior 2011da177e4SLinus Torvaldsconfig CRYPTO_HMAC 2028425165dSHerbert Xu tristate "HMAC support" 2030796ae06SHerbert Xu select CRYPTO_HASH 20443518407SHerbert Xu select CRYPTO_MANAGER 2051da177e4SLinus Torvalds help 2061da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 2071da177e4SLinus Torvalds This is required for IPSec. 2081da177e4SLinus Torvalds 209333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 210333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 211333b0d7eSKazunori MIYAZAWA depends on EXPERIMENTAL 212333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 213333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 214333b0d7eSKazunori MIYAZAWA help 215333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 216333b0d7eSKazunori MIYAZAWA http://www.ietf.org/rfc/rfc3566.txt 217333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 218333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 219333b0d7eSKazunori MIYAZAWA 220584fffc8SSebastian Siewiorcomment "Digest" 221584fffc8SSebastian Siewior 222584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 223584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 2245773a3e6SHerbert Xu select CRYPTO_HASH 225584fffc8SSebastian Siewior select LIBCRC32C 2261da177e4SLinus Torvalds help 227584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 228584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 229584fffc8SSebastian Siewior See Castagnoli93. This implementation uses lib/libcrc32c. 230584fffc8SSebastian Siewior Module will be crc32c. 2311da177e4SLinus Torvalds 2328cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL 2338cb51ba8SAustin Zhang tristate "CRC32c INTEL hardware acceleration" 2348cb51ba8SAustin Zhang depends on X86 2358cb51ba8SAustin Zhang select CRYPTO_HASH 2368cb51ba8SAustin Zhang help 2378cb51ba8SAustin Zhang In Intel processor with SSE4.2 supported, the processor will 2388cb51ba8SAustin Zhang support CRC32C implementation using hardware accelerated CRC32 2398cb51ba8SAustin Zhang instruction. This option will create 'crc32c-intel' module, 2408cb51ba8SAustin Zhang which will enable any routine to use the CRC32 instruction to 2418cb51ba8SAustin Zhang gain performance compared with software implementation. 2428cb51ba8SAustin Zhang Module will be crc32c-intel. 2438cb51ba8SAustin Zhang 2441da177e4SLinus Torvaldsconfig CRYPTO_MD4 2451da177e4SLinus Torvalds tristate "MD4 digest algorithm" 246cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2471da177e4SLinus Torvalds help 2481da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 2491da177e4SLinus Torvalds 2501da177e4SLinus Torvaldsconfig CRYPTO_MD5 2511da177e4SLinus Torvalds tristate "MD5 digest algorithm" 252cce9e06dSHerbert Xu select CRYPTO_ALGAPI 2531da177e4SLinus Torvalds help 2541da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 2551da177e4SLinus Torvalds 256584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 257584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 258584fffc8SSebastian Siewior select CRYPTO_ALGAPI 259584fffc8SSebastian Siewior help 260584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 261584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 262584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 263584fffc8SSebastian Siewior of the algorithm. 264584fffc8SSebastian Siewior 26582798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD128 26682798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-128 digest algorithm" 26782798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 26882798f90SAdrian-Ken Rueegsegger help 26982798f90SAdrian-Ken Rueegsegger RIPEMD-128 (ISO/IEC 10118-3:2004). 27082798f90SAdrian-Ken Rueegsegger 27182798f90SAdrian-Ken Rueegsegger RIPEMD-128 is a 128-bit cryptographic hash function. It should only 27282798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for RIPEMD. For other use cases 27382798f90SAdrian-Ken Rueegsegger RIPEMD-160 should be used. 27482798f90SAdrian-Ken Rueegsegger 27582798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 27682798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 27782798f90SAdrian-Ken Rueegsegger 27882798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 27982798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 28082798f90SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 28182798f90SAdrian-Ken Rueegsegger help 28282798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 28382798f90SAdrian-Ken Rueegsegger 28482798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 28582798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 286b6d44341SAdrian Bunk MD4, MD5 and it's predecessor RIPEMD 287b6d44341SAdrian Bunk (not to be confused with RIPEMD-128). 28882798f90SAdrian-Ken Rueegsegger 289b6d44341SAdrian Bunk It's speed is comparable to SHA1 and there are no known attacks 290b6d44341SAdrian Bunk against RIPEMD-160. 291534fe2c1SAdrian-Ken Rueegsegger 292534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 293534fe2c1SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 294534fe2c1SAdrian-Ken Rueegsegger 295534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD256 296534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-256 digest algorithm" 297534fe2c1SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 298534fe2c1SAdrian-Ken Rueegsegger help 299b6d44341SAdrian Bunk RIPEMD-256 is an optional extension of RIPEMD-128 with a 300b6d44341SAdrian Bunk 256 bit hash. It is intended for applications that require 301b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 302b6d44341SAdrian Bunk (than RIPEMD-128). 303534fe2c1SAdrian-Ken Rueegsegger 304534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 305534fe2c1SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 306534fe2c1SAdrian-Ken Rueegsegger 307534fe2c1SAdrian-Ken Rueegseggerconfig CRYPTO_RMD320 308534fe2c1SAdrian-Ken Rueegsegger tristate "RIPEMD-320 digest algorithm" 309534fe2c1SAdrian-Ken Rueegsegger select CRYPTO_ALGAPI 310534fe2c1SAdrian-Ken Rueegsegger help 311b6d44341SAdrian Bunk RIPEMD-320 is an optional extension of RIPEMD-160 with a 312b6d44341SAdrian Bunk 320 bit hash. It is intended for applications that require 313b6d44341SAdrian Bunk longer hash-results, without needing a larger security level 314b6d44341SAdrian Bunk (than RIPEMD-160). 315534fe2c1SAdrian-Ken Rueegsegger 31682798f90SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 31782798f90SAdrian-Ken Rueegsegger See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html> 31882798f90SAdrian-Ken Rueegsegger 3191da177e4SLinus Torvaldsconfig CRYPTO_SHA1 3201da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 321cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3221da177e4SLinus Torvalds help 3231da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 3241da177e4SLinus Torvalds 3251da177e4SLinus Torvaldsconfig CRYPTO_SHA256 326cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 327cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3281da177e4SLinus Torvalds help 3291da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 3301da177e4SLinus Torvalds 3311da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 3321da177e4SLinus Torvalds security against collision attacks. 3331da177e4SLinus Torvalds 334cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 335cd12fb90SJonathan Lynch of security against collision attacks. 336cd12fb90SJonathan Lynch 3371da177e4SLinus Torvaldsconfig CRYPTO_SHA512 3381da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 339cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3401da177e4SLinus Torvalds help 3411da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 3421da177e4SLinus Torvalds 3431da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 3441da177e4SLinus Torvalds security against collision attacks. 3451da177e4SLinus Torvalds 3461da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 3471da177e4SLinus Torvalds of security against collision attacks. 3481da177e4SLinus Torvalds 3491da177e4SLinus Torvaldsconfig CRYPTO_TGR192 3501da177e4SLinus Torvalds tristate "Tiger digest algorithms" 351cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3521da177e4SLinus Torvalds help 3531da177e4SLinus Torvalds Tiger hash algorithm 192, 160 and 128-bit hashes 3541da177e4SLinus Torvalds 3551da177e4SLinus Torvalds Tiger is a hash function optimized for 64-bit processors while 3561da177e4SLinus Torvalds still having decent performance on 32-bit processors. 3571da177e4SLinus Torvalds Tiger was developed by Ross Anderson and Eli Biham. 3581da177e4SLinus Torvalds 3591da177e4SLinus Torvalds See also: 3601da177e4SLinus Torvalds <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 3611da177e4SLinus Torvalds 362584fffc8SSebastian Siewiorconfig CRYPTO_WP512 363584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 364cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3651da177e4SLinus Torvalds help 366584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 3671da177e4SLinus Torvalds 368584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 369584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 3701da177e4SLinus Torvalds 3711da177e4SLinus Torvalds See also: 372584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> 3731da177e4SLinus Torvalds 374584fffc8SSebastian Siewiorcomment "Ciphers" 3751da177e4SLinus Torvalds 3761da177e4SLinus Torvaldsconfig CRYPTO_AES 3771da177e4SLinus Torvalds tristate "AES cipher algorithms" 378cce9e06dSHerbert Xu select CRYPTO_ALGAPI 3791da177e4SLinus Torvalds help 3801da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 3811da177e4SLinus Torvalds algorithm. 3821da177e4SLinus Torvalds 3831da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 3841da177e4SLinus Torvalds both hardware and software across a wide range of computing 3851da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 3861da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 3871da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 3881da177e4SLinus Torvalds suited for restricted-space environments, in which it also 3891da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 3901da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 3911da177e4SLinus Torvalds 3921da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 3931da177e4SLinus Torvalds 3941da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 3951da177e4SLinus Torvalds 3961da177e4SLinus Torvaldsconfig CRYPTO_AES_586 3971da177e4SLinus Torvalds tristate "AES cipher algorithms (i586)" 398cce9e06dSHerbert Xu depends on (X86 || UML_X86) && !64BIT 399cce9e06dSHerbert Xu select CRYPTO_ALGAPI 4005157dea8SSebastian Siewior select CRYPTO_AES 4011da177e4SLinus Torvalds help 4021da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 4031da177e4SLinus Torvalds algorithm. 4041da177e4SLinus Torvalds 4051da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 4061da177e4SLinus Torvalds both hardware and software across a wide range of computing 4071da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 4081da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 4091da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 4101da177e4SLinus Torvalds suited for restricted-space environments, in which it also 4111da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 4121da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 4131da177e4SLinus Torvalds 4141da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 4151da177e4SLinus Torvalds 4161da177e4SLinus Torvalds See <http://csrc.nist.gov/encryption/aes/> for more information. 4171da177e4SLinus Torvalds 418a2a892a2SAndreas Steinmetzconfig CRYPTO_AES_X86_64 419a2a892a2SAndreas Steinmetz tristate "AES cipher algorithms (x86_64)" 420cce9e06dSHerbert Xu depends on (X86 || UML_X86) && 64BIT 421cce9e06dSHerbert Xu select CRYPTO_ALGAPI 42281190b32SSebastian Siewior select CRYPTO_AES 423a2a892a2SAndreas Steinmetz help 424a2a892a2SAndreas Steinmetz AES cipher algorithms (FIPS-197). AES uses the Rijndael 425a2a892a2SAndreas Steinmetz algorithm. 426a2a892a2SAndreas Steinmetz 427a2a892a2SAndreas Steinmetz Rijndael appears to be consistently a very good performer in 428a2a892a2SAndreas Steinmetz both hardware and software across a wide range of computing 429a2a892a2SAndreas Steinmetz environments regardless of its use in feedback or non-feedback 430a2a892a2SAndreas Steinmetz modes. Its key setup time is excellent, and its key agility is 431a2a892a2SAndreas Steinmetz good. Rijndael's very low memory requirements make it very well 432a2a892a2SAndreas Steinmetz suited for restricted-space environments, in which it also 433a2a892a2SAndreas Steinmetz demonstrates excellent performance. Rijndael's operations are 434a2a892a2SAndreas Steinmetz among the easiest to defend against power and timing attacks. 435a2a892a2SAndreas Steinmetz 436a2a892a2SAndreas Steinmetz The AES specifies three key sizes: 128, 192 and 256 bits 437a2a892a2SAndreas Steinmetz 438a2a892a2SAndreas Steinmetz See <http://csrc.nist.gov/encryption/aes/> for more information. 439a2a892a2SAndreas Steinmetz 4401da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 4411da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 442cce9e06dSHerbert Xu select CRYPTO_ALGAPI 4431da177e4SLinus Torvalds help 4441da177e4SLinus Torvalds Anubis cipher algorithm. 4451da177e4SLinus Torvalds 4461da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 4471da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 4481da177e4SLinus Torvalds in the NESSIE competition. 4491da177e4SLinus Torvalds 4501da177e4SLinus Torvalds See also: 4511da177e4SLinus Torvalds <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/> 4521da177e4SLinus Torvalds <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html> 4531da177e4SLinus Torvalds 454584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 455584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 456e2ee95b8SHye-Shik Chang select CRYPTO_ALGAPI 457e2ee95b8SHye-Shik Chang help 458584fffc8SSebastian Siewior ARC4 cipher algorithm. 459e2ee95b8SHye-Shik Chang 460584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 461584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 462584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 463584fffc8SSebastian Siewior weakness of the algorithm. 464584fffc8SSebastian Siewior 465584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 466584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 467584fffc8SSebastian Siewior select CRYPTO_ALGAPI 468584fffc8SSebastian Siewior help 469584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 470584fffc8SSebastian Siewior 471584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 472584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 473584fffc8SSebastian Siewior designed for use on "large microprocessors". 474e2ee95b8SHye-Shik Chang 475e2ee95b8SHye-Shik Chang See also: 476584fffc8SSebastian Siewior <http://www.schneier.com/blowfish.html> 477584fffc8SSebastian Siewior 478584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 479584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 480584fffc8SSebastian Siewior depends on CRYPTO 481584fffc8SSebastian Siewior select CRYPTO_ALGAPI 482584fffc8SSebastian Siewior help 483584fffc8SSebastian Siewior Camellia cipher algorithms module. 484584fffc8SSebastian Siewior 485584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 486584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 487584fffc8SSebastian Siewior 488584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 489584fffc8SSebastian Siewior 490584fffc8SSebastian Siewior See also: 491584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 492584fffc8SSebastian Siewior 493584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 494584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 495584fffc8SSebastian Siewior select CRYPTO_ALGAPI 496584fffc8SSebastian Siewior help 497584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 498584fffc8SSebastian Siewior described in RFC2144. 499584fffc8SSebastian Siewior 500584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 501584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 502584fffc8SSebastian Siewior select CRYPTO_ALGAPI 503584fffc8SSebastian Siewior help 504584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 505584fffc8SSebastian Siewior described in RFC2612. 506584fffc8SSebastian Siewior 507584fffc8SSebastian Siewiorconfig CRYPTO_DES 508584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 509584fffc8SSebastian Siewior select CRYPTO_ALGAPI 510584fffc8SSebastian Siewior help 511584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 512584fffc8SSebastian Siewior 513584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 514584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 515584fffc8SSebastian Siewior select CRYPTO_ALGAPI 516584fffc8SSebastian Siewior select CRYPTO_BLKCIPHER 517584fffc8SSebastian Siewior help 518584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 519584fffc8SSebastian Siewior 520584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 521584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 522584fffc8SSebastian Siewior select CRYPTO_ALGAPI 523584fffc8SSebastian Siewior help 524584fffc8SSebastian Siewior Khazad cipher algorithm. 525584fffc8SSebastian Siewior 526584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 527584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 528584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 529584fffc8SSebastian Siewior 530584fffc8SSebastian Siewior See also: 531584fffc8SSebastian Siewior <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html> 532e2ee95b8SHye-Shik Chang 5332407d608STan Swee Hengconfig CRYPTO_SALSA20 5342407d608STan Swee Heng tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 5352407d608STan Swee Heng depends on EXPERIMENTAL 5362407d608STan Swee Heng select CRYPTO_BLKCIPHER 5372407d608STan Swee Heng help 5382407d608STan Swee Heng Salsa20 stream cipher algorithm. 5392407d608STan Swee Heng 5402407d608STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 5412407d608STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 5422407d608STan Swee Heng 5432407d608STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 5442407d608STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 5451da177e4SLinus Torvalds 546974e4b75STan Swee Hengconfig CRYPTO_SALSA20_586 547974e4b75STan Swee Heng tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 548974e4b75STan Swee Heng depends on (X86 || UML_X86) && !64BIT 549974e4b75STan Swee Heng depends on EXPERIMENTAL 550974e4b75STan Swee Heng select CRYPTO_BLKCIPHER 551974e4b75STan Swee Heng help 552974e4b75STan Swee Heng Salsa20 stream cipher algorithm. 553974e4b75STan Swee Heng 554974e4b75STan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 555974e4b75STan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 556974e4b75STan Swee Heng 557974e4b75STan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 558974e4b75STan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 559974e4b75STan Swee Heng 5609a7dafbbSTan Swee Hengconfig CRYPTO_SALSA20_X86_64 5619a7dafbbSTan Swee Heng tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 5629a7dafbbSTan Swee Heng depends on (X86 || UML_X86) && 64BIT 5639a7dafbbSTan Swee Heng depends on EXPERIMENTAL 5649a7dafbbSTan Swee Heng select CRYPTO_BLKCIPHER 5659a7dafbbSTan Swee Heng help 5669a7dafbbSTan Swee Heng Salsa20 stream cipher algorithm. 5679a7dafbbSTan Swee Heng 5689a7dafbbSTan Swee Heng Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 5699a7dafbbSTan Swee Heng Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 5709a7dafbbSTan Swee Heng 5719a7dafbbSTan Swee Heng The Salsa20 stream cipher algorithm is designed by Daniel J. 5729a7dafbbSTan Swee Heng Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 5739a7dafbbSTan Swee Heng 574584fffc8SSebastian Siewiorconfig CRYPTO_SEED 575584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 576584fffc8SSebastian Siewior select CRYPTO_ALGAPI 577584fffc8SSebastian Siewior help 578584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 579584fffc8SSebastian Siewior 580584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 581584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 582584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 583584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 584584fffc8SSebastian Siewior 585584fffc8SSebastian Siewior See also: 586584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 587584fffc8SSebastian Siewior 588584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 589584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 590584fffc8SSebastian Siewior select CRYPTO_ALGAPI 591584fffc8SSebastian Siewior help 592584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 593584fffc8SSebastian Siewior 594584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 595584fffc8SSebastian Siewior of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 596584fffc8SSebastian Siewior variant of Serpent for compatibility with old kerneli.org code. 597584fffc8SSebastian Siewior 598584fffc8SSebastian Siewior See also: 599584fffc8SSebastian Siewior <http://www.cl.cam.ac.uk/~rja14/serpent.html> 600584fffc8SSebastian Siewior 601584fffc8SSebastian Siewiorconfig CRYPTO_TEA 602584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 603584fffc8SSebastian Siewior select CRYPTO_ALGAPI 604584fffc8SSebastian Siewior help 605584fffc8SSebastian Siewior TEA cipher algorithm. 606584fffc8SSebastian Siewior 607584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 608584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 609584fffc8SSebastian Siewior little memory. 610584fffc8SSebastian Siewior 611584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 612584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 613584fffc8SSebastian Siewior in the TEA algorithm. 614584fffc8SSebastian Siewior 615584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 616584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 617584fffc8SSebastian Siewior 618584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 619584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 620584fffc8SSebastian Siewior select CRYPTO_ALGAPI 621584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 622584fffc8SSebastian Siewior help 623584fffc8SSebastian Siewior Twofish cipher algorithm. 624584fffc8SSebastian Siewior 625584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 626584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 627584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 628584fffc8SSebastian Siewior bits. 629584fffc8SSebastian Siewior 630584fffc8SSebastian Siewior See also: 631584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 632584fffc8SSebastian Siewior 633584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 634584fffc8SSebastian Siewior tristate 635584fffc8SSebastian Siewior help 636584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 637584fffc8SSebastian Siewior generic c and the assembler implementations. 638584fffc8SSebastian Siewior 639584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 640584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 641584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 642584fffc8SSebastian Siewior select CRYPTO_ALGAPI 643584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 644584fffc8SSebastian Siewior help 645584fffc8SSebastian Siewior Twofish cipher algorithm. 646584fffc8SSebastian Siewior 647584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 648584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 649584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 650584fffc8SSebastian Siewior bits. 651584fffc8SSebastian Siewior 652584fffc8SSebastian Siewior See also: 653584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 654584fffc8SSebastian Siewior 655584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 656584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 657584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 658584fffc8SSebastian Siewior select CRYPTO_ALGAPI 659584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 660584fffc8SSebastian Siewior help 661584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 662584fffc8SSebastian Siewior 663584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 664584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 665584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 666584fffc8SSebastian Siewior bits. 667584fffc8SSebastian Siewior 668584fffc8SSebastian Siewior See also: 669584fffc8SSebastian Siewior <http://www.schneier.com/twofish.html> 670584fffc8SSebastian Siewior 671584fffc8SSebastian Siewiorcomment "Compression" 672584fffc8SSebastian Siewior 6731da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 6741da177e4SLinus Torvalds tristate "Deflate compression algorithm" 675cce9e06dSHerbert Xu select CRYPTO_ALGAPI 6761da177e4SLinus Torvalds select ZLIB_INFLATE 6771da177e4SLinus Torvalds select ZLIB_DEFLATE 6781da177e4SLinus Torvalds help 6791da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 6801da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 6811da177e4SLinus Torvalds 6821da177e4SLinus Torvalds You will most probably want this if using IPSec. 6831da177e4SLinus Torvalds 6840b77abb3SZoltan Sogorconfig CRYPTO_LZO 6850b77abb3SZoltan Sogor tristate "LZO compression algorithm" 6860b77abb3SZoltan Sogor select CRYPTO_ALGAPI 6870b77abb3SZoltan Sogor select LZO_COMPRESS 6880b77abb3SZoltan Sogor select LZO_DECOMPRESS 6890b77abb3SZoltan Sogor help 6900b77abb3SZoltan Sogor This is the LZO algorithm. 6910b77abb3SZoltan Sogor 6921da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 6931da177e4SLinus Torvalds 694cce9e06dSHerbert Xuendif # if CRYPTO 695