1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS 27 help 28 This options enables the fips boot option which is 29 required if you want to system to operate in a FIPS 200 30 certification. You should say no unless you know what 31 this is. 32 33config CRYPTO_ALGAPI 34 tristate 35 select CRYPTO_ALGAPI2 36 help 37 This option provides the API for cryptographic algorithms. 38 39config CRYPTO_ALGAPI2 40 tristate 41 42config CRYPTO_AEAD 43 tristate 44 select CRYPTO_AEAD2 45 select CRYPTO_ALGAPI 46 47config CRYPTO_AEAD2 48 tristate 49 select CRYPTO_ALGAPI2 50 51config CRYPTO_BLKCIPHER 52 tristate 53 select CRYPTO_BLKCIPHER2 54 select CRYPTO_ALGAPI 55 56config CRYPTO_BLKCIPHER2 57 tristate 58 select CRYPTO_ALGAPI2 59 select CRYPTO_RNG2 60 select CRYPTO_WORKQUEUE 61 62config CRYPTO_HASH 63 tristate 64 select CRYPTO_HASH2 65 select CRYPTO_ALGAPI 66 67config CRYPTO_HASH2 68 tristate 69 select CRYPTO_ALGAPI2 70 71config CRYPTO_RNG 72 tristate 73 select CRYPTO_RNG2 74 select CRYPTO_ALGAPI 75 76config CRYPTO_RNG2 77 tristate 78 select CRYPTO_ALGAPI2 79 80config CRYPTO_PCOMP 81 tristate 82 select CRYPTO_PCOMP2 83 select CRYPTO_ALGAPI 84 85config CRYPTO_PCOMP2 86 tristate 87 select CRYPTO_ALGAPI2 88 89config CRYPTO_MANAGER 90 tristate "Cryptographic algorithm manager" 91 select CRYPTO_MANAGER2 92 help 93 Create default cryptographic template instantiations such as 94 cbc(aes). 95 96config CRYPTO_MANAGER2 97 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 98 select CRYPTO_AEAD2 99 select CRYPTO_HASH2 100 select CRYPTO_BLKCIPHER2 101 select CRYPTO_PCOMP2 102 103config CRYPTO_USER 104 tristate "Userspace cryptographic algorithm configuration" 105 depends on NET 106 select CRYPTO_MANAGER 107 help 108 Userspace configuration for cryptographic instantiations such as 109 cbc(aes). 110 111config CRYPTO_MANAGER_DISABLE_TESTS 112 bool "Disable run-time self tests" 113 default y 114 depends on CRYPTO_MANAGER2 115 help 116 Disable run-time self tests that normally take place at 117 algorithm registration. 118 119config CRYPTO_GF128MUL 120 tristate "GF(2^128) multiplication functions" 121 help 122 Efficient table driven implementation of multiplications in the 123 field GF(2^128). This is needed by some cypher modes. This 124 option will be selected automatically if you select such a 125 cipher mode. Only select this option by hand if you expect to load 126 an external module that requires these functions. 127 128config CRYPTO_NULL 129 tristate "Null algorithms" 130 select CRYPTO_ALGAPI 131 select CRYPTO_BLKCIPHER 132 select CRYPTO_HASH 133 help 134 These are 'Null' algorithms, used by IPsec, which do nothing. 135 136config CRYPTO_PCRYPT 137 tristate "Parallel crypto engine (EXPERIMENTAL)" 138 depends on SMP && EXPERIMENTAL 139 select PADATA 140 select CRYPTO_MANAGER 141 select CRYPTO_AEAD 142 help 143 This converts an arbitrary crypto algorithm into a parallel 144 algorithm that executes in kernel threads. 145 146config CRYPTO_WORKQUEUE 147 tristate 148 149config CRYPTO_CRYPTD 150 tristate "Software async crypto daemon" 151 select CRYPTO_BLKCIPHER 152 select CRYPTO_HASH 153 select CRYPTO_MANAGER 154 select CRYPTO_WORKQUEUE 155 help 156 This is a generic software asynchronous crypto daemon that 157 converts an arbitrary synchronous software crypto algorithm 158 into an asynchronous algorithm that executes in a kernel thread. 159 160config CRYPTO_AUTHENC 161 tristate "Authenc support" 162 select CRYPTO_AEAD 163 select CRYPTO_BLKCIPHER 164 select CRYPTO_MANAGER 165 select CRYPTO_HASH 166 help 167 Authenc: Combined mode wrapper for IPsec. 168 This is required for IPSec. 169 170config CRYPTO_TEST 171 tristate "Testing module" 172 depends on m 173 select CRYPTO_MANAGER 174 help 175 Quick & dirty crypto test module. 176 177config CRYPTO_ABLK_HELPER_X86 178 tristate 179 depends on X86 180 select CRYPTO_CRYPTD 181 182config CRYPTO_GLUE_HELPER_X86 183 tristate 184 depends on X86 185 select CRYPTO_ALGAPI 186 187comment "Authenticated Encryption with Associated Data" 188 189config CRYPTO_CCM 190 tristate "CCM support" 191 select CRYPTO_CTR 192 select CRYPTO_AEAD 193 help 194 Support for Counter with CBC MAC. Required for IPsec. 195 196config CRYPTO_GCM 197 tristate "GCM/GMAC support" 198 select CRYPTO_CTR 199 select CRYPTO_AEAD 200 select CRYPTO_GHASH 201 help 202 Support for Galois/Counter Mode (GCM) and Galois Message 203 Authentication Code (GMAC). Required for IPSec. 204 205config CRYPTO_SEQIV 206 tristate "Sequence Number IV Generator" 207 select CRYPTO_AEAD 208 select CRYPTO_BLKCIPHER 209 select CRYPTO_RNG 210 help 211 This IV generator generates an IV based on a sequence number by 212 xoring it with a salt. This algorithm is mainly useful for CTR 213 214comment "Block modes" 215 216config CRYPTO_CBC 217 tristate "CBC support" 218 select CRYPTO_BLKCIPHER 219 select CRYPTO_MANAGER 220 help 221 CBC: Cipher Block Chaining mode 222 This block cipher algorithm is required for IPSec. 223 224config CRYPTO_CTR 225 tristate "CTR support" 226 select CRYPTO_BLKCIPHER 227 select CRYPTO_SEQIV 228 select CRYPTO_MANAGER 229 help 230 CTR: Counter mode 231 This block cipher algorithm is required for IPSec. 232 233config CRYPTO_CTS 234 tristate "CTS support" 235 select CRYPTO_BLKCIPHER 236 help 237 CTS: Cipher Text Stealing 238 This is the Cipher Text Stealing mode as described by 239 Section 8 of rfc2040 and referenced by rfc3962. 240 (rfc3962 includes errata information in its Appendix A) 241 This mode is required for Kerberos gss mechanism support 242 for AES encryption. 243 244config CRYPTO_ECB 245 tristate "ECB support" 246 select CRYPTO_BLKCIPHER 247 select CRYPTO_MANAGER 248 help 249 ECB: Electronic CodeBook mode 250 This is the simplest block cipher algorithm. It simply encrypts 251 the input block by block. 252 253config CRYPTO_LRW 254 tristate "LRW support" 255 select CRYPTO_BLKCIPHER 256 select CRYPTO_MANAGER 257 select CRYPTO_GF128MUL 258 help 259 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 260 narrow block cipher mode for dm-crypt. Use it with cipher 261 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 262 The first 128, 192 or 256 bits in the key are used for AES and the 263 rest is used to tie each cipher block to its logical position. 264 265config CRYPTO_PCBC 266 tristate "PCBC support" 267 select CRYPTO_BLKCIPHER 268 select CRYPTO_MANAGER 269 help 270 PCBC: Propagating Cipher Block Chaining mode 271 This block cipher algorithm is required for RxRPC. 272 273config CRYPTO_XTS 274 tristate "XTS support" 275 select CRYPTO_BLKCIPHER 276 select CRYPTO_MANAGER 277 select CRYPTO_GF128MUL 278 help 279 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 280 key size 256, 384 or 512 bits. This implementation currently 281 can't handle a sectorsize which is not a multiple of 16 bytes. 282 283comment "Hash modes" 284 285config CRYPTO_HMAC 286 tristate "HMAC support" 287 select CRYPTO_HASH 288 select CRYPTO_MANAGER 289 help 290 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 291 This is required for IPSec. 292 293config CRYPTO_XCBC 294 tristate "XCBC support" 295 depends on EXPERIMENTAL 296 select CRYPTO_HASH 297 select CRYPTO_MANAGER 298 help 299 XCBC: Keyed-Hashing with encryption algorithm 300 http://www.ietf.org/rfc/rfc3566.txt 301 http://csrc.nist.gov/encryption/modes/proposedmodes/ 302 xcbc-mac/xcbc-mac-spec.pdf 303 304config CRYPTO_VMAC 305 tristate "VMAC support" 306 depends on EXPERIMENTAL 307 select CRYPTO_HASH 308 select CRYPTO_MANAGER 309 help 310 VMAC is a message authentication algorithm designed for 311 very high speed on 64-bit architectures. 312 313 See also: 314 <http://fastcrypto.org/vmac> 315 316comment "Digest" 317 318config CRYPTO_CRC32C 319 tristate "CRC32c CRC algorithm" 320 select CRYPTO_HASH 321 select CRC32 322 help 323 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 324 by iSCSI for header and data digests and by others. 325 See Castagnoli93. Module will be crc32c. 326 327config CRYPTO_CRC32C_INTEL 328 tristate "CRC32c INTEL hardware acceleration" 329 depends on X86 330 select CRYPTO_HASH 331 help 332 In Intel processor with SSE4.2 supported, the processor will 333 support CRC32C implementation using hardware accelerated CRC32 334 instruction. This option will create 'crc32c-intel' module, 335 which will enable any routine to use the CRC32 instruction to 336 gain performance compared with software implementation. 337 Module will be crc32c-intel. 338 339config CRYPTO_CRC32C_SPARC64 340 tristate "CRC32c CRC algorithm (SPARC64)" 341 depends on SPARC64 342 select CRYPTO_HASH 343 select CRC32 344 help 345 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 346 when available. 347 348config CRYPTO_GHASH 349 tristate "GHASH digest algorithm" 350 select CRYPTO_GF128MUL 351 help 352 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 353 354config CRYPTO_MD4 355 tristate "MD4 digest algorithm" 356 select CRYPTO_HASH 357 help 358 MD4 message digest algorithm (RFC1320). 359 360config CRYPTO_MD5 361 tristate "MD5 digest algorithm" 362 select CRYPTO_HASH 363 help 364 MD5 message digest algorithm (RFC1321). 365 366config CRYPTO_MD5_SPARC64 367 tristate "MD5 digest algorithm (SPARC64)" 368 depends on SPARC64 369 select CRYPTO_MD5 370 select CRYPTO_HASH 371 help 372 MD5 message digest algorithm (RFC1321) implemented 373 using sparc64 crypto instructions, when available. 374 375config CRYPTO_MICHAEL_MIC 376 tristate "Michael MIC keyed digest algorithm" 377 select CRYPTO_HASH 378 help 379 Michael MIC is used for message integrity protection in TKIP 380 (IEEE 802.11i). This algorithm is required for TKIP, but it 381 should not be used for other purposes because of the weakness 382 of the algorithm. 383 384config CRYPTO_RMD128 385 tristate "RIPEMD-128 digest algorithm" 386 select CRYPTO_HASH 387 help 388 RIPEMD-128 (ISO/IEC 10118-3:2004). 389 390 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 391 be used as a secure replacement for RIPEMD. For other use cases, 392 RIPEMD-160 should be used. 393 394 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 395 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 396 397config CRYPTO_RMD160 398 tristate "RIPEMD-160 digest algorithm" 399 select CRYPTO_HASH 400 help 401 RIPEMD-160 (ISO/IEC 10118-3:2004). 402 403 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 404 to be used as a secure replacement for the 128-bit hash functions 405 MD4, MD5 and it's predecessor RIPEMD 406 (not to be confused with RIPEMD-128). 407 408 It's speed is comparable to SHA1 and there are no known attacks 409 against RIPEMD-160. 410 411 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 412 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 413 414config CRYPTO_RMD256 415 tristate "RIPEMD-256 digest algorithm" 416 select CRYPTO_HASH 417 help 418 RIPEMD-256 is an optional extension of RIPEMD-128 with a 419 256 bit hash. It is intended for applications that require 420 longer hash-results, without needing a larger security level 421 (than RIPEMD-128). 422 423 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 424 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 425 426config CRYPTO_RMD320 427 tristate "RIPEMD-320 digest algorithm" 428 select CRYPTO_HASH 429 help 430 RIPEMD-320 is an optional extension of RIPEMD-160 with a 431 320 bit hash. It is intended for applications that require 432 longer hash-results, without needing a larger security level 433 (than RIPEMD-160). 434 435 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 436 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 437 438config CRYPTO_SHA1 439 tristate "SHA1 digest algorithm" 440 select CRYPTO_HASH 441 help 442 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 443 444config CRYPTO_SHA1_SSSE3 445 tristate "SHA1 digest algorithm (SSSE3/AVX)" 446 depends on X86 && 64BIT 447 select CRYPTO_SHA1 448 select CRYPTO_HASH 449 help 450 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 451 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 452 Extensions (AVX), when available. 453 454config CRYPTO_SHA1_SPARC64 455 tristate "SHA1 digest algorithm (SPARC64)" 456 depends on SPARC64 457 select CRYPTO_SHA1 458 select CRYPTO_HASH 459 help 460 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 461 using sparc64 crypto instructions, when available. 462 463config CRYPTO_SHA256 464 tristate "SHA224 and SHA256 digest algorithm" 465 select CRYPTO_HASH 466 help 467 SHA256 secure hash standard (DFIPS 180-2). 468 469 This version of SHA implements a 256 bit hash with 128 bits of 470 security against collision attacks. 471 472 This code also includes SHA-224, a 224 bit hash with 112 bits 473 of security against collision attacks. 474 475config CRYPTO_SHA256_SPARC64 476 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 477 depends on SPARC64 478 select CRYPTO_SHA256 479 select CRYPTO_HASH 480 help 481 SHA-256 secure hash standard (DFIPS 180-2) implemented 482 using sparc64 crypto instructions, when available. 483 484config CRYPTO_SHA512 485 tristate "SHA384 and SHA512 digest algorithms" 486 select CRYPTO_HASH 487 help 488 SHA512 secure hash standard (DFIPS 180-2). 489 490 This version of SHA implements a 512 bit hash with 256 bits of 491 security against collision attacks. 492 493 This code also includes SHA-384, a 384 bit hash with 192 bits 494 of security against collision attacks. 495 496config CRYPTO_SHA512_SPARC64 497 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 498 depends on SPARC64 499 select CRYPTO_SHA512 500 select CRYPTO_HASH 501 help 502 SHA-512 secure hash standard (DFIPS 180-2) implemented 503 using sparc64 crypto instructions, when available. 504 505config CRYPTO_TGR192 506 tristate "Tiger digest algorithms" 507 select CRYPTO_HASH 508 help 509 Tiger hash algorithm 192, 160 and 128-bit hashes 510 511 Tiger is a hash function optimized for 64-bit processors while 512 still having decent performance on 32-bit processors. 513 Tiger was developed by Ross Anderson and Eli Biham. 514 515 See also: 516 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 517 518config CRYPTO_WP512 519 tristate "Whirlpool digest algorithms" 520 select CRYPTO_HASH 521 help 522 Whirlpool hash algorithm 512, 384 and 256-bit hashes 523 524 Whirlpool-512 is part of the NESSIE cryptographic primitives. 525 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 526 527 See also: 528 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 529 530config CRYPTO_GHASH_CLMUL_NI_INTEL 531 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 532 depends on X86 && 64BIT 533 select CRYPTO_CRYPTD 534 help 535 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 536 The implementation is accelerated by CLMUL-NI of Intel. 537 538comment "Ciphers" 539 540config CRYPTO_AES 541 tristate "AES cipher algorithms" 542 select CRYPTO_ALGAPI 543 help 544 AES cipher algorithms (FIPS-197). AES uses the Rijndael 545 algorithm. 546 547 Rijndael appears to be consistently a very good performer in 548 both hardware and software across a wide range of computing 549 environments regardless of its use in feedback or non-feedback 550 modes. Its key setup time is excellent, and its key agility is 551 good. Rijndael's very low memory requirements make it very well 552 suited for restricted-space environments, in which it also 553 demonstrates excellent performance. Rijndael's operations are 554 among the easiest to defend against power and timing attacks. 555 556 The AES specifies three key sizes: 128, 192 and 256 bits 557 558 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 559 560config CRYPTO_AES_586 561 tristate "AES cipher algorithms (i586)" 562 depends on (X86 || UML_X86) && !64BIT 563 select CRYPTO_ALGAPI 564 select CRYPTO_AES 565 help 566 AES cipher algorithms (FIPS-197). AES uses the Rijndael 567 algorithm. 568 569 Rijndael appears to be consistently a very good performer in 570 both hardware and software across a wide range of computing 571 environments regardless of its use in feedback or non-feedback 572 modes. Its key setup time is excellent, and its key agility is 573 good. Rijndael's very low memory requirements make it very well 574 suited for restricted-space environments, in which it also 575 demonstrates excellent performance. Rijndael's operations are 576 among the easiest to defend against power and timing attacks. 577 578 The AES specifies three key sizes: 128, 192 and 256 bits 579 580 See <http://csrc.nist.gov/encryption/aes/> for more information. 581 582config CRYPTO_AES_X86_64 583 tristate "AES cipher algorithms (x86_64)" 584 depends on (X86 || UML_X86) && 64BIT 585 select CRYPTO_ALGAPI 586 select CRYPTO_AES 587 help 588 AES cipher algorithms (FIPS-197). AES uses the Rijndael 589 algorithm. 590 591 Rijndael appears to be consistently a very good performer in 592 both hardware and software across a wide range of computing 593 environments regardless of its use in feedback or non-feedback 594 modes. Its key setup time is excellent, and its key agility is 595 good. Rijndael's very low memory requirements make it very well 596 suited for restricted-space environments, in which it also 597 demonstrates excellent performance. Rijndael's operations are 598 among the easiest to defend against power and timing attacks. 599 600 The AES specifies three key sizes: 128, 192 and 256 bits 601 602 See <http://csrc.nist.gov/encryption/aes/> for more information. 603 604config CRYPTO_AES_NI_INTEL 605 tristate "AES cipher algorithms (AES-NI)" 606 depends on X86 607 select CRYPTO_AES_X86_64 if 64BIT 608 select CRYPTO_AES_586 if !64BIT 609 select CRYPTO_CRYPTD 610 select CRYPTO_ABLK_HELPER_X86 611 select CRYPTO_ALGAPI 612 help 613 Use Intel AES-NI instructions for AES algorithm. 614 615 AES cipher algorithms (FIPS-197). AES uses the Rijndael 616 algorithm. 617 618 Rijndael appears to be consistently a very good performer in 619 both hardware and software across a wide range of computing 620 environments regardless of its use in feedback or non-feedback 621 modes. Its key setup time is excellent, and its key agility is 622 good. Rijndael's very low memory requirements make it very well 623 suited for restricted-space environments, in which it also 624 demonstrates excellent performance. Rijndael's operations are 625 among the easiest to defend against power and timing attacks. 626 627 The AES specifies three key sizes: 128, 192 and 256 bits 628 629 See <http://csrc.nist.gov/encryption/aes/> for more information. 630 631 In addition to AES cipher algorithm support, the acceleration 632 for some popular block cipher mode is supported too, including 633 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 634 acceleration for CTR. 635 636config CRYPTO_AES_SPARC64 637 tristate "AES cipher algorithms (SPARC64)" 638 depends on SPARC64 639 select CRYPTO_CRYPTD 640 select CRYPTO_ALGAPI 641 help 642 Use SPARC64 crypto opcodes for AES algorithm. 643 644 AES cipher algorithms (FIPS-197). AES uses the Rijndael 645 algorithm. 646 647 Rijndael appears to be consistently a very good performer in 648 both hardware and software across a wide range of computing 649 environments regardless of its use in feedback or non-feedback 650 modes. Its key setup time is excellent, and its key agility is 651 good. Rijndael's very low memory requirements make it very well 652 suited for restricted-space environments, in which it also 653 demonstrates excellent performance. Rijndael's operations are 654 among the easiest to defend against power and timing attacks. 655 656 The AES specifies three key sizes: 128, 192 and 256 bits 657 658 See <http://csrc.nist.gov/encryption/aes/> for more information. 659 660 In addition to AES cipher algorithm support, the acceleration 661 for some popular block cipher mode is supported too, including 662 ECB and CBC. 663 664config CRYPTO_ANUBIS 665 tristate "Anubis cipher algorithm" 666 select CRYPTO_ALGAPI 667 help 668 Anubis cipher algorithm. 669 670 Anubis is a variable key length cipher which can use keys from 671 128 bits to 320 bits in length. It was evaluated as a entrant 672 in the NESSIE competition. 673 674 See also: 675 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 676 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 677 678config CRYPTO_ARC4 679 tristate "ARC4 cipher algorithm" 680 select CRYPTO_BLKCIPHER 681 help 682 ARC4 cipher algorithm. 683 684 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 685 bits in length. This algorithm is required for driver-based 686 WEP, but it should not be for other purposes because of the 687 weakness of the algorithm. 688 689config CRYPTO_BLOWFISH 690 tristate "Blowfish cipher algorithm" 691 select CRYPTO_ALGAPI 692 select CRYPTO_BLOWFISH_COMMON 693 help 694 Blowfish cipher algorithm, by Bruce Schneier. 695 696 This is a variable key length cipher which can use keys from 32 697 bits to 448 bits in length. It's fast, simple and specifically 698 designed for use on "large microprocessors". 699 700 See also: 701 <http://www.schneier.com/blowfish.html> 702 703config CRYPTO_BLOWFISH_COMMON 704 tristate 705 help 706 Common parts of the Blowfish cipher algorithm shared by the 707 generic c and the assembler implementations. 708 709 See also: 710 <http://www.schneier.com/blowfish.html> 711 712config CRYPTO_BLOWFISH_X86_64 713 tristate "Blowfish cipher algorithm (x86_64)" 714 depends on X86 && 64BIT 715 select CRYPTO_ALGAPI 716 select CRYPTO_BLOWFISH_COMMON 717 help 718 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 719 720 This is a variable key length cipher which can use keys from 32 721 bits to 448 bits in length. It's fast, simple and specifically 722 designed for use on "large microprocessors". 723 724 See also: 725 <http://www.schneier.com/blowfish.html> 726 727config CRYPTO_CAMELLIA 728 tristate "Camellia cipher algorithms" 729 depends on CRYPTO 730 select CRYPTO_ALGAPI 731 help 732 Camellia cipher algorithms module. 733 734 Camellia is a symmetric key block cipher developed jointly 735 at NTT and Mitsubishi Electric Corporation. 736 737 The Camellia specifies three key sizes: 128, 192 and 256 bits. 738 739 See also: 740 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 741 742config CRYPTO_CAMELLIA_X86_64 743 tristate "Camellia cipher algorithm (x86_64)" 744 depends on X86 && 64BIT 745 depends on CRYPTO 746 select CRYPTO_ALGAPI 747 select CRYPTO_GLUE_HELPER_X86 748 select CRYPTO_LRW 749 select CRYPTO_XTS 750 help 751 Camellia cipher algorithm module (x86_64). 752 753 Camellia is a symmetric key block cipher developed jointly 754 at NTT and Mitsubishi Electric Corporation. 755 756 The Camellia specifies three key sizes: 128, 192 and 256 bits. 757 758 See also: 759 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 760 761config CRYPTO_CAMELLIA_SPARC64 762 tristate "Camellia cipher algorithm (SPARC64)" 763 depends on SPARC64 764 depends on CRYPTO 765 select CRYPTO_ALGAPI 766 help 767 Camellia cipher algorithm module (SPARC64). 768 769 Camellia is a symmetric key block cipher developed jointly 770 at NTT and Mitsubishi Electric Corporation. 771 772 The Camellia specifies three key sizes: 128, 192 and 256 bits. 773 774 See also: 775 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 776 777config CRYPTO_CAST5 778 tristate "CAST5 (CAST-128) cipher algorithm" 779 select CRYPTO_ALGAPI 780 help 781 The CAST5 encryption algorithm (synonymous with CAST-128) is 782 described in RFC2144. 783 784config CRYPTO_CAST6 785 tristate "CAST6 (CAST-256) cipher algorithm" 786 select CRYPTO_ALGAPI 787 help 788 The CAST6 encryption algorithm (synonymous with CAST-256) is 789 described in RFC2612. 790 791config CRYPTO_DES 792 tristate "DES and Triple DES EDE cipher algorithms" 793 select CRYPTO_ALGAPI 794 help 795 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 796 797config CRYPTO_DES_SPARC64 798 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 799 select CRYPTO_ALGAPI 800 select CRYPTO_DES 801 help 802 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 803 optimized using SPARC64 crypto opcodes. 804 805config CRYPTO_FCRYPT 806 tristate "FCrypt cipher algorithm" 807 select CRYPTO_ALGAPI 808 select CRYPTO_BLKCIPHER 809 help 810 FCrypt algorithm used by RxRPC. 811 812config CRYPTO_KHAZAD 813 tristate "Khazad cipher algorithm" 814 select CRYPTO_ALGAPI 815 help 816 Khazad cipher algorithm. 817 818 Khazad was a finalist in the initial NESSIE competition. It is 819 an algorithm optimized for 64-bit processors with good performance 820 on 32-bit processors. Khazad uses an 128 bit key size. 821 822 See also: 823 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 824 825config CRYPTO_SALSA20 826 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 827 depends on EXPERIMENTAL 828 select CRYPTO_BLKCIPHER 829 help 830 Salsa20 stream cipher algorithm. 831 832 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 833 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 834 835 The Salsa20 stream cipher algorithm is designed by Daniel J. 836 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 837 838config CRYPTO_SALSA20_586 839 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 840 depends on (X86 || UML_X86) && !64BIT 841 depends on EXPERIMENTAL 842 select CRYPTO_BLKCIPHER 843 help 844 Salsa20 stream cipher algorithm. 845 846 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 847 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 848 849 The Salsa20 stream cipher algorithm is designed by Daniel J. 850 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 851 852config CRYPTO_SALSA20_X86_64 853 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 854 depends on (X86 || UML_X86) && 64BIT 855 depends on EXPERIMENTAL 856 select CRYPTO_BLKCIPHER 857 help 858 Salsa20 stream cipher algorithm. 859 860 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 861 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 862 863 The Salsa20 stream cipher algorithm is designed by Daniel J. 864 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 865 866config CRYPTO_SEED 867 tristate "SEED cipher algorithm" 868 select CRYPTO_ALGAPI 869 help 870 SEED cipher algorithm (RFC4269). 871 872 SEED is a 128-bit symmetric key block cipher that has been 873 developed by KISA (Korea Information Security Agency) as a 874 national standard encryption algorithm of the Republic of Korea. 875 It is a 16 round block cipher with the key size of 128 bit. 876 877 See also: 878 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 879 880config CRYPTO_SERPENT 881 tristate "Serpent cipher algorithm" 882 select CRYPTO_ALGAPI 883 help 884 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 885 886 Keys are allowed to be from 0 to 256 bits in length, in steps 887 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 888 variant of Serpent for compatibility with old kerneli.org code. 889 890 See also: 891 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 892 893config CRYPTO_SERPENT_SSE2_X86_64 894 tristate "Serpent cipher algorithm (x86_64/SSE2)" 895 depends on X86 && 64BIT 896 select CRYPTO_ALGAPI 897 select CRYPTO_CRYPTD 898 select CRYPTO_ABLK_HELPER_X86 899 select CRYPTO_GLUE_HELPER_X86 900 select CRYPTO_SERPENT 901 select CRYPTO_LRW 902 select CRYPTO_XTS 903 help 904 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 905 906 Keys are allowed to be from 0 to 256 bits in length, in steps 907 of 8 bits. 908 909 This module provides Serpent cipher algorithm that processes eigth 910 blocks parallel using SSE2 instruction set. 911 912 See also: 913 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 914 915config CRYPTO_SERPENT_SSE2_586 916 tristate "Serpent cipher algorithm (i586/SSE2)" 917 depends on X86 && !64BIT 918 select CRYPTO_ALGAPI 919 select CRYPTO_CRYPTD 920 select CRYPTO_ABLK_HELPER_X86 921 select CRYPTO_GLUE_HELPER_X86 922 select CRYPTO_SERPENT 923 select CRYPTO_LRW 924 select CRYPTO_XTS 925 help 926 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 927 928 Keys are allowed to be from 0 to 256 bits in length, in steps 929 of 8 bits. 930 931 This module provides Serpent cipher algorithm that processes four 932 blocks parallel using SSE2 instruction set. 933 934 See also: 935 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 936 937config CRYPTO_SERPENT_AVX_X86_64 938 tristate "Serpent cipher algorithm (x86_64/AVX)" 939 depends on X86 && 64BIT 940 select CRYPTO_ALGAPI 941 select CRYPTO_CRYPTD 942 select CRYPTO_ABLK_HELPER_X86 943 select CRYPTO_GLUE_HELPER_X86 944 select CRYPTO_SERPENT 945 select CRYPTO_LRW 946 select CRYPTO_XTS 947 help 948 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 949 950 Keys are allowed to be from 0 to 256 bits in length, in steps 951 of 8 bits. 952 953 This module provides the Serpent cipher algorithm that processes 954 eight blocks parallel using the AVX instruction set. 955 956 See also: 957 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 958 959config CRYPTO_TEA 960 tristate "TEA, XTEA and XETA cipher algorithms" 961 select CRYPTO_ALGAPI 962 help 963 TEA cipher algorithm. 964 965 Tiny Encryption Algorithm is a simple cipher that uses 966 many rounds for security. It is very fast and uses 967 little memory. 968 969 Xtendend Tiny Encryption Algorithm is a modification to 970 the TEA algorithm to address a potential key weakness 971 in the TEA algorithm. 972 973 Xtendend Encryption Tiny Algorithm is a mis-implementation 974 of the XTEA algorithm for compatibility purposes. 975 976config CRYPTO_TWOFISH 977 tristate "Twofish cipher algorithm" 978 select CRYPTO_ALGAPI 979 select CRYPTO_TWOFISH_COMMON 980 help 981 Twofish cipher algorithm. 982 983 Twofish was submitted as an AES (Advanced Encryption Standard) 984 candidate cipher by researchers at CounterPane Systems. It is a 985 16 round block cipher supporting key sizes of 128, 192, and 256 986 bits. 987 988 See also: 989 <http://www.schneier.com/twofish.html> 990 991config CRYPTO_TWOFISH_COMMON 992 tristate 993 help 994 Common parts of the Twofish cipher algorithm shared by the 995 generic c and the assembler implementations. 996 997config CRYPTO_TWOFISH_586 998 tristate "Twofish cipher algorithms (i586)" 999 depends on (X86 || UML_X86) && !64BIT 1000 select CRYPTO_ALGAPI 1001 select CRYPTO_TWOFISH_COMMON 1002 help 1003 Twofish cipher algorithm. 1004 1005 Twofish was submitted as an AES (Advanced Encryption Standard) 1006 candidate cipher by researchers at CounterPane Systems. It is a 1007 16 round block cipher supporting key sizes of 128, 192, and 256 1008 bits. 1009 1010 See also: 1011 <http://www.schneier.com/twofish.html> 1012 1013config CRYPTO_TWOFISH_X86_64 1014 tristate "Twofish cipher algorithm (x86_64)" 1015 depends on (X86 || UML_X86) && 64BIT 1016 select CRYPTO_ALGAPI 1017 select CRYPTO_TWOFISH_COMMON 1018 help 1019 Twofish cipher algorithm (x86_64). 1020 1021 Twofish was submitted as an AES (Advanced Encryption Standard) 1022 candidate cipher by researchers at CounterPane Systems. It is a 1023 16 round block cipher supporting key sizes of 128, 192, and 256 1024 bits. 1025 1026 See also: 1027 <http://www.schneier.com/twofish.html> 1028 1029config CRYPTO_TWOFISH_X86_64_3WAY 1030 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1031 depends on X86 && 64BIT 1032 select CRYPTO_ALGAPI 1033 select CRYPTO_TWOFISH_COMMON 1034 select CRYPTO_TWOFISH_X86_64 1035 select CRYPTO_GLUE_HELPER_X86 1036 select CRYPTO_LRW 1037 select CRYPTO_XTS 1038 help 1039 Twofish cipher algorithm (x86_64, 3-way parallel). 1040 1041 Twofish was submitted as an AES (Advanced Encryption Standard) 1042 candidate cipher by researchers at CounterPane Systems. It is a 1043 16 round block cipher supporting key sizes of 128, 192, and 256 1044 bits. 1045 1046 This module provides Twofish cipher algorithm that processes three 1047 blocks parallel, utilizing resources of out-of-order CPUs better. 1048 1049 See also: 1050 <http://www.schneier.com/twofish.html> 1051 1052config CRYPTO_TWOFISH_AVX_X86_64 1053 tristate "Twofish cipher algorithm (x86_64/AVX)" 1054 depends on X86 && 64BIT 1055 select CRYPTO_ALGAPI 1056 select CRYPTO_CRYPTD 1057 select CRYPTO_ABLK_HELPER_X86 1058 select CRYPTO_GLUE_HELPER_X86 1059 select CRYPTO_TWOFISH_COMMON 1060 select CRYPTO_TWOFISH_X86_64 1061 select CRYPTO_TWOFISH_X86_64_3WAY 1062 select CRYPTO_LRW 1063 select CRYPTO_XTS 1064 help 1065 Twofish cipher algorithm (x86_64/AVX). 1066 1067 Twofish was submitted as an AES (Advanced Encryption Standard) 1068 candidate cipher by researchers at CounterPane Systems. It is a 1069 16 round block cipher supporting key sizes of 128, 192, and 256 1070 bits. 1071 1072 This module provides the Twofish cipher algorithm that processes 1073 eight blocks parallel using the AVX Instruction Set. 1074 1075 See also: 1076 <http://www.schneier.com/twofish.html> 1077 1078comment "Compression" 1079 1080config CRYPTO_DEFLATE 1081 tristate "Deflate compression algorithm" 1082 select CRYPTO_ALGAPI 1083 select ZLIB_INFLATE 1084 select ZLIB_DEFLATE 1085 help 1086 This is the Deflate algorithm (RFC1951), specified for use in 1087 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1088 1089 You will most probably want this if using IPSec. 1090 1091config CRYPTO_ZLIB 1092 tristate "Zlib compression algorithm" 1093 select CRYPTO_PCOMP 1094 select ZLIB_INFLATE 1095 select ZLIB_DEFLATE 1096 select NLATTR 1097 help 1098 This is the zlib algorithm. 1099 1100config CRYPTO_LZO 1101 tristate "LZO compression algorithm" 1102 select CRYPTO_ALGAPI 1103 select LZO_COMPRESS 1104 select LZO_DECOMPRESS 1105 help 1106 This is the LZO algorithm. 1107 1108comment "Random Number Generation" 1109 1110config CRYPTO_ANSI_CPRNG 1111 tristate "Pseudo Random Number Generation for Cryptographic modules" 1112 default m 1113 select CRYPTO_AES 1114 select CRYPTO_RNG 1115 help 1116 This option enables the generic pseudo random number generator 1117 for cryptographic modules. Uses the Algorithm specified in 1118 ANSI X9.31 A.2.4. Note that this option must be enabled if 1119 CRYPTO_FIPS is selected 1120 1121config CRYPTO_USER_API 1122 tristate 1123 1124config CRYPTO_USER_API_HASH 1125 tristate "User-space interface for hash algorithms" 1126 depends on NET 1127 select CRYPTO_HASH 1128 select CRYPTO_USER_API 1129 help 1130 This option enables the user-spaces interface for hash 1131 algorithms. 1132 1133config CRYPTO_USER_API_SKCIPHER 1134 tristate "User-space interface for symmetric key cipher algorithms" 1135 depends on NET 1136 select CRYPTO_BLKCIPHER 1137 select CRYPTO_USER_API 1138 help 1139 This option enables the user-spaces interface for symmetric 1140 key cipher algorithms. 1141 1142source "drivers/crypto/Kconfig" 1143 1144endif # if CRYPTO 1145