1# 2# Generic algorithms support 3# 4config XOR_BLOCKS 5 tristate 6 7# 8# async_tx api: hardware offloaded memory transfer/transform support 9# 10source "crypto/async_tx/Kconfig" 11 12# 13# Cryptographic API Configuration 14# 15menuconfig CRYPTO 16 tristate "Cryptographic API" 17 help 18 This option provides the core Cryptographic API. 19 20if CRYPTO 21 22comment "Crypto core or helper" 23 24config CRYPTO_FIPS 25 bool "FIPS 200 compliance" 26 depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS 27 help 28 This options enables the fips boot option which is 29 required if you want to system to operate in a FIPS 200 30 certification. You should say no unless you know what 31 this is. 32 33config CRYPTO_ALGAPI 34 tristate 35 select CRYPTO_ALGAPI2 36 help 37 This option provides the API for cryptographic algorithms. 38 39config CRYPTO_ALGAPI2 40 tristate 41 42config CRYPTO_AEAD 43 tristate 44 select CRYPTO_AEAD2 45 select CRYPTO_ALGAPI 46 47config CRYPTO_AEAD2 48 tristate 49 select CRYPTO_ALGAPI2 50 51config CRYPTO_BLKCIPHER 52 tristate 53 select CRYPTO_BLKCIPHER2 54 select CRYPTO_ALGAPI 55 56config CRYPTO_BLKCIPHER2 57 tristate 58 select CRYPTO_ALGAPI2 59 select CRYPTO_RNG2 60 select CRYPTO_WORKQUEUE 61 62config CRYPTO_HASH 63 tristate 64 select CRYPTO_HASH2 65 select CRYPTO_ALGAPI 66 67config CRYPTO_HASH2 68 tristate 69 select CRYPTO_ALGAPI2 70 71config CRYPTO_RNG 72 tristate 73 select CRYPTO_RNG2 74 select CRYPTO_ALGAPI 75 76config CRYPTO_RNG2 77 tristate 78 select CRYPTO_ALGAPI2 79 80config CRYPTO_PCOMP 81 tristate 82 select CRYPTO_PCOMP2 83 select CRYPTO_ALGAPI 84 85config CRYPTO_PCOMP2 86 tristate 87 select CRYPTO_ALGAPI2 88 89config CRYPTO_MANAGER 90 tristate "Cryptographic algorithm manager" 91 select CRYPTO_MANAGER2 92 help 93 Create default cryptographic template instantiations such as 94 cbc(aes). 95 96config CRYPTO_MANAGER2 97 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 98 select CRYPTO_AEAD2 99 select CRYPTO_HASH2 100 select CRYPTO_BLKCIPHER2 101 select CRYPTO_PCOMP2 102 103config CRYPTO_USER 104 tristate "Userspace cryptographic algorithm configuration" 105 depends on NET 106 select CRYPTO_MANAGER 107 help 108 Userspace configuration for cryptographic instantiations such as 109 cbc(aes). 110 111config CRYPTO_MANAGER_DISABLE_TESTS 112 bool "Disable run-time self tests" 113 default y 114 depends on CRYPTO_MANAGER2 115 help 116 Disable run-time self tests that normally take place at 117 algorithm registration. 118 119config CRYPTO_GF128MUL 120 tristate "GF(2^128) multiplication functions" 121 help 122 Efficient table driven implementation of multiplications in the 123 field GF(2^128). This is needed by some cypher modes. This 124 option will be selected automatically if you select such a 125 cipher mode. Only select this option by hand if you expect to load 126 an external module that requires these functions. 127 128config CRYPTO_NULL 129 tristate "Null algorithms" 130 select CRYPTO_ALGAPI 131 select CRYPTO_BLKCIPHER 132 select CRYPTO_HASH 133 help 134 These are 'Null' algorithms, used by IPsec, which do nothing. 135 136config CRYPTO_PCRYPT 137 tristate "Parallel crypto engine (EXPERIMENTAL)" 138 depends on SMP && EXPERIMENTAL 139 select PADATA 140 select CRYPTO_MANAGER 141 select CRYPTO_AEAD 142 help 143 This converts an arbitrary crypto algorithm into a parallel 144 algorithm that executes in kernel threads. 145 146config CRYPTO_WORKQUEUE 147 tristate 148 149config CRYPTO_CRYPTD 150 tristate "Software async crypto daemon" 151 select CRYPTO_BLKCIPHER 152 select CRYPTO_HASH 153 select CRYPTO_MANAGER 154 select CRYPTO_WORKQUEUE 155 help 156 This is a generic software asynchronous crypto daemon that 157 converts an arbitrary synchronous software crypto algorithm 158 into an asynchronous algorithm that executes in a kernel thread. 159 160config CRYPTO_AUTHENC 161 tristate "Authenc support" 162 select CRYPTO_AEAD 163 select CRYPTO_BLKCIPHER 164 select CRYPTO_MANAGER 165 select CRYPTO_HASH 166 help 167 Authenc: Combined mode wrapper for IPsec. 168 This is required for IPSec. 169 170config CRYPTO_TEST 171 tristate "Testing module" 172 depends on m 173 select CRYPTO_MANAGER 174 help 175 Quick & dirty crypto test module. 176 177config CRYPTO_ABLK_HELPER_X86 178 tristate 179 depends on X86 180 select CRYPTO_CRYPTD 181 182config CRYPTO_GLUE_HELPER_X86 183 tristate 184 depends on X86 185 select CRYPTO_ALGAPI 186 187comment "Authenticated Encryption with Associated Data" 188 189config CRYPTO_CCM 190 tristate "CCM support" 191 select CRYPTO_CTR 192 select CRYPTO_AEAD 193 help 194 Support for Counter with CBC MAC. Required for IPsec. 195 196config CRYPTO_GCM 197 tristate "GCM/GMAC support" 198 select CRYPTO_CTR 199 select CRYPTO_AEAD 200 select CRYPTO_GHASH 201 help 202 Support for Galois/Counter Mode (GCM) and Galois Message 203 Authentication Code (GMAC). Required for IPSec. 204 205config CRYPTO_SEQIV 206 tristate "Sequence Number IV Generator" 207 select CRYPTO_AEAD 208 select CRYPTO_BLKCIPHER 209 select CRYPTO_RNG 210 help 211 This IV generator generates an IV based on a sequence number by 212 xoring it with a salt. This algorithm is mainly useful for CTR 213 214comment "Block modes" 215 216config CRYPTO_CBC 217 tristate "CBC support" 218 select CRYPTO_BLKCIPHER 219 select CRYPTO_MANAGER 220 help 221 CBC: Cipher Block Chaining mode 222 This block cipher algorithm is required for IPSec. 223 224config CRYPTO_CTR 225 tristate "CTR support" 226 select CRYPTO_BLKCIPHER 227 select CRYPTO_SEQIV 228 select CRYPTO_MANAGER 229 help 230 CTR: Counter mode 231 This block cipher algorithm is required for IPSec. 232 233config CRYPTO_CTS 234 tristate "CTS support" 235 select CRYPTO_BLKCIPHER 236 help 237 CTS: Cipher Text Stealing 238 This is the Cipher Text Stealing mode as described by 239 Section 8 of rfc2040 and referenced by rfc3962. 240 (rfc3962 includes errata information in its Appendix A) 241 This mode is required for Kerberos gss mechanism support 242 for AES encryption. 243 244config CRYPTO_ECB 245 tristate "ECB support" 246 select CRYPTO_BLKCIPHER 247 select CRYPTO_MANAGER 248 help 249 ECB: Electronic CodeBook mode 250 This is the simplest block cipher algorithm. It simply encrypts 251 the input block by block. 252 253config CRYPTO_LRW 254 tristate "LRW support" 255 select CRYPTO_BLKCIPHER 256 select CRYPTO_MANAGER 257 select CRYPTO_GF128MUL 258 help 259 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 260 narrow block cipher mode for dm-crypt. Use it with cipher 261 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 262 The first 128, 192 or 256 bits in the key are used for AES and the 263 rest is used to tie each cipher block to its logical position. 264 265config CRYPTO_PCBC 266 tristate "PCBC support" 267 select CRYPTO_BLKCIPHER 268 select CRYPTO_MANAGER 269 help 270 PCBC: Propagating Cipher Block Chaining mode 271 This block cipher algorithm is required for RxRPC. 272 273config CRYPTO_XTS 274 tristate "XTS support" 275 select CRYPTO_BLKCIPHER 276 select CRYPTO_MANAGER 277 select CRYPTO_GF128MUL 278 help 279 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 280 key size 256, 384 or 512 bits. This implementation currently 281 can't handle a sectorsize which is not a multiple of 16 bytes. 282 283comment "Hash modes" 284 285config CRYPTO_HMAC 286 tristate "HMAC support" 287 select CRYPTO_HASH 288 select CRYPTO_MANAGER 289 help 290 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 291 This is required for IPSec. 292 293config CRYPTO_XCBC 294 tristate "XCBC support" 295 depends on EXPERIMENTAL 296 select CRYPTO_HASH 297 select CRYPTO_MANAGER 298 help 299 XCBC: Keyed-Hashing with encryption algorithm 300 http://www.ietf.org/rfc/rfc3566.txt 301 http://csrc.nist.gov/encryption/modes/proposedmodes/ 302 xcbc-mac/xcbc-mac-spec.pdf 303 304config CRYPTO_VMAC 305 tristate "VMAC support" 306 depends on EXPERIMENTAL 307 select CRYPTO_HASH 308 select CRYPTO_MANAGER 309 help 310 VMAC is a message authentication algorithm designed for 311 very high speed on 64-bit architectures. 312 313 See also: 314 <http://fastcrypto.org/vmac> 315 316comment "Digest" 317 318config CRYPTO_CRC32C 319 tristate "CRC32c CRC algorithm" 320 select CRYPTO_HASH 321 select CRC32 322 help 323 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 324 by iSCSI for header and data digests and by others. 325 See Castagnoli93. Module will be crc32c. 326 327config CRYPTO_CRC32C_INTEL 328 tristate "CRC32c INTEL hardware acceleration" 329 depends on X86 330 select CRYPTO_HASH 331 help 332 In Intel processor with SSE4.2 supported, the processor will 333 support CRC32C implementation using hardware accelerated CRC32 334 instruction. This option will create 'crc32c-intel' module, 335 which will enable any routine to use the CRC32 instruction to 336 gain performance compared with software implementation. 337 Module will be crc32c-intel. 338 339config CRYPTO_CRC32C_SPARC64 340 tristate "CRC32c CRC algorithm (SPARC64)" 341 depends on SPARC64 342 select CRYPTO_HASH 343 select CRC32 344 help 345 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 346 when available. 347 348config CRYPTO_GHASH 349 tristate "GHASH digest algorithm" 350 select CRYPTO_GF128MUL 351 help 352 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 353 354config CRYPTO_MD4 355 tristate "MD4 digest algorithm" 356 select CRYPTO_HASH 357 help 358 MD4 message digest algorithm (RFC1320). 359 360config CRYPTO_MD5 361 tristate "MD5 digest algorithm" 362 select CRYPTO_HASH 363 help 364 MD5 message digest algorithm (RFC1321). 365 366config CRYPTO_MD5_SPARC64 367 tristate "MD5 digest algorithm (SPARC64)" 368 depends on SPARC64 369 select CRYPTO_MD5 370 select CRYPTO_HASH 371 help 372 MD5 message digest algorithm (RFC1321) implemented 373 using sparc64 crypto instructions, when available. 374 375config CRYPTO_MICHAEL_MIC 376 tristate "Michael MIC keyed digest algorithm" 377 select CRYPTO_HASH 378 help 379 Michael MIC is used for message integrity protection in TKIP 380 (IEEE 802.11i). This algorithm is required for TKIP, but it 381 should not be used for other purposes because of the weakness 382 of the algorithm. 383 384config CRYPTO_RMD128 385 tristate "RIPEMD-128 digest algorithm" 386 select CRYPTO_HASH 387 help 388 RIPEMD-128 (ISO/IEC 10118-3:2004). 389 390 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 391 be used as a secure replacement for RIPEMD. For other use cases, 392 RIPEMD-160 should be used. 393 394 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 395 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 396 397config CRYPTO_RMD160 398 tristate "RIPEMD-160 digest algorithm" 399 select CRYPTO_HASH 400 help 401 RIPEMD-160 (ISO/IEC 10118-3:2004). 402 403 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 404 to be used as a secure replacement for the 128-bit hash functions 405 MD4, MD5 and it's predecessor RIPEMD 406 (not to be confused with RIPEMD-128). 407 408 It's speed is comparable to SHA1 and there are no known attacks 409 against RIPEMD-160. 410 411 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 412 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 413 414config CRYPTO_RMD256 415 tristate "RIPEMD-256 digest algorithm" 416 select CRYPTO_HASH 417 help 418 RIPEMD-256 is an optional extension of RIPEMD-128 with a 419 256 bit hash. It is intended for applications that require 420 longer hash-results, without needing a larger security level 421 (than RIPEMD-128). 422 423 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 424 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 425 426config CRYPTO_RMD320 427 tristate "RIPEMD-320 digest algorithm" 428 select CRYPTO_HASH 429 help 430 RIPEMD-320 is an optional extension of RIPEMD-160 with a 431 320 bit hash. It is intended for applications that require 432 longer hash-results, without needing a larger security level 433 (than RIPEMD-160). 434 435 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 436 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 437 438config CRYPTO_SHA1 439 tristate "SHA1 digest algorithm" 440 select CRYPTO_HASH 441 help 442 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 443 444config CRYPTO_SHA1_SSSE3 445 tristate "SHA1 digest algorithm (SSSE3/AVX)" 446 depends on X86 && 64BIT 447 select CRYPTO_SHA1 448 select CRYPTO_HASH 449 help 450 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 451 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 452 Extensions (AVX), when available. 453 454config CRYPTO_SHA1_SPARC64 455 tristate "SHA1 digest algorithm (SPARC64)" 456 depends on SPARC64 457 select CRYPTO_SHA1 458 select CRYPTO_HASH 459 help 460 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 461 using sparc64 crypto instructions, when available. 462 463config CRYPTO_SHA256 464 tristate "SHA224 and SHA256 digest algorithm" 465 select CRYPTO_HASH 466 help 467 SHA256 secure hash standard (DFIPS 180-2). 468 469 This version of SHA implements a 256 bit hash with 128 bits of 470 security against collision attacks. 471 472 This code also includes SHA-224, a 224 bit hash with 112 bits 473 of security against collision attacks. 474 475config CRYPTO_SHA256_SPARC64 476 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 477 depends on SPARC64 478 select CRYPTO_SHA256 479 select CRYPTO_HASH 480 help 481 SHA-256 secure hash standard (DFIPS 180-2) implemented 482 using sparc64 crypto instructions, when available. 483 484config CRYPTO_SHA512 485 tristate "SHA384 and SHA512 digest algorithms" 486 select CRYPTO_HASH 487 help 488 SHA512 secure hash standard (DFIPS 180-2). 489 490 This version of SHA implements a 512 bit hash with 256 bits of 491 security against collision attacks. 492 493 This code also includes SHA-384, a 384 bit hash with 192 bits 494 of security against collision attacks. 495 496config CRYPTO_SHA512_SPARC64 497 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 498 depends on SPARC64 499 select CRYPTO_SHA512 500 select CRYPTO_HASH 501 help 502 SHA-512 secure hash standard (DFIPS 180-2) implemented 503 using sparc64 crypto instructions, when available. 504 505config CRYPTO_TGR192 506 tristate "Tiger digest algorithms" 507 select CRYPTO_HASH 508 help 509 Tiger hash algorithm 192, 160 and 128-bit hashes 510 511 Tiger is a hash function optimized for 64-bit processors while 512 still having decent performance on 32-bit processors. 513 Tiger was developed by Ross Anderson and Eli Biham. 514 515 See also: 516 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 517 518config CRYPTO_WP512 519 tristate "Whirlpool digest algorithms" 520 select CRYPTO_HASH 521 help 522 Whirlpool hash algorithm 512, 384 and 256-bit hashes 523 524 Whirlpool-512 is part of the NESSIE cryptographic primitives. 525 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 526 527 See also: 528 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 529 530config CRYPTO_GHASH_CLMUL_NI_INTEL 531 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 532 depends on X86 && 64BIT 533 select CRYPTO_CRYPTD 534 help 535 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 536 The implementation is accelerated by CLMUL-NI of Intel. 537 538comment "Ciphers" 539 540config CRYPTO_AES 541 tristate "AES cipher algorithms" 542 select CRYPTO_ALGAPI 543 help 544 AES cipher algorithms (FIPS-197). AES uses the Rijndael 545 algorithm. 546 547 Rijndael appears to be consistently a very good performer in 548 both hardware and software across a wide range of computing 549 environments regardless of its use in feedback or non-feedback 550 modes. Its key setup time is excellent, and its key agility is 551 good. Rijndael's very low memory requirements make it very well 552 suited for restricted-space environments, in which it also 553 demonstrates excellent performance. Rijndael's operations are 554 among the easiest to defend against power and timing attacks. 555 556 The AES specifies three key sizes: 128, 192 and 256 bits 557 558 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 559 560config CRYPTO_AES_586 561 tristate "AES cipher algorithms (i586)" 562 depends on (X86 || UML_X86) && !64BIT 563 select CRYPTO_ALGAPI 564 select CRYPTO_AES 565 help 566 AES cipher algorithms (FIPS-197). AES uses the Rijndael 567 algorithm. 568 569 Rijndael appears to be consistently a very good performer in 570 both hardware and software across a wide range of computing 571 environments regardless of its use in feedback or non-feedback 572 modes. Its key setup time is excellent, and its key agility is 573 good. Rijndael's very low memory requirements make it very well 574 suited for restricted-space environments, in which it also 575 demonstrates excellent performance. Rijndael's operations are 576 among the easiest to defend against power and timing attacks. 577 578 The AES specifies three key sizes: 128, 192 and 256 bits 579 580 See <http://csrc.nist.gov/encryption/aes/> for more information. 581 582config CRYPTO_AES_X86_64 583 tristate "AES cipher algorithms (x86_64)" 584 depends on (X86 || UML_X86) && 64BIT 585 select CRYPTO_ALGAPI 586 select CRYPTO_AES 587 help 588 AES cipher algorithms (FIPS-197). AES uses the Rijndael 589 algorithm. 590 591 Rijndael appears to be consistently a very good performer in 592 both hardware and software across a wide range of computing 593 environments regardless of its use in feedback or non-feedback 594 modes. Its key setup time is excellent, and its key agility is 595 good. Rijndael's very low memory requirements make it very well 596 suited for restricted-space environments, in which it also 597 demonstrates excellent performance. Rijndael's operations are 598 among the easiest to defend against power and timing attacks. 599 600 The AES specifies three key sizes: 128, 192 and 256 bits 601 602 See <http://csrc.nist.gov/encryption/aes/> for more information. 603 604config CRYPTO_AES_NI_INTEL 605 tristate "AES cipher algorithms (AES-NI)" 606 depends on X86 607 select CRYPTO_AES_X86_64 if 64BIT 608 select CRYPTO_AES_586 if !64BIT 609 select CRYPTO_CRYPTD 610 select CRYPTO_ABLK_HELPER_X86 611 select CRYPTO_ALGAPI 612 help 613 Use Intel AES-NI instructions for AES algorithm. 614 615 AES cipher algorithms (FIPS-197). AES uses the Rijndael 616 algorithm. 617 618 Rijndael appears to be consistently a very good performer in 619 both hardware and software across a wide range of computing 620 environments regardless of its use in feedback or non-feedback 621 modes. Its key setup time is excellent, and its key agility is 622 good. Rijndael's very low memory requirements make it very well 623 suited for restricted-space environments, in which it also 624 demonstrates excellent performance. Rijndael's operations are 625 among the easiest to defend against power and timing attacks. 626 627 The AES specifies three key sizes: 128, 192 and 256 bits 628 629 See <http://csrc.nist.gov/encryption/aes/> for more information. 630 631 In addition to AES cipher algorithm support, the acceleration 632 for some popular block cipher mode is supported too, including 633 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional 634 acceleration for CTR. 635 636config CRYPTO_AES_SPARC64 637 tristate "AES cipher algorithms (SPARC64)" 638 depends on SPARC64 639 select CRYPTO_CRYPTD 640 select CRYPTO_ALGAPI 641 help 642 Use SPARC64 crypto opcodes for AES algorithm. 643 644 AES cipher algorithms (FIPS-197). AES uses the Rijndael 645 algorithm. 646 647 Rijndael appears to be consistently a very good performer in 648 both hardware and software across a wide range of computing 649 environments regardless of its use in feedback or non-feedback 650 modes. Its key setup time is excellent, and its key agility is 651 good. Rijndael's very low memory requirements make it very well 652 suited for restricted-space environments, in which it also 653 demonstrates excellent performance. Rijndael's operations are 654 among the easiest to defend against power and timing attacks. 655 656 The AES specifies three key sizes: 128, 192 and 256 bits 657 658 See <http://csrc.nist.gov/encryption/aes/> for more information. 659 660 In addition to AES cipher algorithm support, the acceleration 661 for some popular block cipher mode is supported too, including 662 ECB and CBC. 663 664config CRYPTO_ANUBIS 665 tristate "Anubis cipher algorithm" 666 select CRYPTO_ALGAPI 667 help 668 Anubis cipher algorithm. 669 670 Anubis is a variable key length cipher which can use keys from 671 128 bits to 320 bits in length. It was evaluated as a entrant 672 in the NESSIE competition. 673 674 See also: 675 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 676 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 677 678config CRYPTO_ARC4 679 tristate "ARC4 cipher algorithm" 680 select CRYPTO_BLKCIPHER 681 help 682 ARC4 cipher algorithm. 683 684 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 685 bits in length. This algorithm is required for driver-based 686 WEP, but it should not be for other purposes because of the 687 weakness of the algorithm. 688 689config CRYPTO_BLOWFISH 690 tristate "Blowfish cipher algorithm" 691 select CRYPTO_ALGAPI 692 select CRYPTO_BLOWFISH_COMMON 693 help 694 Blowfish cipher algorithm, by Bruce Schneier. 695 696 This is a variable key length cipher which can use keys from 32 697 bits to 448 bits in length. It's fast, simple and specifically 698 designed for use on "large microprocessors". 699 700 See also: 701 <http://www.schneier.com/blowfish.html> 702 703config CRYPTO_BLOWFISH_COMMON 704 tristate 705 help 706 Common parts of the Blowfish cipher algorithm shared by the 707 generic c and the assembler implementations. 708 709 See also: 710 <http://www.schneier.com/blowfish.html> 711 712config CRYPTO_BLOWFISH_X86_64 713 tristate "Blowfish cipher algorithm (x86_64)" 714 depends on X86 && 64BIT 715 select CRYPTO_ALGAPI 716 select CRYPTO_BLOWFISH_COMMON 717 help 718 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 719 720 This is a variable key length cipher which can use keys from 32 721 bits to 448 bits in length. It's fast, simple and specifically 722 designed for use on "large microprocessors". 723 724 See also: 725 <http://www.schneier.com/blowfish.html> 726 727config CRYPTO_CAMELLIA 728 tristate "Camellia cipher algorithms" 729 depends on CRYPTO 730 select CRYPTO_ALGAPI 731 help 732 Camellia cipher algorithms module. 733 734 Camellia is a symmetric key block cipher developed jointly 735 at NTT and Mitsubishi Electric Corporation. 736 737 The Camellia specifies three key sizes: 128, 192 and 256 bits. 738 739 See also: 740 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 741 742config CRYPTO_CAMELLIA_X86_64 743 tristate "Camellia cipher algorithm (x86_64)" 744 depends on X86 && 64BIT 745 depends on CRYPTO 746 select CRYPTO_ALGAPI 747 select CRYPTO_GLUE_HELPER_X86 748 select CRYPTO_LRW 749 select CRYPTO_XTS 750 help 751 Camellia cipher algorithm module (x86_64). 752 753 Camellia is a symmetric key block cipher developed jointly 754 at NTT and Mitsubishi Electric Corporation. 755 756 The Camellia specifies three key sizes: 128, 192 and 256 bits. 757 758 See also: 759 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 760 761config CRYPTO_CAST5 762 tristate "CAST5 (CAST-128) cipher algorithm" 763 select CRYPTO_ALGAPI 764 help 765 The CAST5 encryption algorithm (synonymous with CAST-128) is 766 described in RFC2144. 767 768config CRYPTO_CAST6 769 tristate "CAST6 (CAST-256) cipher algorithm" 770 select CRYPTO_ALGAPI 771 help 772 The CAST6 encryption algorithm (synonymous with CAST-256) is 773 described in RFC2612. 774 775config CRYPTO_DES 776 tristate "DES and Triple DES EDE cipher algorithms" 777 select CRYPTO_ALGAPI 778 help 779 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 780 781config CRYPTO_DES_SPARC64 782 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 783 select CRYPTO_ALGAPI 784 select CRYPTO_DES 785 help 786 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 787 optimized using SPARC64 crypto opcodes. 788 789config CRYPTO_FCRYPT 790 tristate "FCrypt cipher algorithm" 791 select CRYPTO_ALGAPI 792 select CRYPTO_BLKCIPHER 793 help 794 FCrypt algorithm used by RxRPC. 795 796config CRYPTO_KHAZAD 797 tristate "Khazad cipher algorithm" 798 select CRYPTO_ALGAPI 799 help 800 Khazad cipher algorithm. 801 802 Khazad was a finalist in the initial NESSIE competition. It is 803 an algorithm optimized for 64-bit processors with good performance 804 on 32-bit processors. Khazad uses an 128 bit key size. 805 806 See also: 807 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 808 809config CRYPTO_SALSA20 810 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)" 811 depends on EXPERIMENTAL 812 select CRYPTO_BLKCIPHER 813 help 814 Salsa20 stream cipher algorithm. 815 816 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 817 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 818 819 The Salsa20 stream cipher algorithm is designed by Daniel J. 820 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 821 822config CRYPTO_SALSA20_586 823 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)" 824 depends on (X86 || UML_X86) && !64BIT 825 depends on EXPERIMENTAL 826 select CRYPTO_BLKCIPHER 827 help 828 Salsa20 stream cipher algorithm. 829 830 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 831 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 832 833 The Salsa20 stream cipher algorithm is designed by Daniel J. 834 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 835 836config CRYPTO_SALSA20_X86_64 837 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)" 838 depends on (X86 || UML_X86) && 64BIT 839 depends on EXPERIMENTAL 840 select CRYPTO_BLKCIPHER 841 help 842 Salsa20 stream cipher algorithm. 843 844 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 845 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 846 847 The Salsa20 stream cipher algorithm is designed by Daniel J. 848 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 849 850config CRYPTO_SEED 851 tristate "SEED cipher algorithm" 852 select CRYPTO_ALGAPI 853 help 854 SEED cipher algorithm (RFC4269). 855 856 SEED is a 128-bit symmetric key block cipher that has been 857 developed by KISA (Korea Information Security Agency) as a 858 national standard encryption algorithm of the Republic of Korea. 859 It is a 16 round block cipher with the key size of 128 bit. 860 861 See also: 862 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 863 864config CRYPTO_SERPENT 865 tristate "Serpent cipher algorithm" 866 select CRYPTO_ALGAPI 867 help 868 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 869 870 Keys are allowed to be from 0 to 256 bits in length, in steps 871 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 872 variant of Serpent for compatibility with old kerneli.org code. 873 874 See also: 875 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 876 877config CRYPTO_SERPENT_SSE2_X86_64 878 tristate "Serpent cipher algorithm (x86_64/SSE2)" 879 depends on X86 && 64BIT 880 select CRYPTO_ALGAPI 881 select CRYPTO_CRYPTD 882 select CRYPTO_ABLK_HELPER_X86 883 select CRYPTO_GLUE_HELPER_X86 884 select CRYPTO_SERPENT 885 select CRYPTO_LRW 886 select CRYPTO_XTS 887 help 888 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 889 890 Keys are allowed to be from 0 to 256 bits in length, in steps 891 of 8 bits. 892 893 This module provides Serpent cipher algorithm that processes eigth 894 blocks parallel using SSE2 instruction set. 895 896 See also: 897 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 898 899config CRYPTO_SERPENT_SSE2_586 900 tristate "Serpent cipher algorithm (i586/SSE2)" 901 depends on X86 && !64BIT 902 select CRYPTO_ALGAPI 903 select CRYPTO_CRYPTD 904 select CRYPTO_ABLK_HELPER_X86 905 select CRYPTO_GLUE_HELPER_X86 906 select CRYPTO_SERPENT 907 select CRYPTO_LRW 908 select CRYPTO_XTS 909 help 910 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 911 912 Keys are allowed to be from 0 to 256 bits in length, in steps 913 of 8 bits. 914 915 This module provides Serpent cipher algorithm that processes four 916 blocks parallel using SSE2 instruction set. 917 918 See also: 919 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 920 921config CRYPTO_SERPENT_AVX_X86_64 922 tristate "Serpent cipher algorithm (x86_64/AVX)" 923 depends on X86 && 64BIT 924 select CRYPTO_ALGAPI 925 select CRYPTO_CRYPTD 926 select CRYPTO_ABLK_HELPER_X86 927 select CRYPTO_GLUE_HELPER_X86 928 select CRYPTO_SERPENT 929 select CRYPTO_LRW 930 select CRYPTO_XTS 931 help 932 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 933 934 Keys are allowed to be from 0 to 256 bits in length, in steps 935 of 8 bits. 936 937 This module provides the Serpent cipher algorithm that processes 938 eight blocks parallel using the AVX instruction set. 939 940 See also: 941 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 942 943config CRYPTO_TEA 944 tristate "TEA, XTEA and XETA cipher algorithms" 945 select CRYPTO_ALGAPI 946 help 947 TEA cipher algorithm. 948 949 Tiny Encryption Algorithm is a simple cipher that uses 950 many rounds for security. It is very fast and uses 951 little memory. 952 953 Xtendend Tiny Encryption Algorithm is a modification to 954 the TEA algorithm to address a potential key weakness 955 in the TEA algorithm. 956 957 Xtendend Encryption Tiny Algorithm is a mis-implementation 958 of the XTEA algorithm for compatibility purposes. 959 960config CRYPTO_TWOFISH 961 tristate "Twofish cipher algorithm" 962 select CRYPTO_ALGAPI 963 select CRYPTO_TWOFISH_COMMON 964 help 965 Twofish cipher algorithm. 966 967 Twofish was submitted as an AES (Advanced Encryption Standard) 968 candidate cipher by researchers at CounterPane Systems. It is a 969 16 round block cipher supporting key sizes of 128, 192, and 256 970 bits. 971 972 See also: 973 <http://www.schneier.com/twofish.html> 974 975config CRYPTO_TWOFISH_COMMON 976 tristate 977 help 978 Common parts of the Twofish cipher algorithm shared by the 979 generic c and the assembler implementations. 980 981config CRYPTO_TWOFISH_586 982 tristate "Twofish cipher algorithms (i586)" 983 depends on (X86 || UML_X86) && !64BIT 984 select CRYPTO_ALGAPI 985 select CRYPTO_TWOFISH_COMMON 986 help 987 Twofish cipher algorithm. 988 989 Twofish was submitted as an AES (Advanced Encryption Standard) 990 candidate cipher by researchers at CounterPane Systems. It is a 991 16 round block cipher supporting key sizes of 128, 192, and 256 992 bits. 993 994 See also: 995 <http://www.schneier.com/twofish.html> 996 997config CRYPTO_TWOFISH_X86_64 998 tristate "Twofish cipher algorithm (x86_64)" 999 depends on (X86 || UML_X86) && 64BIT 1000 select CRYPTO_ALGAPI 1001 select CRYPTO_TWOFISH_COMMON 1002 help 1003 Twofish cipher algorithm (x86_64). 1004 1005 Twofish was submitted as an AES (Advanced Encryption Standard) 1006 candidate cipher by researchers at CounterPane Systems. It is a 1007 16 round block cipher supporting key sizes of 128, 192, and 256 1008 bits. 1009 1010 See also: 1011 <http://www.schneier.com/twofish.html> 1012 1013config CRYPTO_TWOFISH_X86_64_3WAY 1014 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1015 depends on X86 && 64BIT 1016 select CRYPTO_ALGAPI 1017 select CRYPTO_TWOFISH_COMMON 1018 select CRYPTO_TWOFISH_X86_64 1019 select CRYPTO_GLUE_HELPER_X86 1020 select CRYPTO_LRW 1021 select CRYPTO_XTS 1022 help 1023 Twofish cipher algorithm (x86_64, 3-way parallel). 1024 1025 Twofish was submitted as an AES (Advanced Encryption Standard) 1026 candidate cipher by researchers at CounterPane Systems. It is a 1027 16 round block cipher supporting key sizes of 128, 192, and 256 1028 bits. 1029 1030 This module provides Twofish cipher algorithm that processes three 1031 blocks parallel, utilizing resources of out-of-order CPUs better. 1032 1033 See also: 1034 <http://www.schneier.com/twofish.html> 1035 1036config CRYPTO_TWOFISH_AVX_X86_64 1037 tristate "Twofish cipher algorithm (x86_64/AVX)" 1038 depends on X86 && 64BIT 1039 select CRYPTO_ALGAPI 1040 select CRYPTO_CRYPTD 1041 select CRYPTO_ABLK_HELPER_X86 1042 select CRYPTO_GLUE_HELPER_X86 1043 select CRYPTO_TWOFISH_COMMON 1044 select CRYPTO_TWOFISH_X86_64 1045 select CRYPTO_TWOFISH_X86_64_3WAY 1046 select CRYPTO_LRW 1047 select CRYPTO_XTS 1048 help 1049 Twofish cipher algorithm (x86_64/AVX). 1050 1051 Twofish was submitted as an AES (Advanced Encryption Standard) 1052 candidate cipher by researchers at CounterPane Systems. It is a 1053 16 round block cipher supporting key sizes of 128, 192, and 256 1054 bits. 1055 1056 This module provides the Twofish cipher algorithm that processes 1057 eight blocks parallel using the AVX Instruction Set. 1058 1059 See also: 1060 <http://www.schneier.com/twofish.html> 1061 1062comment "Compression" 1063 1064config CRYPTO_DEFLATE 1065 tristate "Deflate compression algorithm" 1066 select CRYPTO_ALGAPI 1067 select ZLIB_INFLATE 1068 select ZLIB_DEFLATE 1069 help 1070 This is the Deflate algorithm (RFC1951), specified for use in 1071 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1072 1073 You will most probably want this if using IPSec. 1074 1075config CRYPTO_ZLIB 1076 tristate "Zlib compression algorithm" 1077 select CRYPTO_PCOMP 1078 select ZLIB_INFLATE 1079 select ZLIB_DEFLATE 1080 select NLATTR 1081 help 1082 This is the zlib algorithm. 1083 1084config CRYPTO_LZO 1085 tristate "LZO compression algorithm" 1086 select CRYPTO_ALGAPI 1087 select LZO_COMPRESS 1088 select LZO_DECOMPRESS 1089 help 1090 This is the LZO algorithm. 1091 1092comment "Random Number Generation" 1093 1094config CRYPTO_ANSI_CPRNG 1095 tristate "Pseudo Random Number Generation for Cryptographic modules" 1096 default m 1097 select CRYPTO_AES 1098 select CRYPTO_RNG 1099 help 1100 This option enables the generic pseudo random number generator 1101 for cryptographic modules. Uses the Algorithm specified in 1102 ANSI X9.31 A.2.4. Note that this option must be enabled if 1103 CRYPTO_FIPS is selected 1104 1105config CRYPTO_USER_API 1106 tristate 1107 1108config CRYPTO_USER_API_HASH 1109 tristate "User-space interface for hash algorithms" 1110 depends on NET 1111 select CRYPTO_HASH 1112 select CRYPTO_USER_API 1113 help 1114 This option enables the user-spaces interface for hash 1115 algorithms. 1116 1117config CRYPTO_USER_API_SKCIPHER 1118 tristate "User-space interface for symmetric key cipher algorithms" 1119 depends on NET 1120 select CRYPTO_BLKCIPHER 1121 select CRYPTO_USER_API 1122 help 1123 This option enables the user-spaces interface for symmetric 1124 key cipher algorithms. 1125 1126source "drivers/crypto/Kconfig" 1127 1128endif # if CRYPTO 1129