xref: /linux/crypto/Kconfig (revision f7511d5f66f01fc451747b24e79f3ada7a3af9af) 
1#
2# Generic algorithms support
3#
4config XOR_BLOCKS
5	tristate
6
7#
8# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
13# Cryptographic API Configuration
14#
15menuconfig CRYPTO
16	tristate "Cryptographic API"
17	help
18	  This option provides the core Cryptographic API.
19
20if CRYPTO
21
22comment "Crypto core or helper"
23
24config CRYPTO_ALGAPI
25	tristate
26	help
27	  This option provides the API for cryptographic algorithms.
28
29config CRYPTO_AEAD
30	tristate
31	select CRYPTO_ALGAPI
32
33config CRYPTO_BLKCIPHER
34	tristate
35	select CRYPTO_ALGAPI
36
37config CRYPTO_HASH
38	tristate
39	select CRYPTO_ALGAPI
40
41config CRYPTO_MANAGER
42	tristate "Cryptographic algorithm manager"
43	select CRYPTO_ALGAPI
44	help
45	  Create default cryptographic template instantiations such as
46	  cbc(aes).
47
48config CRYPTO_GF128MUL
49	tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
50	depends on EXPERIMENTAL
51	help
52	  Efficient table driven implementation of multiplications in the
53	  field GF(2^128).  This is needed by some cypher modes. This
54	  option will be selected automatically if you select such a
55	  cipher mode.  Only select this option by hand if you expect to load
56	  an external module that requires these functions.
57
58config CRYPTO_NULL
59	tristate "Null algorithms"
60	select CRYPTO_ALGAPI
61	select CRYPTO_BLKCIPHER
62	help
63	  These are 'Null' algorithms, used by IPsec, which do nothing.
64
65config CRYPTO_CRYPTD
66	tristate "Software async crypto daemon"
67	select CRYPTO_BLKCIPHER
68	select CRYPTO_MANAGER
69	help
70	  This is a generic software asynchronous crypto daemon that
71	  converts an arbitrary synchronous software crypto algorithm
72	  into an asynchronous algorithm that executes in a kernel thread.
73
74config CRYPTO_AUTHENC
75	tristate "Authenc support"
76	select CRYPTO_AEAD
77	select CRYPTO_BLKCIPHER
78	select CRYPTO_MANAGER
79	select CRYPTO_HASH
80	help
81	  Authenc: Combined mode wrapper for IPsec.
82	  This is required for IPSec.
83
84config CRYPTO_TEST
85	tristate "Testing module"
86	depends on m
87	select CRYPTO_ALGAPI
88	select CRYPTO_AEAD
89	select CRYPTO_BLKCIPHER
90	help
91	  Quick & dirty crypto test module.
92
93comment "Authenticated Encryption with Associated Data"
94
95config CRYPTO_CCM
96	tristate "CCM support"
97	select CRYPTO_CTR
98	select CRYPTO_AEAD
99	help
100	  Support for Counter with CBC MAC. Required for IPsec.
101
102config CRYPTO_GCM
103	tristate "GCM/GMAC support"
104	select CRYPTO_CTR
105	select CRYPTO_AEAD
106	select CRYPTO_GF128MUL
107	help
108	  Support for Galois/Counter Mode (GCM) and Galois Message
109	  Authentication Code (GMAC). Required for IPSec.
110
111config CRYPTO_SEQIV
112	tristate "Sequence Number IV Generator"
113	select CRYPTO_AEAD
114	select CRYPTO_BLKCIPHER
115	help
116	  This IV generator generates an IV based on a sequence number by
117	  xoring it with a salt.  This algorithm is mainly useful for CTR
118
119comment "Block modes"
120
121config CRYPTO_CBC
122	tristate "CBC support"
123	select CRYPTO_BLKCIPHER
124	select CRYPTO_MANAGER
125	help
126	  CBC: Cipher Block Chaining mode
127	  This block cipher algorithm is required for IPSec.
128
129config CRYPTO_CTR
130	tristate "CTR support"
131	select CRYPTO_BLKCIPHER
132	select CRYPTO_SEQIV
133	select CRYPTO_MANAGER
134	help
135	  CTR: Counter mode
136	  This block cipher algorithm is required for IPSec.
137
138config CRYPTO_CTS
139	tristate "CTS support"
140	select CRYPTO_BLKCIPHER
141	help
142	  CTS: Cipher Text Stealing
143	  This is the Cipher Text Stealing mode as described by
144	  Section 8 of rfc2040 and referenced by rfc3962.
145	  (rfc3962 includes errata information in its Appendix A)
146	  This mode is required for Kerberos gss mechanism support
147	  for AES encryption.
148
149config CRYPTO_ECB
150	tristate "ECB support"
151	select CRYPTO_BLKCIPHER
152	select CRYPTO_MANAGER
153	help
154	  ECB: Electronic CodeBook mode
155	  This is the simplest block cipher algorithm.  It simply encrypts
156	  the input block by block.
157
158config CRYPTO_LRW
159	tristate "LRW support (EXPERIMENTAL)"
160	depends on EXPERIMENTAL
161	select CRYPTO_BLKCIPHER
162	select CRYPTO_MANAGER
163	select CRYPTO_GF128MUL
164	help
165	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
166	  narrow block cipher mode for dm-crypt.  Use it with cipher
167	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
168	  The first 128, 192 or 256 bits in the key are used for AES and the
169	  rest is used to tie each cipher block to its logical position.
170
171config CRYPTO_PCBC
172	tristate "PCBC support"
173	select CRYPTO_BLKCIPHER
174	select CRYPTO_MANAGER
175	help
176	  PCBC: Propagating Cipher Block Chaining mode
177	  This block cipher algorithm is required for RxRPC.
178
179config CRYPTO_XTS
180	tristate "XTS support (EXPERIMENTAL)"
181	depends on EXPERIMENTAL
182	select CRYPTO_BLKCIPHER
183	select CRYPTO_MANAGER
184	select CRYPTO_GF128MUL
185	help
186	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
187	  key size 256, 384 or 512 bits. This implementation currently
188	  can't handle a sectorsize which is not a multiple of 16 bytes.
189
190comment "Hash modes"
191
192config CRYPTO_HMAC
193	tristate "HMAC support"
194	select CRYPTO_HASH
195	select CRYPTO_MANAGER
196	help
197	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
198	  This is required for IPSec.
199
200config CRYPTO_XCBC
201	tristate "XCBC support"
202	depends on EXPERIMENTAL
203	select CRYPTO_HASH
204	select CRYPTO_MANAGER
205	help
206	  XCBC: Keyed-Hashing with encryption algorithm
207		http://www.ietf.org/rfc/rfc3566.txt
208		http://csrc.nist.gov/encryption/modes/proposedmodes/
209		 xcbc-mac/xcbc-mac-spec.pdf
210
211comment "Digest"
212
213config CRYPTO_CRC32C
214	tristate "CRC32c CRC algorithm"
215	select CRYPTO_ALGAPI
216	select LIBCRC32C
217	help
218	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
219	  by iSCSI for header and data digests and by others.
220	  See Castagnoli93.  This implementation uses lib/libcrc32c.
221          Module will be crc32c.
222
223config CRYPTO_MD4
224	tristate "MD4 digest algorithm"
225	select CRYPTO_ALGAPI
226	help
227	  MD4 message digest algorithm (RFC1320).
228
229config CRYPTO_MD5
230	tristate "MD5 digest algorithm"
231	select CRYPTO_ALGAPI
232	help
233	  MD5 message digest algorithm (RFC1321).
234
235config CRYPTO_MICHAEL_MIC
236	tristate "Michael MIC keyed digest algorithm"
237	select CRYPTO_ALGAPI
238	help
239	  Michael MIC is used for message integrity protection in TKIP
240	  (IEEE 802.11i). This algorithm is required for TKIP, but it
241	  should not be used for other purposes because of the weakness
242	  of the algorithm.
243
244config CRYPTO_SHA1
245	tristate "SHA1 digest algorithm"
246	select CRYPTO_ALGAPI
247	help
248	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
249
250config CRYPTO_SHA256
251	tristate "SHA224 and SHA256 digest algorithm"
252	select CRYPTO_ALGAPI
253	help
254	  SHA256 secure hash standard (DFIPS 180-2).
255
256	  This version of SHA implements a 256 bit hash with 128 bits of
257	  security against collision attacks.
258
259          This code also includes SHA-224, a 224 bit hash with 112 bits
260          of security against collision attacks.
261
262config CRYPTO_SHA512
263	tristate "SHA384 and SHA512 digest algorithms"
264	select CRYPTO_ALGAPI
265	help
266	  SHA512 secure hash standard (DFIPS 180-2).
267
268	  This version of SHA implements a 512 bit hash with 256 bits of
269	  security against collision attacks.
270
271	  This code also includes SHA-384, a 384 bit hash with 192 bits
272	  of security against collision attacks.
273
274config CRYPTO_TGR192
275	tristate "Tiger digest algorithms"
276	select CRYPTO_ALGAPI
277	help
278	  Tiger hash algorithm 192, 160 and 128-bit hashes
279
280	  Tiger is a hash function optimized for 64-bit processors while
281	  still having decent performance on 32-bit processors.
282	  Tiger was developed by Ross Anderson and Eli Biham.
283
284	  See also:
285	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
286
287config CRYPTO_WP512
288	tristate "Whirlpool digest algorithms"
289	select CRYPTO_ALGAPI
290	help
291	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
292
293	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
294	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
295
296	  See also:
297	  <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
298
299comment "Ciphers"
300
301config CRYPTO_AES
302	tristate "AES cipher algorithms"
303	select CRYPTO_ALGAPI
304	help
305	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
306	  algorithm.
307
308	  Rijndael appears to be consistently a very good performer in
309	  both hardware and software across a wide range of computing
310	  environments regardless of its use in feedback or non-feedback
311	  modes. Its key setup time is excellent, and its key agility is
312	  good. Rijndael's very low memory requirements make it very well
313	  suited for restricted-space environments, in which it also
314	  demonstrates excellent performance. Rijndael's operations are
315	  among the easiest to defend against power and timing attacks.
316
317	  The AES specifies three key sizes: 128, 192 and 256 bits
318
319	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
320
321config CRYPTO_AES_586
322	tristate "AES cipher algorithms (i586)"
323	depends on (X86 || UML_X86) && !64BIT
324	select CRYPTO_ALGAPI
325	select CRYPTO_AES
326	help
327	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
328	  algorithm.
329
330	  Rijndael appears to be consistently a very good performer in
331	  both hardware and software across a wide range of computing
332	  environments regardless of its use in feedback or non-feedback
333	  modes. Its key setup time is excellent, and its key agility is
334	  good. Rijndael's very low memory requirements make it very well
335	  suited for restricted-space environments, in which it also
336	  demonstrates excellent performance. Rijndael's operations are
337	  among the easiest to defend against power and timing attacks.
338
339	  The AES specifies three key sizes: 128, 192 and 256 bits
340
341	  See <http://csrc.nist.gov/encryption/aes/> for more information.
342
343config CRYPTO_AES_X86_64
344	tristate "AES cipher algorithms (x86_64)"
345	depends on (X86 || UML_X86) && 64BIT
346	select CRYPTO_ALGAPI
347	select CRYPTO_AES
348	help
349	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
350	  algorithm.
351
352	  Rijndael appears to be consistently a very good performer in
353	  both hardware and software across a wide range of computing
354	  environments regardless of its use in feedback or non-feedback
355	  modes. Its key setup time is excellent, and its key agility is
356	  good. Rijndael's very low memory requirements make it very well
357	  suited for restricted-space environments, in which it also
358	  demonstrates excellent performance. Rijndael's operations are
359	  among the easiest to defend against power and timing attacks.
360
361	  The AES specifies three key sizes: 128, 192 and 256 bits
362
363	  See <http://csrc.nist.gov/encryption/aes/> for more information.
364
365config CRYPTO_ANUBIS
366	tristate "Anubis cipher algorithm"
367	select CRYPTO_ALGAPI
368	help
369	  Anubis cipher algorithm.
370
371	  Anubis is a variable key length cipher which can use keys from
372	  128 bits to 320 bits in length.  It was evaluated as a entrant
373	  in the NESSIE competition.
374
375	  See also:
376	  <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
377	  <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
378
379config CRYPTO_ARC4
380	tristate "ARC4 cipher algorithm"
381	select CRYPTO_ALGAPI
382	help
383	  ARC4 cipher algorithm.
384
385	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
386	  bits in length.  This algorithm is required for driver-based
387	  WEP, but it should not be for other purposes because of the
388	  weakness of the algorithm.
389
390config CRYPTO_BLOWFISH
391	tristate "Blowfish cipher algorithm"
392	select CRYPTO_ALGAPI
393	help
394	  Blowfish cipher algorithm, by Bruce Schneier.
395
396	  This is a variable key length cipher which can use keys from 32
397	  bits to 448 bits in length.  It's fast, simple and specifically
398	  designed for use on "large microprocessors".
399
400	  See also:
401	  <http://www.schneier.com/blowfish.html>
402
403config CRYPTO_CAMELLIA
404	tristate "Camellia cipher algorithms"
405	depends on CRYPTO
406	select CRYPTO_ALGAPI
407	help
408	  Camellia cipher algorithms module.
409
410	  Camellia is a symmetric key block cipher developed jointly
411	  at NTT and Mitsubishi Electric Corporation.
412
413	  The Camellia specifies three key sizes: 128, 192 and 256 bits.
414
415	  See also:
416	  <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
417
418config CRYPTO_CAST5
419	tristate "CAST5 (CAST-128) cipher algorithm"
420	select CRYPTO_ALGAPI
421	help
422	  The CAST5 encryption algorithm (synonymous with CAST-128) is
423	  described in RFC2144.
424
425config CRYPTO_CAST6
426	tristate "CAST6 (CAST-256) cipher algorithm"
427	select CRYPTO_ALGAPI
428	help
429	  The CAST6 encryption algorithm (synonymous with CAST-256) is
430	  described in RFC2612.
431
432config CRYPTO_DES
433	tristate "DES and Triple DES EDE cipher algorithms"
434	select CRYPTO_ALGAPI
435	help
436	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
437
438config CRYPTO_FCRYPT
439	tristate "FCrypt cipher algorithm"
440	select CRYPTO_ALGAPI
441	select CRYPTO_BLKCIPHER
442	help
443	  FCrypt algorithm used by RxRPC.
444
445config CRYPTO_KHAZAD
446	tristate "Khazad cipher algorithm"
447	select CRYPTO_ALGAPI
448	help
449	  Khazad cipher algorithm.
450
451	  Khazad was a finalist in the initial NESSIE competition.  It is
452	  an algorithm optimized for 64-bit processors with good performance
453	  on 32-bit processors.  Khazad uses an 128 bit key size.
454
455	  See also:
456	  <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
457
458config CRYPTO_SALSA20
459	tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
460	depends on EXPERIMENTAL
461	select CRYPTO_BLKCIPHER
462	help
463	  Salsa20 stream cipher algorithm.
464
465	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
466	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
467
468	  The Salsa20 stream cipher algorithm is designed by Daniel J.
469	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
470
471config CRYPTO_SALSA20_586
472	tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
473	depends on (X86 || UML_X86) && !64BIT
474	depends on EXPERIMENTAL
475	select CRYPTO_BLKCIPHER
476	help
477	  Salsa20 stream cipher algorithm.
478
479	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
480	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
481
482	  The Salsa20 stream cipher algorithm is designed by Daniel J.
483	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
484
485config CRYPTO_SALSA20_X86_64
486	tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
487	depends on (X86 || UML_X86) && 64BIT
488	depends on EXPERIMENTAL
489	select CRYPTO_BLKCIPHER
490	help
491	  Salsa20 stream cipher algorithm.
492
493	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
494	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
495
496	  The Salsa20 stream cipher algorithm is designed by Daniel J.
497	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
498
499config CRYPTO_SEED
500	tristate "SEED cipher algorithm"
501	select CRYPTO_ALGAPI
502	help
503	  SEED cipher algorithm (RFC4269).
504
505	  SEED is a 128-bit symmetric key block cipher that has been
506	  developed by KISA (Korea Information Security Agency) as a
507	  national standard encryption algorithm of the Republic of Korea.
508	  It is a 16 round block cipher with the key size of 128 bit.
509
510	  See also:
511	  <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
512
513config CRYPTO_SERPENT
514	tristate "Serpent cipher algorithm"
515	select CRYPTO_ALGAPI
516	help
517	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
518
519	  Keys are allowed to be from 0 to 256 bits in length, in steps
520	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
521	  variant of Serpent for compatibility with old kerneli.org code.
522
523	  See also:
524	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
525
526config CRYPTO_TEA
527	tristate "TEA, XTEA and XETA cipher algorithms"
528	select CRYPTO_ALGAPI
529	help
530	  TEA cipher algorithm.
531
532	  Tiny Encryption Algorithm is a simple cipher that uses
533	  many rounds for security.  It is very fast and uses
534	  little memory.
535
536	  Xtendend Tiny Encryption Algorithm is a modification to
537	  the TEA algorithm to address a potential key weakness
538	  in the TEA algorithm.
539
540	  Xtendend Encryption Tiny Algorithm is a mis-implementation
541	  of the XTEA algorithm for compatibility purposes.
542
543config CRYPTO_TWOFISH
544	tristate "Twofish cipher algorithm"
545	select CRYPTO_ALGAPI
546	select CRYPTO_TWOFISH_COMMON
547	help
548	  Twofish cipher algorithm.
549
550	  Twofish was submitted as an AES (Advanced Encryption Standard)
551	  candidate cipher by researchers at CounterPane Systems.  It is a
552	  16 round block cipher supporting key sizes of 128, 192, and 256
553	  bits.
554
555	  See also:
556	  <http://www.schneier.com/twofish.html>
557
558config CRYPTO_TWOFISH_COMMON
559	tristate
560	help
561	  Common parts of the Twofish cipher algorithm shared by the
562	  generic c and the assembler implementations.
563
564config CRYPTO_TWOFISH_586
565	tristate "Twofish cipher algorithms (i586)"
566	depends on (X86 || UML_X86) && !64BIT
567	select CRYPTO_ALGAPI
568	select CRYPTO_TWOFISH_COMMON
569	help
570	  Twofish cipher algorithm.
571
572	  Twofish was submitted as an AES (Advanced Encryption Standard)
573	  candidate cipher by researchers at CounterPane Systems.  It is a
574	  16 round block cipher supporting key sizes of 128, 192, and 256
575	  bits.
576
577	  See also:
578	  <http://www.schneier.com/twofish.html>
579
580config CRYPTO_TWOFISH_X86_64
581	tristate "Twofish cipher algorithm (x86_64)"
582	depends on (X86 || UML_X86) && 64BIT
583	select CRYPTO_ALGAPI
584	select CRYPTO_TWOFISH_COMMON
585	help
586	  Twofish cipher algorithm (x86_64).
587
588	  Twofish was submitted as an AES (Advanced Encryption Standard)
589	  candidate cipher by researchers at CounterPane Systems.  It is a
590	  16 round block cipher supporting key sizes of 128, 192, and 256
591	  bits.
592
593	  See also:
594	  <http://www.schneier.com/twofish.html>
595
596comment "Compression"
597
598config CRYPTO_DEFLATE
599	tristate "Deflate compression algorithm"
600	select CRYPTO_ALGAPI
601	select ZLIB_INFLATE
602	select ZLIB_DEFLATE
603	help
604	  This is the Deflate algorithm (RFC1951), specified for use in
605	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
606
607	  You will most probably want this if using IPSec.
608
609config CRYPTO_LZO
610	tristate "LZO compression algorithm"
611	select CRYPTO_ALGAPI
612	select LZO_COMPRESS
613	select LZO_DECOMPRESS
614	help
615	  This is the LZO algorithm.
616
617source "drivers/crypto/Kconfig"
618
619endif	# if CRYPTO
620