2 # Cryptographic API Configuration
5 menu "Cryptographic options"
8 bool "Cryptographic API"
10 This option provides the core Cryptographic API.
17 This option provides the API for cryptographic algorithms.
19 config CRYPTO_BLKCIPHER
28 tristate "Cryptographic algorithm manager"
31 Create default cryptographic template instantiations such as
35 tristate "HMAC support"
39 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
40 This is required for IPSec.
43 tristate "XCBC support"
44 depends on EXPERIMENTAL
48 XCBC: Keyed-Hashing with encryption algorithm
49 http://www.ietf.org/rfc/rfc3566.txt
50 http://csrc.nist.gov/encryption/modes/proposedmodes/
51 xcbc-mac/xcbc-mac-spec.pdf
54 tristate "Null algorithms"
57 These are 'Null' algorithms, used by IPsec, which do nothing.
60 tristate "MD4 digest algorithm"
63 MD4 message digest algorithm (RFC1320).
66 tristate "MD5 digest algorithm"
69 MD5 message digest algorithm (RFC1321).
72 tristate "SHA1 digest algorithm"
75 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
77 config CRYPTO_SHA1_S390
78 tristate "SHA1 digest algorithm (s390)"
82 This is the s390 hardware accelerated implementation of the
83 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
86 tristate "SHA256 digest algorithm"
89 SHA256 secure hash standard (DFIPS 180-2).
91 This version of SHA implements a 256 bit hash with 128 bits of
92 security against collision attacks.
94 config CRYPTO_SHA256_S390
95 tristate "SHA256 digest algorithm (s390)"
99 This is the s390 hardware accelerated implementation of the
100 SHA256 secure hash standard (DFIPS 180-2).
102 This version of SHA implements a 256 bit hash with 128 bits of
103 security against collision attacks.
106 tristate "SHA384 and SHA512 digest algorithms"
109 SHA512 secure hash standard (DFIPS 180-2).
111 This version of SHA implements a 512 bit hash with 256 bits of
112 security against collision attacks.
114 This code also includes SHA-384, a 384 bit hash with 192 bits
115 of security against collision attacks.
118 tristate "Whirlpool digest algorithms"
121 Whirlpool hash algorithm 512, 384 and 256-bit hashes
123 Whirlpool-512 is part of the NESSIE cryptographic primitives.
124 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
127 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
130 tristate "Tiger digest algorithms"
133 Tiger hash algorithm 192, 160 and 128-bit hashes
135 Tiger is a hash function optimized for 64-bit processors while
136 still having decent performance on 32-bit processors.
137 Tiger was developed by Ross Anderson and Eli Biham.
140 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
142 config CRYPTO_GF128MUL
143 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
144 depends on EXPERIMENTAL
146 Efficient table driven implementation of multiplications in the
147 field GF(2^128). This is needed by some cypher modes. This
148 option will be selected automatically if you select such a
149 cipher mode. Only select this option by hand if you expect to load
150 an external module that requires these functions.
153 tristate "ECB support"
154 select CRYPTO_BLKCIPHER
155 select CRYPTO_MANAGER
158 ECB: Electronic CodeBook mode
159 This is the simplest block cipher algorithm. It simply encrypts
160 the input block by block.
163 tristate "CBC support"
164 select CRYPTO_BLKCIPHER
165 select CRYPTO_MANAGER
168 CBC: Cipher Block Chaining mode
169 This block cipher algorithm is required for IPSec.
172 tristate "PCBC support"
173 select CRYPTO_BLKCIPHER
174 select CRYPTO_MANAGER
177 PCBC: Propagating Cipher Block Chaining mode
178 This block cipher algorithm is required for RxRPC.
181 tristate "LRW support (EXPERIMENTAL)"
182 depends on EXPERIMENTAL
183 select CRYPTO_BLKCIPHER
184 select CRYPTO_MANAGER
185 select CRYPTO_GF128MUL
187 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
188 narrow block cipher mode for dm-crypt. Use it with cipher
189 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
190 The first 128, 192 or 256 bits in the key are used for AES and the
191 rest is used to tie each cipher block to its logical position.
194 tristate "DES and Triple DES EDE cipher algorithms"
197 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
199 config CRYPTO_DES_S390
200 tristate "DES and Triple DES cipher algorithms (s390)"
203 select CRYPTO_BLKCIPHER
205 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
208 tristate "FCrypt cipher algorithm"
210 select CRYPTO_BLKCIPHER
212 FCrypt algorithm used by RxRPC.
214 config CRYPTO_BLOWFISH
215 tristate "Blowfish cipher algorithm"
218 Blowfish cipher algorithm, by Bruce Schneier.
220 This is a variable key length cipher which can use keys from 32
221 bits to 448 bits in length. It's fast, simple and specifically
222 designed for use on "large microprocessors".
225 <http://www.schneier.com/blowfish.html>
227 config CRYPTO_TWOFISH
228 tristate "Twofish cipher algorithm"
230 select CRYPTO_TWOFISH_COMMON
232 Twofish cipher algorithm.
234 Twofish was submitted as an AES (Advanced Encryption Standard)
235 candidate cipher by researchers at CounterPane Systems. It is a
236 16 round block cipher supporting key sizes of 128, 192, and 256
240 <http://www.schneier.com/twofish.html>
242 config CRYPTO_TWOFISH_COMMON
245 Common parts of the Twofish cipher algorithm shared by the
246 generic c and the assembler implementations.
248 config CRYPTO_TWOFISH_586
249 tristate "Twofish cipher algorithms (i586)"
250 depends on (X86 || UML_X86) && !64BIT
252 select CRYPTO_TWOFISH_COMMON
254 Twofish cipher algorithm.
256 Twofish was submitted as an AES (Advanced Encryption Standard)
257 candidate cipher by researchers at CounterPane Systems. It is a
258 16 round block cipher supporting key sizes of 128, 192, and 256
262 <http://www.schneier.com/twofish.html>
264 config CRYPTO_TWOFISH_X86_64
265 tristate "Twofish cipher algorithm (x86_64)"
266 depends on (X86 || UML_X86) && 64BIT
268 select CRYPTO_TWOFISH_COMMON
270 Twofish cipher algorithm (x86_64).
272 Twofish was submitted as an AES (Advanced Encryption Standard)
273 candidate cipher by researchers at CounterPane Systems. It is a
274 16 round block cipher supporting key sizes of 128, 192, and 256
278 <http://www.schneier.com/twofish.html>
280 config CRYPTO_SERPENT
281 tristate "Serpent cipher algorithm"
284 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
286 Keys are allowed to be from 0 to 256 bits in length, in steps
287 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
288 variant of Serpent for compatibility with old kerneli code.
291 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
294 tristate "AES cipher algorithms"
297 AES cipher algorithms (FIPS-197). AES uses the Rijndael
300 Rijndael appears to be consistently a very good performer in
301 both hardware and software across a wide range of computing
302 environments regardless of its use in feedback or non-feedback
303 modes. Its key setup time is excellent, and its key agility is
304 good. Rijndael's very low memory requirements make it very well
305 suited for restricted-space environments, in which it also
306 demonstrates excellent performance. Rijndael's operations are
307 among the easiest to defend against power and timing attacks.
309 The AES specifies three key sizes: 128, 192 and 256 bits
311 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
313 config CRYPTO_AES_586
314 tristate "AES cipher algorithms (i586)"
315 depends on (X86 || UML_X86) && !64BIT
318 AES cipher algorithms (FIPS-197). AES uses the Rijndael
321 Rijndael appears to be consistently a very good performer in
322 both hardware and software across a wide range of computing
323 environments regardless of its use in feedback or non-feedback
324 modes. Its key setup time is excellent, and its key agility is
325 good. Rijndael's very low memory requirements make it very well
326 suited for restricted-space environments, in which it also
327 demonstrates excellent performance. Rijndael's operations are
328 among the easiest to defend against power and timing attacks.
330 The AES specifies three key sizes: 128, 192 and 256 bits
332 See <http://csrc.nist.gov/encryption/aes/> for more information.
334 config CRYPTO_AES_X86_64
335 tristate "AES cipher algorithms (x86_64)"
336 depends on (X86 || UML_X86) && 64BIT
339 AES cipher algorithms (FIPS-197). AES uses the Rijndael
342 Rijndael appears to be consistently a very good performer in
343 both hardware and software across a wide range of computing
344 environments regardless of its use in feedback or non-feedback
345 modes. Its key setup time is excellent, and its key agility is
346 good. Rijndael's very low memory requirements make it very well
347 suited for restricted-space environments, in which it also
348 demonstrates excellent performance. Rijndael's operations are
349 among the easiest to defend against power and timing attacks.
351 The AES specifies three key sizes: 128, 192 and 256 bits
353 See <http://csrc.nist.gov/encryption/aes/> for more information.
355 config CRYPTO_AES_S390
356 tristate "AES cipher algorithms (s390)"
359 select CRYPTO_BLKCIPHER
361 This is the s390 hardware accelerated implementation of the
362 AES cipher algorithms (FIPS-197). AES uses the Rijndael
365 Rijndael appears to be consistently a very good performer in
366 both hardware and software across a wide range of computing
367 environments regardless of its use in feedback or non-feedback
368 modes. Its key setup time is excellent, and its key agility is
369 good. Rijndael's very low memory requirements make it very well
370 suited for restricted-space environments, in which it also
371 demonstrates excellent performance. Rijndael's operations are
372 among the easiest to defend against power and timing attacks.
374 On s390 the System z9-109 currently only supports the key size
378 tristate "CAST5 (CAST-128) cipher algorithm"
381 The CAST5 encryption algorithm (synonymous with CAST-128) is
382 described in RFC2144.
385 tristate "CAST6 (CAST-256) cipher algorithm"
388 The CAST6 encryption algorithm (synonymous with CAST-256) is
389 described in RFC2612.
392 tristate "TEA, XTEA and XETA cipher algorithms"
395 TEA cipher algorithm.
397 Tiny Encryption Algorithm is a simple cipher that uses
398 many rounds for security. It is very fast and uses
401 Xtendend Tiny Encryption Algorithm is a modification to
402 the TEA algorithm to address a potential key weakness
403 in the TEA algorithm.
405 Xtendend Encryption Tiny Algorithm is a mis-implementation
406 of the XTEA algorithm for compatibility purposes.
409 tristate "ARC4 cipher algorithm"
412 ARC4 cipher algorithm.
414 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
415 bits in length. This algorithm is required for driver-based
416 WEP, but it should not be for other purposes because of the
417 weakness of the algorithm.
420 tristate "Khazad cipher algorithm"
423 Khazad cipher algorithm.
425 Khazad was a finalist in the initial NESSIE competition. It is
426 an algorithm optimized for 64-bit processors with good performance
427 on 32-bit processors. Khazad uses an 128 bit key size.
430 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
433 tristate "Anubis cipher algorithm"
436 Anubis cipher algorithm.
438 Anubis is a variable key length cipher which can use keys from
439 128 bits to 320 bits in length. It was evaluated as a entrant
440 in the NESSIE competition.
443 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
444 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
447 config CRYPTO_DEFLATE
448 tristate "Deflate compression algorithm"
453 This is the Deflate algorithm (RFC1951), specified for use in
454 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
456 You will most probably want this if using IPSec.
458 config CRYPTO_MICHAEL_MIC
459 tristate "Michael MIC keyed digest algorithm"
462 Michael MIC is used for message integrity protection in TKIP
463 (IEEE 802.11i). This algorithm is required for TKIP, but it
464 should not be used for other purposes because of the weakness
468 tristate "CRC32c CRC algorithm"
472 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
473 by iSCSI for header and data digests and by others.
474 See Castagnoli93. This implementation uses lib/libcrc32c.
475 Module will be crc32c.
477 config CRYPTO_CAMELLIA
478 tristate "Camellia cipher algorithms"
482 Camellia cipher algorithms module.
484 Camellia is a symmetric key block cipher developed jointly
485 at NTT and Mitsubishi Electric Corporation.
487 The Camellia specifies three key sizes: 128, 192 and 256 bits.
490 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
493 tristate "Testing module"
497 Quick & dirty crypto test module.
499 source "drivers/crypto/Kconfig"