comment "Crypto core or helper"
+config CRYPTO_FIPS
+ bool "FIPS 200 compliance"
+ depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
+ help
+ This options enables the fips boot option which is
+ required if you want to system to operate in a FIPS 200
+ certification. You should say no unless you know what
+ this is.
+
config CRYPTO_ALGAPI
tristate
+ select CRYPTO_ALGAPI2
help
This option provides the API for cryptographic algorithms.
+config CRYPTO_ALGAPI2
+ tristate
+
config CRYPTO_AEAD
tristate
+ select CRYPTO_AEAD2
select CRYPTO_ALGAPI
+config CRYPTO_AEAD2
+ tristate
+ select CRYPTO_ALGAPI2
+
config CRYPTO_BLKCIPHER
tristate
+ select CRYPTO_BLKCIPHER2
select CRYPTO_ALGAPI
+config CRYPTO_BLKCIPHER2
+ tristate
+ select CRYPTO_ALGAPI2
+ select CRYPTO_RNG2
+ select CRYPTO_WORKQUEUE
+
config CRYPTO_HASH
tristate
+ select CRYPTO_HASH2
select CRYPTO_ALGAPI
+config CRYPTO_HASH2
+ tristate
+ select CRYPTO_ALGAPI2
+
+config CRYPTO_RNG
+ tristate
+ select CRYPTO_RNG2
+ select CRYPTO_ALGAPI
+
+config CRYPTO_RNG2
+ tristate
+ select CRYPTO_ALGAPI2
+
+config CRYPTO_PCOMP
+ tristate
+ select CRYPTO_PCOMP2
+ select CRYPTO_ALGAPI
+
+config CRYPTO_PCOMP2
+ tristate
+ select CRYPTO_ALGAPI2
+
config CRYPTO_MANAGER
tristate "Cryptographic algorithm manager"
- select CRYPTO_ALGAPI
+ select CRYPTO_MANAGER2
help
Create default cryptographic template instantiations such as
cbc(aes).
+config CRYPTO_MANAGER2
+ def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
+ select CRYPTO_AEAD2
+ select CRYPTO_HASH2
+ select CRYPTO_BLKCIPHER2
+ select CRYPTO_PCOMP2
+
+config CRYPTO_MANAGER_DISABLE_TESTS
+ bool "Disable run-time self tests"
+ default y
+ depends on CRYPTO_MANAGER2
+ help
+ Disable run-time self tests that normally take place at
+ algorithm registration.
+
config CRYPTO_GF128MUL
tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
- depends on EXPERIMENTAL
help
Efficient table driven implementation of multiplications in the
field GF(2^128). This is needed by some cypher modes. This
tristate "Null algorithms"
select CRYPTO_ALGAPI
select CRYPTO_BLKCIPHER
+ select CRYPTO_HASH
help
These are 'Null' algorithms, used by IPsec, which do nothing.
+config CRYPTO_PCRYPT
+ tristate "Parallel crypto engine (EXPERIMENTAL)"
+ depends on SMP && EXPERIMENTAL
+ select PADATA
+ select CRYPTO_MANAGER
+ select CRYPTO_AEAD
+ help
+ This converts an arbitrary crypto algorithm into a parallel
+ algorithm that executes in kernel threads.
+
+config CRYPTO_WORKQUEUE
+ tristate
+
config CRYPTO_CRYPTD
tristate "Software async crypto daemon"
select CRYPTO_BLKCIPHER
+ select CRYPTO_HASH
select CRYPTO_MANAGER
+ select CRYPTO_WORKQUEUE
help
This is a generic software asynchronous crypto daemon that
converts an arbitrary synchronous software crypto algorithm
config CRYPTO_TEST
tristate "Testing module"
depends on m
- select CRYPTO_ALGAPI
- select CRYPTO_AEAD
- select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
help
Quick & dirty crypto test module.
tristate "GCM/GMAC support"
select CRYPTO_CTR
select CRYPTO_AEAD
- select CRYPTO_GF128MUL
+ select CRYPTO_GHASH
help
Support for Galois/Counter Mode (GCM) and Galois Message
Authentication Code (GMAC). Required for IPSec.
tristate "Sequence Number IV Generator"
select CRYPTO_AEAD
select CRYPTO_BLKCIPHER
+ select CRYPTO_RNG
help
This IV generator generates an IV based on a sequence number by
xoring it with a salt. This algorithm is mainly useful for CTR
key size 256, 384 or 512 bits. This implementation currently
can't handle a sectorsize which is not a multiple of 16 bytes.
+config CRYPTO_FPU
+ tristate
+ select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
+
comment "Hash modes"
config CRYPTO_HMAC
http://csrc.nist.gov/encryption/modes/proposedmodes/
xcbc-mac/xcbc-mac-spec.pdf
+config CRYPTO_VMAC
+ tristate "VMAC support"
+ depends on EXPERIMENTAL
+ select CRYPTO_HASH
+ select CRYPTO_MANAGER
+ help
+ VMAC is a message authentication algorithm designed for
+ very high speed on 64-bit architectures.
+
+ See also:
+ <http://fastcrypto.org/vmac>
+
comment "Digest"
config CRYPTO_CRC32C
tristate "CRC32c CRC algorithm"
- select CRYPTO_ALGAPI
- select LIBCRC32C
+ select CRYPTO_HASH
help
Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
by iSCSI for header and data digests and by others.
- See Castagnoli93. This implementation uses lib/libcrc32c.
- Module will be crc32c.
+ See Castagnoli93. Module will be crc32c.
+
+config CRYPTO_CRC32C_INTEL
+ tristate "CRC32c INTEL hardware acceleration"
+ depends on X86
+ select CRYPTO_HASH
+ help
+ In Intel processor with SSE4.2 supported, the processor will
+ support CRC32C implementation using hardware accelerated CRC32
+ instruction. This option will create 'crc32c-intel' module,
+ which will enable any routine to use the CRC32 instruction to
+ gain performance compared with software implementation.
+ Module will be crc32c-intel.
+
+config CRYPTO_GHASH
+ tristate "GHASH digest algorithm"
+ select CRYPTO_SHASH
+ select CRYPTO_GF128MUL
+ help
+ GHASH is message digest algorithm for GCM (Galois/Counter Mode).
config CRYPTO_MD4
tristate "MD4 digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
MD4 message digest algorithm (RFC1320).
config CRYPTO_MD5
tristate "MD5 digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
MD5 message digest algorithm (RFC1321).
config CRYPTO_MICHAEL_MIC
tristate "Michael MIC keyed digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Michael MIC is used for message integrity protection in TKIP
(IEEE 802.11i). This algorithm is required for TKIP, but it
should not be used for other purposes because of the weakness
of the algorithm.
+config CRYPTO_RMD128
+ tristate "RIPEMD-128 digest algorithm"
+ select CRYPTO_HASH
+ help
+ RIPEMD-128 (ISO/IEC 10118-3:2004).
+
+ RIPEMD-128 is a 128-bit cryptographic hash function. It should only
+ to be used as a secure replacement for RIPEMD. For other use cases
+ RIPEMD-160 should be used.
+
+ Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
+ See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+
+config CRYPTO_RMD160
+ tristate "RIPEMD-160 digest algorithm"
+ select CRYPTO_HASH
+ help
+ RIPEMD-160 (ISO/IEC 10118-3:2004).
+
+ RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
+ to be used as a secure replacement for the 128-bit hash functions
+ MD4, MD5 and it's predecessor RIPEMD
+ (not to be confused with RIPEMD-128).
+
+ It's speed is comparable to SHA1 and there are no known attacks
+ against RIPEMD-160.
+
+ Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
+ See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+
+config CRYPTO_RMD256
+ tristate "RIPEMD-256 digest algorithm"
+ select CRYPTO_HASH
+ help
+ RIPEMD-256 is an optional extension of RIPEMD-128 with a
+ 256 bit hash. It is intended for applications that require
+ longer hash-results, without needing a larger security level
+ (than RIPEMD-128).
+
+ Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
+ See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+
+config CRYPTO_RMD320
+ tristate "RIPEMD-320 digest algorithm"
+ select CRYPTO_HASH
+ help
+ RIPEMD-320 is an optional extension of RIPEMD-160 with a
+ 320 bit hash. It is intended for applications that require
+ longer hash-results, without needing a larger security level
+ (than RIPEMD-160).
+
+ Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
+ See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+
config CRYPTO_SHA1
tristate "SHA1 digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
config CRYPTO_SHA256
tristate "SHA224 and SHA256 digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA256 secure hash standard (DFIPS 180-2).
This version of SHA implements a 256 bit hash with 128 bits of
security against collision attacks.
- This code also includes SHA-224, a 224 bit hash with 112 bits
- of security against collision attacks.
+ This code also includes SHA-224, a 224 bit hash with 112 bits
+ of security against collision attacks.
config CRYPTO_SHA512
tristate "SHA384 and SHA512 digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA512 secure hash standard (DFIPS 180-2).
config CRYPTO_TGR192
tristate "Tiger digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Tiger hash algorithm 192, 160 and 128-bit hashes
config CRYPTO_WP512
tristate "Whirlpool digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Whirlpool hash algorithm 512, 384 and 256-bit hashes
Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
See also:
- <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
+ <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
+
+config CRYPTO_GHASH_CLMUL_NI_INTEL
+ tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
+ depends on (X86 || UML_X86) && 64BIT
+ select CRYPTO_SHASH
+ select CRYPTO_CRYPTD
+ help
+ GHASH is message digest algorithm for GCM (Galois/Counter Mode).
+ The implementation is accelerated by CLMUL-NI of Intel.
comment "Ciphers"
See <http://csrc.nist.gov/encryption/aes/> for more information.
+config CRYPTO_AES_NI_INTEL
+ tristate "AES cipher algorithms (AES-NI)"
+ depends on (X86 || UML_X86)
+ select CRYPTO_AES_X86_64 if 64BIT
+ select CRYPTO_AES_586 if !64BIT
+ select CRYPTO_CRYPTD
+ select CRYPTO_ALGAPI
+ select CRYPTO_FPU
+ help
+ Use Intel AES-NI instructions for AES algorithm.
+
+ AES cipher algorithms (FIPS-197). AES uses the Rijndael
+ algorithm.
+
+ Rijndael appears to be consistently a very good performer in
+ both hardware and software across a wide range of computing
+ environments regardless of its use in feedback or non-feedback
+ modes. Its key setup time is excellent, and its key agility is
+ good. Rijndael's very low memory requirements make it very well
+ suited for restricted-space environments, in which it also
+ demonstrates excellent performance. Rijndael's operations are
+ among the easiest to defend against power and timing attacks.
+
+ The AES specifies three key sizes: 128, 192 and 256 bits
+
+ See <http://csrc.nist.gov/encryption/aes/> for more information.
+
+ In addition to AES cipher algorithm support, the acceleration
+ for some popular block cipher mode is supported too, including
+ ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
+ acceleration for CTR.
+
config CRYPTO_ANUBIS
tristate "Anubis cipher algorithm"
select CRYPTO_ALGAPI
in the NESSIE competition.
See also:
- <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
- <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
+ <https://www.cosic.esat.kuleuven.be/nessie/reports/>
+ <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
config CRYPTO_ARC4
tristate "ARC4 cipher algorithm"
on 32-bit processors. Khazad uses an 128 bit key size.
See also:
- <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
+ <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
config CRYPTO_SALSA20
tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
You will most probably want this if using IPSec.
+config CRYPTO_ZLIB
+ tristate "Zlib compression algorithm"
+ select CRYPTO_PCOMP
+ select ZLIB_INFLATE
+ select ZLIB_DEFLATE
+ select NLATTR
+ help
+ This is the zlib algorithm.
+
config CRYPTO_LZO
tristate "LZO compression algorithm"
select CRYPTO_ALGAPI
help
This is the LZO algorithm.
+comment "Random Number Generation"
+
+config CRYPTO_ANSI_CPRNG
+ tristate "Pseudo Random Number Generation for Cryptographic modules"
+ default m
+ select CRYPTO_AES
+ select CRYPTO_RNG
+ help
+ This option enables the generic pseudo random number generator
+ for cryptographic modules. Uses the Algorithm specified in
+ ANSI X9.31 A.2.4. Note that this option must be enabled if
+ CRYPTO_FIPS is selected
+
+config CRYPTO_USER_API
+ tristate
+
+config CRYPTO_USER_API_HASH
+ tristate "User-space interface for hash algorithms"
+ depends on NET
+ select CRYPTO_HASH
+ select CRYPTO_USER_API
+ help
+ This option enables the user-spaces interface for hash
+ algorithms.
+
+config CRYPTO_USER_API_SKCIPHER
+ tristate "User-space interface for symmetric key cipher algorithms"
+ depends on NET
+ select CRYPTO_BLKCIPHER
+ select CRYPTO_USER_API
+ help
+ This option enables the user-spaces interface for symmetric
+ key cipher algorithms.
+
source "drivers/crypto/Kconfig"
endif # if CRYPTO
projects / linux-flexiantxendom0-natty.git / blobdiff